Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I still infected?


  • Please log in to reply
11 replies to this topic

#1 Batgirl1979

Batgirl1979

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:11:31 PM

Posted 07 December 2008 - 07:08 PM

I too was/am? infected by Vundo and Fake-alert. I have followed the advice I have read online and now I am wondering if I am clean or not. I have had to run SuperAntiSpyware(in safe mode) and Malwarebytes a couple of times. The first two times the programs found something the third time, it ony found some tracking cookies. I have all the logs and I just wanted to know if someone could take a look at them and see if I'm in the all clear now. I do not know much about computers so I apologize for any time this may take.

Thanks.
p.s I also don't have access to another computer in order to change any online banking passwords that's my may concern to find out if it's clean, so I can change them.

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 07 December 2008 - 07:26 PM

Post the logs please.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Batgirl1979

Batgirl1979
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:11:31 PM

Posted 07 December 2008 - 07:36 PM

Here are the three SuperAntiSpyware logs:

1)SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/06/2008 at 09:54 PM

Application Version : 4.22.1014

Core Rules Database Version : 3665
Trace Rules Database Version: 1645

Scan type : Complete Scan
Total Scan Time : 00:48:06

Memory items scanned : 151
Memory threats detected : 0
Registry items scanned : 3721
Registry threats detected : 13
File items scanned : 22052
File threats detected : 115

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\FIWOBIFI.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#SSODL
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}

Adware.Tracking Cookie
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@cnetaustralia.122.2o7[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@zedo[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@adtech[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@linksynergy[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@advertising.youdagames[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@banners.battleon[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@banners.dragonfable[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@mediaplex[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@collective-media[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@directtrack[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@videoegg.adbureau[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@adtrafficdriver[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@2o7[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@ehg-bestbuy.hitbox[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@ads.ad4game[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@ehg-wacomtechnology.hitbox[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@adserver.onlinegames[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@ads.smartsys[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@tribalfusion[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@burstnet[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@socialmedia[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@overture[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@fastclick[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@adcentriconline[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@doubleclick[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@apmebf[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@1070478657[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@ads.pointroll[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@counter12.sextracker[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@revsci[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@ad.yieldmanager[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@casalemedia[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@adbrite[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@viacom.adbureau[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@bluestreak[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@ehg-ctv.hitbox[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@kontera[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@dmtracker[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@adopt.specificclick[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@media6degrees[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@media.adrevolver[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@ad.trackbar[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@nhl.112.2o7[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@angleinteractive.directtrack[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@statcounter[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@390853[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@canadapost.112.2o7[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@chitika[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@serving-sys[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@uk.adservinginternational[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@atdmt[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@electronicarts.112.2o7[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@adopt.euroclick[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@a.websponsors[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@bs.serving-sys[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@banners2.battleon[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@cgi-bin[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@sr.kitnmedia[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@ads.sun[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@msnportal.112.2o7[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@cz5.clickzs[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@sextracker[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@1043977913[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@cgm.adbureau[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@advertising[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@questionmarket[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@adlegend[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@www.burstnet[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@specificmedia[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@server.cpmstar[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@www.sexontaxi[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@adecn[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@ads.adonomics[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@media.mtvnservices[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@googleadservices[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@rotator.adjuggler[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@counter9.sextracker[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@rbc.bridgetrack[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@ads.addynamix[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@adserver.adtechus[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@data.coremetrics[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@ads.freearcade[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@en.personalantispy[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@cgi-bin[3].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@specificclick[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@antispywareguard[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@ads.gamesbannernet[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@revenuehit[1].txt
C:\Documents and Settings\Batgirl1979\Local Settings\Temp\Cookies\batgirl1979@ad.yieldmanager[1].txt
C:\Documents and Settings\Batgirl1979\Local Settings\Temp\Cookies\batgirl1979@adtrafficdriver[1].txt
C:\Documents and Settings\Batgirl1979\Local Settings\Temp\Cookies\batgirl1979@angleinteractive.directtrack[2].txt
C:\Documents and Settings\Batgirl1979\Local Settings\Temp\Cookies\batgirl1979@apmebf[1].txt
C:\Documents and Settings\Batgirl1979\Local Settings\Temp\Cookies\batgirl1979@atdmt[2].txt
C:\Documents and Settings\Batgirl1979\Local Settings\Temp\Cookies\batgirl1979@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\Batgirl1979\Local Settings\Temp\Cookies\batgirl1979@bs.serving-sys[2].txt
C:\Documents and Settings\Batgirl1979\Local Settings\Temp\Cookies\batgirl1979@clickbank[2].txt
C:\Documents and Settings\Batgirl1979\Local Settings\Temp\Cookies\batgirl1979@directtrack[1].txt
C:\Documents and Settings\Batgirl1979\Local Settings\Temp\Cookies\batgirl1979@doubleclick[1].txt
C:\Documents and Settings\Batgirl1979\Local Settings\Temp\Cookies\batgirl1979@insightexpressai[1].txt
C:\Documents and Settings\Batgirl1979\Local Settings\Temp\Cookies\batgirl1979@kontera[2].txt
C:\Documents and Settings\Batgirl1979\Local Settings\Temp\Cookies\batgirl1979@mediaplex[1].txt
C:\Documents and Settings\Batgirl1979\Local Settings\Temp\Cookies\batgirl1979@nitropayouts.directtrack[1].txt
C:\Documents and Settings\Batgirl1979\Local Settings\Temp\Cookies\batgirl1979@questionmarket[2].txt
C:\Documents and Settings\Batgirl1979\Local Settings\Temp\Cookies\batgirl1979@revsci[2].txt
C:\Documents and Settings\Batgirl1979\Local Settings\Temp\Cookies\batgirl1979@serving-sys[1].txt
C:\Documents and Settings\Batgirl1979\Local Settings\Temp\Cookies\batgirl1979@statcounter[1].txt
C:\Documents and Settings\Batgirl1979\Local Settings\Temp\Cookies\batgirl1979@tribalfusion[2].txt

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\contim
HKLM\SOFTWARE\Microsoft\contim#SysShell
HKLM\SOFTWARE\Microsoft\rdfa
HKLM\SOFTWARE\Microsoft\rdfa#F
HKLM\SOFTWARE\Microsoft\rdfa#N

Trojan.Fake-Alert/Trace
HKU\S-1-5-21-606747145-1580818891-1957994488-1003\SOFTWARE\Microsoft\fias4013

Adware.Vundo Variant/HAL
C:\WINDOWS\SYSTEM32\YILIVUFE.DLL

Trace.Known Threat Sources
C:\Documents and Settings\Batgirl1979\Local Settings\Temp\Temporary Internet Files\Content.IE5\816R01Y7\indexsg[1].htm
C:\Documents and Settings\Batgirl1979\Local Settings\Temp\Temporary Internet Files\Content.IE5\YRK3OFST\l.s.bg1z[1].gif
C:\Documents and Settings\Batgirl1979\Local Settings\Temp\Temporary Internet Files\Content.IE5\S1EZOX2Z\l.s.bg2z[1].gif
C:\Documents and Settings\Batgirl1979\Local Settings\Temp\Temporary Internet Files\Content.IE5\OPQB4PIR\indexsg[1].htm
C:\Documents and Settings\Batgirl1979\Local Settings\Temp\Temporary Internet Files\Content.IE5\YRK3OFST\indexsg[1].htm

2)SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/07/2008 at 00:05 AM

Application Version : 4.22.1014

Core Rules Database Version : 3665
Trace Rules Database Version: 1645

Scan type : Complete Scan
Total Scan Time : 00:51:03

Memory items scanned : 150
Memory threats detected : 0
Registry items scanned : 3711
Registry threats detected : 1
File items scanned : 22765
File threats detected : 5

Adware.Tracking Cookie
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@doubleclick[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@ad.yieldmanager[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@ads.techguy[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@chitika[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@atdmt[1].txt

Trojan.Fake-Alert/Trace
HKU\S-1-5-21-606747145-1580818891-1957994488-1003\SOFTWARE\Microsoft\fias4013

3)SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/07/2008 at 05:02 PM

Application Version : 4.22.1014

Core Rules Database Version : 3665
Trace Rules Database Version: 1645

Scan type : Complete Scan
Total Scan Time : 00:49:33

Memory items scanned : 149
Memory threats detected : 0
Registry items scanned : 3711
Registry threats detected : 0
File items scanned : 23610
File threats detected : 13

Adware.Tracking Cookie
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@ads.bleepingcomputer[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@ads.infinisource[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@tribalfusion[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@overture[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@doubleclick[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@ads.techguy[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@chitika[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@uk.adservinginternational[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@serving-sys[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@atdmt[1].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@bs.serving-sys[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@stat.onestat[2].txt
C:\Documents and Settings\Batgirl1979\Cookies\batgirl1979@ad.yieldmanager[2].txt


and the three Malewarebytes logs:

1st)Malwarebytes' Anti-Malware 1.31
Database version: 1467
Windows 5.1.2600 Service Pack 2

12/6/2008 10:49:48 PM
mbam-log-2008-12-06 (22-49-48).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 61479
Time elapsed: 40 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 5
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\yabafoga.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gonepese.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mobezere.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\guhemiwa.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a13bc166-bcfd-4237-8868-cf6ba63f8245} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a13bc166-bcfd-4237-8868-cf6ba63f8245} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a13bc166-bcfd-4237-8868-cf6ba63f8245} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4c64eeee (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tadoyapana (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm4f57dd72 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\gonepese.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gonepese.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\gonepese.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\yabafoga.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\agofabay.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mobezere.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\guhemiwa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gonepese.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\Batgirl1979\Local Settings\Temp\winvHbMdP8.exe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0AFD3A25-5C2F-4C2F-92F2-8EFEC136DB4D}\RP31\A0001115.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0AFD3A25-5C2F-4C2F-92F2-8EFEC136DB4D}\RP31\A0001117.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gejuzifa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

2nd)Malwarebytes' Anti-Malware 1.31
Database version: 1467
Windows 5.1.2600 Service Pack 2

12/7/2008 2:25:10 AM
mbam-log-2008-12-07 (02-25-10).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 62318
Time elapsed: 39 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

3rd)Malwarebytes' Anti-Malware 1.31
Database version: 1467
Windows 5.1.2600 Service Pack 2

12/7/2008 5:52:12 PM
mbam-log-2008-12-07 (17-52-12).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 62865
Time elapsed: 40 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

----------------
After I know if I'm in the clear or not can I delete the quarantines in superantispyware?
Thank you for your help.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 07 December 2008 - 07:45 PM

Please run this scan.

http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 Batgirl1979

Batgirl1979
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:11:31 PM

Posted 07 December 2008 - 08:14 PM

Okay, ran the scan, I assume you want me to post the report if not sorry...


SDFix: Version 1.240
Run by Batgirl1979 on Sun 12/07/2008 at 08:02 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 20:07:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files Added\\Virus And SpyWare Protection\\avgemc.exe"="C:\\Program Files Added\\Virus And SpyWare Protection\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files Added\\Virus And SpyWare Protection\\avgupd.exe"="C:\\Program Files Added\\Virus And SpyWare Protection\\avgupd.exe:*:Enabled:avgupd.exe"
"D:\\LimeWire\\LimeWire.exe"="D:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\\iTunes + Quicktime\\iTunes.exe"="D:\\iTunes + Quicktime\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Explorer"
"C:\\WINDOWS\\system32\\logonui.exe"="C:\\WINDOWS\\system32\\logonui.exe:*:Enabled:logonui"
"C:\\WINDOWS\\system32\\winlogon.exe"="C:\\WINDOWS\\system32\\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :



Files with Hidden Attributes :


Finished!

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 07 December 2008 - 08:19 PM

Looks good. So, if you’re clean, you should create a new Restore Point to prevent possible re-infection from an old one.

Go Start > Programs > Accessories > System Tools and click System Restore. Choose the radio button marked Create a Restore Point on the first screen then click Next. Give the Restore Point a name and then click Create. Then use Disk Cleanup to remove all but the most recently created Restore Point. Go Start > Run and type: "Cleanmgr" (without the quotes). Click Ok > More Options tab > Clean Up in the System Restore section to remove all previous restore points except the newly created one.

Also, go Start > Control Panel and double-click Add or Remove Programs. Post back and report any Java entries that you have.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 Batgirl1979

Batgirl1979
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:11:31 PM

Posted 07 December 2008 - 10:55 PM

Sorry it took me so long to respond, cable went out in our city for a hour and a half;

Okay created system retore point, and ran cleanmgr on drive C. Should I run the cleanmgr for my other drive? My other drive has programs saved on it as well such as the newest version of java since it is a larger drive.

In my Add/Remove program list the only Java entry is: Java™ 6 Update 11 90.49MB, I just recently formated my c drive last week so I had to download new versions of Java, shockwave etc.

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 07 December 2008 - 11:32 PM

If you have your system restore set such that it uses the other drives then you should run it on those drives also.

Your Java is up-to-date.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 Batgirl1979

Batgirl1979
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:11:31 PM

Posted 07 December 2008 - 11:45 PM

Alright did that, thank you for all your help. I guess I'll just rerun the SAS and Malware programs over the next few days to make sure it doesn't come back, cause it seems alot of people have trouble with Vundo returning. One last question, can I delete the quarantined files in SAS?

#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 07 December 2008 - 11:52 PM

Yeah - you can delete those.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#11 Batgirl1979

Batgirl1979
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:11:31 PM

Posted 07 December 2008 - 11:59 PM

Thank you, :thumbsup: Crossing my fingers it doesn't come back and I don't have to bother you again, lol!

#12 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 08 December 2008 - 12:02 AM

You're welcome :thumbsup:
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users