Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Guide 2008 Gone!


  • Please log in to reply
2 replies to this topic

#1 jpbozeman

jpbozeman

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 13 December 2008 - 12:18 PM

Took three hours but finally got rid of it!

Whats worked for me is the following….
Install malwarebytes setup by disc downloaded from another computer
rename the malwarebytes set up by adding .bat to the name

during the initial installation I had to stop the spyware guide 2008 process multiple times and when the installation of malewarebytes I would have delete all the spywareguard files under program files and stop the malwarebyte process through the task manager and it would resume

start up the malwarebytes

during the scan I had to watch the spywareguard folder under program files and delete the files as they would re-appear about every 5 minutes and the spywareguard would start up again

during the scan I also had stop the spyware guard from starting up again by clicking exit on the task bar multiple time

had run the scan 2x with the first a bunch infected files and a handful that had to be deleted upon reboot.
The second time found less but a bunch of files…rebooted...spyware guide reappeared kept closing it out....updated malewarebytes
The third time found a few files...rebooted....looked clean for a few minutes then it appeared again in the taskbar
Then ran super antispyware which completely eliminated it after two passes.
For extra assurance ran malewarebytes again.
Seems all good now...although I'll never get that 4 hours back.

Here are the logs:
Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 2

12/13/2008 12:07:18 AM
mbam-log-2008-12-13 (00-07-02).txt

Scan type: Quick Scan
Objects scanned: 74352
Time elapsed: 13 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 5
Folders Infected: 4
Files Infected: 24

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cc721bba-7958-4b7e-8f88-81bc0b6dfa73} (Rogue.Installer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{343ce214-9998-4b21-a151-ffe970167297} (Rogue.Installer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware guard 2008 (Rogue.SpywareGuard) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\twext.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\twext.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,) Good: (userinit.exe) -> No action taken.

Folders Infected:
C:\Program Files\Spyware Guard 2008 (Rogue.SpywareGuard) -> No action taken.
C:\Program Files\Spyware Guard 2008\quarantine (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Owner\Start Menu\Programs\Spyware Guard 2008 (Rogue.SpywareGuard) -> No action taken.

Files Infected:
C:\WINDOWS\system32\TDSShrxx.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\TDSSoiqt.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\TDSSvkql.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\TDSSxfum.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\drivers\TDSSmqyt.sys (Trojan.TDSS) -> No action taken.
C:\WINDOWS\Temp\TDSSbc63.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\twain_32\local.ds (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\twain_32\user.ds (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Owner\Start Menu\Programs\Spyware Guard 2008\Spyware Guard 2008.lnk (Rogue.SpywareGuard) -> No action taken.
C:\Documents and Settings\Owner\Start Menu\Programs\Spyware Guard 2008\Uninstall.lnk (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\system32\twext.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\ (Trojan.Agent) -> No action taken.
C:\WINDOWS\sysexplorer.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\reged.exe (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\spoolsystem.exe (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\sys.com (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\syscert.exe (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\vmreg.dll (Rogue.SpywareGuard) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\svhost.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\track.sys (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Owner\Desktop\Spyware Guard 2008.lnk (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\system32\TDSSkkai.log (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\TDSSlxwp.dll (Rootkit.Agent) -> No action taken.

Here is the second log:
Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 2

12/13/2008 12:23:45 AM
mbam-log-2008-12-13 (00-23-45).txt

Scan type: Quick Scan
Objects scanned: 74117
Time elapsed: 12 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 3
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Owner\Start Menu\Programs\Spyware Guard 2008\Spyware Guard 2008.lnk (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Spyware Guard 2008\Uninstall.lnk (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\sysexplorer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\reged.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\spoolsystem.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\sys.com (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\syscert.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\vmreg.dll (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSbc53.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Spyware Guard 2008.lnk (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

Here are the superanti spyware logs:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/13/2008 at 00:49 AM

Application Version : 4.23.1006

Core Rules Database Version : 3674
Trace Rules Database Version: 1653

Scan type : Quick Scan
Total Scan Time : 00:21:29

Memory items scanned : 374
Memory threats detected : 2
Registry items scanned : 507
Registry threats detected : 37
File items scanned : 1191
File threats detected : 95

Rogue.SpywareGuard2008
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\DLLS\IEMODULE.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\DLLS\IEMODULE.DLL
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#ieModule
HKCR\CLSID\{8190B06D-F579-407A-B022-15C7F10066DF}
HKCR\CLSID\{8190B06D-F579-407A-B022-15C7F10066DF}\InprocServer32
HKCR\CLSID\{8190B06D-F579-407A-B022-15C7F10066DF}\InprocServer32#ThreadingModel
HKU\.DEFAULT\Software\Spyware Guard
HKU\S-1-5-18\Software\Spyware Guard
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008#InstallDate
C:\Program Files\Spyware Guard 2008\conf.cfg
C:\Program Files\Spyware Guard 2008\mbase.vdb
C:\Program Files\Spyware Guard 2008\quarantine
C:\Program Files\Spyware Guard 2008\quarantine.vdb
C:\Program Files\Spyware Guard 2008\queue.vdb
C:\Program Files\Spyware Guard 2008\spywareguard.exe
C:\Program Files\Spyware Guard 2008\uninstall.exe
C:\Program Files\Spyware Guard 2008\vbase.vdb
C:\Program Files\Spyware Guard 2008
C:\Documents and Settings\Owner\Start Menu\Programs\Spyware Guard 2008\Spyware Guard 2008.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\Spyware Guard 2008\Uninstall.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\Spyware Guard 2008
C:\WINDOWS\reged.exe
C:\WINDOWS\spoolsystem.exe
C:\WINDOWS\sys.com
C:\WINDOWS\syscert.exe
C:\WINDOWS\sysexplorer.exe
C:\WINDOWS\vmreg.dll
C:\Documents and Settings\Owner\Desktop\Spyware Guard 2008.lnk

Adware.Vundo Variant
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\DLLS\BUOOWMMOJK.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\DLLS\BUOOWMMOJK.DLL
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#InternetConnection
HKCR\CLSID\{7F858106-609E-4F9C-8DA3-A79B496A9B3E}
HKCR\CLSID\{7F858106-609E-4F9C-8DA3-A79B496A9B3E}
HKCR\CLSID\{7F858106-609E-4F9C-8DA3-A79B496A9B3E}\InprocServer32
HKCR\CLSID\{7F858106-609E-4F9C-8DA3-A79B496A9B3E}\InprocServer32#ThreadingModel

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@webtrack.bestsoftware[1].txt
C:\Documents and Settings\Owner\Cookies\owner@pro-market[2].txt
C:\Documents and Settings\Owner\Cookies\owner@chitika[1].txt
C:\Documents and Settings\Owner\Cookies\owner@trusted-liveclicks[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tracking.fathomseo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@imrworldwide[2].txt
C:\Documents and Settings\Owner\Cookies\owner@toplist[1].txt
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@v7.stats.load[2].txt
C:\Documents and Settings\Owner\Cookies\owner@azjmp[2].txt
C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt
C:\Documents and Settings\Owner\Cookies\owner@kontera[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.ft[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.active[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bonniercorp.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@uk.sitestat[1].txt
C:\Documents and Settings\Owner\Cookies\owner@toseeka[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.financialcontent[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[1].txt
C:\Documents and Settings\Owner\Cookies\owner@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.techguy[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.infinisource[2].txt
C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@centralmediaserver[2].txt
C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt
C:\Documents and Settings\Owner\Cookies\owner@uk.sitestat[2].txt
C:\Documents and Settings\Owner\Cookies\owner@socialmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@scan.proantispyware-scanner[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.toseeka[1].txt
C:\Documents and Settings\Owner\Cookies\owner@interclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@richmedia.yahoo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[1].txt
C:\Documents and Settings\Owner\Cookies\owner@at.atwola[2].txt
C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
C:\Documents and Settings\Owner\Cookies\owner@collective-media[2].txt
C:\Documents and Settings\Owner\Cookies\owner@gatehousemedia.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@trackalyzer[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.thesmokinggun[1].txt
C:\Documents and Settings\Owner\Cookies\owner@insightexpressai[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adinterax[1].txt
C:\Documents and Settings\Owner\Cookies\owner@medalsofamerica.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@specificmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@underarmour.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[3].txt
C:\Documents and Settings\Owner\Cookies\owner@chicagosuntimes.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt
C:\Documents and Settings\Owner\Cookies\owner@s.clickability[2].txt
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@wp.journaldigitalmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@overture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.fearzone[1].txt
C:\Documents and Settings\Owner\Cookies\owner@webtrack.bestsoftware[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@antivirus-rapid-scanner[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.adtechus[1].txt
C:\Documents and Settings\Owner\Cookies\owner@coxhsi.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.findstuff[1].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt
C:\Documents and Settings\Owner\Cookies\owner@208.122.40[1].txt
.imrworldwide.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\umejwsma.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\umejwsma.default\cookies.txt ]

Rootkit.TDSServ
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys#start
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys#type
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys#imagepath
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys#group
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#TDSSserv
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#TDSSl
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdssservers
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdssmain
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdsslog
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdssadw
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdssinit
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdssurls
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdsspanels
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdsserrors
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#TDSSproc
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\Enum
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\Enum#INITSTARTFAILED

Trojan.Net-SvHoster
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SVHOST.EXE
.....and
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/13/2008 at 07:58 AM

Application Version : 4.23.1006

Core Rules Database Version : 3674
Trace Rules Database Version: 1653

Scan type : Complete Scan
Total Scan Time : 00:49:43

Memory items scanned : 365
Memory threats detected : 0
Registry items scanned : 6802
Registry threats detected : 0
File items scanned : 3806
File threats detected : 7

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@azjmp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@socialmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[1].txt
C:\Documents and Settings\Owner\Cookies\owner@specificmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt


Hopefully this will help some!

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:23 AM

Posted 13 December 2008 - 12:45 PM

Interesting.
You're MBAM is way out of date though the SAS is up to date. You should update MBAM and give it another go.
There was malware in your logs labeled "backdoor". Most security experts would recommend reformatting and reinstall of
the OS when "backdoor" is mentioned. The reason is the damage that they cause and the difficulty in repairing and removing all of the malware.
Suggest you change all of your passwords, monitor your credit cards, bank accounts, paypal, etc.

Do you know how the malware got on your computer? If it was a popup you closed by clicking on it, that is a nono. Best to find the process in the task manager and close it there.

You could also of got it thru a "driveby" install. The best protection against that is Firefox browser with the NoScript addon.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 lobotomy-

lobotomy-

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 14 December 2008 - 11:47 AM

Hi jpbozeman,
thx for the thread, had the same problem. Renamed the exe's to .bat and could run them and could scan my pc and everything is gone now.
Grtz,
Joris




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users