Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus? ran Malwarebytes, now what? help!


  • Please log in to reply
5 replies to this topic

#1 KC900

KC900

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 16 January 2009 - 06:32 AM

I'm on Windows XP and keep getting error messages in the top of my screens..."WARNING! Your system is in danger. YOUR COMPUTER IS IN need OF full scanning." They show up in red type. Sometimes all the print on my page turn red too. I'm guessing a virus. I read some of the other posts and have installed and run the "Malwarebytes" software. After I do this, and delete the found problems, my computer runs fine for a while and then starts the problem again. Is there something else I can do? Thanks for any help you can provide.

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:20 PM

Posted 16 January 2009 - 10:29 AM

The malware you have is constantly changing to hide from the security programs. It sometimes takes a few days for the security programs to update to identify the malware.

Suggest you UPDATE and rescan.

Super Antispyware is another excellent program to use. After downloading, installing and UPDATING in regular mode, boot into safe mode to run the scan. Directions for using SAS are in the link below.
http://www.bleepingcomputer.com/forums/ind...t&p=1040160
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 KC900

KC900
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 17 January 2009 - 07:25 AM

followed your instructions, here is the scan log.
appreciate your help!

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/17/2009 at 07:02 AM

Application Version : 4.24.1004

Core Rules Database Version : 3713
Trace Rules Database Version: 1688

Scan type : Complete Scan
Total Scan Time : 13:15:46

Memory items scanned : 218
Memory threats detected : 0
Registry items scanned : 8140
Registry threats detected : 53
File items scanned : 480646
File threats detected : 247

Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@apmebf[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@realmedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@57386690[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@interclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@casalemedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.bootcampmedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@linksynergy[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adserver.adtechus[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media6degrees[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@banner_js[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@dynamic.media.adrevolver[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.pointroll[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statcounter[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@kontera[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@trackalyzer[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@rd[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@insightexpressai[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adopt.euroclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fastclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@yadro[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaonenetwork[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@questionmarket[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bs.serving-sys[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@servlet[4].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@counter.hitslink[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@valuead[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bluestreak[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cratebarrel.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-legacy.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@gatehousemedia.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads1.hermoment[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@directtrack[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@iacas.adbureau[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@rotator.adjuggler[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@richmedia.yahoo[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@revsci[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.legacy[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mywebsearch[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statse.webtrendslive[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adservr[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@trafficmp[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hairfinder[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@specificclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adrevolver[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@track.dig4me[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@azjmp[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hearstmagazines.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wdlounc5edp.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.expedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clickz.lonelycheatingwives[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@auditor.whosclickingwho[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@angleinteractive.directtrack[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@antivirus-fast-scanner[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@1071843597[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.bridgetrack[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tacoda[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@server.iad.liveperson[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediamgr.ugo[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@pcantivirusscanner[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@edge.ru4[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cgi-bin[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@247realmedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adopt.specificclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@gadget[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@madisonsquaregarden.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@dmtracker[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tracking.keywordmax[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sales.liveperson[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.cnn[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tribalfusion[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@wmvmedialease[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tracking.gajmp[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@1041729809[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@overture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjkounazakp.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@counter2.hitslink[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-comcast.hitbox[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@zillow.adbureau[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bravenet[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ds.clickexperts[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adinterax[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@zedo[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clickbank[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@burstnet[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@data.coremetrics[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-gatehousemedia.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.adrevolver[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@yieldmanager[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@at.atwola[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@publishers.clickbooth[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ak[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@collective-media[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@content.yieldmanager[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hornymatches[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.burstnet[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@timeinc.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.sesamestats[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@yx0banners[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ao-retail-lp-2[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adbrite[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@gotoyourclicks[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@web4.realtracker[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@specificmedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@aff.primaryads[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adlegend[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@track.bestbuy[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adecn[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.monster[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjlialdpcko.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.widgetbucks[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tmdoctor.adbureau[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@48996529[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@login.revenueloop[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@countercentral[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.burstbeacon[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@my-calorie-counter[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adtrafficstats[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.nordictrack[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@real-av[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@citi.bridgetrack[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cvs.pnimedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@millenniumhotels.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@go[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@coolsavings[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@qinteractive.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@stats.paypal[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advanced-anti-virus-scanner[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@stat.dealtime[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-eset.hitbox[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-hollywoodmedia.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adstar-media[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.bleepingcomputer[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@myroitracking[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@paypal.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@a.websponsors[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.xtendmedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.acaloriecounter[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@oasc10.247realmedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@axxessads.valuead[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@googleadservices[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@angieslist.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@nordictrack[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@chitika[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@pcsecurityscanner[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.realtechnetwork[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@powerfulvirusremover2008[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@harpo.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@becometrueclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@70603037[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@serving-sys[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.media-servers[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@roiservice[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@indextools[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-westcorp.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@imediablast[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.zanox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bootcampmedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adrevolver[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@go[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@serw.clicksor[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@content.yieldmanager.edgesuite[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.admanage[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.trackschedules[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adserving.contextualmarketplace[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cart[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.imarketservices[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clickbooth[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@findabeautysalon[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.associatedcontent[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-foxsports.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@yieldmanager[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adserver.easyad[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@msnportal.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.hairfinder[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@1063354451[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@w3track[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@acaloriecounter[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.redorbit[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.xy7track[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.visitor-track[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@qksrv[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@oasc09.247realmedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@redorbit[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tradedoubler[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@greatermediaboston.advertserve[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bestantivirusscanner[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clicksense[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@76226072[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@AdDisplayTrackerServlet[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@banner[1].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Brendan\Cookies\brendan@ads.buddyprofile[1].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Brendan\Cookies\brendan@ads.specificclick[2].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Brendan\Cookies\brendan@atwola[1].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Brendan\Cookies\brendan@creativeby.viewpoint[1].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Brendan\Cookies\brendan@offeroptimizer[2].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Brendan\Cookies\brendan@optimost[2].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Brendan\Cookies\brendan@sirsearch[1].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Brendan\Cookies\brendan@tracking.searchmarketing[2].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Brendan\Cookies\brendan@track[1].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Brendan\Cookies\brendan@www.burstbeacon[2].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Brendan\Cookies\brendan@www.realcastmedia[2].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Brendan\Cookies\brendan@www.sirsearch[1].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Brendan\Cookies\brendan@xiti[1].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Dad\Cookies\dad@atwola[1].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Kevin\Cookies\kevin@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Kevin\Cookies\kevin@ads.as4x.tmcs[1].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Kevin\Cookies\kevin@ads.primeinteractive[2].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Kevin\Cookies\kevin@ar.atwola[1].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Kevin\Cookies\kevin@atwola[1].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Kevin\Cookies\kevin@clicks.emarketmakers[1].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Kevin\Cookies\kevin@hotbar[1].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Kevin\Cookies\kevin@windowsmedia[2].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Kevin\Cookies\kevin@www.unitedclick[1].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Shauna.THECOXFAMILY\Cookies\shauna@adknowledge[1].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Shauna.THECOXFAMILY\Cookies\shauna@ads.buddyprofile[2].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Shauna.THECOXFAMILY\Cookies\shauna@ads.pennyweb[2].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Shauna.THECOXFAMILY\Cookies\shauna@ar.atwola[2].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Shauna.THECOXFAMILY\Cookies\shauna@atwola[1].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Shauna.THECOXFAMILY\Cookies\shauna@bannerspace[1].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Shauna.THECOXFAMILY\Cookies\shauna@burstnet[2].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Shauna.THECOXFAMILY\Cookies\shauna@creativeby.viewpoint[1].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Shauna.THECOXFAMILY\Cookies\shauna@www.burstbeacon[1].txt
C:\Documents and Settings\HP_Administrator\My Documents\Documents and Settings\Shauna.THECOXFAMILY\Cookies\shauna@www.zanox-affiliate[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@wmvmedialease[1].txt

Adware.MyWebSearch/FunWebProducts
HKU\S-1-5-21-2664074246-100315591-2409896274-1008\SOFTWARE\FunWebProducts
HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs

Rogue.Component/Trace
HKU\S-1-5-21-2664074246-100315591-2409896274-1008\Software\04618475287962820657436115519917\Options
HKU\S-1-5-21-2664074246-100315591-2409896274-1008\Software\04618475287962820657436115519917\Options#Aff
HKU\S-1-5-21-2664074246-100315591-2409896274-1008\Software\04618475287962820657436115519917\Options#AdvancedScanType
HKU\S-1-5-21-2664074246-100315591-2409896274-1008\Software\04618475287962820657436115519917\Options#FirstRunUrl
HKU\S-1-5-21-2664074246-100315591-2409896274-1008\Software\04618475287962820657436115519917\Options#AfterRegisterUrl
HKU\S-1-5-21-2664074246-100315591-2409896274-1008\Software\04618475287962820657436115519917\Options#LabelUrl
HKU\S-1-5-21-2664074246-100315591-2409896274-1008\Software\04618475287962820657436115519917\Options#TermsUrl
HKU\S-1-5-21-2664074246-100315591-2409896274-1008\Software\04618475287962820657436115519917\Options#HelpURL
HKU\S-1-5-21-2664074246-100315591-2409896274-1008\Software\04618475287962820657436115519917\Options#BillingURL
HKU\S-1-5-21-2664074246-100315591-2409896274-1008\Software\04618475287962820657436115519917\Options#BillingUrlApproved
HKU\S-1-5-21-2664074246-100315591-2409896274-1008\Software\04618475287962820657436115519917\Options#TransactionKey
HKU\S-1-5-21-2664074246-100315591-2409896274-1008\Software\04618475287962820657436115519917\Options#BillingRegURL
HKU\S-1-5-21-2664074246-100315591-2409896274-1008\Software\04618475287962820657436115519917\Options#BillingURL2
HKU\S-1-5-21-2664074246-100315591-2409896274-1008\Software\04618475287962820657436115519917\Options#BillingUrlApproved2
HKU\S-1-5-21-2664074246-100315591-2409896274-1008\Software\04618475287962820657436115519917\Options#LastRun
HKU\S-1-5-21-2664074246-100315591-2409896274-1008\Software\04618475287962820657436115519917\Options#InstallDate
HKU\S-1-5-21-2664074246-100315591-2409896274-1008\Software\04618475287962820657436115519917\Options#pPath
HKU\S-1-5-21-2664074246-100315591-2409896274-1008\Software\04618475287962820657436115519917\Options#pName
HKU\S-1-5-21-2664074246-100315591-2409896274-1008\Software\04618475287962820657436115519917
HKLM\Software\Microsoft\C83FD956
HKLM\Software\Microsoft\C83FD956#c83f74d6
HKLM\Software\Microsoft\C83FD956#c83f1d33
HKLM\Software\Microsoft\C83FD956#c83fd956
HKLM\Software\Microsoft\C83FD956#Version
HKU\S-1-5-21-2664074246-100315591-2409896274-1008\Software\Microsoft\CS41275
HKU\S-1-5-21-2664074246-100315591-2409896274-1008\Software\Microsoft\FIAS4018

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\MS Juan
HKLM\SOFTWARE\Microsoft\MS Juan#RID
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#LBL
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#MN
HKLM\SOFTWARE\Microsoft\MS Juan\superjuan
HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#CNT
HKLM\SOFTWARE\Microsoft\MS Track System
HKLM\SOFTWARE\Microsoft\MS Track System#Uid
HKLM\SOFTWARE\Microsoft\MS Track System#Shows

Trojan.Fake-Alert/Trace
HKU\S-1-5-21-2664074246-100315591-2409896274-1008\SOFTWARE\Microsoft\fias4013

Rogue.AntiSpywareSolution/SecureFileShredder
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\NDSKOJVN\VIRUSREMOVER2008_SETUP_FREE_EN[1].EXE

Trojan.ba3bho
C:\PROGRAM FILES\TEXTHELP SYSTEMS\BROWSEALOUD\3.1\BA3BHO.DLL

Malware.Installer-Pkg/Gen
C:\PROGRAM FILES\WILDTANGENT\APPS\HP GAME CONSOLE\DOWNLOADS\INSTALLERS\{0232A669-ADFE-4DD7-A443-D0A2A9FE37D0}.EXE

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OJYH0X8D\WINLOGON[1].HTM

Rogue.FakeAlert/Wallpaper
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\UZEFYD4F\WARNING[1].GIF

Trace.Known Threat Sources
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\89YZ8PI7\alert[1].gif
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX2J89A7\main[1].gif
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\3E2LUNHC\settings[2].js
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\BW5HZOWW\managers[2].js
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\2KZZTWMK\params[2].js
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX2J89A7\index_new[2].js
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\LOPQNBU5\secure_installers[2].js
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\PDNUP913\crypt[2].js
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\K9GZWF0V\102[1].htm
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\OCGT0RQH\ballon[1].gif

#4 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:20 PM

Posted 17 January 2009 - 07:42 AM

You may have set a new record for length of scan time! Just curious, how many Gigabytes of files are on your computer? Did you run the scan in safe mode? That is the fastest and best way to find all the malware.

You should run scans again with both MBAM and SAS. Don't give the malware a chance to reinstall. Be sure to UPDATE before scanning.

You can block the Ad/ tracking cookies from ever installing on your computer by following the steps below.
This applies to Internet explorer browsers.
Click on tools
click on internet options
click on privacy tab
click on advanced button
put a check in the box next to override automatic cookie handling
put a check in the box next to first party accept
put a check in the box next to block third party cookies (those are the ad/ tracking cookies that AVG deletes)
Click OK to exit
Then just run another quick scan with SAS to remove the third party cookies that were installed before changing the settings.

Click start, All programs, Accessories, System tools, Disk Cleanup, Put a check next to all items except "compress old files".
Click on the more options tab, click on the "cleanup" button next to "system restore" (this will remove all of the restore points but the last one as many are infected) click OK and allow cleanup to run.

Use Secunia online scanner to check for missing security updates. http://secunia.com/vulnerability_scanning/online/
After updating Java (if you haven't done so already) go to Add/ Remove and remove ALL old Java programs.
IE browser, Adobe Reader, Adobel Flash and Java have all been exploited recently. Important to get the latest updates to avoid malware exploiting those programs. Vundo is known to exploit old Java programs.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 KC900

KC900
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 18 January 2009 - 07:50 AM

How many Gigabytes of files? too many..mostly photos. I ran in safe mode and then followed all your instructions. I think I'm okay for now. Really appreciate your precise expertise and help. Thanks.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/18/2009 at 01:59 AM

Application Version : 4.24.1004

Core Rules Database Version : 3713
Trace Rules Database Version: 1688

Scan type : Quick Scan
Total Scan Time : 06:35:34

Memory items scanned : 631
Memory threats detected : 0
Registry items scanned : 580
Registry threats detected : 0
File items scanned : 357836
File threats detected : 8

Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statcounter[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@pro-market[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@toseeka[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adrevolver[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.adrevolver[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@counter.surfcounters[1].txt

#6 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:20 PM

Posted 18 January 2009 - 08:39 AM

You are welcome.

The best way to avoid getting this type of malware and many more is to use the Firefox browser with NoScript and Adblock Plus addons. This will protect you from "driveby" downloads and prevent the misleading popups, etc. that harbor the malware.
That want stop you though from getting malware by using P2Ps and "cracked" programs.

Firefox Browser
http://www.mozilla.com/en-US/firefox/all.html

AdBlock Plus
https://addons.mozilla.org/en-US/firefox/addon/1865
NoScript
https://addons.mozilla.org/en-US/firefox/addon/1865
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users