Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected?and cant get rid of trojan. Need help


  • Please log in to reply
16 replies to this topic

#1 hey4q2pal

hey4q2pal

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 PM

Posted 17 January 2009 - 07:10 PM

I am computer illiterate to say the least, all i do is surf the net and thats about it. Got a wicked virus/trojan the other week and my AVG picked it up but not before it turned my firewall off and got in. Tried running avg, adaware, and spybot but none of them worked. Tried regcleaner and vundofix as well with no results. My friend got the same problem with a similar if not same trojan a few weeks ago looking at torrent sites on the web and he reloaded windows and everything on his computer adn said it works fine now, but i am not that computer savy to do all that. He also said use Kaspersky over avg so im now using that instead of avg. Kaspersky shows trojans when i boot up and says to reboot to clean them off but every time i do that they just show right back up.
I ran smitfraud and and mbam and here are the results.

SmitFraudFix v2.391

Scan done at 15:00:54.31, Sat 01/17/2009
Run from C:\Documents and Settings\Hanes\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\PC-Checkup\PCCheckUp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\WINDOWS\system32\WebUpdateSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Hanes\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cmd.exe

hosts

hosts file corrupted !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Hanes


C:\DOCUME~1\Hanes\LOCALS~1\Temp


C:\Documents and Settings\Hanes\Application Data


Start Menu


C:\DOCUME~1\Hanes\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\progra~1\\kasper~1\\kasper~1\\mzvkbd.dll,c:\\progra~1\\kasper~1\\kasper~1\\mzvkbd3.dll,c:\\progra~1\\kasper~1\\kasper~1\\adialhk.dll,c:\\progra~1\\kasper~1\\kasper~1\\kloehk.dll zsvxrp.dll"
"LoadAppInit_DLLs"=dword:00000001


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


RK



DNS

Description: Speedstream Ethernet USB Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.254.254
DNS Server Search Order: 192.168.254.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E80F14B7-69FC-4E9C-911A-F8426ABB6AE1}: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E80F14B7-69FC-4E9C-911A-F8426ABB6AE1}: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E80F14B7-69FC-4E9C-911A-F8426ABB6AE1}: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254 192.168.254.254


Scanning for wininet.dll infection


End


Mbam results area as follows:

Malwarebytes' Anti-Malware 1.33
Database version: 1663
Windows 5.1.2600 Service Pack 3

1/17/2009 3:23:18 PM
mbam-log-2009-01-17 (15-23-18).txt

Scan type: Quick Scan
Objects scanned: 53806
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 19
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 39

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\byxVnnon.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fpsnptaj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mzohtu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cbgnemrj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\zsvxrp.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47aed18c-deb9-4ae4-8f91-0a65181c7fe9} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{47aed18c-deb9-4ae4-8f91-0a65181c7fe9} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a82d3c85-b0b2-43b9-bfac-169ebd994a44} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a82d3c85-b0b2-43b9-bfac-169ebd994a44} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77ab5974-55a3-4737-9fd5-b93c64307f78} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{77ab5974-55a3-4737-9fd5-b93c64307f78} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98b822ad-6be7-49bc-b773-97240b774080} (Packer.Morphine) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{62b9e6e2-b8b2-4ad2-ad5b-09274cc4bb5c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\meedia (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nxupim (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mvolaxetetedapes (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\byxvnnon -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\byxvnnon -> Delete on reboot.

Folders Infected:
C:\Documents and Settings\Hanes\Application Data\Error Safe Free (Rogue.Errorsafe) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hanes\Application Data\Error Safe Free\Logs (Rogue.Errorsafe) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\byxVnnon.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nonnVxyb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nonnVxyb.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zsvxrp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\baqstkal.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\laktsqab.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bkdbdssr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rssdbdkb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cesrvsyb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bysvrsec.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fpsnptaj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jatpnspf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qlmgbjhc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\chjbgmlq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gutcjgut.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mzohtu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cbgnemrj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\eydcnftx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ffkuz.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lkujgb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mhbwcyfb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rrdnjnuf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vjpoksbt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jvlvsenl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wrdags.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aquzej.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\seneka.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\senekaxfxlvngw.sys (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\Hanes\Local Settings\Temp\seneka1d0a.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hanes\Local Settings\Temporary Internet Files\Content.IE5\JF62W7I1\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hanes\Local Settings\Temporary Internet Files\Content.IE5\PBTA133I\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hanes\Application Data\Error Safe Free\Logs\update.log (Rogue.Errorsafe) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Ilasuyagasu.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\ativiwep.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekajooewqqh.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekawqpmetew.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekadf.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully.

everything seems to run a little better but im not sure its cured. Any help would be greatly appreciated, as i dont know what to do next. Thank you all for having a site like this available to us newbees :thumbsup:
Vince

BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:10:23 PM

Posted 17 January 2009 - 07:24 PM

Hi Vince and welcome to BC! You have a nasty infection. I suggest changing ALL online passwords - from a clean computer.

Please print out and follow these instructions: "How to use SDFix". <- This program is for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 hey4q2pal

hey4q2pal
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 PM

Posted 17 January 2009 - 09:26 PM

it took a while for it to reboot but here are the results:

V
SDFix: Version 1.240
Run by Administrator on Sat 01/17/2009 at 05:52 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-17 17:58:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\Hanes\Local Settings\Temporary Internet Files\Content.IE5\4XI70L67\Compose[1].:_ 52897 bytes hidden from API
C:\Documents and Settings\Hanes\Local Settings\Temporary Internet Files\Content.IE5\8FENTT1N\lung[1].: 39239 bytes hidden from API
C:\Documents and Settings\Hanes\Local Settings\Temporary Internet Files\Content.IE5\HZ7H3H34\ShowLetter[1].:_ 74814 bytes hidden from API
C:\Documents and Settings\Hanes\Local Settings\Temporary Internet Files\Content.IE5\KXY34D6B\Compose[1].:v 37693 bytes hidden from API
C:\Documents and Settings\Hanes\Local Settings\Temporary Internet Files\Content.IE5\KXY34D6B\ShowFolder[1].:v 62121 bytes hidden from API
C:\Documents and Settings\Hanes\Local Settings\Temporary Internet Files\Content.IE5\KXY34D6B\ShowLetter[1].:v 69768 bytes hidden from API
C:\Documents and Settings\Hanes\Local Settings\Temporary Internet Files\Content.IE5\KXY34D6B\ShowLetter[2].:v 71770 bytes hidden from API
C:\Documents and Settings\Hanes\Local Settings\Temporary Internet Files\Content.IE5\KXY34D6B\Compose[2].:v 53016 bytes hidden from API
C:\Documents and Settings\Hanes\Local Settings\Temporary Internet Files\Content.IE5\NYGMLFPC\ShowFolder[1].: 66376 bytes hidden from API
C:\Documents and Settings\Hanes\Local Settings\Temporary Internet Files\Content.IE5\WD0H2N05\ShowLetter[1].:G 59038 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 10


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\Setup Wizard\\SetupUI.exe"="F:\\Setup Wizard\\SetupUI.exe:*:Enabled:SetupUI"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"D:\\BitTorrent\\bittorrent.exe"="D:\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"D:\\LimeWire\\LimeWire.exe"="D:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\Documents and Settings\\Hanes\\Local Settings\\Temp\\Nero Web\\SetupXu.exe"="C:\\Documents and Settings\\Hanes\\Local Settings\\Temp\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Sun 30 Mar 2008 24 ..SH. --- "C:\WINDOWS\S0E418B99.tmp"
Sat 21 Jun 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!

This is all japanese to me, hows it look? also do you recommend Kaspersky or any other antispyware/online security software?

#4 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:10:23 PM

Posted 17 January 2009 - 10:15 PM

Kaspersky is a very good product, but it can't do it all. You need a mix of things to protect yourself. We will address that when you are clean :thumbsup:

Please download ATF Cleaner by Atribune & save it to your desktop.
alternate download link DO NOT use yet.

Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the
    definitions before scanning by selecting "Check for Updates". (If you encounter
    any problems while downloading the updates, manually download them from
    here and
    unzip into the program's folder.
    )
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under
    Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner
    Options
    , make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose:
    Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp"

ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#5 hey4q2pal

hey4q2pal
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 PM

Posted 18 January 2009 - 03:23 PM

ok sorry it took all night to finish this thread but had to go to work :thumbsup:
the 1st time i rebooted, it showed no scan logs in existance so i scanned again and here is the results:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/17/2009 at 10:43 PM

Application Version : 4.24.1004

Core Rules Database Version : 3714
Trace Rules Database Version: 1689

Scan type : Complete Scan
Total Scan Time : 01:45:07

Memory items scanned : 295
Memory threats detected : 0
Registry items scanned : 6728
Registry threats detected : 2
File items scanned : 47617
File threats detected : 0

Rogue.Component/Trace
HKU\S-1-5-21-3153008980-3179742922-2167395947-1006\Software\Microsoft\CS41275
HKU\S-1-5-21-3153008980-3179742922-2167395947-1006\Software\Microsoft\FIAS4018

#6 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:10:23 PM

Posted 18 January 2009 - 05:09 PM

Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.


Then update and rerun malwarebytes - post its new log. Looking for 0's :thumbsup:

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#7 hey4q2pal

hey4q2pal
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 PM

Posted 18 January 2009 - 06:03 PM

had to my explorer as i run firefox normally. with explorer open i downloaded f secure and ran a full scan, but while scanning it reboots my computer in the middle of the scan...without giving me any option to copy a report. Is that normal?

#8 hey4q2pal

hey4q2pal
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 PM

Posted 18 January 2009 - 07:39 PM

heres the results of the malware scan:

Malwarebytes' Anti-Malware 1.33
Database version: 1666
Windows 5.1.2600 Service Pack 3

1/18/2009 4:35:12 PM
mbam-log-2009-01-18 (16-35-12).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 103993
Time elapsed: 1 hour(s), 17 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

:thumbsup: i see lots of 0's!

#9 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:10:23 PM

Posted 18 January 2009 - 08:40 PM

Ok... let's shoot for one more SuperAntiSpyware scan. Post the log - Let's see more 0's :thumbsup:

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#10 hey4q2pal

hey4q2pal
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 PM

Posted 18 January 2009 - 09:47 PM

ok, heres the results of the scan:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/18/2009 at 06:39 PM

Application Version : 4.24.1004

Core Rules Database Version : 3714
Trace Rules Database Version: 1689

Scan type : Complete Scan
Total Scan Time : 00:53:26

Memory items scanned : 300
Memory threats detected : 0
Registry items scanned : 6732
Registry threats detected : 0
File items scanned : 50149
File threats detected : 5

Adware.Tracking Cookie
C:\Documents and Settings\Hanes\Cookies\hanes@doubleclick[1].txt
C:\Documents and Settings\Hanes\Cookies\hanes@ad.yieldmanager[2].txt
C:\Documents and Settings\Hanes\Cookies\hanes@adrevolver[1].txt
C:\Documents and Settings\Hanes\Cookies\hanes@media.adrevolver[1].txt
C:\Documents and Settings\Hanes\Cookies\hanes@dynamic.media.adrevolver[2].txt

I will also noie that a RUNLL error popped up during scan. it reads:

runDLL
error loading C:\Program Files\CommonFiles\ParetoLogic\UUS2\UUS.dll
the specified module could not be found
and then a box to click ok. (Idid not click it yet)

Dont know what that means but i have seen this before at various times before infection..
again, thank you for your tremendous help... :thumbsup:

#11 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:10:23 PM

Posted 19 January 2009 - 04:12 PM

The items found were cookies and were removed.

Please update and run your resident antivirus and post its log. If that reports good, I think we are clean. Besides the .dll error, do we have any leftovers from the original problem?

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#12 hey4q2pal

hey4q2pal
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 PM

Posted 19 January 2009 - 07:47 PM

here are the results of my Kaspersky scan. Sorry its the whole log and not just today so its a little wordy.Started the scan last night and finished it this afternoon. youll have to goto the bottom page to read it.


Quick Scan: completed 1/6/2009 13:21:08 (events: 27, objects: 1919, time: 00:03:49)
1/6/2009 13:17:17 Task started
1/6/2009 13:18:21 Detected: Heur.Trojan.Generic C:\WINDOWS\system32\aquzej.dll
1/6/2009 13:18:21 Untreated: Heur.Trojan.Generic C:\WINDOWS\system32\aquzej.dll Postponed
1/6/2009 13:18:39 Detected: Heur.Trojan.Generic C:\WINDOWS\system32\aquzej.dll
1/6/2009 13:18:39 Untreated: Heur.Trojan.Generic C:\WINDOWS\system32\aquzej.dll Postponed
1/6/2009 13:19:14 Detected: Heur.Trojan.Generic C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 13:19:14 Untreated: Heur.Trojan.Generic C:\WINDOWS\system32\byxVnnon.dll Postponed
1/6/2009 13:19:50 Detected: Heur.Trojan.Generic C:\WINDOWS\system32\aquzej.dll
1/6/2009 13:19:50 Untreated: Heur.Trojan.Generic C:\WINDOWS\system32\aquzej.dll Postponed
1/6/2009 13:19:58 Detected: Heur.Trojan.Generic C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 13:19:58 Untreated: Heur.Trojan.Generic C:\WINDOWS\system32\byxVnnon.dll Postponed
1/6/2009 13:20:50 Detected: Heur.Trojan.Generic C:\WINDOWS\system32\aquzej.dll
1/6/2009 13:20:52 Disinfected: Heur.Trojan.Generic HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
1/6/2009 13:20:53 Will be quarantined on system restart: Heur.Trojan.Generic C:\WINDOWS\system32\aquzej.dll
1/6/2009 13:20:54 Cannot be quarantined: Heur.Trojan.Generic C:\WINDOWS\system32\aquzej.dll
1/6/2009 13:20:55 Detected: Heur.Trojan.Generic C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 13:20:56 Disinfected: Heur.Trojan.Generic HKCR\{90a29bd1-8429-41eb-bf15-3ea846d3c6f7}\InprocServer32
1/6/2009 13:20:56 Deleted: Heur.Trojan.Generic HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90A29BD1-8429-41EB-BF15-3EA846D3C6F7}
1/6/2009 13:20:59 Disinfected: Heur.Trojan.Generic HKCR\{90a29bd1-8429-41eb-bf15-3ea846d3c6f7}\InprocServer32
1/6/2009 13:20:59 Deleted: Heur.Trojan.Generic HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90A29BD1-8429-41EB-BF15-3EA846D3C6F7}
1/6/2009 13:21:00 Will be quarantined on system restart: Heur.Trojan.Generic C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 13:21:02 Disinfected: Heur.Trojan.Generic HKCR\{90a29bd1-8429-41eb-bf15-3ea846d3c6f7}\InprocServer32
1/6/2009 13:21:02 Deleted: Heur.Trojan.Generic HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90A29BD1-8429-41EB-BF15-3EA846D3C6F7}
1/6/2009 13:21:05 Disinfected: Heur.Trojan.Generic HKCR\{90a29bd1-8429-41eb-bf15-3ea846d3c6f7}\InprocServer32
1/6/2009 13:21:05 Deleted: Heur.Trojan.Generic HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90A29BD1-8429-41EB-BF15-3EA846D3C6F7}
1/6/2009 13:21:08 Cannot be quarantined: Heur.Trojan.Generic C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 13:21:08 Task completed
Quick Scan: completed 1/6/2009 13:21:08 (events: 27, objects: 1919, time: 00:03:49)
1/6/2009 13:34:46 Task started
1/6/2009 13:34:58 Detected: not-a-virus:AdWare.Win32.SuperJuan.ftx C:\WINDOWS\system32\aquzej.dll
1/6/2009 13:35:05 Detected: not-a-virus:AdWare.Win32.SuperJuan.ftx C:\WINDOWS\system32\aquzej.dll
1/6/2009 13:36:06 Detected: HEUR:Trojan.Win32.Generic Explorer.EXE\byxVnnon.dll
1/6/2009 13:36:06 Untreated: HEUR:Trojan.Win32.Generic Explorer.EXE\byxVnnon.dll Postponed
1/6/2009 13:36:06 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 13:36:27 Detected: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll
1/6/2009 13:36:27 Untreated: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll Postponed
1/6/2009 13:36:54 Detected: http://www.viruslist.com/en/advisories/31454 C:\program files\microsoft office\office10\excel.exe
1/6/2009 13:36:57 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 13:37:03 Detected: http://www.viruslist.com/en/advisories/30975 C:\program files\microsoft office\office10\winword.exe
1/6/2009 13:37:03 Detected: http://www.viruslist.com/en/advisories/31010 C:\WINDOWS\system32\java.exe
1/6/2009 13:37:04 Detected: http://www.viruslist.com/en/advisories/31010 C:\WINDOWS\system32\java.exe
Quick Scan: completed 1/6/2009 13:21:08 (events: 27, objects: 1919, time: 00:03:49)
1/6/2009 15:53:13 Task stopped
1/6/2009 15:51:08 Task started
Quick Scan: completed 1/6/2009 13:21:08 (events: 27, objects: 1919, time: 00:03:49)
1/6/2009 15:52:48 Task started
1/6/2009 15:53:45 Detected: HEUR:Trojan.Win32.Generic firefox.exe\byxVnnon.dll
1/6/2009 15:53:45 Untreated: HEUR:Trojan.Win32.Generic firefox.exe\byxVnnon.dll Postponed
1/6/2009 15:53:45 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 15:53:45 Untreated: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll Postponed
1/6/2009 15:54:16 Detected: HEUR:Trojan.Win32.Generic Explorer.EXE\byxVnnon.dll
1/6/2009 15:54:16 Untreated: HEUR:Trojan.Win32.Generic Explorer.EXE\byxVnnon.dll Postponed
1/6/2009 15:54:28 Detected: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll
1/6/2009 15:54:28 Untreated: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll Postponed
1/6/2009 15:54:48 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 15:54:48 Untreated: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll Postponed
1/6/2009 15:55:00 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 15:55:24 Task completed
Quick Scan: completed 1/6/2009 13:21:08 (events: 27, objects: 1919, time: 00:03:49)
1/6/2009 15:55:49 Task completed
1/6/2009 15:55:38 Deleted: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll
1/6/2009 15:55:37 Detected: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll
1/6/2009 15:55:34 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 15:55:34 Deleted: HEUR:Trojan.Win32.Generic Explorer.EXE\byxVnnon.dll
1/6/2009 15:55:34 Detected: HEUR:Trojan.Win32.Generic Explorer.EXE\byxVnnon.dll
1/6/2009 15:55:26 Deleted: Trojan.Win32.Monder.ahzl HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF4EFBD0-C60B-484B-944F-307BECB2CBE4}
1/6/2009 15:55:26 Disinfected: Trojan.Win32.Monder.ahzl HKCR\{ff4efbd0-c60b-484b-944f-307becb2cbe4}\InprocServer32
1/6/2009 15:55:24 Will be deleted on system restart: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 15:55:23 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 15:55:23 Task started
Quick Scan: completed 1/6/2009 13:21:08 (events: 27, objects: 1919, time: 00:03:49)
1/6/2009 16:02:56 Task started
Quick Scan: completed 1/6/2009 13:21:08 (events: 27, objects: 1919, time: 00:03:49)
1/6/2009 16:24:04 Detected: http://www.viruslist.com/en/advisories/31010 C:\WINDOWS\system32\java.exe
1/6/2009 16:24:03 Detected: http://www.viruslist.com/en/advisories/31010 C:\WINDOWS\system32\java.exe
1/6/2009 16:23:53 Untreated: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll Postponed
1/6/2009 16:22:55 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 16:22:17 Detected: http://www.viruslist.com/en/advisories/30975 C:\program files\microsoft office\office10\winword.exe
1/6/2009 16:22:16 Detected: http://www.viruslist.com/en/advisories/31454 C:\program files\microsoft office\office10\excel.exe
1/6/2009 16:22:05 Untreated: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll Postponed
1/6/2009 16:22:05 Detected: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll
1/6/2009 16:21:34 Untreated: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll Postponed
1/6/2009 16:21:34 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 16:21:34 Untreated: HEUR:Trojan.Win32.Generic Explorer.EXE\byxVnnon.dll Postponed
1/6/2009 16:21:34 Detected: HEUR:Trojan.Win32.Generic Explorer.EXE\byxVnnon.dll
1/6/2009 16:19:57 Task started
Quick Scan: completed 1/6/2009 13:21:08 (events: 27, objects: 1919, time: 00:03:49)
1/6/2009 18:37:08 Task completed
1/6/2009 18:37:08 Untreated: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\piqwqe.dll Skipped by user
1/6/2009 18:37:08 Detected: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\piqwqe.dll
1/6/2009 18:37:08 Untreated: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\lclttgrt.dll Skipped by user
1/6/2009 18:37:08 Detected: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\lclttgrt.dll
1/6/2009 18:37:08 Untreated: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\fuakjo.dll Skipped by user
1/6/2009 18:37:08 Detected: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\fuakjo.dll
1/6/2009 18:37:08 Cannot be backed up: Trojan.Win32.Monder.aisf C:\WINDOWS\system32\dbvqnlpx.dll
1/6/2009 18:37:07 Detected: Trojan.Win32.Monder.aisf C:\WINDOWS\system32\dbvqnlpx.dll
1/6/2009 18:36:46 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 18:36:34 Untreated: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll Postponed
1/6/2009 18:36:34 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 18:36:30 Untreated: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\fuakjo.dll Postponed
1/6/2009 18:36:30 Detected: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\fuakjo.dll
1/6/2009 18:36:19 Untreated: Trojan.Win32.Monder.aisf C:\WINDOWS\system32\dbvqnlpx.dll Postponed
1/6/2009 18:36:19 Detected: Trojan.Win32.Monder.aisf C:\WINDOWS\system32\dbvqnlpx.dll
1/6/2009 18:36:13 Untreated: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll Postponed
1/6/2009 18:36:13 Detected: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll
1/6/2009 18:36:04 Untreated: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\lclttgrt.dll Postponed
1/6/2009 18:36:04 Detected: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\lclttgrt.dll
1/6/2009 18:35:59 Untreated: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll Postponed
1/6/2009 18:35:59 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 18:35:59 Untreated: HEUR:Trojan.Win32.Generic Explorer.EXE\byxVnnon.dll Postponed
1/6/2009 18:35:59 Detected: HEUR:Trojan.Win32.Generic Explorer.EXE\byxVnnon.dll
1/6/2009 18:35:40 Untreated: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\piqwqe.dll Postponed
1/6/2009 18:35:40 Detected: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\piqwqe.dll
1/6/2009 18:35:38 Untreated: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\piqwqe.dll Postponed
1/6/2009 18:35:38 Detected: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\piqwqe.dll
1/6/2009 18:35:37 Untreated: Trojan.Win32.Monder.aisf C:\WINDOWS\system32\dbvqnlpx.dll Postponed
1/6/2009 18:35:37 Detected: Trojan.Win32.Monder.aisf C:\WINDOWS\system32\dbvqnlpx.dll
1/6/2009 18:35:36 Untreated: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\fuakjo.dll Postponed
1/6/2009 18:35:36 Detected: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\fuakjo.dll
1/6/2009 18:35:30 Task started
Quick Scan: completed 1/6/2009 13:21:08 (events: 27, objects: 1919, time: 00:03:49)
1/6/2009 18:37:31 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 18:37:30 Untreated: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\fuakjo.dll Skipped by user
1/6/2009 18:37:30 Detected: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\fuakjo.dll
1/6/2009 18:37:27 Detected: Trojan.Win32.Monder.aisf C:\WINDOWS\system32\dbvqnlpx.dll
1/6/2009 18:37:24 Deleted: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll
1/6/2009 18:37:24 Detected: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll
1/6/2009 18:37:20 Untreated: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\lclttgrt.dll Skipped by user
1/6/2009 18:37:20 Detected: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\lclttgrt.dll
1/6/2009 18:37:19 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 18:37:19 Deleted: HEUR:Trojan.Win32.Generic Explorer.EXE\byxVnnon.dll
1/6/2009 18:37:19 Detected: HEUR:Trojan.Win32.Generic Explorer.EXE\byxVnnon.dll
1/6/2009 18:37:15 Untreated: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\piqwqe.dll Skipped by user
1/6/2009 18:37:15 Detected: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\piqwqe.dll
1/6/2009 18:37:15 Untreated: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\piqwqe.dll Skipped by user
1/6/2009 18:37:15 Detected: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\piqwqe.dll
1/6/2009 18:37:13 Disinfected: Trojan.Win32.Monder.aisf HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\84b0d0f0
1/6/2009 18:37:12 Will be deleted on system restart: Trojan.Win32.Monder.aisf C:\WINDOWS\system32\dbvqnlpx.dll
1/6/2009 18:37:12 Detected: Trojan.Win32.Monder.aisf C:\WINDOWS\system32\dbvqnlpx.dll
1/6/2009 18:37:12 Untreated: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\fuakjo.dll Skipped by user
1/6/2009 18:37:12 Detected: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\fuakjo.dll
1/6/2009 18:37:10 Deleted: Trojan.Win32.Monder.ahzl HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A81874FC-1356-427C-9CE2-60D1EB8E624C}
1/6/2009 18:37:10 Disinfected: Trojan.Win32.Monder.ahzl HKCR\{a81874fc-1356-427c-9ce2-60d1eb8e624c}\InprocServer32
1/6/2009 18:37:07 Will be deleted on system restart: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 18:37:07 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 18:37:07 Task started
Quick Scan: completed 1/6/2009 13:21:08 (events: 27, objects: 1919, time: 00:03:49)
1/6/2009 19:15:42 Detected: http://www.viruslist.com/en/advisories/31010 C:\WINDOWS\system32\java.exe
1/6/2009 19:15:41 Detected: http://www.viruslist.com/en/advisories/31010 C:\WINDOWS\system32\java.exe
1/6/2009 19:15:33 Untreated: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll Postponed
1/6/2009 19:15:33 Untreated: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\fuakjo.dll Postponed
1/6/2009 19:13:57 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 19:12:46 Detected: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\fuakjo.dll
1/6/2009 19:12:23 Detected: http://www.viruslist.com/en/advisories/30975 C:\program files\microsoft office\office10\winword.exe
1/6/2009 19:12:21 Detected: http://www.viruslist.com/en/advisories/31454 C:\program files\microsoft office\office10\excel.exe
1/6/2009 19:12:10 Untreated: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll Postponed
1/6/2009 19:12:10 Detected: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll
1/6/2009 19:11:43 Untreated: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll Postponed
1/6/2009 19:11:43 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 19:11:43 Untreated: HEUR:Trojan.Win32.Generic Explorer.EXE\byxVnnon.dll Postponed
1/6/2009 19:11:43 Detected: HEUR:Trojan.Win32.Generic Explorer.EXE\byxVnnon.dll
1/6/2009 19:10:25 Untreated: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\fuakjo.dll Postponed
1/6/2009 19:10:25 Detected: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\fuakjo.dll
1/6/2009 19:10:15 Untreated: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\fuakjo.dll Postponed
1/6/2009 19:10:15 Detected: not-a-virus:AdWare.Win32.SuperJuan.fxa C:\WINDOWS\system32\fuakjo.dll
1/6/2009 19:10:05 Task started
Quick Scan: completed 1/6/2009 13:21:08 (events: 27, objects: 1919, time: 00:03:49)
1/6/2009 19:23:10 Task started
1/6/2009 19:23:11 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 19:23:11 Untreated: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll Postponed
1/6/2009 19:23:11 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
Quick Scan: completed 1/6/2009 13:21:08 (events: 27, objects: 1919, time: 00:03:49)
1/6/2009 21:06:41 Task completed
1/6/2009 21:06:26 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 21:06:15 Untreated: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll Postponed
1/6/2009 21:06:15 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 21:05:53 Untreated: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll Postponed
1/6/2009 21:05:53 Detected: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll
1/6/2009 21:05:40 Untreated: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll Postponed
1/6/2009 21:05:40 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 21:05:40 Untreated: HEUR:Trojan.Win32.Generic Explorer.EXE\byxVnnon.dll Postponed
1/6/2009 21:05:40 Detected: HEUR:Trojan.Win32.Generic Explorer.EXE\byxVnnon.dll
1/6/2009 21:05:05 Task started
Quick Scan: completed 1/6/2009 13:21:08 (events: 27, objects: 1919, time: 00:03:49)
1/6/2009 21:07:17 Task completed
1/6/2009 21:07:09 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 21:07:02 Deleted: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll
1/6/2009 21:06:58 Detected: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll
1/6/2009 21:06:55 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 21:06:55 Deleted: HEUR:Trojan.Win32.Generic Explorer.EXE\byxVnnon.dll
1/6/2009 21:06:55 Detected: HEUR:Trojan.Win32.Generic Explorer.EXE\byxVnnon.dll
1/6/2009 21:06:47 Deleted: Trojan.Win32.Monder.ahzl HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{112204C6-6132-4450-A358-2E0C208C995E}
1/6/2009 21:06:47 Disinfected: Trojan.Win32.Monder.ahzl HKCR\{112204c6-6132-4450-a358-2e0c208c995e}\InprocServer32
1/6/2009 21:06:42 Will be deleted on system restart: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 21:06:41 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 21:06:41 Task started
Quick Scan: completed 1/6/2009 13:21:08 (events: 27, objects: 1919, time: 00:03:49)
1/6/2009 21:13:19 Task completed
1/6/2009 21:12:58 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 21:12:47 Untreated: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll Postponed
1/6/2009 21:12:47 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 21:12:27 Untreated: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll Postponed
1/6/2009 21:12:27 Detected: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll
1/6/2009 21:12:14 Untreated: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll Postponed
1/6/2009 21:12:14 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 21:12:14 Untreated: HEUR:Trojan.Win32.Generic Explorer.EXE\byxVnnon.dll Postponed
1/6/2009 21:12:14 Detected: HEUR:Trojan.Win32.Generic Explorer.EXE\byxVnnon.dll
1/6/2009 21:11:41 Task started
Quick Scan: completed 1/6/2009 13:21:08 (events: 27, objects: 1919, time: 00:03:49)
1/6/2009 21:13:19 Task started
1/6/2009 21:13:19 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 21:13:19 Will be deleted on system restart: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 21:13:22 Disinfected: Trojan.Win32.Monder.ahzl HKCR\{7a9736db-a03d-4be4-92b5-1c294852d65b}\InprocServer32
1/6/2009 21:13:22 Deleted: Trojan.Win32.Monder.ahzl HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A9736DB-A03D-4BE4-92B5-1C294852D65B}
1/6/2009 21:13:37 Detected: HEUR:Trojan.Win32.Generic Explorer.EXE\byxVnnon.dll
1/6/2009 21:13:37 Deleted: HEUR:Trojan.Win32.Generic Explorer.EXE\byxVnnon.dll
1/6/2009 21:13:37 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 21:13:45 Detected: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll
1/6/2009 21:13:45 Deleted: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll
1/6/2009 21:13:55 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/6/2009 21:13:58 Task completed
Quick Scan: completed 1/6/2009 13:21:08 (events: 27, objects: 1919, time: 00:03:49)
1/7/2009 13:21:50 Task completed
1/7/2009 13:21:50 Untreated: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll Skipped by user
1/7/2009 13:21:50 Detected: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll
1/7/2009 13:21:50 Deleted: HEUR:Trojan.Win32.Generic Explorer.EXE\byxVnnon.dll
1/7/2009 13:21:50 Detected: HEUR:Trojan.Win32.Generic Explorer.EXE\byxVnnon.dll
1/7/2009 13:21:37 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/7/2009 13:21:20 Untreated: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll Postponed
1/7/2009 13:21:20 Detected: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll
1/7/2009 13:21:00 Untreated: HEUR:Trojan.Win32.Generic Explorer.EXE\byxVnnon.dll Postponed
1/7/2009 13:21:00 Detected: HEUR:Trojan.Win32.Generic Explorer.EXE\byxVnnon.dll
1/7/2009 13:20:31 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/7/2009 13:20:31 Untreated: HEUR:Trojan.Win32.Generic firefox.exe\byxVnnon.dll Postponed
1/7/2009 13:20:31 Detected: HEUR:Trojan.Win32.Generic firefox.exe\byxVnnon.dll
1/7/2009 13:20:24 Task started
Quick Scan: completed 1/6/2009 13:21:08 (events: 27, objects: 1919, time: 00:03:49)
1/7/2009 13:23:21 Task started
1/7/2009 13:23:23 Detected: HEUR:Trojan.Win32.Generic explorer.exe\byxVnnon.dll
1/7/2009 13:23:23 Untreated: HEUR:Trojan.Win32.Generic explorer.exe\byxVnnon.dll Postponed
1/7/2009 13:23:23 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/7/2009 13:23:44 Detected: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll
1/7/2009 13:23:44 Untreated: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll Postponed
1/7/2009 13:23:52 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/7/2009 13:23:56 Detected: HEUR:Trojan.Win32.Generic explorer.exe\byxVnnon.dll
1/7/2009 13:23:56 Deleted: HEUR:Trojan.Win32.Generic explorer.exe\byxVnnon.dll
1/7/2009 13:23:56 Detected: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll
1/7/2009 13:23:56 Untreated: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll Skipped by user
1/7/2009 13:23:56 Task completed
Quick Scan: completed 1/6/2009 13:21:08 (events: 27, objects: 1919, time: 00:03:49)
1/7/2009 14:22:10 Task started
1/7/2009 14:22:13 Detected: HEUR:Trojan.Win32.Generic explorer.exe\byxVnnon.dll
1/7/2009 14:22:13 Untreated: HEUR:Trojan.Win32.Generic explorer.exe\byxVnnon.dll Postponed
1/7/2009 14:22:13 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/7/2009 14:22:26 Detected: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll
1/7/2009 14:22:26 Untreated: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll Postponed
1/7/2009 14:22:39 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/7/2009 14:22:48 Detected: HEUR:Trojan.Win32.Generic explorer.exe\byxVnnon.dll
1/7/2009 14:22:48 Deleted: HEUR:Trojan.Win32.Generic explorer.exe\byxVnnon.dll
1/7/2009 14:22:48 Detected: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll
1/7/2009 14:22:48 Untreated: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll Skipped by user
1/7/2009 14:22:48 Task completed
Quick Scan: completed 1/6/2009 13:21:08 (events: 27, objects: 1919, time: 00:03:49)
1/7/2009 14:28:51 Task started
1/7/2009 14:28:52 Detected: HEUR:Trojan.Win32.Generic explorer.exe\byxVnnon.dll
1/7/2009 14:28:52 Untreated: HEUR:Trojan.Win32.Generic explorer.exe\byxVnnon.dll Postponed
1/7/2009 14:28:52 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/7/2009 14:29:03 Detected: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll
1/7/2009 14:29:03 Untreated: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll Postponed
1/7/2009 14:29:10 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/7/2009 14:29:13 Detected: HEUR:Trojan.Win32.Generic explorer.exe\byxVnnon.dll
1/7/2009 14:29:13 Deleted: HEUR:Trojan.Win32.Generic explorer.exe\byxVnnon.dll
1/7/2009 14:29:13 Detected: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll
1/7/2009 14:29:13 Untreated: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll Skipped by user
1/7/2009 14:29:13 Task completed
Quick Scan: completed 1/6/2009 13:21:08 (events: 27, objects: 1919, time: 00:03:49)
1/7/2009 14:30:03 Task started
1/7/2009 14:30:04 Detected: HEUR:Trojan.Win32.Generic explorer.exe\byxVnnon.dll
1/7/2009 14:30:04 Untreated: HEUR:Trojan.Win32.Generic explorer.exe\byxVnnon.dll Postponed
1/7/2009 14:30:04 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/7/2009 14:30:15 Detected: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll
1/7/2009 14:30:15 Untreated: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll Postponed
1/7/2009 14:30:23 Detected: Trojan.Win32.Monder.ahzl C:\WINDOWS\system32\byxVnnon.dll
1/7/2009 14:30:26 Detected: HEUR:Trojan.Win32.Generic explorer.exe\byxVnnon.dll
1/7/2009 14:30:26 Deleted: HEUR:Trojan.Win32.Generic explorer.exe\byxVnnon.dll
1/7/2009 14:30:26 Detected: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll
1/7/2009 14:30:26 Untreated: HEUR:Trojan.Win32.Generic lsass.exe\byxVnnon.dll Skipped by user
1/7/2009 14:30:26 Task completed
Quick Scan: completed 1/6/2009 13:21:08 (events: 27, objects: 1919, time: 00:03:49)
1/12/2009 19:46:08 Task started
1/12/2009 19:46:11 Task completed
Quick Scan: completed 1/6/2009 13:21:08 (events: 27, objects: 1919, time: 00:03:49)
1/17/2009 15:28:15 Task started
1/17/2009 15:31:01 Task completed
Quick Scan: completed 1/6/2009 13:21:08 (events: 27, objects: 1919, time: 00:03:49)
1/17/2009 18:43:41 Task completed
1/17/2009 18:41:12 Task started
Quick Scan: completed 1/6/2009 13:21:08 (events: 27, objects: 1919, time: 00:03:49)
1/18/2009 16:52:14 Task started
1/18/2009 16:55:29 Detected: http://www.viruslist.com/en/advisories/30975 c:\program files\microsoft office\office10\winword.exe
1/18/2009 16:55:37 Detected: http://www.viruslist.com/en/advisories/31454 c:\program files\microsoft office\office10\excel.exe
1/18/2009 16:57:57 Detected: http://www.viruslist.com/en/advisories/31010 c:\windows\system32\java.exe
1/18/2009 16:58:01 Detected: http://www.viruslist.com/en/advisories/31010 c:\windows\system32\java.exe
1/18/2009 17:16:54 Detected: http://www.viruslist.com/en/advisories/30832 c:\program files\Adobe\Reader 8.0\Reader\plug_ins\Annots.api
1/18/2009 17:19:02 Detected: http://www.viruslist.com/en/advisories/29321 c:\program files\Common Files\Microsoft Shared\Office10\MSO.DLL
1/18/2009 17:23:28 Detected: http://www.viruslist.com/en/advisories/31010 c:\program files\Java\jre1.6.0_04\bin\java.exe
1/18/2009 17:24:08 Detected: http://www.viruslist.com/en/advisories/31010 c:\program files\Java\jre1.6.0_05\bin\java.exe
1/18/2009 17:27:27 Detected: http://www.viruslist.com/en/advisories/31454 c:\program files\microsoft office\office10\excel.exe
1/18/2009 17:27:34 Detected: http://www.viruslist.com/en/advisories/30975 c:\program files\microsoft office\office10\winword.exe
1/18/2009 17:44:50 Task stopped
1/19/2009 16:18:11 Task started
1/19/2009 16:26:01 Detected: http://www.viruslist.com/en/advisories/26003 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
1/19/2009 16:32:30 Detected: http://www.viruslist.com/en/advisories/31010 C:\WINDOWS\system32\java.exe
1/19/2009 16:34:54 Detected: http://www.viruslist.com/en/advisories/28083 C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx
1/19/2009 16:36:51 Task completed

#13 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:10:23 PM

Posted 19 January 2009 - 08:20 PM

Ok... what it is asking you to is to update Flash - Java - and your .Net framework.

Check your version of Java and remove older versions:
Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
[*]Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11".
[*]Click the "Download" button to the right.
[*]Select your Platform: "Windows".
[*]Select your Language: "Multi-language".
[*]Read the License Agreement, and then check the box that says: "Accept License Agreement".
[*]Click Continue and the page will refresh.
[*]Click on the link to download Windows Offline Installation and save the file to your desktop.
[*]Close any programs you may have running - especially your web browser.
[*]Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
[*]Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
[*]Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
[*]Repeat as many times as necessary to remove each Java versions.
[*]Reboot your computer once all Java components are removed.
[*]Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.[/list]
Reboot
Visit Adobe and update Flashplayer.
Reboot
The .Net framework can be done via Windows updates: http://windowsupdate.microsoft.com/ Select Custom Updates and choose the .net framework items.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#14 hey4q2pal

hey4q2pal
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 PM

Posted 19 January 2009 - 10:07 PM

updated all those programs.Do i need to run another full scan or a quick scan?

#15 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:10:23 PM

Posted 20 January 2009 - 05:51 AM

Run Kaspersky they way you did earlier. Everything should be cleared up now.

Are there any problems still occuring?

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users