Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Attack Threat


  • This topic is locked This topic is locked
19 replies to this topic

#1 helpmeee

helpmeee

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 19 January 2009 - 05:55 PM

I went to this website (use to be clean ps3hax DO NOT GO TO IT ) and i was infected with the browser hijack

VIRUS THREAT ATTACK and fake warnings

My Avira anti-virus picked it up but then my computer was shut down by this virus i turn it on i recieve these fake attacks
After trying spy doctor i found them then i realize great i have to pay so i looked around and someone recommended Malwarebytes' Anti-Malware I downloaded it ran the quick scan it found a few infections it pciked them up deleted them
I rebooted my computer fake alerts problem solved over the next few days ive been running scans pickin up the adware but ever since my computer runs 80% slower WHAT SHOULD I DO (THAT IS FREE) also when i try running Malwarebytes' Anti-Malware full scan it stops at around 50%(gets to laggy to continue on) and if i run spy doctor full scan my computer gets so slow i have to reboot it) I NEED MY COMPUTER BACK TO ITS ORGINAL STATE AND I NEED TO COMPLETELY RID MY SYSTEM OF ALL THE ADWARE PLEASE PLEASE PLEASE HELP

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:50 AM

Posted 19 January 2009 - 06:11 PM

Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link DO NOT use yet.
Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 helpmeee

helpmeee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 19 January 2009 - 06:14 PM

Double-click ATF-Cleaner.exe to run the program.

* Under Main "Select Files to Delete" choose: Select All.
* Click the Empty Selected button.
* If you use Firefox browser click Firefox at the top and choose: Select All
* Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
* If you use Opera browser click Opera at the top and choose: Select All
* Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
* Click Exit on the Main menu to close the program.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

You lost me there but i understand the rest

AND THIS IS ALL FREE RIGHT?

Edited by helpmeee, 19 January 2009 - 06:15 PM.


#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:50 AM

Posted 19 January 2009 - 06:21 PM

Yes - these programs are free.

What part exactly are you having trouble with?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 helpmeee

helpmeee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 19 January 2009 - 06:23 PM

Well i am a little nervous because of course i would like to read about this before i did it am i deleting any files because it seems like you said main select delete all? which makes me wondering what i am doing in the part i quoted???

ALSO antibytes thing has a option "purchase" when running it Is this optional or do i have the wrong version

Edited by helpmeee, 19 January 2009 - 06:24 PM.


#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:50 AM

Posted 19 January 2009 - 06:33 PM

On their website, click where it says "Download SUPERAntiSpyware FREE Edition" under "Popular Links" at the bottom right.

ATF Cleaner deletes temporary files, cookies, saved passwords (if you want) and other things like that. It won't delete anything important.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 helpmeee

helpmeee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 19 January 2009 - 06:35 PM

Ok i'll post what happens PLEASE PLEASE check this topic over the next 2-3 hours to see my results

#8 helpmeee

helpmeee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 19 January 2009 - 06:49 PM

When it said "detecting ide drive" i tapped f8 a few times and nothing happend it loaded normalled (also i may be wrong but it appears that my keyboard doesnt even boot up till after it says that)

#9 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:50 AM

Posted 19 January 2009 - 06:59 PM

Try continually tapping the F8 key as soon as the computer starts to boot.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#10 helpmeee

helpmeee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 19 January 2009 - 08:30 PM

ight everythings going the scans running so far its at 117 detected adware.trackingcookies could this have been the problem? also it removed 2,444MB or something like that of space when i did that cleaner

#11 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:50 AM

Posted 19 January 2009 - 08:49 PM

Post the log when the scan is finished.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#12 helpmeee

helpmeee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 19 January 2009 - 08:55 PM

ight looking at how many files it went through already it should be done soon AND SHOULD I RUN Malwarebytes' Anti-Malware while in safemode when this scans done?

#13 helpmeee

helpmeee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 19 January 2009 - 08:58 PM

holy crap this one trojan virus i got like had babies its picking up smitfraud vokudo or something like that alot of different stuff will this fix it or since im getting a whole crap load of different viruses will i need to run different stuff?

#14 helpmeee

helpmeee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 20 January 2009 - 04:34 PM

RESULTS (NOTICE: I TYPED IHIDTHIS TO HIDE MY LAST NAME LOOOL )

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/20/2009 at 00:13 AM

Application Version : 4.25.1012

Core Rules Database Version : 3716
Trace Rules Database Version: 1690

Scan type	   : Complete Scan
Total Scan Time : 05:03:34

Memory items scanned	  : 289
Memory threats detected   : 0
Registry items scanned	: 5992
Registry threats detected : 0
File items scanned		: 280581
File threats detected	 : 168

Adware.Tracking Cookie
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@247realmedia[1].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@2o7[2].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@2o7[3].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@ad.yieldmanager[1].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@adknowledge[2].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@adlegend[1].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@adopt.euroclick[1].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@adrevolver[1].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@adrevolver[2].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@ads.active[1].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@ads.addynamix[2].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@ads.habbogroup[1].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@ads.habbohotel[1].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@ads.iconator[2].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@ads.monster[1].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@ads.pointroll[2].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@advertising[1].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@agoramedia[1].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@ar.atwola[1].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@as-us.falkag[2].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@atdmt[2].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@atwola[1].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@b.casalemedia[1].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@bluestreak[2].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@casalemedia[1].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@doubleclick[1].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@ehg-comcast.hitbox[2].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@ehg-dig.hitbox[2].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@entrepreneur.122.2o7[1].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@entrepreneur.us.intellitxt[1].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@entrepreneur[1].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@fastclick[2].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@hitbox[2].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@media.fastclick[2].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@mediaplex[1].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@nextag[2].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@overture[1].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@questionmarket[1].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@realmedia[2].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@roiservice[1].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@rotator.adjuggler[2].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@secure.agoramedia[2].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@serving-sys[2].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@tacoda[1].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@tribalfusion[2].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@web4.realtracker[2].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@wrigley.122.2o7[1].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@www.0stats[1].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@www.entrepreneur[1].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@z1.adserver[1].txt
	C:\Data Restore\Documents and Settings\Tim\Cookies\tim@zedo[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Allison\Cookies\allison@a.websponsors[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Allison\Cookies\allison@ad.yieldmanager[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Allison\Cookies\allison@adrevolver[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Allison\Cookies\allison@adrevolver[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Allison\Cookies\allison@ads.habbogroup[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Allison\Cookies\allison@ads.habbohotel[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Allison\Cookies\allison@ads.pointroll[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Allison\Cookies\allison@ads.realtechnetwork[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Allison\Cookies\allison@atwola[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Allison\Cookies\allison@casalemedia[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Allison\Cookies\allison@ehg-dig.hitbox[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Allison\Cookies\allison@hitbox[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Allison\Cookies\allison@imp.partner2profit[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Allison\Cookies\allison@interclick[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Allison\Cookies\allison@nextag[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Allison\Cookies\allison@partner2profit[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Allison\Cookies\allison@servedby.advertising[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Allison\Cookies\allison@www.paypopup[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@1-2-hotels[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@112.2o7[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@account.toontown[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@ad.wanderlist[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@ad.yieldmanager[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@adrevolver[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@adrevolver[3].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@ads.active[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@ads.buddyprofile[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@ads.habbogroup[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@ads.habbogroup[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@ads.habbohotel.co[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@ads.habbohotel[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@ads.habbohotel[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@ads.locators[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@ads.monster[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@ads.op-design[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@ads.realtechnetwork[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@ads.urbandictionary[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@aj.petfinder[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@anat.tacoda[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@audiomixer.oddcast[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@casalemedia[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@e-2dj6wjmiqmajmeo.stats.esomniture[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@fastclick[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@forums.hardwarezone[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@hardwarezone.us.intellitxt[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@hardwarezone[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@imp.partner2profit[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@insightexpressai[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@insightexpresserdd[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@media.hotels[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@nbads[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@nextag[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@partner2profit[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@qnsr[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@questionmarket[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@realmedia[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@revsci[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@roiservice[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@sales.liveperson[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@stats.manticoretechnology[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@streamit.hardwarezone[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@tacoda[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@teenpeople[1].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@winantispyware[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@www.findarticles[2].txt
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Tim Sr\Cookies\tim sr@zedo[1].txt

Trojan.Smitfraud Variant
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[0019E0]\A0126784.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[0019E0]\A0126851.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[008318]\A0164574.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[008318]\A0164580.OCM
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[018184]\A0124931.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[01DD0B]\A0111813.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[01E360]\A0115107.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[01E360]\A0115170.DLL

Adware.Vundo Variant
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[0019E0]\A0126803.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[018184]\A0124518.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[018184]\A0124944.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[018184]\A0125636.EXE
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[01AB1C]\A0107798.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[01DD0B]\A0111832.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[01DD0B]\A0112874.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[01DD0B]\A0112953.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[01DD0B]\A0112976.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[01DD0B]\A0113969.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[01DD0B]\A0113989.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[01E360]\A0115116.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[01E360]\A0115130.DLL

Trojan.Unknown Origin
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[0019E0]\A0126826.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[008318]\A0164552.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[008318]\A0164590.OCM
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[009DC9]\A0123289.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[009DC9]\A0123291.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[0112CD]\A0378950.RBF
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[0112CD]\A0378969.RBF
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[0118A1]\A0176531.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[0118A1]\A0176533.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[0118A1]\A0176534.AX
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[011EEB]\A0282956.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[016456]\A0159565.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[016456]\A0159568.AX
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[016456]\A0159570.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[018184]\A0124965.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[01DD0B]\A0112894.DLL

Adware.ClickAlchemy
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[004801]\ALCHEM.EXE

Unclassified.Unknown Origin
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[008318]\A0164564.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[009DC9]\A0123263.EXE
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[00A82B]\A0316084.EXE
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[0118A1]\A0176513.DLL
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[0118A1]\A0176526.DLL


Adware.eXact Advertising
	C:\DATA RESTORE\RECOVERED DATA\IHIDTHIS\[NTFS]\[01E546]\SNAPSHOT\_REGISTRY_USER_NTUSER_S-1-5-21-2616476944-2216860174-510494984-1005

Trace.Known Threat Sources
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Allison\Local Settings\Temporary Internet Files\Content.IE5\2VYBM16N\init[1].js
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Allison\Local Settings\Temporary Internet Files\Content.IE5\87ZFIOHD\a170a9[1].js
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Allison\Local Settings\Temporary Internet Files\Content.IE5\UDR0DON2\pop_under[1].js
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Allison\Local Settings\Temporary Internet Files\Content.IE5\JV13BTOW\prompt_ie_xpsp2[1].js
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Allison\Local Settings\Temporary Internet Files\Content.IE5\87ZFIOHD\steps_v2[1].swf
	C:\Data Restore\Recovered Data\IHIDTHIS\[NTFS]\Documents and Settings\Allison\Local Settings\Temporary Internet Files\Content.IE5\4VX3YEB1\CA7BPLSA.htm

LEMME KNOW WHAT I SHOULD DO NOW IT APPEARS TO BE RUNNING ALOT FASTER BUT DEFINETELY NOT 100% WHAT IT USE TO


ALSO PLEASE TELL ME HOW TO REPORT THE WEBSITE NOT IN A STUPID LITTLE NOTHING WILL HAPPEN MANNER IN A REAL LEGAL BIGTIME WAY

Edited by helpmeee, 20 January 2009 - 04:40 PM.


#15 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:50 AM

Posted 20 January 2009 - 04:46 PM

Please run a Quick Scan with Malwarebytes in Normal Mode and post the log when it's finished.

I'm not so sure about how to report the website in a "real legal bigtime way" as you put it. You could try contacting their ISP, but it's probably not even in the same country you're in.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users