Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32:Obfuscated-FRS


  • Please log in to reply
5 replies to this topic

#1 LadyEarp

LadyEarp

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:29 AM

Posted 18 March 2009 - 10:29 PM

I just ran a scan with Avast! and it said I had a trojan called Win32:Obfuscated.FRS it could not quarantine the trojan and I would like some help with removal. I am running Windows ME. Thank you very much.
Do or do not. There is no try. -Yoda

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:03:29 AM

Posted 19 March 2009 - 06:37 PM

Although somewhat limited, we do have a few scan tools that work with ME


SAS,may take a long time to scan
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 LadyEarp

LadyEarp
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:29 AM

Posted 20 March 2009 - 06:06 AM

Followed every step here are the Scan Log results:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/20/2009 at 02:25 AM

Application Version : 4.25.1014

Core Rules Database Version : 3806
Trace Rules Database Version: 1761

Scan type : Complete Scan
Total Scan Time : 02:08:54

Memory items scanned : 74
Memory threats detected : 0
Registry items scanned : 2877
Registry threats detected : 0
File items scanned : 49640
File threats detected : 121

Adware.Tracking Cookie
C:\WINDOWS\Cookies\default@specificclick[1].txt
C:\WINDOWS\Cookies\default@stats.townnews[2].txt
C:\WINDOWS\Cookies\default@realmedia[2].txt
C:\WINDOWS\Cookies\default@adbrite[3].txt
C:\WINDOWS\Cookies\default@1072535710[1].txt
C:\WINDOWS\Cookies\default@media.adrevolver[1].txt
C:\WINDOWS\Cookies\default@bs.serving-sys[2].txt
C:\WINDOWS\Cookies\default@247realmedia[3].txt
C:\WINDOWS\Cookies\default@LPneimanmarcus[2].txt
C:\WINDOWS\Cookies\default@collective-media[1].txt
C:\WINDOWS\Cookies\default@ads.pointroll[3].txt
C:\WINDOWS\Cookies\default@zedo[1].txt
C:\WINDOWS\Cookies\default@ehg.hitbox[2].txt
C:\WINDOWS\Cookies\default@kaspersky.122.2o7[1].txt
C:\WINDOWS\Cookies\default@a1.interclick[1].txt
C:\WINDOWS\Cookies\default@adtech[1].txt
C:\WINDOWS\Cookies\default@tribalfusion[1].txt
C:\WINDOWS\Cookies\default@ads.bleepingcomputer[1].txt
C:\WINDOWS\Cookies\default@edge.ru4[3].txt
C:\WINDOWS\Cookies\default@2o7[3].txt
C:\WINDOWS\Cookies\default@mediaplex[2].txt
C:\WINDOWS\Cookies\default@chitika[1].txt
C:\WINDOWS\Cookies\default@htmlgear.tripod[1].txt
C:\WINDOWS\Cookies\default@msnonecare.112.2o7[1].txt
C:\WINDOWS\Cookies\default@atdmt[2].txt
C:\WINDOWS\Cookies\default@statcounter[2].txt
C:\WINDOWS\Cookies\default@tacoda[2].txt
C:\WINDOWS\Cookies\default@serving-sys[3].txt
C:\WINDOWS\Cookies\default@www.burstnet[3].txt
C:\WINDOWS\Cookies\default@www.socialtrack[1].txt
C:\WINDOWS\Cookies\default@revsci[2].txt
C:\WINDOWS\Cookies\default@ad.yieldmanager[1].txt
C:\WINDOWS\Cookies\default@webventures.directtrack[2].txt
C:\WINDOWS\Cookies\default@eb.adbureau[1].txt
C:\WINDOWS\Cookies\default@overture[3].txt
C:\WINDOWS\Cookies\default@bluestreak[1].txt
C:\WINDOWS\Cookies\default@apmebf[2].txt
C:\WINDOWS\Cookies\default@fastclick[3].txt
C:\WINDOWS\Cookies\default@ehg-chartercommunications.hitbox[2].txt
C:\WINDOWS\Cookies\default@hearstmagazines.112.2o7[2].txt
C:\WINDOWS\Cookies\default@windowsmedia[2].txt
C:\WINDOWS\Cookies\default@at.atwola[2].txt
C:\WINDOWS\Cookies\default@directtrack[1].txt
C:\WINDOWS\Cookies\default@burstnet[3].txt
C:\WINDOWS\Cookies\default@casalemedia[3].txt
C:\WINDOWS\Cookies\default@adopt.euroclick[3].txt
C:\WINDOWS\Cookies\default@questionmarket[3].txt
C:\WINDOWS\Cookies\default@oasn04.247realmedia[1].txt
C:\WINDOWS\Cookies\default@www.burstbeacon[2].txt
C:\WINDOWS\Cookies\default@interclick[1].txt
C:\WINDOWS\Cookies\default@media6degrees[1].txt
C:\WINDOWS\Cookies\default@trafficmp[1].txt
C:\WINDOWS\Cookies\default@kontera[1].txt
C:\WINDOWS\Cookies\default@advertising[1].txt
C:\WINDOWS\Cookies\default@msnportal.112.2o7[2].txt
C:\WINDOWS\Cookies\default@revenue[2].txt
C:\WINDOWS\Cookies\default@specificmedia[1].txt
C:\WINDOWS\Cookies\default@doubleclick[2].txt
C:\WINDOWS\Cookies\default@hitbox[3].txt
C:\WINDOWS\Cookies\default@server.iad.liveperson[3].txt
c:\WINDOWS\Cookies\default@2o7[2].txt
c:\WINDOWS\Cookies\default@adserver[1].txt
c:\WINDOWS\Cookies\default@doubleclick[1].txt
c:\WINDOWS\Cookies\default@edge.ru4[2].txt
c:\WINDOWS\Cookies\default@tacoda[1].txt
c:\WINDOWS\Cookies\default@atdmt[1].txt
c:\WINDOWS\Cookies\default@statcounter[1].txt
c:\WINDOWS\Cookies\default@hitbox[2].txt
c:\WINDOWS\Cookies\default@cbs.112.2o7[1].txt
c:\WINDOWS\Cookies\default@msnportal.112.2o7[1].txt
c:\WINDOWS\Cookies\default@adecn[1].txt
c:\WINDOWS\Cookies\default@fastclick[2].txt
c:\WINDOWS\Cookies\default@www.burstbeacon[1].txt
c:\WINDOWS\Cookies\default@revsci[1].txt
c:\WINDOWS\Cookies\default@mediaplex[1].txt
c:\WINDOWS\Cookies\default@eb.adbureau[2].txt
c:\WINDOWS\Cookies\default@www.burstnet[2].txt
c:\WINDOWS\Cookies\default@apmebf[1].txt
c:\WINDOWS\Cookies\default@media6degrees[2].txt
c:\WINDOWS\Cookies\default@adopt.specificclick[2].txt
c:\WINDOWS\Cookies\default@interclick[2].txt
c:\WINDOWS\Cookies\default@nextag[2].txt
c:\WINDOWS\Cookies\default@bs.serving-sys[1].txt
c:\WINDOWS\Cookies\default@adopt.euroclick[2].txt
c:\WINDOWS\Cookies\default@adserver.adtechus[1].txt
c:\WINDOWS\Cookies\default@burstnet[2].txt
c:\WINDOWS\Cookies\default@richmedia.yahoo[1].txt
c:\WINDOWS\Cookies\default@247realmedia[2].txt
c:\WINDOWS\Cookies\default@overture[2].txt
c:\WINDOWS\Cookies\default@msnbc.112.2o7[1].txt
c:\WINDOWS\Cookies\default@adrevolver[2].txt
c:\WINDOWS\Cookies\default@realmedia[1].txt
c:\WINDOWS\Cookies\default@casalemedia[1].txt
c:\WINDOWS\Cookies\default@adbrite[1].txt
c:\WINDOWS\Cookies\default@ads.telegraph.co[1].txt
c:\WINDOWS\Cookies\default@viacom.adbureau[1].txt
c:\WINDOWS\Cookies\default@adrevolver[3].txt
c:\WINDOWS\Cookies\default@media.adrevolver[2].txt
c:\WINDOWS\Cookies\default@trafficmp[2].txt
c:\WINDOWS\Cookies\default@serving-sys[1].txt
c:\WINDOWS\Cookies\default@hearstmagazines.112.2o7[1].txt
c:\WINDOWS\Cookies\default@insightexpressai[2].txt
c:\WINDOWS\Cookies\default@ads.jossip[2].txt
c:\WINDOWS\Cookies\default@media.mtvnservices[2].txt
c:\WINDOWS\Cookies\default@ads.pointroll[1].txt
c:\WINDOWS\Cookies\default@ads.trutv[1].txt
c:\WINDOWS\Cookies\default@dynamic.media.adrevolver[2].txt
c:\WINDOWS\Cookies\default@accounts[2].txt
c:\WINDOWS\Cookies\default@ehg-chartercommunications.hitbox[1].txt
c:\WINDOWS\Cookies\default@zedo[2].txt
c:\WINDOWS\Cookies\default@2o7[1].txt
c:\WINDOWS\Cookies\default@questionmarket[1].txt
c:\WINDOWS\Cookies\default@specificclick[2].txt
c:\WINDOWS\Cookies\default@ad.yieldmanager[2].txt
c:\WINDOWS\Cookies\default@server.iad.liveperson[2].txt
c:\WINDOWS\Cookies\default@service.liveperson[2].txt
c:\WINDOWS\Cookies\default@advertising[2].txt
c:\WINDOWS\Cookies\default@tribalfusion[2].txt
c:\WINDOWS\Cookies\default@accounts[1].txt

Adware.Vundo/Variant
C:\MY DOCUMENTS\TECH\NVIDIA DRIVER\NV3SYS.DLL

Trace.Known Threat Sources
c:\WINDOWS\Temporary Internet Files\Content.IE5\KXE7SXUZ\virusremover2009[1].jpg
Do or do not. There is no try. -Yoda

#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:03:29 AM

Posted 20 March 2009 - 02:38 PM

Let's give Trojan Hunter a shot:

http://www.misec.net/products/TrojanHunterSetup.exe
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 LadyEarp

LadyEarp
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:29 AM

Posted 20 March 2009 - 08:59 PM

Trojan Hunter Scan Results
WinME
03/20/2009
9:58 PM

Suspicious registry entry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\SmcService
Suspicious registry entry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SmcService
Found trojan file: C:\Program Files\Carbon Copy Support\MSGLOG.DLL (Generic.Vundo.C)
Found trojan file: C:\Program Files\Carbon Copy Support\CCDOSKEY.DLL (Generic.Vundo.C)
Found trojan file: C:\Program Files\PC Wizard 2008\Data\pcwpdf.dll (Worm.Socks.119)
Do or do not. There is no try. -Yoda

#6 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:03:29 AM

Posted 21 March 2009 - 02:27 PM

I just got done playing around with this scanner
In the Options section, did you use the full or quick scan?
Also tick the box that says Enable cleaning of possible trojan files and try it one more time
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users