Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with Troj/Rustok-N!!!


  • Please log in to reply
9 replies to this topic

#1 Krazypho

Krazypho

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 01 June 2009 - 07:09 AM

Just got the infection, dunno what to do, i did a smit scan and got this, also maywarebytes is not working for me.
SmitFraudFix v2.417

Scan done at 4:54:00.65, Mon 06/01/2009
Run from C:\Program Files\Dell\DellDock\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

DNS Before Fix

HKLM\SYSTEM\CCS\Services\Tcpip\..\{13E021B3-6C39-4435-BA9E-0D1FC86536BF}: DhcpNameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{13E021B3-6C39-4435-BA9E-0D1FC86536BF}: NameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CCDBD90A-9072-4152-B40C-1F39726689DD}: DhcpNameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CCDBD90A-9072-4152-B40C-1F39726689DD}: NameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CFE439F2-1F94-45AE-B676-CC3C4A362142}: DhcpNameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CFE439F2-1F94-45AE-B676-CC3C4A362142}: NameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CS1\Services\Tcpip\..\{13E021B3-6C39-4435-BA9E-0D1FC86536BF}: DhcpNameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{13E021B3-6C39-4435-BA9E-0D1FC86536BF}: NameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CCDBD90A-9072-4152-B40C-1F39726689DD}: DhcpNameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CCDBD90A-9072-4152-B40C-1F39726689DD}: NameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CFE439F2-1F94-45AE-B676-CC3C4A362142}: DhcpNameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CFE439F2-1F94-45AE-B676-CC3C4A362142}: NameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CS3\Services\Tcpip\..\{13E021B3-6C39-4435-BA9E-0D1FC86536BF}: DhcpNameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CCDBD90A-9072-4152-B40C-1F39726689DD}: DhcpNameServer=10.1.0.50 10.1.0.51 4.2.2.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.112.112,85.255.112.212

DNS After Fix

HKLM\SYSTEM\CCS\Services\Tcpip\..\{13E021B3-6C39-4435-BA9E-0D1FC86536BF}: DhcpNameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{13E021B3-6C39-4435-BA9E-0D1FC86536BF}: NameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CCDBD90A-9072-4152-B40C-1F39726689DD}: DhcpNameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CCDBD90A-9072-4152-B40C-1F39726689DD}: NameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CFE439F2-1F94-45AE-B676-CC3C4A362142}: DhcpNameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CFE439F2-1F94-45AE-B676-CC3C4A362142}: NameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CS1\Services\Tcpip\..\{13E021B3-6C39-4435-BA9E-0D1FC86536BF}: DhcpNameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{13E021B3-6C39-4435-BA9E-0D1FC86536BF}: NameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CCDBD90A-9072-4152-B40C-1F39726689DD}: DhcpNameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CCDBD90A-9072-4152-B40C-1F39726689DD}: NameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CFE439F2-1F94-45AE-B676-CC3C4A362142}: DhcpNameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CFE439F2-1F94-45AE-B676-CC3C4A362142}: NameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CS3\Services\Tcpip\..\{13E021B3-6C39-4435-BA9E-0D1FC86536BF}: DhcpNameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CCDBD90A-9072-4152-B40C-1F39726689DD}: DhcpNameServer=10.1.0.50 10.1.0.51 4.2.2.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.112.112,85.255.112.212

Edited by Krazypho, 01 June 2009 - 07:22 AM.


BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:03 PM

Posted 01 June 2009 - 09:02 AM

Please post the information you sent via PM.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Krazypho

Krazypho
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 01 June 2009 - 06:20 PM

Malwarebytes' Anti-Malware 1.37
Database version: 2206
Windows 6.0.6001 Service Pack 1

6/1/2009 6:34:42 AM
mbam-log-2009-06-01 (06-34-42).txt

Scan type: Quick Scan
Objects scanned: 82588
Time elapsed: 9 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

New issue, cant run Smidfraud anymore, i get the access denied box everytime I try

Edited by Krazypho, 01 June 2009 - 06:29 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:03 PM

Posted 01 June 2009 - 09:07 PM

Please download and scan with Dr.Web CureIt - alternate download link.
Follow these instructions for performing a scan in "safe mode" after running ATF-Cleaner.
If you cannot boot into safe mode, then perform your scan in normal mode. Be aware, this scan could take a long time to complete.
-- Post the log in your next reply. If you can't find the log, try to write down what was detected/removed before exiting Dr.WebCureIt so you can provide that information.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Krazypho

Krazypho
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 01 June 2009 - 09:28 PM

I used SuperAntispyware and ATF Cleaner on safe mode and got this log


Generated 06/01/2009 at 07:19 PM

Application Version : 4.26.1004

Core Rules Database Version : 3919
Trace Rules Database Version: 1863

Scan type : Complete Scan
Total Scan Time : 01:20:03

Memory items scanned : 362
Memory threats detected : 0
Registry items scanned : 7908
Registry threats detected : 0
File items scanned : 197742
File threats detected : 110

BearShare File Sharing Client
C:\PROGRAM FILES\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE

Adware.Tracking Cookie
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@247realmedia[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@2o7[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@4.adbrite[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@a.websponsors[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@a1.interclick[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@ad.yieldmanager[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@ad2.doublepimp[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@adbrite[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@adecn[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@adinterax[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@adlegend[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@adopt.euroclick[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@adopt.specificclick[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@adrevolver[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@ads.adap[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@ads.adbrite[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@ads.addynamix[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@ads.bridgetrack[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@ads.clicksor[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@ads.imarketservices[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@ads.madisonavenue[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@ads.monster[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@ads.nba[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@ads.pointroll[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@ads.revsci[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@ads.us.e-planning[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@ads.widgetbucks[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@adserv01[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@adserver.adtechus[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@adserver.easyadult[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@adultadworld[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@advert.runescape[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@advertising[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@apmebf[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@at.atwola[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@atdmt[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@atwola[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@azjmp[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@banners.adap[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@bs.serving-sys[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@burstbeacon[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@burstnet[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@casalemedia[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@cdn.atwola[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@cdn4.specificclick[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@cgm.adbureau[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@citi.bridgetrack[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@cms.trafficmp[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@collective-media[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@data.coremetrics[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@doubleclick[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@dynamic.media.adrevolver[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@edge.ru4[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@ehg-ccbn.hitbox[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@ehg-lifetimeentertainment.hitbox[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@ehg-nelnetinc.hitbox[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@fastclick[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@hitbox[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@hornymatches[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@humornsex[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@iacas.adbureau[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@imrworldwide[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@insightexpressai[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@interclick[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@lotsofads.smilingtraffic[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@media.adrevolver[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@media.adrevolver[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@media.ntsserve[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@media6degrees[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@mediaplex[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@metacafe.122.2o7[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@msnportal.112.2o7[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@myroitracking[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@oasn04.247realmedia[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@overture[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@pornotube[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@precisionclick[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@questionmarket[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@realmedia[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@revsci[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@richmedia.yahoo[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@roiservice[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@rotator.adjuggler[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@sales.liveperson[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@sales.liveperson[3].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@sec1.liveperson[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@sec1.liveperson[3].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@servedby.onlinemediadiva[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@serving-sys[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@socialmedia[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@specificclick[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@specificmedia[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@ssl.clickfacts[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@statcounter[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@tacoda[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@trafficmp[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@tremor.adbureau[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@tribalfusion[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@www.burstbeacon[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@www.burstnet[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@www.googleadservices[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@www.googleadservices[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@www.googleadservices[3].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@www.googleadservices[4].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@www.googleadservices[5].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@www.googleadservices[7].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@www.humornsex[1].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@www.humornsex[2].txt
C:\Users\KiNgLeR`\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingler`@zedo[1].txt

I ran Dr.Web but it stopped for 30 minutes, so should i have kept it going or is their a issue?

Edited by Krazypho, 02 June 2009 - 04:40 AM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:03 PM

Posted 02 June 2009 - 06:56 AM

Were you running DrWeb in safe or normal mode?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Krazypho

Krazypho
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 02 June 2009 - 10:19 AM

sorry forgot to add, was running it in safe mode and normal mode

Edited by Krazypho, 02 June 2009 - 10:19 AM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:03 PM

Posted 02 June 2009 - 11:01 AM

Ok. How is your computer running now? Are there any more reports/signs of infection?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Krazypho

Krazypho
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 04 June 2009 - 06:08 PM

seems like its running even faster then normal thanks :thumbsup:

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:03 PM

Posted 05 June 2009 - 07:41 AM

You're welcome.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista users can refer to these links: Create a New Restore Point in Vista and Disk Cleanup in Vista.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users