PWS:Win32/VB.HE trojan removal HELP NEEDED [Moved]

hey i would really like someone to explain to me how to remove PWS:Win32/VB.HE trojan from my computer

every time i start up windows xp this is displayed by windows live onecare



http://img194.imageshack.us/img194/488/passwordstealer2.png

i searched google for how to remove this and downloaded and installed spyware doctor to try and remove this but this had no effect (although it did discover several other malware and spyware on my computer that windows live onecare missed)

i tried opening the file that onecare said was the problem (msnmsgr.exe) and deleting it and the whole folder it was in but the next time i startup its there again

here is some information microsoft has to say about this trojan

http://www.microsoft.com/security/portal/E...3aWin32%2fVB.HE

any help is very welcome thanks

Edited by layzworm, 06 July 2009 - 12:08 AM.

Hello,

I am moving this topic from the Windows XP forum to the Am I Infected forum where your questions can be addressed.

Orange Blossom

Scanning with Malwarebytes and SuperAntiSpyware might help.

You can get Malwarebytes at Malwarebytes.org and SuperAntiSpyware at SuperAntiSpyware.com

Both programs are free.

If they will not download or run, try renaming them.

After running a quick scan with Malwarebytes, post the log here and then run a quick scan with SuperAntiSpyware and post the results from that one here.

SuperAntiSpyware can take quite a while to scan but the other one is really fast

Edited by Stang777, 06 July 2009 - 12:41 AM.

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 3

7/07/2009 11:19:56 a.m.
mbam-log-2009-07-07 (11-19-56).txt

Scan type: Full Scan (C:\|)
Objects scanned: 193820
Time elapsed: 55 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

the problem is that windows live onecare removes the trojan but it just appears again the next time i start the computer up


i restarted the computer and the trojan was still there i chose not clean with windows live onecare and scanned with malwarebytes again

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 3

7/07/2009 11:41:06 a.m.
mbam-log-2009-07-07 (11-41-06).txt

Scan type: Quick Scan
Objects scanned: 88184
Time elapsed: 5 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

but it said zero threats detected

Edited by layzworm, 06 July 2009 - 06:45 PM.

Scan with SuperAntiSpyware and post that log. It can be downloaded from SuperAntiSpyware.com

i scanned with super anti-spyware
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/12/2009 at 01:21 PM

Application Version : 4.26.1006

Core Rules Database Version : 3952
Trace Rules Database Version: 1894

Scan type : Quick Scan
Total Scan Time : 00:14:57

Memory items scanned : 445
Memory threats detected : 0
Registry items scanned : 511
Registry threats detected : 0
File items scanned : 6174
File threats detected : 259

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@ads.bittorrent[1].txt
C:\Documents and Settings\Owner\Cookies\owner@iacas.adbureau[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.serialshack[1].txt
C:\Documents and Settings\Owner\Cookies\owner@badassteens[2].txt
C:\Documents and Settings\Owner\Cookies\owner@chitika[2].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner\Cookies\owner@imrworldwide[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sitestat.mayoclinic[1].txt
C:\Documents and Settings\Owner\Cookies\owner@server.cpmstar[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt
C:\Documents and Settings\Owner\Cookies\owner@kontera[2].txt
C:\Documents and Settings\Owner\Cookies\owner@accounts.pkr[1].txt
C:\Documents and Settings\Owner\Cookies\owner@list[1].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt
C:\Documents and Settings\Owner\Cookies\owner@spylog[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.dragonstar.dmoglobal[2].txt
C:\Documents and Settings\Owner\Cookies\owner@audit.median[1].txt
C:\Documents and Settings\Owner\Cookies\owner@inl.adbureau[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media6degrees[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[3].txt
C:\Documents and Settings\Owner\Cookies\owner@pitchforkmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@gametracker[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.sdcentral[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.sun[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt
C:\Documents and Settings\Owner\Cookies\owner@weefind[2].txt
C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt
C:\Documents and Settings\Owner\Cookies\owner@clickbank[1].txt
C:\Documents and Settings\Owner\Cookies\owner@teeniefiles[1].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@yadro[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adbureau[1].txt
C:\Documents and Settings\Owner\Cookies\owner@apmebf[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.versiontracker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sextracker[2].txt
C:\Documents and Settings\Owner\Cookies\owner@realteenpictureclub[1].txt
C:\Documents and Settings\Owner\Cookies\owner@labsafetysupply.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.adtechus[2].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[1].txt
C:\Documents and Settings\Owner\Cookies\owner@at.atwola[1].txt
C:\Documents and Settings\Owner\Cookies\owner@counter3.sextracker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@collective-media[1].txt
C:\Documents and Settings\Owner\Cookies\owner@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[3].txt
C:\Documents and Settings\Owner\Cookies\owner@counter4.sextracker[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www7.addfreestats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@rambler[1].txt
C:\Documents and Settings\Owner\Cookies\owner@microsoftwlmobilemkt.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.telegraph.co[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.gamershell[1].txt
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt
C:\Documents and Settings\Owner\Cookies\owner@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@hotlog[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt
C:\Documents and Settings\Owner\Cookies\owner@fr.sitestat[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.ad4game[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.teeniesxxx[1].txt
C:\Documents and Settings\Owner\Cookies\owner@nike.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[1].txt
C:\Documents and Settings\Owner\Cookies\owner@zanox-affiliate[1].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[3].txt
C:\Documents and Settings\Owner\Cookies\owner@hornypharaoh[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.adap[1].txt
C:\Documents and Settings\Owner\Cookies\owner@pro-market[2].txt
C:\Documents and Settings\Owner\Cookies\owner@cgm.adbureau[2].txt
C:\Documents and Settings\Owner\Cookies\owner@mint.pitchforkmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bleepedhard18[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.seedpeer[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad1.clickhype[1].txt
C:\Documents and Settings\Owner\Cookies\owner@counter15.sextracker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.zanox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.ozonemedia.co[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.trademe.co[2].txt
C:\Documents and Settings\Owner\Cookies\owner@canon.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@clicktorrent[2].txt
C:\Documents and Settings\Owner\Cookies\owner@eztracks.aavalue[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adfarm1.adition[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.kumagames[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tour.teenpinkvideos[2].txt
C:\Documents and Settings\Owner\Cookies\owner@versiontracker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www6.addfreestats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@revenue[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.apn.co[1].txt
C:\Documents and Settings\Owner\Cookies\owner@counter7.sextracker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@phg.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@team-mediaportal[1].txt
C:\Documents and Settings\Owner\Cookies\owner@eas.apm.emediate[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-kodak.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.filefront[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.addfreestats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[4].txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@stat.dealtime[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adlegend[2].txt
C:\Documents and Settings\Owner\Cookies\owner@m1.webstats.motigo[2].txt
C:\Documents and Settings\Owner\Cookies\owner@eb.adbureau[1].txt
C:\Documents and Settings\Owner\Cookies\owner@interclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt
C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
C:\Documents and Settings\Owner\Cookies\owner@personalsexpics[1].txt
C:\Documents and Settings\Owner\Cookies\owner@stats.manticoretechnology[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.digital-digest[2].txt
C:\Documents and Settings\Owner\Cookies\owner@finda.co[1].txt
C:\Documents and Settings\Owner\Cookies\owner@counter14.sextracker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@specificmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.nathell[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cracked[2].txt
C:\Documents and Settings\Owner\Cookies\owner@teenburg[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad3.clickhype[2].txt
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.widgetbucks[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.warezaccess[1].txt
C:\Documents and Settings\Owner\Cookies\owner@myroitracking[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.gametracker[2].txt
C:\Documents and Settings\Owner\Cookies\owner@one.apnfinda.co[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adv.mobango[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.clicksor[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-idgentertainment.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@media.sensis.com[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-techtarget.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.ez-tracks[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[3].txt
C:\Documents and Settings\Owner\Cookies\owner@www.mediaconverter[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[2].txt
C:\Documents and Settings\Owner\Cookies\owner@divx.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@petiteteenager[1].txt
C:\Documents and Settings\Owner\Cookies\owner@banner.te.co[1].txt
C:\Documents and Settings\Owner\Cookies\owner@fr.sitestat[2].txt
C:\Documents and Settings\Owner\Cookies\owner@apnonline.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[3].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.undertone[2].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaonenetwork[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bonniercorp.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@porn[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-ti.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.porn[1].txt
C:\Documents and Settings\Owner\Cookies\owner@stat.youku[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.cuteteencheaters[1].txt
C:\Documents and Settings\Owner\Cookies\owner@retro-porno[2].txt
C:\Documents and Settings\Owner\Cookies\owner@uscdmedicalcenter.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.pxtrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad2.doublepimp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads2.sdcentral[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media.photobucket[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.serials[1].txt
C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www3.addfreestats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediafire[2].txt
C:\Documents and Settings\Owner\Cookies\owner@fr.sitestat[3].txt
C:\Documents and Settings\Owner\Cookies\owner@bizrate.co[2].txt
C:\Documents and Settings\Owner\Cookies\owner@gaiainteractive.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@haymarketconsumermedia.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.mobihand[2].txt
C:\Documents and Settings\Owner\Cookies\owner@richmedia.yahoo[2].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.predictad[1].txt
C:\Documents and Settings\Owner\Cookies\owner@trackalyzer[1].txt
C:\Documents and Settings\Owner\Cookies\owner@toplist[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.etracker[2].txt
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adstats.cdfreaks[1].txt
C:\Documents and Settings\Owner\Cookies\owner@viacom.adbureau[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[1].txt
C:\Documents and Settings\Owner\Cookies\owner@uk.sitestat[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt
C:\Documents and Settings\Owner\Cookies\owner@lstat.youku[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt
C:\Documents and Settings\Owner\Cookies\owner@euroclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@youporn[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bizrate[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sexforums[2].txt
C:\Documents and Settings\Owner\Cookies\owner@serw.clicksor[1].txt
C:\Documents and Settings\Owner\Cookies\owner@banners.mechquest[1].txt
C:\Documents and Settings\Owner\Cookies\owner@a.www.gametracker[2].txt
C:\Documents and Settings\Owner\Cookies\owner@pornhub[2].txt
C:\Documents and Settings\Owner\Cookies\owner@invitemedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@pornotube[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.gamestats[2].txt
C:\Documents and Settings\Owner\Cookies\owner@cdn4.specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.lunamedia.com[2].txt
C:\Documents and Settings\Owner\Cookies\owner@oqo.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@oasc08.247realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@videoegg.adbureau[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www8.addfreestats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tripod[2].txt
C:\Documents and Settings\Owner\Cookies\owner@viacomedycentralrl.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.co[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.mapmyfitness[2].txt
C:\Documents and Settings\Owner\Cookies\owner@encyclomedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@highbeam.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@pcstats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.matchcraft[1].txt
C:\Documents and Settings\Owner\Cookies\owner@virginmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ipcmedia.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[9].txt
C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[7].txt
C:\Documents and Settings\Owner\Cookies\owner@openxxx.viragemedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.teeniefiles[2].txt
C:\Documents and Settings\Owner\Cookies\owner@dmtracker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt
C:\Documents and Settings\Owner\Cookies\owner@serials[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.ezytrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@track.tophatseo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@socialmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@paypal.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-fifa.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@oasc12.247realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.aol[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.adreactor[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ez-tracks[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adtech[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-nokiafin.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@msnbc.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.encyclomedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt
C:\Documents and Settings\Owner\Cookies\owner@stat.onestat[1].txt
C:\Documents and Settings\Owner\Cookies\owner@advertstream[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tns-counter[1].txt
C:\Documents and Settings\Owner\Cookies\owner@keygens[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.veoh[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media2.gamook[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cuteteencheaters[1].txt
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.associatedcontent[1].txt
C:\Documents and Settings\Owner\Cookies\owner@open.mymedia.net[1].txt
C:\Documents and Settings\Owner\Cookies\owner@lfstmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.us.e-planning[1].txt
C:\Documents and Settings\Owner\Cookies\owner@burstbeacon[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[5].txt
C:\Documents and Settings\Owner\Cookies\owner@teenpinkvideos[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaconverter[1].txt
C:\Documents and Settings\Owner\Cookies\owner@jcwhitney.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@a1.interclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@insightexpressai[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[6].txt
C:\Documents and Settings\Owner\Cookies\owner@soundtrack[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.gamersmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@webads.hookedmediagroup[2].txt
C:\Documents and Settings\Owner\Cookies\owner@counter.hitslink[1].txt
C:\Documents and Settings\Owner\Cookies\owner@microsoftinternetexplorer.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@gamestats[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.4shared[1].txt
C:\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[3].txt
C:\Documents and Settings\Owner\Cookies\owner@int.sitestat[1].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[3].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[2].txt

Your Malwarebytes Anti-Malware log indicates you are using an older version of MBAM (v1.38) with with an outdated database. Please download and install the most current version (1.39) from here.
You may have to reboot after updating in order to overwrite any "in use" protection module files.

Your database shows 2297. Last I checked it was 2534.

Update the database through the program's interface (preferable method) or manually download the definition updates and just double-click on mbam-rules.exe to install.

• alternate mbam-rules.exe download link 1
• alternate mbam-rules.exe download link 2

Then perform a new Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Note: Mbam-rules.exe is not updated daily. Another way to get the most current database definitions if you're having problems updating through the program's interface or have already manually downloaded the latest definitions (mbam-rules.exe) shown on this page, is to do the following: Install MBAM on a clean computer, launch the program and update through MBAM's interface. Copy the definitions (rules.ref) to a USB stick or CD and transfer that file to the infected machine. Copy rules.ref to the location indicated for your operating system. If you cannot see the folder, then you may have to Reconfigure Windows to show it.

• XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
• Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware

SUPERAntiSpyware has also been updated to v4.27. You need to download the latest version from here and install it.

Edited by quietman7, 31 July 2009 - 05:58 AM.

thanks for your help here is the log


Malwarebytes' Anti-Malware 1.39
Database version: 2544
Windows 5.1.2600 Service Pack 3

2/08/2009 5:41:24 p.m.
mbam-log-2009-08-02 (17-41-24).txt

Scan type: Quick Scan
Objects scanned: 93193
Time elapsed: 7 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\RECYCLER\s-1-5-21-842925246-920026266-1417001333-1003\dc100.keygen-virility\keygen.exe (Malware.Packer) -> Quarantined and deleted successfully.

mbam didn't find the trojan last time so i scanned the file that windows live onecare told me it was, separately and mbam found it and removed it but when i started up the computer there it was again

its really stubborn please help me!

heres the log from the msnmsgr.exe file scan by mbam

Malwarebytes' Anti-Malware 1.39
Database version: 2544
Windows 5.1.2600 Service Pack 3

2/08/2009 5:48:12 p.m.
mbam-log-2009-08-02 (17-48-12).txt

Scan type: Quick Scan
Objects scanned: 1
Time elapsed: 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\msn messenger\msnmsgr.exe (Password.Stealer) -> Quarantined and deleted successfully.

Please download and scan with Dr.Web CureIt - alternate download link.
Follow these instructions for performing a scan in "safe mode".
If you cannot boot into safe mode or complete a scan, then try doing it in normal mode. Be aware, this scan could take a long time to complete.
-- Post the log in your next reply. If you can't find the log, try to write down what was detected/removed before exiting Dr.WebCureIt so you can provide that information.

Now rescan again with Malwarebytes Anti-Malware but this time perform a Full Scan in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

IMPORTANT NOTE: Your scan log results indicate you are using keygens/crack tools.

c:\RECYCLER\s-1-5-21-842925246-920026266-1417001333-1003\dc100.keygen-virility\keygen.exe (Malware.Packer)

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.