Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ANOTHER url.urtbk.com redirect & Malbytes will not open!


  • Please log in to reply
36 replies to this topic

#1 BentBrother

BentBrother

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near Lucas Oil Stadium
  • Local time:05:21 AM

Posted 18 July 2009 - 12:32 AM

AVG runs and found the SHEUR2 virus but still→ even as SBYBOT was denying registry changes--It got thru.../ :thumbsup:
Please Help this is another WORK computer ..! theBoss will surely fire me.!


BC AdBot (Login to Remove)

 


#2 BentBrother

BentBrother
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near Lucas Oil Stadium
  • Local time:05:21 AM

Posted 18 July 2009 - 01:40 PM

Combofix/malwarebytes/ ALL FAIL→ Cannot even launch HiJAckTHIS ~ infeced by trojan caught late by AVG.

Sheur2.AOFX !!!! C:\RECYCLERS............./Dc95.zip are in AVG virus vault.

AVG mentions a problem with explorer .exe

HELP PLEASE :thumbsup:

#3 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 18 July 2009 - 03:30 PM

Hello and welcome to Bleeping Computer.

Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.

To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.



Lets take a look with Malwarebytes

Please download Malwarebytes' Anti-Malware from here:
Malwarebytes
Please rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exe

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Double Click zztoy.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


If Malwarebytes won't install or run

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.
Computer Pro

#4 BentBrother

BentBrother
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near Lucas Oil Stadium
  • Local time:05:21 AM

Posted 19 July 2009 - 04:06 PM

I will try to do this But I CANT EVEN GET TO THE LINK TO D/L malwaremalbytes -- I keep getting redirected→ to a rouge site..!
Hijack this will not run...I have rootrepeal working but do not know what to do with the files it finds ; which dont look like others that I see here at the forum and have been told to remove- and AVG still is finding the sheurd trojan..
please proceed as if I cant load and use MWMB's→ :thumbsup: I will keep trying but--
IF I cant D/L MWMBs → What do I do..!!! ?????
edit: 1740 lcl

I CANT GET mwmb'S TO LOAD EVEN AFTER I RENAME IT : (AND in several ldifferent anguages)

whats next → ???
thanks

Edited by BentBrother, 19 July 2009 - 04:41 PM.


#5 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 19 July 2009 - 08:43 PM

First please do not try to delete any files that RootRepeal finds, as you may delete a NEEDED system file.

Please download Dr. Web the free version & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr. Web Cureit as follows:
Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).
If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
When complete, click Select All, then choose Cure > Move incurable.
(This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
Now put a check next to Complete scan to scan all local disks and removable media.
In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
In the top menu, click file and choose save report list.
Save the DrWeb.csv report to your desktop.
Exit Dr.Web Cureit when done.
Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
Computer Pro

#6 BentBrother

BentBrother
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near Lucas Oil Stadium
  • Local time:05:21 AM

Posted 20 July 2009 - 02:13 AM

I'm sorry → but the program 'AGAIN' will NOT run..! I d/l'd it to my 'removable' and dragged to desktop on 2 different computers.!
the uninfected one ran the program... and the infected one... rediredted me to a website after it says ► FULL VERSION FREE TRIAL..and gets hung up ...and does NOT run → like it does on the othet computer / / same .exe used.
I am in SAFE mode? :thumbsup: It ran nicely on my other computer /.!!! (but it doesn't need it..!!)


NOW WHAT ? NEXT?

shat-!! :flowers: -sorry-

Edited by BentBrother, 20 July 2009 - 02:21 AM.


#7 TonyP

TonyP

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 20 July 2009 - 10:14 AM

I too have this problem - all the same symptoms and more. Can't run any malware any malwr programs andhaving problems with Windows Exlorer. It is sending information somewhere and crashing at startup. his appears t be a brand new issue as I've spent the last day searching for a solution and only just found this post. Just updated AVG and trying another scan. Will keep you posted.
TonyP

#8 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 20 July 2009 - 11:21 AM

@BentBrother, please try the same procedure with Malwarebytes like you did with Dr. Web (Transferring it via USB Stick) and running it from there.

@TonyP, please start your own topic, as it will prevent confusion.
Computer Pro

#9 BentBrother

BentBrother
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near Lucas Oil Stadium
  • Local time:05:21 AM

Posted 20 July 2009 - 12:28 PM

I have tried that too...to no avail. It wont run. :thumbsup:
I followed other links for same trojan and was able to run SuperAntispyware in safe mode and it found many issues which I removed and rebooted normally. SuperAntispyware is in my taskbar now as a quick launch icon but any option I choose (like obtaining a scan report) produces no results. It wont launch now either.! now- Neither will Spybot. and AVG has recaught the damn Sheurd trojan again, AND im still being redirected.
HELP ! Im in bad shape...

#10 BentBrother

BentBrother
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near Lucas Oil Stadium
  • Local time:05:21 AM

Posted 20 July 2009 - 12:36 PM

Well I WAS able to get the log file ----
Sorry if Im jumping the gun here- ..but ts my work computer and Im getting desperate to get the freekin thing OFF my comupter..!!
LET ME KNOW WHAT NEXT Dr.!!
SUPERAntiSpyware Scan Loghttp://www.superantispyware.com

Generated 07/20/2009 at 12:54 PM

Application Version : 4.26.1006

Core Rules Database Version : 3952
Trace Rules Database Version: 1894

Scan type : Complete Scan
Total Scan Time : 00:35:52

Memory items scanned : 445
Memory threats detected : 2
Registry items scanned : 6536
Registry threats detected : 7
File items scanned : 16399
File threats detected : 153

Trojan.Unclassified/C00-WL/B
C:\WINDOWS\SYSTEM32\__C0038FDC.DAT
C:\WINDOWS\SYSTEM32\__C0038FDC.DAT
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\__c0038FDC

Trojan.Unclassified/C00-WL/G
C:\WINDOWS\SYSTEM32\__C00F02EF.DAT
C:\WINDOWS\SYSTEM32\__C00F02EF.DAT

Adware.Tracking Cookie
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@insightexpressai[7].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.bleepingcomputer[5].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.yieldmanager[4].txt

Adware.Zango Toolbar/Hb
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\btntrans.idx
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\btntrans1.dat
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\buttondir.txt
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\components.cdf
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\default.cdf
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_511745-514279.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_categorize.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_comparison.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_explorer-people.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_favorites.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Games.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Hide.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Hotmail.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_hsskin.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jemster.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jemsterie.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jobsearch.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Mails.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_MobileSidewalk.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_new.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_premium.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_reun.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_ringtones.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_searchfor.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_searchgo.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_weather.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_yellowpages.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_other.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\email-t1-bg.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\icons2.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\keywords.idx
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\keywords1.dat
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\layout.cdf
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\linkpathlegal.txt
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\progress.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\sales_buttons.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\s_icons_buttons.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\t2_bg.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\theweb.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\top7.cdf
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Top7_theweb.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\tsd_bg.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\zango.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\btntrans1.dat
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\buttondir.txt
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\components.cdf
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\default.cdf
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_511745-514279.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_categorize.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_comparison.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_explorer-people.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_favorites.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_Games.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_Hide.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_Hotmail.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_hsskin.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_jemster.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_jemsterie.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_jemsteruk.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_jobsearch.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_Mails.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_MobileSidewalk.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_new.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_premium.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_reun.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_ringtones.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_searchfor.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_searchgo.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_weather.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_yellowpages.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\d_icons_buttons_other.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\email-def-511724-548964.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\email-t1-bg.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\icons2.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\keywords.idx
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\keywords1.dat
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\layout.cdf
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\linkpathlegal.txt
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\progress.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\sales_buttons.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\s_icons_buttons.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\t2_bg.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\theweb.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\top7.cdf
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Top7_theweb.mnu
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\tsd_bg.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\zango.res
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\buttondir.xip
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\default.xip
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\icons2.xip
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\keywords.xip
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\keywords1.xip
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\layout.xip
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\progress.xip
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\t2_bg.xip
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\top7.xip
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\zango.xip
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\v3.0
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar\zbar.log
C:\Documents and Settings\Compaq_Owner\Application Data\ZangoToolbar

Trojan.Unclassified/C00-WL
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0038FDC
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0038FDC#Asynchronous
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0038FDC#DllName
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0038FDC#Impersonate
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0038FDC#Startup
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0038FDC#Logon

#11 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 20 July 2009 - 02:30 PM

Please try to run Dr. Web again. Will it run?
Computer Pro

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:21 AM

Posted 20 July 2009 - 02:43 PM

...this is another WORK computer...

Since you say this a work computer, have you contacted and advised your IT Department? In most work environments, the IT staff implement specific policies and procedures for the use of computer equipment and related resources. In fact, many companies will require you to read those policies and sign a statement of understanding. These official procedures are designed and implemented to provide security and certain restrictions to protect the network. This allows all users to safely use business resources with minimum risk of malware infection, illegal software, and exposure to inappropriate Internet sites or other prohibited activity.

The IT staff generally has procedures in place to deal with infections on the network and may not approve of employees seeking help at an online forum or outside the business office. Further, the malware you are dealing with may have already infected the network. If that's the case, the IT Department needs to be advised right away so they can take the appropriate measures.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 BentBrother

BentBrother
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near Lucas Oil Stadium
  • Local time:05:21 AM

Posted 20 July 2009 - 03:28 PM

DR Web will NOT run. neither will most all other spyware related programs. (combofix / hijackthis / MWMBytes / etc.
AVG and SUPERAntiSpyware Scan are the only ones that work. they heal or delete what they find.....→ BUT IT RETURNS!!!


''''have you contacted and advised your IT Department?''''' I work from Home. ►I AM THE IT DEPARTMENT...!!!

#14 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 20 July 2009 - 04:01 PM

Ok, you said that you had RootRepeal running, please try to run it again under the files tab, and then post back the log.
Computer Pro

#15 BentBrother

BentBrother
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near Lucas Oil Stadium
  • Local time:05:21 AM

Posted 20 July 2009 - 06:44 PM

Well all of a sudden HIJACK THIS RUNS ---- I will post ROOTrepeal in a few minutes.!

removed per Helpers request sorry -

Edited by BentBrother, 20 July 2009 - 07:37 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users