Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Infected


  • Please log in to reply
8 replies to this topic

#1 shadow1515

shadow1515

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 27 July 2009 - 08:54 PM

Hello, I am new to the forums and sadly my first post is due to not so great circumstances.

My computer is currently infected with the Win32/Cryptor Virus. I have tried many scans and read many different methods of eradicating it but nothing seems to work.

of the programs Malwarebytes,SuperAntiSpyware and AVG 8.5 only AVG seems to find the virus, the other two don't pick it up.


I use an Alienware pc running OS Microsoft Windows XP Home Edition 2002

Currently the only noticeable problem is my google searches being hijacked but i have no idea what other things this virus could be doing. Any detailed step by step instructions in order to get rid of this virus would be greatly appreciated as I am not very computer literate. I know how to do very basic things with a computer so detail is important.

Here are the results from my last scan with AVG 8.5

Just wanted to also say that avg will not let me heal or move the files to vault, saying something like threat cant be removed by standard user rights.





AVG 8.5 Anti-Virus command line scanner
Copyright © 1992 - 2009 AVG Technologies
Program version 8.0.354, engine 8.0.387
Virus Database: Version 270.13.32/2266 2009-07-27

\\?\globalroot\systemroot\system32\hjgruifnfluage.dll Virus identified Win32/Cryptor
C:\WINDOWS\system32\winlogon.exe (212) Virus identified Win32/Cryptor
\\?\globalroot\systemroot\system32\hjgruifnfluage.dll Virus identified Win32/Cryptor
C:\WINDOWS\system32\services.exe (256) Virus identified Win32/Cryptor
\\?\globalroot\systemroot\system32\hjgruifnfluage.dll Virus identified Win32/Cryptor
C:\WINDOWS\system32\lsass.exe (268) Virus identified Win32/Cryptor
\\?\globalroot\systemroot\system32\hjgruifnfluage.dll Virus identified Win32/Cryptor
C:\WINDOWS\system32\svchost.exe (552) Virus identified Win32/Cryptor
\\?\globalroot\systemroot\system32\hjgruifnfluage.dll Virus identified Win32/Cryptor
C:\WINDOWS\explorer.exe (1660) Virus identified Win32/Cryptor
\\?\globalroot\systemroot\system32\hjgruifnfluage.dll Virus identified Win32/Cryptor
C:\Program Files\AVG\AVG8\avgui.exe (1480) Virus identified Win32/Cryptor
\\?\globalroot\systemroot\system32\hjgruifnfluage.dll Virus identified Win32/Cryptor
C:\Program Files\AVG\AVG8\avgscanx.exe (1500) Virus identified Win32/Cryptor
\\?\globalroot\systemroot\system32\hjgruifnfluage.dll Virus identified Win32/Cryptor
C:\Program Files\AVG\AVG8\avgcsrvx.exe (364) Virus identified Win32/Cryptor
HKLM\SOFTWARE\Classes\AppID\adm.EXE Found Adware.Altnet Object was moved to Virus Vault.
C:\Documents and Settings\Justin Ryan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\Justin Ryan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Justin Ryan\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\Justin Ryan\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested.

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 PM

Posted 27 July 2009 - 09:00 PM

Please download RootRepeal Rootkit Detector and save it to your Desktop.

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.
* Create a new folder on your hard drive called RootRepeal (C:\RootRepeal) and extract (unzip) RootRepeal.zip. (click here if you're not sure how to do this. Vista users refer to this link.)
* Open the folder and double-click on RootRepeal.exe to launch it. If using Vista, right-click and Run as Administrator...
* Click on the Files tab, then click the Scan button.
* In the Select Drives, dialog Please select drives to scan: select all drives showing, then click OK.
* When the scan has completed, a list of files will be generated in the RootRepeal window.
* Click on the Save Report button and save it as rootrepeal.txt to your desktop or the same location where you ran the tool from.
* Open rootrepeal.txt in Notepad and copy/paste its contents in your next reply.
* Exit RootRepeal and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

Note: If RootRepeal cannot complete a scan and results in a crash report, try repeating the scan in "Safe Mode".
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 shadow1515

shadow1515
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 27 July 2009 - 09:30 PM

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/07/27 22:29
Program Version: Version 1.3.2.0
Windows Version: Windows XP SP3
==================================================

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\hjgruidibbvlte.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\hjgruifnfluage.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\hjgruiwcwtwxtf.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\hjgruixxlfgxxy.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\hjgruiabcrooyxcu.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\hjgruicmyutowprd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\hjgruinvewmiqonn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\hjgruinyqntqievi.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\hjgruirivgbqhyvc.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\hjgruixvmmsbhkom.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\hjgruisuaimybs.sys
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Justin Ryan\Local Settings\Temp\Temporary Internet Files\Content.IE5\ABMY48HX\makeplaylist.dll%3Fsid=8725382&pt=url&xdata=6D.xfE5hFQP5sy.qTP.dOw-21795109-1200276552&s=396500550&b=18fsofp1m07m2&wmp=10&ticket=f6349d9e747cbed2c14b923a7bd47d96&zz=a[1].asx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Justin Ryan\Local Settings\Temp\Temporary Internet Files\Content.IE5\KNLV2PZY\size=120x90;noperf=1;alias=93242639;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93242639;target=_blank;aduho=24[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Justin Ryan\Local Settings\Temp\Temporary Internet Files\Content.IE5\KNLV2PZY\size=120x90;noperf=1;alias=93242639;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93242639;target=_blank;aduho=240;grp=[1].htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Justin Ryan\Local Settings\Temp\Temporary Internet Files\Content.IE5\KNLV2PZY\makeplaylist.dll%3Fsid=8725382&pt=url&xdata=6D.xfE5hFQP5sy.qTP.dOw-21795109-1200276552&s=396500550&b=18fsofp1m07m2&wmp=10&ticket=c809a97e23b55d338aa7b3e680d1d965&zz=a[1].asx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Justin Ryan\Local Settings\Temp\Temporary Internet Files\Content.IE5\TIF7AY8D\makeplaylist.dll%3Fsid=8725382&pt=url&xdata=6D.xfE5hFQP5sy.qTP.dOw-21795109-1200276552&s=396500550&b=18fsofp1m07m2&wmp=10&ticket=e980a82869314b18588cb89b37cf7ab8&zz=a[1].asx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Justin Ryan\Local Settings\Temp\Temporary Internet Files\Content.IE5\TIF7AY8D\size=120x90;cfp=1;rndc=124473443;noperf=1;alias=93242639;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93242639;target=[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Justin Ryan\Local Settings\Temp\Temporary Internet Files\Content.IE5\TIF7AY8D\size=120x90;noperf=1;alias=93242639;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93242639;target=_blank;aduho=24[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Justin Ryan\Local Settings\Temp\Temporary Internet Files\Content.IE5\TIF7AY8D\size=120x90;noperf=1;alias=93242639;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93242639;target=_blank;aduho=24[1].htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Justin Ryan\Local Settings\Temp\Temporary Internet Files\Content.IE5\TIF7AY8D\size=120x90;noperf=1;alias=93242639;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93242639;target=_blank;aduho=24[2]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Justin Ryan\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y2KQT5RV\makeplaylist.dll%3Fsid=8725382&pt=url&xdata=6D.xfE5hFQP5sy.qTP.dOw-21795109-1200276552&s=396500550&b=18fsofp1m07m2&wmp=10&ticket=0353dfe637956c5533ee0305b99d50a4&zz=a[1].asx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Justin Ryan\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y2KQT5RV\size=120x90;noperf=1;alias=93242639;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93242639;target=_blank;aduho=24[1].htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Justin Ryan\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y2KQT5RV\size=120x90;noperf=1;alias=93242639;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93242639;target=_blank;aduho=24[2].htm
Status: Locked to the Windows API!

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 PM

Posted 27 July 2009 - 09:58 PM

Rerun Rootrepeal. After the scan completes, go to the files tab and find this file:

C:\WINDOWS\system32\drivers\hjgruisuaimybs.sys

Then use your mouse to highlight it in the Rootrepeal window.
Next right mouse click on it and select *wipe file* option only.
Then immediately reboot the computer.

Then run a quick-scan with Malwarebytes. Keep rebooting and running quick-scans with Malwarebytes until it shows zero infections. If after 3 scans it is still not clean post the final log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 shadow1515

shadow1515
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 28 July 2009 - 08:49 PM

ok so i followed the instructions and it all looks good now

After wiping out the C:\WINDOWS\system32\drivers\hjgruisuaimybs.sys file. I rebooted

Upon reboot AVG Resident Shield for the first time gave 5 files which were related to this file but in dll form which it removed.

on first quickscan with malware bites it found 3 infected dll files related to this which it had not found on any other scans before and i removed them, rebooted and scanned 2nd time and it found nothing, rebooted again and scanned and it found nothing.

I then did a deep scan with AVG and all of the win32/cryptor related threats were gone just cookies related warnings now which i will show in the log.

All in all it looks like my comp is clean but if there's anything else you suggest i can do just to be absolutely sure id appreciate it. Thank you so much for your help.






"Scan ""Scan whole computer"" was finished."
"No infection was found during this scan"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"Tuesday, July 28, 2009, 8:35:20 PM"
"Scan finished:";"Tuesday, July 28, 2009, 9:39:48 PM (1 hour(s) 4 minute(s) 28 second(s))"
"Total object scanned:";"276204"
"User who launched the scan:";"Justin Ryan"

"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.1fab8047";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.230a785d";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.23a940be";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.25db95de";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.2bd99548";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.2dd7128e";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.2e368e64";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.32ec2278";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.2f21f4a";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.35a30809";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.3727e423";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.3b437850";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.3b7e7590";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.3c594c79";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.3fd7d418";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.419f6206";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.4afc39b0";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.4df4dbf7";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.542e30e8";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.57164656";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.5a40f012";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.5ab3c548";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.62e7ac24";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.7815c7ab";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.7c6f0705";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.7ea8995a";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.88586cae";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.8c2deff2";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.94f27a2c";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.9a526fbf";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.9feda03a";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.a38c551a";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.a82878e0";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.a967d38";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.c4154c4c";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.b0c1adbc";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.b271730a";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.b83e0dd8";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.ba00a41a";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.d2aa96c8";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.e2b68039";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.d532feaa";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.db91628d";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.f35a3786";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\ad.yieldmanager.com.539b0606";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\ad.yieldmanager.com.830b6f08";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.f7416ceb";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\2o7.net.f898bd59";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\ad.yieldmanager.com.b4be891c";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\ad.yieldmanager.com.e762f029";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\ad.yieldmanager.com.ef7c89a0";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\advertising.com.1820df7a";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\advertising.com.1dfa2206";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\advertising.com.203aa218";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\advertising.com.525a5fb9";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\advertising.com.b624fa46";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\advertising.com.f62113d5";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\atdmt.com.b3e33b5f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\atdmt.com.ce59db3e";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\doubleclick.net.bf396750";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\doubleclick.net.ce59db3e";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\questionmarket.com.3eb5a9f1";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\revsci.net.3f4566dd";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\revsci.net.4fdfee8f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\realmedia.com.125a868c";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\realmedia.com.80f04ad9";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\realmedia.com.e14be39e";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\revsci.net.55564293";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\revsci.net.a5874ce1";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\realmedia.com.68087763";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\realmedia.com.964cd308";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\revsci.net.80477c7f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\revsci.net.a64c3767";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\revsci.net.b9b08de6";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\revsci.net.26b016c3";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\revsci.net.44927ec";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\revsci.net.738d89d";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\revsci.net.8642c85d";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\revsci.net.d7f89994";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\tacoda.net.27341d57";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\tacoda.net.4366831a";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\tacoda.net.a3218a37";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\tacoda.net.c4fe2ebb";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\tacoda.net.d323296e";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\tacoda.net.dc9b6449";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\tacoda.net.e9f57f8";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\yieldmanager.com.ce59db3e";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Application Data\Mozilla\Firefox\Profiles\c66br1da.default\cookies.sqlite:\yieldmanager.com.d120a313";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Cookies\justin ryan@doubleclick[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Justin Ryan\Cookies\justin ryan@doubleclick[1].txt:\doubleclick.net.bf396750";"Found ";"Moved to Virus Vault"

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 PM

Posted 28 July 2009 - 08:51 PM

If you’re clean, you should create a new Restore Point to prevent possible re-infection from an old one.

Go Start > Programs > Accessories > System Tools and click System Restore. Choose the radio button marked Create a Restore Point on the first screen then click Next. Give the Restore Point a name and then click Create. Then use Disk Cleanup to remove all but the most recently created Restore Point. Go Start > Run and type: "Cleanmgr" (without the quotes). Click Ok > More Options tab > Clean Up in the System Restore section to remove all previous restore points except the newly created one.

Also, go Start > Control Panel and double-click Add or Remove Programs. Post back and report any Java entries that you have.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 shadow1515

shadow1515
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 28 July 2009 - 09:10 PM

java entries i have are

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 update 6

#8 shadow1515

shadow1515
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 28 July 2009 - 09:31 PM

`

Edited by shadow1515, 28 July 2009 - 09:31 PM.


#9 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 PM

Posted 28 July 2009 - 09:52 PM

Those Java entries are out of date. You should remove them and then get the latest from here:

http://java.com/en/download/index.jsp
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users