Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All antivirus tools and anivirus tools aren't working


  • Please log in to reply
2 replies to this topic

#1 Suchiththa

Suchiththa

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 29 October 2009 - 10:25 PM

Hi,
I'm running windows on a macbook pro laptop using bootcamp.
it's an intel core 2 duo 2.8ghz
4 GB of ram i believe..
running windows and mac
mac snow leopard
windows xp service pack 3( this is where the issue is atm)
Nvidia Gforce 9600GT VGA card


i'm running windows on bootcamp and i'm having some issues only on windows at the moment...
1). Random adware showing up when i'm when i'm not even using my browser....
2). Tried to use all of the software recommended to fixing this but i get the error
"Windows cannot find the specified device, path or file. You may not have the appropriate permissions to access the item."
This message shows up once i have succesfully run any of the programs once and they even update themselves....and have ordered them to do anything. i.e superantispyware found adware .. when i asked it to remove it , it suddenly closed and i cannot open it again. same issue with malwarebytes and hijackthis and spybot search and destroy. as soon as it created the log it closed and i cant get it open again..I also managed to do a scan on panda active scan. the logs obtained from panda and avg 9.0 are below.Also i can scan with avg successfully but after it restarted the first tiem the resident shield disabled itself.just a note i have confirmed that the trojan thats affecting me is Zlob.kh
only CCcleaner runs successfully... Please help asap!!!!

also a question.. can spyware. etc. on my windows partition affect my mac partition???


Thank you..




Avg log(a week old now)

"Scan ""Scan whole computer"" was finished."
"Infections";"2";"2";"0"
"Warnings";"155";"155";"0"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"Thursday, October 22, 2009, 6:10:09 PM"
"Scan finished:";"Thursday, October 22, 2009, 6:47:59 PM (37 minute(s) 50 second(s))"
"Total object scanned:";"192213"
"User who launched the scan:";"User"

"Infections"
"File";"Infection";"Result"
"C:\System Volume Information\_restore{05CBB0D5-E808-4B5D-9398-4C671E853589}\RP33\A0010857.exe";"Trojan horse Generic15.GXT";"Moved to Virus Vault"
"C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\BWCMUWSQ\3656b9eddb95cfb9d7f013ed46b015a2[1].htm";"Virus found FakeAlert";"Moved to Virus Vault"

"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\User\Cookies\user@zedo[2].txt:\zedo.com.c1dd09f2";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@zedo[2].txt:\zedo.com.27f1639b";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@zedo[2].txt";"Found Tracking cookie.Zedo";"Healed"
"C:\Documents and Settings\User\Cookies\user@tacoda[1].txt:\tacoda.net.ed9c50d1";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@tacoda[1].txt:\tacoda.net.cd7ce44f";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@tacoda[1].txt:\tacoda.net.5935e89";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@tacoda[1].txt:\tacoda.net.4366831a";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@tacoda[1].txt:\tacoda.net.27341d57";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@tacoda[1].txt";"Found Tracking cookie.Tacoda";"Healed"
"C:\Documents and Settings\User\Cookies\user@realmedia[1].txt:\realmedia.com.ef906bac";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@realmedia[1].txt:\realmedia.com.855b46d";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@realmedia[1].txt";"Found Tracking cookie.Realmedia";"Healed"
"C:\Documents and Settings\User\Cookies\user@overture[1].txt:\overture.com.d727de6f";"Found Tracking cookie.Overture";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@overture[1].txt:\overture.com.bbef524a";"Found Tracking cookie.Overture";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@overture[1].txt:\overture.com.52ca467a";"Found Tracking cookie.Overture";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@overture[1].txt";"Found Tracking cookie.Overture";"Healed"
"C:\Documents and Settings\User\Cookies\user@mediaplex[1].txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@mediaplex[1].txt";"Found Tracking cookie.Mediaplex";"Healed"
"C:\Documents and Settings\User\Cookies\user@doubleclick[1].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@doubleclick[1].txt";"Found Tracking cookie.Doubleclick";"Healed"
"C:\Documents and Settings\User\Cookies\user@clickbank[1].txt:\clickbank.net.82079eb1";"Found Tracking cookie.Clickbank";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@clickbank[1].txt";"Found Tracking cookie.Clickbank";"Healed"
"C:\Documents and Settings\User\Cookies\user@atdmt[2].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@atdmt[2].txt:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@atdmt[2].txt";"Found Tracking cookie.Atdmt";"Healed"
"C:\Documents and Settings\User\Cookies\user@advertising[2].txt:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@advertising[2].txt:\advertising.com.1dfa2206";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@advertising[2].txt";"Found Tracking cookie.Advertising";"Healed"
"C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[1].txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[1].txt:\ad.yieldmanager.com.eec26c3e";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[1].txt:\ad.yieldmanager.com.e626e6be";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[1].txt:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[1].txt:\ad.yieldmanager.com.87a9ab5d";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[1].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[1].txt";"Found Tracking cookie.Yieldmanager";"Healed"
"C:\Documents and Settings\User\Cookies\user@247realmedia[1].txt:\247realmedia.com.ef906bac";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@247realmedia[1].txt:\247realmedia.com.855b46d";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"C:\Documents and Settings\User\Cookies\user@247realmedia[1].txt";"Found Tracking cookie.247realmedia";"Healed"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\zedo.com.f462b69f";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\zedo.com.f1d14556";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\zedo.com.dd15d628";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\zedo.com.cef1c7af";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\zedo.com.c1dd09f2";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\zedo.com.a5b6a132";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\zedo.com.27f1639b";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\yadro.ru.c77afad5";"Found Tracking cookie.Yadro";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\trafficmp.com.f3e5803e";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\trafficmp.com.e2e71e33";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\trafficmp.com.ae53b8b";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\trafficmp.com.a00e30b4";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\trafficmp.com.37644bdb";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\tacoda.net.c4fe2ebb";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\tacoda.net.4366831a";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\tacoda.net.27341d57";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\statse.webtrendslive.com.b4ca7df0";"Found Tracking cookie.Webtrendslive";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\smartadserver.com.c5827141";"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\smartadserver.com.5550c4ed";"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\smartadserver.com.3e749ab9";"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\smartadserver.com.321a5cf8";"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\searchportal.information.com.3a8d7204";"Found Tracking cookie.Information";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\revsci.net.8642c85d";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\revsci.net.55564293";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\revsci.net.50e13b1b";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\revsci.net.26b016c3";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\revenue.net.bcf44ea1";"Found Tracking cookie.Revenue";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\realmedia.com.e14be39e";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\realmedia.com.855b46d";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\realmedia.com.125a868c";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\questionmarket.com.4dd5e426";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\questionmarket.com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\pro-market.net.bbf67f2d";"Found Tracking cookie.Pro-market";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\pro-market.net.b51604f4";"Found Tracking cookie.Pro-market";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\pro-market.net.679dd108";"Found Tracking cookie.Pro-market";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\pro-market.net.266912e2";"Found Tracking cookie.Pro-market";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\overture.com.d727de6f";"Found Tracking cookie.Overture";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\overture.com.52ca467a";"Found Tracking cookie.Overture";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\mediaplex.com.dc30fb3c";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\media.adrevolver.com.7fd89687";"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\m.webtrends.com.b4ca7df0";"Found Tracking cookie.Webtrends";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\hitbox.com.2b95f8a3";"Found Tracking cookie.Hitbox";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\fastclick.net.fac3d6f0";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\fastclick.net.9b41aa53";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\fastclick.net.94ca190b";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\fastclick.net.90da2802";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\fastclick.net.8dd1284a";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\fastclick.net.6fd479aa";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\fastclick.net.57e8da10";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\enhance.com.378d31e7";"Found Tracking cookie.Enhance";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\enhance.com.2ff9c31e";"Found Tracking cookie.Enhance";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\clickbank.net.82079eb1";"Found Tracking cookie.Clickbank";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\casalemedia.com.fb62dd4b";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\casalemedia.com.987e6b46";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\casalemedia.com.8c65eddd";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\casalemedia.com.80ad4799";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\casalemedia.com.650648e8";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\casalemedia.com.3a28db8d";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\casalemedia.com.1773afc";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\casalemedia.com.156cbc67";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\casalemedia.com.12e6c053";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\burstnet.com.c4fe2ebb";"Found Tracking cookie.Burstnet";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\burstnet.com.a3218a37";"Found Tracking cookie.Burstnet";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\burstnet.com.27341d57";"Found Tracking cookie.Burstnet";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\burstbeacon.com.c4fe2ebb";"Found Tracking cookie.Burstbeacon";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\bluestreak.com.bf396750";"Found Tracking cookie.Bluestreak";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\atdmt.com.9e6d7fd3";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\atdmt.com.74c5668";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\advertising.com.1dfa2206";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\adrevolver.com.f6cfcad4";"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\adrevolver.com.9b9d670a";"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\adengage.com.6b2a3f1";"Found Tracking cookie.Adengage";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\adbrite.com.71beeff9";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\adbrite.com.44f92a69";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\ad.yieldmanager.com.e626e6be";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\ad.yieldmanager.com.c982816c";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\ad.yieldmanager.com.b4be891c";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\ad.yieldmanager.com.87a9ab5d";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\ad.yieldmanager.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\ad.yieldmanager.com.7bd525e5";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\ad.yieldmanager.com.712ec9fe";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\2o7.net.ffee2014";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\2o7.net.4ceb623c";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\2o7.net.29c43642";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\247realmedia.com.e6262787";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite:\247realmedia.com.855b46d";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jyoigmof.default\cookies.sqlite";"Found Tracking cookie.Atdmt";"Healed"







Panda log


;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-10-29 07:35:08
PROTECTIONS: 1
MALWARE: 17
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free 9.0 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@atdmt[3].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@mediaplex[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@statcounter[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@apmebf[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@overture[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@realmedia[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@zedo[3].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@searchportal.information[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@target[1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@ads.addynamix[1].txt
02441996 Exploit/SWF.B Virus/Trojan No 0 Yes Yes c:\riot games\league of legends\air\assets\swfs\summoner.swf
02441996 Exploit/SWF.B Virus/Trojan No 0 Yes Yes c:\riot games\league of legends\air\assets\swfs\map2.swf
02441996 Exploit/SWF.B Virus/Trojan No 0 Yes Yes c:\riot games\league of legends\air\assets\swfs\login.swf
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes c:\documents and settings\user\my documents\downloads\setup.exe
03675576 Trj/Zlob.KH Virus/Trojan Yes 2 No No globalroot\device\__max++>\a3014288.x86.dll
04753203 Generic Trojan Virus/Trojan No 0 Yes Yes c:\windows\system32\eventlog.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================




Also a note about CCleaner in the startup there is a new process in task manager so i checked out the registry entries in CCleaner... and there was a new entry which i have deleted once and disabled twice, but it does keep reappearing.It does seem to correspond to the process since....
the entry (in CCleaner) is called PopRock and the registry is under HKCU:Run and the location is C:\ DOCUME~1\User\LOCALS~1\Temp\a.exe

and the entry in task manager is a.exe
I do shut down this process as soon as i load up
it doesn't reappear(in task manager -but sometimes very rarely does) but the registry entry remains...


Thanks again

BC AdBot (Login to Remove)

 


#2 Suchiththa

Suchiththa
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 30 October 2009 - 03:40 PM

Hi again guys
Just wanted to let ur'll know that i also ran VPRE and it removed 2 trojans and healed 4 files..
The log is saved on my windows XP but i cant for some reason manage to connect to the internet now on it. Could it be something to do with the trojan??? if possible i will try to get the end of the log of VPER and post it using a flash drive.Please do try to reply asap
Thanks

#3 Suchiththa

Suchiththa
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 31 October 2009 - 12:38 PM

Hi again guys here's the VPER LOG




Scan completed.
Scan time: 00:15:37
Rootkits: 4401 scanned, 0 found
Processes: 28 scanned, 0 found
Modules: 1246 scanned, 0 found
Folders: 4390 scanned, 0 found
Files: 38543 scanned, 4 found
Registry: 44326 scanned, 2 found
Total: 92934 scanned, 6 found
6 threat traces were detected.
Starting clean.
Quarantine {77128BD6-4C14-4DA8-A1FB-26A9BCE998F6} completed.
Quarantine {6BA42DAD-1DC8-416F-88B0-8A8D110CABE5} completed.
Quarantine {0EBDFF0B-865C-4659-87FE-CF92EE3059E6} completed.
Quarantine {4EF81170-9ED0-4D6C-8326-E538360DEBCC} completed.
Clean completed.
Clean time: 00:00:04
4 threats were cleaned.

C:\VIPRERESCUE>




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users