Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacker.Deskbar found with SuperAntiSpyware (SASW)


  • Please log in to reply
No replies to this topic

#1 babbo

babbo

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:03:54 PM

Posted 19 November 2009 - 09:54 PM

When running SuperAntiSpywere, it originally found five occurrences of the Hijacker.Deskbar and one occurnence of a Trojan called Gen-PennyStockChaser. I first became susupicious when my browser started taking a long time to load. I've run SASW many times, and it appears to work. However, it tells me to reboot to complete the removal, but when I reboot and re-run SASW, they're still there. I've also run Avast, Spybot, Malwarebytes, Ad-Aware and Sophos Anti-Rootkit, none of which even found these. I found a similar post and followed the directions listed there. It appears to have removed the Trojan, but not the Hijacker.Deskbars. Here is a link to that topic I followed in case it helps; http://www.bleepingcomputer.com/forums/t/248064/is-it-a-virus/.

Also, here are the logs from SASW. The first log is the one containing the Trojan ran on Nov 17th. The second is the latest one, run this afternoon which does not include the Trojan anymore.

Any help you can provide would be greatly appreciated. Thanks in advance.

Original log with Trojan
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/17/2009 at 11:29 PM

Application Version : 4.30.1004

Core Rules Database Version : 4285
Trace Rules Database Version: 2160

Scan type : Complete Scan
Total Scan Time : 00:40:39

Memory items scanned : 634
Memory threats detected : 0
Registry items scanned : 7068
Registry threats detected : 5
File items scanned : 29103
File threats detected : 1

Browser Hijacker.Deskbar
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

Trojan.Agent/Gen-PennyStockChaser
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0A4C670-AFDF-45DD-A11A-0BE61D55AA77}\RP132\A0024607.EXE

Log after following post found on Bleepingcomputer.com
Generated 11/19/2009 at 05:56 PM

Application Version : 4.30.1004

Core Rules Database Version : 4293
Trace Rules Database Version: 2164

Scan type : Complete Scan
Total Scan Time : 00:32:02

Memory items scanned : 639
Memory threats detected : 0
Registry items scanned : 7068
Registry threats detected : 5
File items scanned : 27822
File threats detected : 0

Browser Hijacker.Deskbar
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users