Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Qoologic.N


  • This topic is locked This topic is locked
1 reply to this topic

#1 dsamaddar

dsamaddar

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 09 August 2005 - 02:19 PM

Someone is helping me with this in another thread!!

:thumbsup:
--------------------------------------------------------------------------------

There is a file pbbjjb.exe in my windows\system32 folder that I can't get rid of. I have StopZilla that is blocking the file from executing and it deletes it but the file reappears every 2 min!!

I checked the file on http://virusscan.jotti.org and it said it has the Qoologic.N trojan. So I got the FindQoologic and ran that on my computer. Here is the output:

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
some examples are MRT.EXE NTDLL.DLL.
»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* web-nex C:\WINDOWS\System32\DATADX.DLL
* web-nex C:\WINDOWS\System32\EAAJJ.DLL
* web-nex C:\WINDOWS\System32\KHHDDHJ.DLL
* winsync C:\WINDOWS\System32\DATADX.DLL
* winsync C:\WINDOWS\System32\EAAJJ.DLL
* winsync C:\WINDOWS\System32\KHHDDHJ.DLL
* rec2_run C:\WINDOWS\System32\DATADX.DLL
* KavSvc C:\WINDOWS\System32\SUPDATE.DLL
* conres.cpl C:\WINDOWS\System32\CONRES.CPL
* datadx.dll C:\WINDOWS\System32\DATADX.DLL
»»»»»»»»»»»»»»»»»»»»»»»» Packed files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* UPX! C:\WINDOWS\System32\BEEGD10.OCX
* UPX! C:\WINDOWS\System32\SUPDATE.DLL
* UPX! C:\WINDOWS\TSC.EXE
* UPX! C:\WINDOWS\VSAPI32.DLL
* UPX! C:\WINDOWS\WSEM303.DLL
* aspack C:\WINDOWS\System32\NTDLL.DLL
* aspack C:\WINDOWS\System32\PAV.SIG
* aspack C:\WINDOWS\VSAPI32.DLL
* ASProtect C:\WINDOWS\System32\PAV.SIG
»»»»»»»»»»»»»»»»»»»»»»»» startup files»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»»

(fstarts by IMM - test ver. 0.001) NOT using address check -- 0x7c90df5e

Global Startup:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
.
..
desktop.ini
Kodak EasyShare software.lnk
Microsoft Office.lnk

User Startup:
C:\Documents and Settings\Debashish Samaddar\Start Menu\Programs\Startup
.
..
desktop.ini

----------------------------------

How do I clean up my computer? Please help! :flowers:

Edited by dsamaddar, 09 August 2005 - 06:15 PM.


BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:22 PM

Posted 11 August 2005 - 08:20 AM

Helped here:

http://www.bleepingcomputer.com/forums/ind...topic=23572&hl=

:thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users