Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I got infected with Worm.Win32.Netsky and TrojanSPM/LX.


  • Please log in to reply
22 replies to this topic

#1 dg55117

dg55117

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 01 February 2010 - 08:37 PM

I was on the IRS site and the Worm.Win32.Netsky and Trojansomething infected me. It then tried to run something called Internet Security 2010 Trial version. I shut down thinking I could restart and try to boot to safe mode/w/ networking but the same worm began to install. Shut down again and restarted opting to try "last known good config" - no luck with that either. So even if I boot with safe mode it tries to install. Windows XP SP3 -
I hooked up my laptop in order to post this.
Can anyone help??

BC AdBot (Login to Remove)

 


#2 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 05 February 2010 - 11:46 AM


Remove Internet Security 2010 (Uninstall Guide)

http://www.bleepingcomputer.com/virus-remo...t-security-2010


How Malware Spreads - How did I get infected
http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/



Freeware Replacements For Common Commercial Apps
http://www.bleepingcomputer.com/forums/topic3616.html


Slow Computer?, Use this troubleshooting checklist
http://www.bleepingcomputer.com/forums/t/44690/slow-computer/
If we don't change the direction we are going,
We are likely to end up where we are headed.

#3 dg55117

dg55117
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 16 February 2010 - 12:41 PM

I ran a few of the malware detectors and I was able to rid myself( or so I thought the worm 32 thing) but my browser still gets hijacked quite often. Going to any web page and something else comes up. Is there anything else I can do?
LAstly I ran the Malwarebites and it didn't find anything-

Malwarebytes' Anti-Malware 1.44
Database version: 3681
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

3/16/2010 11:36:51 AM
mbam-log-2010-03-16 (11-36-51).txt

Scan type: Full Scan (C:\|)
Objects scanned: 158743
Time elapsed: 19 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 16 February 2010 - 01:36 PM

What (if any) antivirus program are you running?
Are all updates current?
Has it found/fixed anything?

Use Rkill:
http://www.technibble.com/rkill-repair-tool-of-the-week/

Autoruns:
http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx

Did you use SUPERAnti-Spyware ?
If no, run SUPERAnti-Spyware in Safe Mode.
http://www.superantispyware.com
Make sure you have the most current updates before you scan.
Please advise results.

Are you able to provide details as to infections found, in the form of previous logs?
If we don't change the direction we are going,
We are likely to end up where we are headed.

#5 dg55117

dg55117
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 16 February 2010 - 07:59 PM

I will run the Superspyware.
Here is the Malware log after I was infected-
I just seem to get hijacked - nothing consistent.

Malwarebytes' Anti-Malware 1.44
Database version: 3681
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

2/2/2010 5:56:56 PM
mbam-log-2010-02-02 (17-56-56).txt

Scan type: Full Scan (C:\|)
Objects scanned: 233195
Time elapsed: 51 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 4
Registry Data Items Infected: 9
Folders Infected: 1
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\helper32.dll (Trojan.Dropper) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\IS2010 (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet security 2010 (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\winlogon32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\winlogon32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\InternetSecurity2010 (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\helper32.dll (Trojan.Dropper) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\cjjc.dat (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\cnm.dat (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\kdw.dat (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\vyv.dat (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\evxz.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\iexplore.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\05YVK56V\evxz1[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CEPJMGEF\dfghfghgfj[1].dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KEKQJWX2\SetupIS2010[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ONEJMPAP\install[1].exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\InternetSecurity2010\IS2010.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Winlogon32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#6 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 16 February 2010 - 09:18 PM

Thank you for the 2/2/2010 Malwarebytes' log.

I just noticed that the date shown on your most recent Malwarebytes' log is 3/16/2010 (That's odd....)


Be sure to follow all instructions in this post:
Remove Internet Security 2010 (Uninstall Guide)
http://www.bleepingcomputer.com/virus-remo...t-security-2010


Please report back with the results of the SUPERAntiSpyware scan.


When SUPERAnti-Spyware, Malwarebtes' Antimalware, find/fix infections, you may want to turn OFF System Restore (which will delete all restore points, to ensure there are no infected restore points).
To turn OFF System Restore, go to Control Panel, System, System Restore tab, put a checkmark in "Turn Off System Restore" and hit Apply. Then hit OK to close.

(After you get all of this fixed, you will probably want to turn System Restore back on.
To turn System Restore back on, go to Control Panel, System, System Restore tab, click to take the checkmark out of "Turn Off System Restore" and hit Apply. Then hit OK to close. )

Anytime you have infections, I recommend that you run scans again to ensure ALL scans come up "clean" (zero infections).
If we don't change the direction we are going,
We are likely to end up where we are headed.

#7 dg55117

dg55117
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 17 February 2010 - 07:18 AM

I ran the Superantispyware but I did it prior to reading your post relative to turning off my restore point. Ooops. It found and quarantined and deleted quite a lot. However, I didmn't see where it saved a log. If you need it I will look for it and post it.

Thanks for all the help-
dave

#8 golfdude

golfdude

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ft Wayne, Indiana
  • Local time:03:41 PM

Posted 17 February 2010 - 08:45 AM

Dave,

FYI- location of SAS logs (you can just cut and paste to post them):

Posted Image



Posted Image


Posted Image

Thanks,
Golfdude

America is all about speed. Hot, nasty, badass speed. -Eleanor Roosevelt, 1936
Intel i7-3820, 32 GB DDR3-1600, Intel 330 SSD Boot Drive, WD 3TB Data Drive, Radeon HD7770 GHz Edition, Windows 10 Professional 64 Bit
 


#9 dg55117

dg55117
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 21 February 2010 - 09:35 PM

Hello,
Sorry for the delayed reply- I had to go out of town for work. I still noticed the browser getting hijacked but way less often.
Here is my log if it is of any help:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Again the date- but I noticed my Windows clock/date weas set wrong- I fixed it now-



Generated 03/16/2010 at 07:17 PM

Application Version : 4.33.1000

Core Rules Database Version : 4594
Trace Rules Database Version: 2406

Scan type : Quick Scan
Total Scan Time : 00:05:20

Memory items scanned : 375
Memory threats detected : 0
Registry items scanned : 348
Registry threats detected : 2
File items scanned : 3554
File threats detected : 338

Browser Hijacker.Internet Explorer Zone Hijack
HKU\S-1-5-21-1292428093-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download25.com
HKU\S-1-5-21-1292428093-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download25.com#http

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@ads.nascar[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cdn4.specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@pentonmedia.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@chitika[2].txt
C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[1].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[2].txt
C:\Documents and Settings\Owner\Cookies\owner@counter8.sextracker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@counter15.sextracker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[3].txt
C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[2].txt
C:\Documents and Settings\Owner\Cookies\owner@kontera[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.undertone[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.sexontaxi[1].txt
C:\Documents and Settings\Owner\Cookies\owner@future[1].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mypornopolis[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sexlist[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media6degrees[1].txt
C:\Documents and Settings\Owner\Cookies\owner@counter7.sextracker[2].txt
C:\Documents and Settings\Owner\Cookies\owner@hornygasm[2].txt
C:\Documents and Settings\Owner\Cookies\owner@dominionenterprises.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserving.autotrader[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[2].txt
C:\Documents and Settings\Owner\Cookies\owner@cyclingnews[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[2].txt
C:\Documents and Settings\Owner\Cookies\owner@pornocopter[1].txt
C:\Documents and Settings\Owner\Cookies\owner@data.coremetrics[1].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.belointeractive[2].txt
C:\Documents and Settings\Owner\Cookies\owner@centralmediaserver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@24059811[2].txt
C:\Documents and Settings\Owner\Cookies\owner@apmebf[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@base.liveperson[2].txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sextracker[2].txt
C:\Documents and Settings\Owner\Cookies\owner@webpower[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adlegend[2].txt
C:\Documents and Settings\Owner\Cookies\owner@click.tvprocessing[2].txt
C:\Documents and Settings\Owner\Cookies\owner@64823350[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adtech[2].txt
C:\Documents and Settings\Owner\Cookies\owner@a1.interclick[4].txt
C:\Documents and Settings\Owner\Cookies\owner@interclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.adtechus[1].txt
C:\Documents and Settings\Owner\Cookies\owner@richmedia.yahoo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@at.atwola[1].txt
C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[2].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
C:\Documents and Settings\Owner\Cookies\owner@collective-media[1].txt
C:\Documents and Settings\Owner\Cookies\owner@yieldmanager[1].txt
C:\Documents and Settings\Owner\Cookies\owner@linksynergy[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.bridgetrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@insightexpressai[3].txt
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@nextag[1].txt
C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[1].txt
C:\Documents and Settings\Owner\Cookies\owner@driverside.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adinterax[3].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.verticalscope[2].txt
C:\Documents and Settings\Owner\Cookies\owner@counter12.sextracker[2].txt
C:\Documents and Settings\Owner\Cookies\owner@specificmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@overturecenter[1].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[3].txt
C:\Documents and Settings\Owner\Cookies\owner@link.mercent[2].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.pureteenx[1].txt
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@choice4adults[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.lollyporn[1].txt
C:\Documents and Settings\Owner\Cookies\owner@xxxcounter[1].txt
C:\Documents and Settings\Owner\Cookies\owner@smartadserver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\Owner\Cookies\owner@92040368[2].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@myroitracking[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.sbnation[1].txt
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt
C:\Documents and Settings\Owner\Cookies\owner@invitemedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@counter9.sextracker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@caloriecount.about[2].txt
C:\Documents and Settings\Owner\Cookies\owner@iacas.adbureau[2].txt
C:\Documents and Settings\Owner\Cookies\owner@57386690[1].txt
C:\Documents and Settings\Owner\Cookies\owner@counter6.sextracker[2].txt
C:\Documents and Settings\Owner\Cookies\owner@a.websponsors[2].txt
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[1].txt
C:\Documents and Settings\Owner\Cookies\owner@discounttire.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@solutions.liveperson[2].txt
C:\Documents and Settings\Owner\Cookies\owner@videoegg.adbureau[2].txt
C:\Documents and Settings\Owner\Cookies\owner@dtcs[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bikeradar[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.associatedcontent[1].txt
C:\Documents and Settings\Owner\Cookies\owner@navistarinternational.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.mapmyfitness[2].txt
C:\Documents and Settings\Owner\Cookies\owner@zillow.adbureau[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bikeclicks[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adultbouncer[2].txt
C:\Documents and Settings\Owner\Cookies\owner@waldemartraffic[1].txt
C:\Documents and Settings\Owner\Cookies\owner@discounttire[2].txt
C:\Documents and Settings\Owner\Cookies\owner@stats1.clicktracks[2].txt
C:\Documents and Settings\Owner\Cookies\owner@5296924[2].txt
C:\Documents and Settings\Owner\Cookies\owner@find.myrecipes[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ordie.adbureau[2].txt
C:\Documents and Settings\Owner\Cookies\owner@37457093[2].txt
C:\Documents and Settings\Owner\Cookies\owner@clicksor[2].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[3].txt
C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adbureau[1].txt
C:\Documents and Settings\Owner\Cookies\owner@5860132[2].txt
C:\Documents and Settings\Owner\Cookies\owner@lucidmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@t.lynxtrack[1].txt
C:\Documents and Settings\Owner\Cookies\owner@traveladvertising[2].txt
C:\Documents and Settings\Owner\Cookies\owner@qnsr[1].txt
C:\Documents and Settings\Owner\Cookies\owner@pluckit.demandmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@porn69xxx[1].txt
C:\Documents and Settings\Owner\Cookies\owner@87430115[2].txt
C:\Documents and Settings\Owner\Cookies\owner@stat.dealtime[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.motogp[2].txt
C:\Documents and Settings\Owner\Cookies\owner@eb.adbureau[2].txt
C:\Documents and Settings\Owner\Cookies\owner@fs10.fusestats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[1].txt
C:\Documents and Settings\Owner\Cookies\owner@hc2.humanclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@trvlnet.adbureau[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tjx.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@pointroll[2].txt
C:\Documents and Settings\Owner\Cookies\owner@counter4.sextracker[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-nestleusainc.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@creview.adbureau[2].txt
C:\Documents and Settings\Owner\Cookies\owner@media.adfrontiers[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@counter14.sextracker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@worldsex[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ru4[1].txt
C:\Documents and Settings\Owner\Cookies\owner@counter.surfcounters[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bizrate[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mycounter.tinycounter[1].txt
C:\Documents and Settings\Owner\Cookies\owner@timeinc.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@citi.bridgetrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pgatour[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ero-advertising[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ecnext.advertserve[1].txt
C:\Documents and Settings\Owner\Cookies\owner@rb4.worldsex[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-zoom.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@blackteenmovie[1].txt
C:\Documents and Settings\Owner\Cookies\owner@find.t-mobile[2].txt
C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[4].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-bbc.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.cnn[1].txt
C:\Documents and Settings\Owner\Cookies\owner@dealtime[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-zicam.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@kanoodle[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.carpartsdiscount[2].txt
C:\Documents and Settings\Owner\Cookies\owner@associatedcontent.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@4805375[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.transsexualsporno[2].txt
C:\Documents and Settings\Owner\Cookies\owner@pornaccess[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-starbucks.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.mediafire[1].txt
C:\Documents and Settings\Owner\Cookies\owner@burstbeacon[2].txt
C:\Documents and Settings\Owner\Cookies\owner@carpartsdiscount[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.clickerpicker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@xxxtronic[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[3].txt
C:\Documents and Settings\Owner\Cookies\owner@dmtracker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@northwestairlines.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediafire[2].txt
C:\Documents and Settings\Owner\Cookies\owner@secure.webpower[2].txt
C:\Documents and Settings\Owner\Cookies\owner@truitionsirius.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-futurepub.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@advertpro[1].txt
C:\Documents and Settings\Owner\Cookies\owner@suncountry[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bmwmoter.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.ladyboyssex[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt
C:\Documents and Settings\Owner\Cookies\owner@eyewonder[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.bleepfreemovies[2].txt
C:\Documents and Settings\Owner\Cookies\owner@media.medhelp[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.nba[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bridge1.admarketplace[1].txt
C:\Documents and Settings\Owner\Cookies\owner@patagonia.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@discounttirezone[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sexypornmaniac[2].txt
C:\Documents and Settings\Owner\Cookies\owner@healthgrades.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sixapart.adbureau[2].txt
C:\Documents and Settings\Owner\Cookies\owner@thefind[1].txt
C:\Documents and Settings\Owner\Cookies\owner@85084061[2].txt
C:\Documents and Settings\Owner\Cookies\owner@target.db.advertising[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-myspaceinc.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.w3counter[1].txt
C:\Documents and Settings\Owner\Cookies\owner@thesexbomb[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.bikeclicks[2].txt
C:\Documents and Settings\Owner\Cookies\owner@pro-market[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-airtran.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@podiuminsight[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediacenter.motorola[2].txt
C:\Documents and Settings\Owner\Cookies\owner@admarketplace[1].txt
C:\Documents and Settings\Owner\Cookies\owner@azjmp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-adidas.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.wsod[2].txt
C:\Documents and Settings\Owner\Cookies\owner@web4.realtracker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wbl4qocziep.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.discounttirezone[2].txt
C:\Documents and Settings\Owner\Cookies\owner@medhelpinternational.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@linksynergy.walmart[2].txt
C:\Documents and Settings\Owner\Cookies\owner@forums.hardwarezone.com[2].txt
C:\Documents and Settings\Owner\Cookies\owner@seductivepornmovies[2].txt
C:\Documents and Settings\Owner\Cookies\owner@revenue[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bet.burstnet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@busty-asians.lusoporno[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.audxch[2].txt
C:\Documents and Settings\Owner\Cookies\owner@11769772[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bizjournals.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@eas.apm.emediate[2].txt
C:\Documents and Settings\Owner\Cookies\owner@google[3].txt
C:\Documents and Settings\Owner\Cookies\owner@paypal.112.2o7[2].txt
C:\Documents and Settings\Owner\Cookies\owner@commission-junction[2].txt
C:\Documents and Settings\Owner\Cookies\owner@usatoday1.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.clickmanage[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.clickonthisnow[1].txt
C:\Documents and Settings\Owner\Cookies\owner@alibabacorp.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@labsafetysupply.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bestporncinema[1].txt
C:\Documents and Settings\Owner\Cookies\owner@oddcast[1].txt
C:\Documents and Settings\Owner\Cookies\owner@extrovert.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@surveymonkey.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[1].txt
C:\Documents and Settings\Owner\Cookies\owner@gsicace.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver01.verio[2].txt
C:\Documents and Settings\Owner\Cookies\owner@oasn03.247realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.visitor-track[1].txt
C:\Documents and Settings\Owner\Cookies\owner@s.clickability[2].txt
C:\Documents and Settings\Owner\Cookies\owner@buyalltraffic[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bravenet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.clickr[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlokmdpkdp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.bleepingcomputer[2].txt
C:\Documents and Settings\Owner\Cookies\owner@haporn[2].txt
C:\Documents and Settings\Owner\Cookies\owner@stats.paypal[1].txt
C:\Documents and Settings\Owner\Cookies\owner@66691130[2].txt
C:\Documents and Settings\Owner\Cookies\owner@beacon.dmsinsights[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[1].txt
C:\Documents and Settings\Owner\Cookies\owner@counter13.sextracker[2].txt
C:\Documents and Settings\Owner\Cookies\owner@visitornamespace.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkowgdpkcp.stats.esomniture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@563[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-techtarget.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@superstats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@oasn04.247realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wnk4qlcpwko.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@pornmoviesparadise[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adxpose[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[5].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wdmiagdzaap.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@lockedonmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4slczckp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@trakclickz[1].txt
C:\Documents and Settings\Owner\Cookies\owner@hardwarezone.com[2].txt
C:\Documents and Settings\Owner\Cookies\owner@buycom.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wdl4umc5kgp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@43836137[2].txt
C:\Documents and Settings\Owner\Cookies\owner@theclickcheck[1].txt
C:\Documents and Settings\Owner\Cookies\owner@waterfrontmedia.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.bodybuilding[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-crossfit.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@pulseporn[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkykgcpgco.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@transsexualz[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.gmodules[2].txt
C:\Documents and Settings\Owner\Cookies\owner@hardwarezone[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[4].txt
C:\Documents and Settings\Owner\Cookies\owner@nhl.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@traffic.buyservices[1].txt
C:\Documents and Settings\Owner\Cookies\owner@clickonthisnow[2].txt
C:\Documents and Settings\Owner\Cookies\owner@uniontribune.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adultfriendfinder[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmykncpcgp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@d.mediaforceads[2].txt
C:\Documents and Settings\Owner\Cookies\owner@buycom.db.advertising[1].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyapdpwgp.stats.esomniture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@msnbc.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@interclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@collective-media[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.wsod[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@casalemedia[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@questionmarket[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cdn4.specificclick[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@serving-sys[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@kontera[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@trvlnet.adbureau[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@a1.interclick[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@pointroll[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ads.pointroll[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@interclick[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@collective-media[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atdmt[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@specificmedia[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@at.atwola[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@bs.serving-sys[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@traveladvertising[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@247realmedia[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@oasn03.247realmedia[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@trafficmp[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@content.yieldmanager[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@apmebf[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@eas.apm.emediate[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.yieldmanager[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ads.undertone[2].txt

Rogue.InternetSecurity2010
C:\Documents and Settings\Owner\Desktop\Internet Security 2010.lnk

Trojan.Agent/Gen
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PDFUPD.EXE

#10 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 21 February 2010 - 11:04 PM

Hello :thumbsup:

Get the following free program:
CCleaner (use the Cleaner tool)
It is a good program, I use it DAILY.
http://www.ccleaner.com/
It not only cleans your computer, it also has a Registry tool that will check for/fix registry errors, and it also has an "uninstall programs" tool and a "startup" tool (you can remove items from Startup).
There is a tour, see what the program does, look at the screen shots.

We don't want to take any chances with your computer, so I am going to ask you to scan again, to confirm that all infections have been removed.

Just in case there are any bad things running,
  • FIRST run Rkill,
  • then immediately scan again with Malwarebytes',
  • then scan with SuperAntiSpyware.
  • Then do an ESET online scan.
Following are instructions for the ESET scan given to me by etavares (a member of the Malware Response Team):

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image



When you report back, please post the results (copy/paste into your reply) of:
Malwarebytes', SUPERAntiSpyware and the ESET online scans,
and whether you are still experiencing symptoms or not.



----------------------------------------------------------------------------------------------------------------------------

PLEASE do not take offense at what I'm about to say. It is NOT a judgment against you, I am simply stating a fact.
Internet porn causes alot of computer infections. Over the years, I can't even COUNT the number of computers I've fixed for people whose computers have infections. Internet porn is not the ONLY cause of infections, but it does rank right up there as to the causes of infections I've fixed for people.

I hope you will take the time to read over the following articles, because they have EXCELLENT information,
and you will benefit by reading them and following the advice in them.
It is a whole lot easier to take preventative action, (and a whole lot less time), than it does to fix these things.
I would venture to say that it takes LESS TIME to read these articles (twice each) than you've spent on fixing your computer this time around. It will be time WELL SPENT.

How Malware Spreads - How did I get infected
http://www.bleepingcomputer.com/forums/ind...amp;hl=redirect

How did I get infected?, With steps so it does not happen again!

http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/

The Ten Most Dangerous Things Users Do Online
http://www.bleepingcomputer.com/forums/t/69440/the-ten-most-dangerous-things-users-do-online/

Understanding Spyware, Browser Hijackers, and Dialers
http://www.bleepingcomputer.com/tutorials/understanding-spyware-browser-hijackers-and-dialers/
If we don't change the direction we are going,
We are likely to end up where we are headed.

#11 dg55117

dg55117
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 22 February 2010 - 09:18 PM

OK I ran all the fixes except the ESET didn't give me a button to do Online scan-
The SAS found 69 issues-

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/22/2010 at 07:20 PM

Application Version : 4.33.1000

Core Rules Database Version : 4594
Trace Rules Database Version: 2406

Scan type : Complete Scan
Total Scan Time : 00:19:09

Memory items scanned : 362
Memory threats detected : 0
Registry items scanned : 3311
Registry threats detected : 0
File items scanned : 14069
File threats detected : 69

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner\Cookies\owner@imrworldwide[2].txt
C:\Documents and Settings\Owner\Cookies\owner@navistarinternational.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.wsod[2].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt
C:\Documents and Settings\Owner\Cookies\owner@media6degrees[2].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Cookies\owner@apmebf[1].txt
C:\Documents and Settings\Owner\Cookies\owner@pluckit.demandmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@webpower[1].txt
C:\Documents and Settings\Owner\Cookies\owner@interclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@a1.interclick[3].txt
C:\Documents and Settings\Owner\Cookies\owner@richmedia.yahoo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[1].txt
C:\Documents and Settings\Owner\Cookies\owner@at.atwola[2].txt
C:\Documents and Settings\Owner\Cookies\owner@yieldmanager[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
C:\Documents and Settings\Owner\Cookies\owner@collective-media[1].txt
C:\Documents and Settings\Owner\Cookies\owner@pointroll[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.bridgetrack[3].txt
C:\Documents and Settings\Owner\Cookies\owner@insightexpressai[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adinterax[3].txt
C:\Documents and Settings\Owner\Cookies\owner@worldsex[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[3].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[3].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[4].txt
C:\Documents and Settings\Owner\Cookies\owner@invitemedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adecn[1].txt
C:\Documents and Settings\Owner\Cookies\owner@dmtracker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@citi.bridgetrack[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.gmodules[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adultfriendfinder[2].txt
C:\Documents and Settings\Owner\Cookies\owner@seductivepornmovies[2].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[3].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tracking.pe0ple[1].txt
C:\Documents and Settings\Owner\Cookies\owner@overture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@insightexpressai[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner\Cookies\owner@a1.interclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@a1.interclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adinterax[2].txt
C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt
C:\Documents and Settings\Owner\Cookies\owner@neocounter2[2].txt
C:\Documents and Settings\Owner\Cookies\owner@pulseporn[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@wtfmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[2].txt
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt
C:\Documents and Settings\Owner\Cookies\owner@oasn04.247realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.bridgetrack[1].txt

Trojan.Agent/Gen
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E0AEC93E-48B7-4C23-BA8D-65395382722B}\RP172\A0030554.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E0AEC93E-48B7-4C23-BA8D-65395382722B}\RP172\A0031554.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E0AEC93E-48B7-4C23-BA8D-65395382722B}\RP172\A0032553.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E0AEC93E-48B7-4C23-BA8D-65395382722B}\RP172\A0033554.EXE

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E0AEC93E-48B7-4C23-BA8D-65395382722B}\RP173\A0033556.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E0AEC93E-48B7-4C23-BA8D-65395382722B}\RP173\A0033557.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E0AEC93E-48B7-4C23-BA8D-65395382722B}\RP173\A0033558.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E0AEC93E-48B7-4C23-BA8D-65395382722B}\RP173\A0033564.DLL

#12 golfdude

golfdude

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ft Wayne, Indiana
  • Local time:03:41 PM

Posted 22 February 2010 - 09:37 PM

Flush your "Restore Points". If you aren't sure how to do this let me know. Please run an up to date MBAM and post the log.

Thanks,
Golfdude

America is all about speed. Hot, nasty, badass speed. -Eleanor Roosevelt, 1936
Intel i7-3820, 32 GB DDR3-1600, Intel 330 SSD Boot Drive, WD 3TB Data Drive, Radeon HD7770 GHz Edition, Windows 10 Professional 64 Bit
 


#13 dg55117

dg55117
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 23 February 2010 - 08:22 AM

Please tell me how to "flush" my restore point-
thanks much
Dave

#14 golfdude

golfdude

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ft Wayne, Indiana
  • Local time:03:41 PM

Posted 23 February 2010 - 09:51 AM

The easiest way is to turn off System Restore, confirm that you want to do this, then turn it back on.

Right click My Computer then scroll down and click on Properties. This will open your System Properties.
Click on the System Restore tab, then put a check mark in "Turn off System Restore on all drives".
Click the Apply button in the lower right corner. A dialog box will pop up wanting to confirm this action. Click Yes.
Then, uncheck the same box and confirm. This will wipe out all of your previous Restore Points, which is where many of the items were listed in your SAS log.

You can also click on your start menu, accessories, system tools, system restore and create a new Restore point and name it something like "After IS 2010 removed".

I apologize if this is confusing. You seem to know enough that I don't need to post pictures.

Thanks,
Golfdude

America is all about speed. Hot, nasty, badass speed. -Eleanor Roosevelt, 1936
Intel i7-3820, 32 GB DDR3-1600, Intel 330 SSD Boot Drive, WD 3TB Data Drive, Radeon HD7770 GHz Edition, Windows 10 Professional 64 Bit
 


#15 dg55117

dg55117
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 23 February 2010 - 09:13 PM

Thanks-
I set the restore point to "after 2010 removal"
I then ran again MBAM. It found 6 infections-




Malwarebytes' Anti-Malware 1.44
Database version: 3782
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

2/23/2010 8:10:12 PM
mbam-log-2010-02-23 (20-10-12).txt

Scan type: Full Scan (C:\|)
Objects scanned: 169323
Time elapsed: 22 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-Internet-security10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-Internetsecurity10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-Internet-security10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-Internetsecurity10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-soft-download.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users