Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox re-directing to ad sites


  • This topic is locked This topic is locked
1 reply to this topic

#1 kkirkham32

kkirkham32

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 10 February 2010 - 10:18 AM

Hello Mods.

I have attached two scan results. The first from a-squared and the second from MBAM. My firefox was previously spontaneously opening new windows and redirecting to ad sites. It is no longer doing that but I'm concerned that maybe I need to do more to clean this up.

Thanks for any thoughts.

K



a-squared Free - Version 4.5
Last update: 03/02/2010 2:42:54 PM

Scan settings:

Scan type: Deep Scan
Objects: Memory, Traces, Cookies, C:\, D:\
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start: 03/02/2010 2:44:02 PM

Value: HKEY_CLASSES_ROOT\AppID\TVUAx.DLL --> AppID detected: Trace.Registry.dl.tvunetworks.com!A2
Value: HKEY_CLASSES_ROOT\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} --> AppID detected: Trace.Registry.dl.tvunetworks.com!A2
Value: HKEY_CLASSES_ROOT\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}\InprocServer32 --> ThreadingModel detected: Trace.Registry.dl.tvunetworks.com!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\TVUAx.DLL --> AppID detected: Trace.Registry.dl.tvunetworks.com!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} --> AppID detected: Trace.Registry.dl.tvunetworks.com!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}\InprocServer32 --> ThreadingModel detected: Trace.Registry.dl.tvunetworks.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1261041353375000 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1261041353421000 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1261148625140000 detected: Trace.TrackingCookie.promo.awempire.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1261868305015000 detected: Trace.TrackingCookie.rotator.adjuggler.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1261868305015001 detected: Trace.TrackingCookie.rotator.adjuggler.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1262379983125000 detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1262409440937000 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1262713136468000 detected: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1262713136468001 detected: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1262713136468003 detected: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1262731624625001 detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1262731624625002 detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1262731624625003 detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1262731624625004 detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1262731624625005 detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1262830229312000 detected: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1262830229984002 detected: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1262830229984006 detected: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263071831968000 detected: Trace.TrackingCookie.lycos.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263071833171000 detected: Trace.TrackingCookie.ads.lycos.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263091758265000 detected: Trace.TrackingCookie.m.webtrends.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263138469750000 detected: Trace.TrackingCookie.count!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263262598937000 detected: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263322959125001 detected: Trace.TrackingCookie.ign.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263322959781000 detected: Trace.TrackingCookie.ign.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263322959796000 detected: Trace.TrackingCookie.ign.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263322959953000 detected: Trace.TrackingCookie.ign.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263322961031000 detected: Trace.TrackingCookie.ign.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263322961031003 detected: Trace.TrackingCookie.ign.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263322961468000 detected: Trace.TrackingCookie.ign.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263322961828005 detected: Trace.TrackingCookie.ign.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263389686343000 detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263432998937000 detected: Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263432999031000 detected: Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263581821062000 detected: Trace.TrackingCookie.wt.o.nytimes.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263589676640000 detected: Trace.TrackingCookie.rotator.adjuggler.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263612460781000 detected: Trace.TrackingCookie.web.acumenpi.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263612462828002 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263654499640001 detected: Trace.TrackingCookie.www.wallpapergate.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263654499640002 detected: Trace.TrackingCookie.www.wallpapergate.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263654499640003 detected: Trace.TrackingCookie.www.wallpapergate.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263657580359000 detected: Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263657582281001 detected: Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263657582281002 detected: Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263657582281003 detected: Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263657583453000 detected: Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263657583453001 detected: Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263657585828000 detected: Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263657991890000 detected: Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263658021875000 detected: Trace.TrackingCookie.sales.liveperson.net!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263658022062000 detected: Trace.TrackingCookie.sales.liveperson.net!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263659225375002 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263675270468000 detected: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263785540453000 detected: Trace.TrackingCookie.link!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263861077046000 detected: Trace.TrackingCookie.link!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1263924212968002 detected: Trace.TrackingCookie.searchportal.information.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1264359643703000 detected: Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1264359645843000 detected: Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1264359646484001 detected: Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1264359646625000 detected: Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1264359655093000 detected: Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1264363464640000 detected: Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1264472625343000 detected: Trace.TrackingCookie.www.burstbeacon.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1264545736203001 detected: Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1264545736500000 detected: Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1264603936562001 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1264603939140000 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1264603939156000 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1264644130703003 detected: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1264651918015002 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1264874389015000 detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1264874389390000 detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1265145215406001 detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1265145314593000 detected: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1265163086875000 detected: Trace.TrackingCookie.reuters.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1265163087437000 detected: Trace.TrackingCookie.reuters.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1265163088000006 detected: Trace.TrackingCookie.reuters.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1265163945296000 detected: Trace.TrackingCookie.thefreedictionary.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1265163959406001 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1265163959406003 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1265210670140000 detected: Trace.TrackingCookie.azjmp.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1265210670156000 detected: Trace.TrackingCookie.azjmp.com!A2
C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\a8g3bfmz.default\cookies.sqlite:1265210670156001 detected: Trace.TrackingCookie.azjmp.com!A2
C:\Documents and Settings\Kyle\Local Settings\Temp\106.tmp detected: Worm.Agent!IK
C:\Documents and Settings\Kyle\Local Settings\Temp\140.tmp detected: Packed.Win32.Tdss!IK
C:\Documents and Settings\Kyle\Local Settings\Temp\5F.tmp detected: Worm.Agent!IK

Scanned

Files: 73035
Traces: 662236
Cookies: 1979
Processes: 51

Found

Files: 3
Traces: 6
Cookies: 84
Processes: 0
Registry keys: 0

Scan end: 03/02/2010 3:36:31 PM
Scan time: 0:52:29

C:\Documents and Settings\Kyle\Local Settings\Temp\140.tmp Quarantined Packed.Win32.Tdss!IK
C:\Documents and Settings\Kyle\Local Settings\Temp\106.tmp Quarantined Worm.Agent!IK
C:\Documents and Settings\Kyle\Local Settings\Temp\5F.tmp Quarantined Worm.Agent!IK

Quarantined

Files: 3
Traces: 6
Cookies: 0






Malwarebytes' Anti-Malware 1.44
Database version: 3681
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03/02/2010 12:32:05 AM
mbam-log-2010-02-03 (00-32-05).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 165513
Time elapsed: 44 minute(s), 23 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 3
Registry Data Items Infected: 5
Folders Infected: 1
Files Infected: 25

Memory Processes Infected:
C:\WINDOWS\system32\qtplugin.exe (Rootkit.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrymonitor1 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrymonitor1 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe lfrt.njo gxsgk) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Files Infected:
C:\Documents and Settings\Kyle\Local Settings\Temp\135.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kyle\Local Settings\Temp\136.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\4DW4R3PQXRpvThYR.sys (Malware.Packer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\4DW4R3sBUyDvWPwX.sys (Malware.Packer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\qtplugin.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.
C:\WINDOWS\Temp\4DW4R31333ee8 (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\4DW4R3140fc7c (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\4DW4R314eba1f (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\4DW4R315c7794 (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\4DW4R316a3528 (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\4DW4R3177f29d (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\4DW4R3185b050 (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\4DW4R31936de4 (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\4DW4R31a12b59 (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\4DW4R31aee95a (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\4DW4R31bca70e (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\4DW4R31ca65ca (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\4DW4R31d8239d (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\4DW4R32aee1c (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4DW4R3sv.dat (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4DW4R3GnEpaAYuVE.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4DW4R3JpuNcaronu.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,733 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:46 PM

Posted 11 February 2010 - 11:24 PM

Since you are already receiving help here, please continue in that thread. Do not start new threads or duplicate topics as this causes confusion and makes it more difficult to get the help you need to resolve your issues. Further, it necessitates staff spending time with housecleaning...time which could have been provided to others needing assistance.

Thanks for your cooperation.

This thread is closed. If you have any questions, please PM me or another Moderator.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users