Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with win32/Olmarik.VM Patched and Win32/TrojanClicker.Delf.NJE


  • This topic is locked This topic is locked
2 replies to this topic

#1 Big-buddha

Big-buddha

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 28 April 2010 - 06:19 AM

Problems:

1) I keep getting pop-up and sometimes links redirect me to other sites, often ads.
2) It makes my computer slow down drastically : Windows crashes most of the time when i change user and the gmer scan crashed 5times before i could get it done.
3) One pop-up in particular (that would be the trojan clicker) tries to lure me to download an antivirus because it simulates the window control pannel so that i think it's windows that's asking me to download an antivirus.

What i've already done:

1) Nod32 alerts me that there's a trojan every 10min but when I put in quarantine the trojan seems to duplicate and the alerts juste keep coming.
2) I scanned with : Ad-aware, spybot : search and destroy, docor web (in safe mode), malwarebytes anti-malware, nod32
It did a full scan with each.
3) When i scanned with spydoctor in safe mode it crashed at the end and two infections could not be treated : C:/program files/eset/infected (quaratine of nod32) and c/documents and settings/username/local settings/Anplic/mozilla/firefox/profiles/2cpk5271.default/cache
4) After the spydoctor scan nod32 detected a second infection (Olmarik) and nod32 can't get rid of it

Logs:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Gilles at 18:47:41,28 on lun. 26/04/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.32.1036.18.2030.1342 [GMT 2:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Gilles\Bureau\nod32kui .exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gilles\Bureau\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.be/
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local;*.local
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - No File
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\documents and settings\gilles\mes documents\musique 2\bitcomet\tools\BitCometBHO_1.2.1.2.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: beginC4EE31F3-4768-11D2-BE5C-00A0C9A83DA1end; - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Alcmtr] ALCMTR.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NWEReboot]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &D&ownload &with BitComet - c:\documents and settings\gilles\mes documents\musique 2\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\documents and settings\gilles\mes documents\musique 2\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\documents and settings\gilles\mes documents\musique 2\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\documents and settings\gilles\mes documents\musique 2\bitcomet\tools\BitCometBHO_1.2.1.2.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
LSP: c:\windows\system32\imon.dll
Trusted Zone: radioblogclub.com
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.be/s/v/27.38/uploader2.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177916279832
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
IFEO: image file execution options - svchost.exe
IFEO: mrt.exe - svchost.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gilles\applic~1\mozilla\firefox\profiles\bmy1yw2f.default\
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-1-8 20744]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-4-26 15424]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-11-8 95024]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2007-4-26 552064]
R3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\system32\drivers\3xHybrid.sys [2007-4-19 827008]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-22 135664]
S2 jpczpgde;StarForce Protection Environment (version 1.x)Monitor;c:\windows\system32\svchost.exe -k netsvcs [2006-3-2 14336]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\lv532av.sys --> c:\windows\system32\drivers\LV532AV.SYS [?]

=============== Created Last 30 ================

2010-04-26 16:45:54 96512 ----a-w- c:\windows\system32\drivers\OLDEC3.tmp
2010-04-26 16:43:56 0 ----a-w- c:\documents and settings\gilles\defogger_reenable
2010-04-26 16:42:23 96512 ----a-w- c:\windows\system32\drivers\OLDE65.tmp
2010-04-26 16:27:49 96512 ----a-w- c:\windows\system32\drivers\OLDC8F.tmp
2010-04-26 16:14:44 96512 ----a-w- c:\windows\system32\drivers\OLDAEF.tmp
2010-04-26 16:11:44 96512 ----a-w- c:\windows\system32\drivers\OLDABD.tmp
2010-04-26 16:09:13 96512 ----a-w- c:\windows\system32\drivers\OLDA7A.tmp
2010-04-26 16:03:03 96512 ----a-w- c:\windows\system32\drivers\OLD9B6.tmp
2010-04-26 16:00:45 96512 ----a-w- c:\windows\system32\drivers\OLD995.tmp
2010-04-26 15:54:09 96512 ----a-w- c:\windows\system32\drivers\OLD90D.tmp
2010-04-26 15:42:05 96512 ----a-w- c:\windows\system32\drivers\OLD7EA.tmp
2010-04-26 15:38:56 96512 ----a-w- c:\windows\system32\drivers\OLD7B4.tmp
2010-04-26 15:28:01 96512 ----a-w- c:\windows\system32\drivers\OLD6C1.tmp
2010-04-26 15:22:58 96512 ----a-w- c:\windows\system32\drivers\OLD65D.tmp
2010-04-26 15:21:25 96512 ----a-w- c:\windows\system32\drivers\OLD633.tmp
2010-04-26 15:15:27 96512 ----a-w- c:\windows\system32\drivers\OLD51A.tmp
2010-04-26 15:10:45 96512 ----a-w- c:\windows\system32\drivers\OLD4BF.tmp
2010-04-26 15:08:27 96512 ----a-w- c:\windows\system32\drivers\OLD49D.tmp
2010-04-26 15:06:09 96512 ----a-w- c:\windows\system32\drivers\OLD469.tmp
2010-04-26 14:57:02 96512 ----a-w- c:\windows\system32\drivers\OLD3A2.tmp
2010-04-25 13:04:00 0 d-----w- c:\documents and settings\gilles\DoctorWeb
2010-04-21 19:39:46 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-04-21 10:21:13 54 ----a-w- c:\windows\Player.INI
2010-04-21 10:21:02 0 d-----w- c:\program files\Notation
2010-04-21 10:14:24 0 d-----w- c:\program files\Power Tab Software
2010-04-21 07:00:01 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-08 20:06:49 0 d-----w- c:\program files\iPod
2010-04-08 20:06:40 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

==================== Find3M ====================

2010-04-08 16:45:26 84730 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-08 16:45:26 510654 ----a-w- c:\windows\system32\perfh00C.dat
2010-04-04 16:21:17 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-26 21:39:43 34308 ----a-w- c:\windows\system32\Chip.dll
2010-03-26 21:39:43 22004 ----a-w- c:\windows\system32\Pvt.tmp
2010-03-10 06:16:48 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:17:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-21 14:35:41 42824 -c--a-w- c:\docume~1\gilles\applic~1\GDIPFONTCACHEV1.DAT
2010-02-18 19:17:44 28196 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-16 19:06:59 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:06:56 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 09:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 09:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:34:07 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-01-18 08:51:22 26512269 ----a-w- c:\program files\TicTacPhoto_Hexim_Spirou.exe
2008-08-27 17:44:39 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\historique\history.ie5\mshist012008082720080828\index.dat

============= FINISH: 18:49:15,84 ===============

I couldn't uplaod the "attach.txt"
"Upload failed. The file was larger than the available space"
So if someone wants to see it, please ask. I'll e-mail it.
I also have a screenshot of the "windows lure" by the trojan.

Merged posts. ~ OB

Attached Files

  • Attached File  ark.txt   14.86KB   7 downloads

Edited by Orange Blossom, 28 April 2010 - 09:25 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:34 PM

Posted 03 May 2010 - 06:07 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:34 PM

Posted 07 May 2010 - 06:19 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users