Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to remove Defense Center virus


  • This topic is locked This topic is locked
22 replies to this topic

#1 cinerama

cinerama

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 07 July 2010 - 02:15 PM

Hello,

I saw your answer to the person who had the Defense Center virus. You recommended starting up in the Safe Mode F8 and then running Malwarebytes. I can't do this as I get the blue screen of death if I try to boot up in Safe Mode. I can hit the F11 key and startup with the previous configuration of the system. This works fine and I can run Malwarebytes but, it doesn't delete any of the viruses selected even though it says it does. One of the viruses it displays is the Malwarebytes Hijacker. When I restart the PC and run Malwarebytes all the same viruses are there. I am doing this on a different user - (Guest) than mine. If I select my user, run Malwarebytes, it finds the viruses but, when I click to see them, it leaves the Malwarebytes program.

Help!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:50 AM

Posted 07 July 2010 - 02:32 PM

Hello, I am moving this from XP to the Am I Infected forum.
Please post that MBAM scan log yopu have..
Next run SAS in normal mode.

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 cinerama

cinerama
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 07 July 2010 - 02:41 PM

Thank you for responding so quickly! Below is the malwarebytes log.



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/7/2010 3:37:46 PM
mbam-log-2010-07-07 (15-37-46).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 161413
Time elapsed: 29 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\pragma (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA (Rootkit.TDSS) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Delete on reboot.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\All Users\Application Data\pragmamfeklnmal.dll (Rootkit.TDSS) -> Delete on reboot.
C:\Documents and Settings\Guest\Local Settings\temp\pragmamainqt.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:50 AM

Posted 07 July 2010 - 03:11 PM

You're welcome! Part of the problem is that MBAM needs an update. After you finish and post the SAS log...

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

How is it after this??
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 cinerama

cinerama
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 07 July 2010 - 09:00 PM

Sorry for taking so long to respond but, Windows kept going down while I was running Superantispyware. So, I had to stop it before windows would go down, restart the PC, run it again. But, it looks like it got rid of Defense Center - Yay! But now I have other problems. When I boot up the PC I get:

Error loading C:\WINDOWS\EMANIZOK.DLL The specified module could not be found.

Also, when I do a search, a list of found links come up like normal but when you click on them, they get hijacked and you are brought to another page that ahd nothing to do with what you are looking for. Example: I do a search for CINERAMA, see link for
cinerama.topcities.com/, click on it and I'm brought to http://www.informationgetter.com/search-re...&q=Cinerama instead.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:50 AM

Posted 07 July 2010 - 11:04 PM

Geeze now I almost lost you!?
Its not unusual to receive such an error after using specialized fix tools.

A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to malware that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads.

To resolve this, download Autoruns, search for the related entry and then delete it.

Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if you're not sure how to do this.)
Open the folder and double-click on autoruns.exe to launch it.
Please be patient as it scans and populates the entries.
When done scanning, it will say Ready at the bottom.
Scroll through the list and look for a startup entry related to the file(s) in the error message. -->> EMANIZOK.DLL <<--
Right-click on the entry and choose delete.
Reboot your computer and see if the startup error returns.


If still redirecting>>>
Change your DNS Servers:
  • Go to Posted Image > Run... and in the open box, type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig /flushdns
  • Hit Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.
If the above commands did not resolve the problem, the next thing to try is to reset your network settings and Configure TCP/IP to use DNS.
  • Go to Posted Image > Control Panel, and choose Network Connections.
  • Right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties.
  • Double-click on Internet Protocol (TCP/IP) or highlight it and select Properties.
  • Under the General tab, write down any settings in case you should need to change them back.
  • Select the button that says "Obtain an IP address automatically" or make sure the DNS server IP address is the same as provided by your ISP.
  • Select the button that says "Obtain DNS servers automatically".
  • If unknown Preferred or Alternate DNS servers are listed, uncheck the box that says "Use the following DNS server address".
  • Click OK twice to get out of the properties screen and restart your computer. If not prompted to reboot go ahead and reboot manually.
-- Vista users can refer to How to Change TCP/IP settings

CAUTION: It's possible that your ISP (Internet Service Provider) requires specific DNS settings here. Make sure you know if you need these settings or not BEFORE you make any changes or you may lose your Internet connection. If you're sure you do not need a specific DNS address, then you may proceed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 cinerama

cinerama
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 08 July 2010 - 06:32 AM

I ran Malwarebytes this morning. Before I ran it I updated the definitions. It found about 23. But, when I try to display them, the program ends, does not display what it found, does not create a log file, nothing. This is what was happening when I had the Defense Center bug.

#8 cinerama

cinerama
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 08 July 2010 - 07:14 AM

I ran Malwarebytes again but this time under the Guest username. It ran OK. Said it deleted and quarantined the files it found. When it went to reboot, I got the blue screen:

C000021a {Fatal System Error}
XC0000005 (0X00000000 0X00000000)
System has been shut down

I turned off/on the PC and no blue screen. Looks OK but something is definitely still wrong.

#9 cinerama

cinerama
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 08 July 2010 - 07:21 AM

I also did what you said about changing your DNS servers. The Run and them CMD steps said that is was successful but, that didn't fix it. I went into Network Connections and the settings were/are the same as what you said to change them to - I did not have to change them.

#10 cinerama

cinerama
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 08 July 2010 - 08:15 AM

Below is the log file from running Malwarebytes under the Guest username. Under my username it does not create a log file, delete anything, etc. it just ends

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4291

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/8/2010 8:01:09 AM
mbam-log-2010-07-08 (08-01-09).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 170210
Time elapsed: 24 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\psan32.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\pragma (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\psan32.dll (Trojan.Hiloti) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\pragmamfeklnmal.dll (Rootkit.TDSS) -> Delete on reboot.
C:\Documents and Settings\Guest\Local Settings\temp\pragmamainqt.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

#11 cinerama

cinerama
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 08 July 2010 - 10:26 AM

I did a restart of the PC and I back to the blue screen. I can only get back to normal windows when I F8 and select the last known good configuration.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:50 AM

Posted 08 July 2010 - 10:51 AM

Please do this.
TDDS Killer
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)


    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.
Any better??
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 cinerama

cinerama
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 08 July 2010 - 02:18 PM

OK. A lot better!

I don't have the link hijacking on the internet search links.

I ran Malwarebytes on my username and it ran successfully (log is below) . I did a restart and I did not get the blue screen.

I ran Autoruns and deleted emaizok.dll - I noticed there are others that say "file not found". OK to delete them too? Also I get the message "Error loading C:\WINDOWS\psan32.dll . The specified module could not be found." when I log on to my username but I cannot find psan32.dll in Autoruns. Maybe it will go away if I delete all the "file not found" rows?



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4291

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/8/2010 2:31:33 PM
mbam-log-2010-07-08 (14-31-33).txt

Scan type: Quick scan
Objects scanned: 161590
Time elapsed: 9 minute(s), 6 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 5
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 19

Memory Processes Infected:
C:\System Volume Information\Microsoft\services.exe (Trojan.Cycler) -> Failed to unload process.
C:\System Volume Information\Microsoft\smss.exe (Trojan.Cycler) -> Failed to unload process.

Memory Modules Infected:
C:\WINDOWS\psan32.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pragmaciqrxuspqr (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fcotiyuregad (Trojan.Hiloti) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\PRAGMAciqrxuspqr (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\psan32.dll (Trojan.Hiloti) -> Delete on reboot.
C:\Documents and Settings\Roland\Local Settings\temp\118.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Roland\Local Settings\temp\19.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Roland\Local Settings\temp\PRAGMA94d3.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Roland\Local Settings\temp\PRAGMAca6a.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Roland\Local Settings\temp\93944593.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Roland\Local Settings\temp\smss.exe (Trojan.Cycler) -> Quarantined and deleted successfully.
C:\Documents and Settings\Roland\Local Settings\temp\fndvIrntgx.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\Roland\Local Settings\temp\loader.exe (Trojan.Cycler) -> Quarantined and deleted successfully.
C:\Documents and Settings\Roland\Local Settings\Temporary Internet Files\Content.IE5\VNV2RQ0V\setup[1].exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\Roland\Local Settings\Temporary Internet Files\Content.IE5\VNV2RQ0V\setup[2].exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAciqrxuspqr\PRAGMAc.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAciqrxuspqr\PRAGMAcfg.ini (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAciqrxuspqr\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\System volume information\Microsoft\services.exe (Trojan.Cycler) -> Delete on reboot.
C:\System volume information\Microsoft\smss.exe (Trojan.Cycler) -> Delete on reboot.
C:\Documents and Settings\Roland\Application Data\Microsoft\Internet Explorer\Quick Launch\Defense Center.LNK (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Roland\Local Settings\temp\0.7823935271937237.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Roland\Local Settings\temp\pragmamainqt.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:50 AM

Posted 08 July 2010 - 02:35 PM

Hi, yes they can go too.

Now do an online scan and if things are good we can mop up.
ESET
Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?"".
  • Answer Yes to download and install the ActiveX controls that allows the scan to run.
  • Click Start.
  • Check Remove found threats and Scan potentially unwanted applications.
  • Click Scan to start. (please be patient as the scan could take some time to complete)
  • If offered the option to get information or buy software. Just close the window.
  • When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\ESET\ESET Online Scanner\log.txt
    folder.
  • Click Posted Image > Run..., then copy and paste this command into the open box: C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • The scan results will open in Notepad. Copy and paste the contents of log.txt in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 cinerama

cinerama
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 08 July 2010 - 08:56 PM

Below is the ESETS log file. I tried Click > Run..., then copy and paste this command into the open box: C:\Program Files\ESET\EsetOnlineScanner\log.txt but I get the error message "Windows cannot find c:\program"

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=9fe1205697f2c54d82590c4b3502f66b
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-08 10:01:29
# local_time=2010-07-08 06:01:29 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 15033196 15033196 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=89055
# found=4
# cleaned=4
# scan_time=4191
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YJF3KFVI\dkg[1].jar a variant of Java/TrojanDownloader.Agent.NAL trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\temp\119.tmp a variant of Win32/Olmarik.ZE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTM\MovedFiles\01262010_072256\C_Documents and Settings\Roland\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\sdfg.jar-27dba83a-6f1695a4.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTM\MovedFiles\01262010_072256\C_SDFix\backups\backups.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users