Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

White Smoke virus


  • Please log in to reply
17 replies to this topic

#1 indigo123

indigo123

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 29 November 2011 - 08:54 PM

Hey so last night my computer froze, screen black not reactive to power button and closing (is a laptop) being though i didnt want to play with trying to take the battery out i unplugged the power supply and run until the battery died, (seemed like the only choice) i unplugged my router to ensure the internet connection wasn't intact. So when i turned my computer on i first tried in safe mode, nothing seemed wrong so i went back to regular and again nothing seemed wrong, but when i open my brower (ie) the first page on my tabs(usually google) is called white smoke search engine and any tab i open (instead of starting blank) is again the same Whitesmoke engine. i disabled my internet and ran an extensive search with my virus protection (mc afee) and myself searching for any file labeled whitesmoke nothing came up. please help me i dont want to pay 100 bucks for some company to do it for me.

thanks

Edited by indigo123, 29 November 2011 - 09:49 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:34 PM

Posted 29 November 2011 - 10:18 PM

Before doing anything further, if you have not already done so, you should back up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. If that occurs there may be no option but to reformat and reinstall the OS or perform a full system recovery. The safest practice is not to backup any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.


The WhiteSmoke web site indicates it has worked in the field of English writing technologies since 2002 with a focus on products that enhance and correct grammar, spelling, and writing style. They also provide translation software and other other specialized English writing tools. These all appear to be legitimate programs. However, many users have reported they did not know how WhiteSmoke was downloaded or installed so its most likely being bundled with other software that is downloaded. The WhiteSmoke web site acknowledges they make their technology available through other channels, such as a browser-based text editor, and specialized OEM versions designed for integration with third party service providers. Malwarebytes' Anti-Malware added PUP.WhiteSmoke to its detection database in November 2010.

The web site says the software can be removed through Add/Remove Programs or Programs and Features if using Vista/Windows 7 so check there first, highlight anything with the name "Whitesmoke", select Remove and restart the computer normally.

From our investigation and dealings with this software we have found many cases of it being reported with a TDSS rootkit infection after installation. So depending on where and how the software is downloaded such as a bundled package, the severity of system infection will determine how the disinfection process goes.


Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKiller
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If an update is available, TDSSKiller will prompt you to update and download the most current version. Click Load Update. Close TDSSKiller and start again.
  • When the program opens, click the Change parameters.
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If 'Suspicious objects' are detected, the default action will be Skip. Leave the default set to Skip and click on Continue.
  • If Malicious objects are detected, they will show in the Scan results - Select action for found objects and offer three options.

    Posted Image

  • Ensure Cure is selected...then click Continue -> Reboot computer for cure completion.
  • Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else before beginning the download and saving to the computer or to perform the scan in "safe mode".

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.


Step 7 instructs you to scan your computer using Malwarebytes Anti-Malware.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 indigo123

indigo123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 01 December 2011 - 04:23 PM

okay, so i deleted the program in my programs, and i shredded any file/programs that was downloaded during the day the program was installed.
after which i tried the tds killer as well i ran it in regular mode and nothing was found.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:34 PM

Posted 01 December 2011 - 05:10 PM

Did you complete Step 7 and scan your computer using Malwarebytes Anti-Malware? If not, please do so and post the log results.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 indigo123

indigo123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 01 December 2011 - 07:38 PM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8288

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

01/12/2011 5:15:13 PM
mbam-log-2011-12-01 (17-15-13).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 422325
Time elapsed: 1 hour(s), 34 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:34 PM

Posted 01 December 2011 - 10:31 PM

Try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
  • If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
  • Vista/Windows 7 users need to run Internet Explorer/Firefox as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check Posted Image and make sure that the option Remove found threats is NOT checked.
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 indigo123

indigo123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 02 December 2011 - 12:17 AM

i ran it in safe mode and no threats were found.
but i am still seeing signs of the virus. i have also figured out where it came from, i deleted the files that were associated with that download but after restarting my computer they return. as well when i was browsing a window opened by itself leading to an internet page of the torrent file that i had to contract the virus. the file was a game crack

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:34 PM

Posted 02 December 2011 - 08:07 AM

i am still seeing signs of the virus.

What are those signs...be specific.

i deleted the files that were associated with that download but after restarting my computer they return.

What were the files and where were they located?


There are various ways a malware infection can cause browser issues, loss of connectivity and redirects so try these steps:

:step1: Some infections will alter the Proxy settings in Internet Explorer which can affect your ability to browse, update or download tools required for disinfection. Check/Reset Proxy Server Settings. To do that, please refer to Steps 4-7 under the section Automated Removal Instructions in this guide.

Alternatively, you can press the WINKEY + R keys on your keyboard or click Posted Image > Run..., and in the Open dialog box, type: inetcpl.cpl
Click OK or press Enter. Click the Connections tab and continue following the instructions in the above guide.

If using FireFox, refer to these instructions to reset all user preferences, toolbars and search engine to their default settings using Firefox Safe Mode.


 :step2: Reset the IP address:
  • Go to Posted Image > Run... and in the open box, type: cmd
  • Click OK or press Enter. A dos Window will appear.
  • At the command prompt C:\>_, type: ipconfig /release
  • Press Enter.
  • When the prompt comes back, type: ipconfig /renew
  • Press Enter.
  • Close the command box and and see if that fixes the connection. No reboot needed.
-- XP users can refer to XP ipconfig Tutorial: Step 4
-- Vista users can refer to Vista ipconfig Tutorial: Step 4

Flush the DNS resolver cache:
  • Go to Posted Image > Run... and in the open box, type: cmd
  • Click OK or press Enter. A dos Window will appear.
  • At the command prompt C:\>_, type: ipconfig /flushdns
  • Press Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.

 :step3: Check/reset your network settings and Configure TCP/IP to use DNS.
  • Go to Posted Image > Control Panel, and choose Network Connections.
  • Right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties.
  • Double-click on Internet Protocol (TCP/IP) or highlight it and select Properties.
  • Under the General tab, write down any settings in case you should need to change them back.
  • Select the button that says "Obtain an IP address automatically" or make sure the DNS server IP address is the same as provided by your ISP.
  • Select the button that says "Obtain DNS servers automatically".
  • If unknown Preferred or Alternate DNS servers are listed, uncheck the box that says "Use the following DNS server address".
  • Click OK twice to get out of the properties screen and restart your computer. If not prompted to reboot go ahead and reboot manually.
-- Vista users can refer to How to Change TCP/IP settings.
-- Windows 7 users can refer to How to Change TCP/IP settings.

CAUTION: It's possible that your ISP (Internet Service Provider) requires specific DNS settings here. Make sure you know if you need these settings or not BEFORE you make any changes or you may lose your Internet connection. If you're sure you do not need a specific DNS address, then you may proceed.

 :step4: If using a router, disconnect from the Internet and reset your router with a strong logon/password. Many users seldom change the default username/password on the router and are prone to some types of infection. If you're not sure how to do this, refer to the owner's manual for your particular router model. If you do not have a manual, look for one on the vendor's web site which you can download and keep for future reference.

Consult these links to find out the default username and password for your router and write down that information so it is available when doing the reset:These are generic instructions for how to reset a router,:
  • Unplug or turn off your DSL/cable modem.
  • Locate the router's reset button.
  • Press, and hold, the Reset button down for 30 seconds.
  • Wait for the Power, WLAN and Internet light to turn on (On the router).
  • Plug in or turn on your modem (if it is separate from the router).
  • Open your web browser to see if you have an Internet connection.
  • If you don't have an Internet connection you may need to restart your computer.

 :step5: Reset Internet Explorer or go here and click the Posted Image button.

This will automatically reset registry keys and the browser back to the way it was when initially installed. If you check the Delete personal settings checkbox in Advanced settings, it will reset the home page(s), search providers and Accelerators to their default values. It will also delete temporary Internet files, history, cookies, web form information (passwords) and InPrivate Filtering data.

-- Note: Microsoft Fix it does not work in Windows 7. Instead, you can use the Internet Explorer troubleshooters to achieve this automatically.itially installed. Then clear your browser history.

If using FireFox, refer to these instructions to reset all user preferences, toolbars and search engine to their default settings using Firefox Safe Mode.


 :step6: Clear your Web browser cache. As you browse web pages, the browser stores a copy of the pages you view on your local hard drive; this is called caching. Clearing the cache forces the browser to load the latest versions of Web pages and programs you visit.

 :step7: Some types of malware will alter the HOSTS file as part of its infection. This is an example of the original HOSTS file used by Microsoft. If your HOSTS file has been altered, please follow the instructions provided in How to reset the hosts file back to the default.

To reset the hosts file automatically, click the Posted Image button.
Click Run in the file download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.

If you want to add a custom HOSTS file instead, read here first, then download hosts.zip, save it to your Desktop and follow follow these instructions to install the MVPS HOSTS File.

Note: If using Vista or Windows 7, be aware that they require special instructions.

the file was a game crack

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

I strongly recommend that you remove all cracks and keygens immediately to reduce the risk of infection/reinfection. If not, then we are just wasting time trying to clean your system. Further, other tools used during the disinfection process may detect crack and keygens so they need to be removed.

Using these types of programs or the websites visited to get them is almost a guaranteed way to get yourself infected!!
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 indigo123

indigo123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 02 December 2011 - 04:14 PM

yes i understand this now, it was my son who transitioned the download and tried to get the game illegally on my computer. i am now trying to fix up his mistakes without having to pay the full price. i appreciate any time you put into helping me accomplish this fix.

i had deleted all of the files to do with the game download initially but they re appeared 1 of them on my desktop the title labeled SKIDROW, i questioned my son about it and he said it was the "cracking" folder itself that was used to put into the game file. there was also one program file for the game still around that should have been deleted.
my computer is having troubles starting up in regular mode. it will function in safe mode but i haven't given it the time to load in regular.


again i appreciate all your help with this clean up. my son is being thoroughly disapplinned and is not going to be using my computer ever again

Edited by indigo123, 02 December 2011 - 04:37 PM.


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:34 PM

Posted 02 December 2011 - 04:38 PM

Did you go through the 7 steps above?

If you have a problem deleting any file, use Malwarebytes Anti-Malware's built-in FileAssassin feature for removing stubborn malware files.
  • Go to the "More Tools" tab and click on the "Run Tool" button
  • Browse to the location of the file(s) to remove using the drop down box next to "Look in:" at the top.
  • When you find the file, click on it to highlight, then select Open.
  • You will be prompted with a message warning: This file will be permanently deleted. Are you sure you want to continue?. Click Yes.
  • If removal did not require a reboot, you will receive a message indicating the file was deleted successfully.
  • Click Ok and exit MBAM.
  • If prompted to reboot, then do so immediately.
-- If the file returns, then you probably have other malware on your system which is protecting or regenerating it.

Caution: Be careful what you delete. FileAssassin is a powerful program, designed to remove highly persistent files. Using it incorrectly could lead to serious problems with your operating system if removing a critical file.


Lets do another anti-malware scan to see if we find anything else that Malwarebytes may have missed.

Please download SUPERAntiSpyware Free and follow these instructions for performing a scan.

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • Be sure to update the definitions before scanning by selecting "Check for Updates".
    If you encounter any problems while downloading the updates, manually download them from here.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Click Close to exit the program.
  • Please copy and paste the Scan Log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 indigo123

indigo123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 02 December 2011 - 05:59 PM

i am now on a different computer but i am running the superanti spyware test after completing the 7 steps and so far 6 adware tracking cookies have been found they were all found within the first 10seconds of searching. nothing else has been found yet

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:34 PM

Posted 02 December 2011 - 06:35 PM

Ok...post the scan results when you're done and let me know how the computer is running.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 indigo123

indigo123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 02 December 2011 - 07:18 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/02/2011 at 05:06 PM

Application Version : 5.0.1136

Core Rules Database Version : 8011
Trace Rules Database Version: 5823

Scan type : Complete Scan
Total Scan Time : 01:12:34

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 763
Memory threats detected : 0
Registry items scanned : 78362
Registry threats detected : 0
File items scanned : 77094
File threats detected : 6

Adware.Tracking Cookie
C:\USERS\INDIGO\AppData\Roaming\Microsoft\Windows\Cookies\Low\IU60J6R2.txt [ Cookie:indigo@fastclick.net/ ]
C:\USERS\INDIGO\AppData\Roaming\Microsoft\Windows\Cookies\Low\JJE4GVAG.txt [ Cookie:indigo@advertising.com/ ]
C:\USERS\INDIGO\AppData\Roaming\Microsoft\Windows\Cookies\Low\FIS4E1HD.txt [ Cookie:indigo@interclick.com/ ]
C:\USERS\INDIGO\AppData\Roaming\Microsoft\Windows\Cookies\Low\F3U3W7YP.txt [ Cookie:indigo@ad.yieldmanager.com/ ]
C:\USERS\INDIGO\AppData\Roaming\Microsoft\Windows\Cookies\Low\SGAS1FJH.txt [ Cookie:indigo@invitemedia.com/ ]
C:\USERS\INDIGO\AppData\Roaming\Microsoft\Windows\Cookies\Low\EESH9X5F.txt [ Cookie:indigo@apmebf.com/ ]

#14 indigo123

indigo123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 02 December 2011 - 07:24 PM

the computer is appearing to be normal, all browser aspects seem to be normal. i haven't tried running any programs yet but it loaded fast and nothing is unusual like before

#15 indigo123

indigo123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 02 December 2011 - 08:46 PM

This was taken as a second scan, i think there might have been another update it downloaded afterwards.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/02/2011 at 06:34 PM

Application Version : 5.0.1136

Core Rules Database Version : 8012
Trace Rules Database Version: 5824

Scan type : Complete Scan
Total Scan Time : 01:12:38

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 766
Memory threats detected : 0
Registry items scanned : 78378
Registry threats detected : 0
File items scanned : 77169
File threats detected : 8

Adware.Tracking Cookie
C:\Users\Indigo\AppData\Roaming\Microsoft\Windows\Cookies\0LKEXRQ7.txt [ /atdmt.com ]
C:\Users\Indigo\AppData\Roaming\Microsoft\Windows\Cookies\P4USISFE.txt [ /c.atdmt.com ]
C:\USERS\INDIGO\AppData\Roaming\Microsoft\Windows\Cookies\Low\COCQVBR2.txt [ Cookie:indigo@fastclick.net/ ]
C:\USERS\INDIGO\AppData\Roaming\Microsoft\Windows\Cookies\Low\68I6E0B5.txt [ Cookie:indigo@advertising.com/ ]
C:\USERS\INDIGO\AppData\Roaming\Microsoft\Windows\Cookies\Low\J00YEJUL.txt [ Cookie:indigo@interclick.com/ ]
C:\USERS\INDIGO\AppData\Roaming\Microsoft\Windows\Cookies\Low\FB3IG4UH.txt [ Cookie:indigo@ad.yieldmanager.com/ ]
C:\USERS\INDIGO\AppData\Roaming\Microsoft\Windows\Cookies\Low\U5Y1DI00.txt [ Cookie:indigo@invitemedia.com/ ]
C:\USERS\INDIGO\AppData\Roaming\Microsoft\Windows\Cookies\Low\G61HGB8V.txt [ Cookie:indigo@apmebf.com/ ]




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users