Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32:trojan-gen And Win32:istbar-ac


  • This topic is locked This topic is locked
11 replies to this topic

#1 sullivan

sullivan

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:KS
  • Local time:01:38 AM

Posted 17 February 2006 - 08:58 PM

Using Avast! anti-virus.

I've noticed that every time I run adaware it seemed to trigger an alert from avast! on the Win32:ISTBar-AC Trojan, which I would move to the chest and forget about. Since it's been showing up scan after scan for a while I thought I'd look for some outside help on how to remove it. I ran all of your recommended tests, and during the House Call scan another avast alert was triggered indicating that the Win32:Trojan-gen Virus/Worm was found, which I can quarantine but not repair. Each time I run House Call it reappears. I was wondering if you could help me eliminate these pesky bugs.

Logfile of HijackThis v1.99.1
Scan saved at 7:52:25 PM, on 2/17/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\Tablet.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\WINNT\system32\WTablet\TabUserW.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cleverninja.com/blog
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gmail.google.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINNT\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124422856765
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37600.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


m

#2 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:06:38 AM

Posted 22 February 2006 - 06:19 AM

Hi and welcome to Bleeping. :thumbsup:

Your HijackThis log is clean.

Please run the following online virus scan with Internet Explorer (saving the scan report when complete):

Panda ActiveScan
  • Once on the Panda site click the Scan your PC button and then the Check Now button on the nex screen.
  • Enter your details in the required fields.
  • Then click the big Scan Now button.
  • Allow the Active X component to install and download the necessary files. (Note: It may take a couple of minutes)
  • When the download is complete, click on Local Disks to start the scan.
  • Upon scan completion, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the scan results in your next reply please. :flowers:


Keeping Track of Your Topic
  • Please subscribe to this thread by clicking 'Track this topic' at the top of the thread.
  • Enable email notification to subscribed threads via the My Control Panel link above.
  • Keep ALL future replies in this thread please.

Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)

#3 sullivan

sullivan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:KS
  • Local time:01:38 AM

Posted 22 February 2006 - 12:06 PM

So after resolving some conflicts with Kerio and Avast I was able to run the Panda Scan, which turned up nothing but spyware but I do see that the ISTBar has appeared again:



Incident Status Location

Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8tgbq4sc.default\cookies.txt[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8tgbq4sc.default\cookies.txt[dcsxgq7n010000kr2okmzov40_3v7w]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8tgbq4sc.default\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8tgbq4sc.default\cookies.txt[80503492]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8tgbq4sc.default\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8tgbq4sc.default\cookies.txt[34419056]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8tgbq4sc.default\cookies.txt[89451406]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8tgbq4sc.default\cookies.txt[]
Adware:adware/sahagent Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\bundlep_isearchtech1004.sah
Adware:adware/dyfuca Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\cfout.txt
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\f5nUeF.exe
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\RNt1RV.exe
Adware:adware/ist.istbar Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\shortcuts.txt

#4 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:06:38 AM

Posted 22 February 2006 - 01:48 PM

It looks like you just need to clear the Firefox cookies and temporary files on the Administrator account (which I presume is the account you use?).

You can do this from via Firefox's Tools > Options menu or with a program such as ATF Cleaner.

Download ATF Cleaner to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.

Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)

#5 sullivan

sullivan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:KS
  • Local time:01:38 AM

Posted 22 February 2006 - 02:52 PM

The Windows profile I use has admin priveleges, but I don't log in as Administrator. Would I need to log in as Administrator to remove these files or are the accounts essentially shared?

I downloaded and ran ATF Cleaner, deleting Win2k, Firefox, and Opera files, then rebooted and ran another Panda scan. During the scan avast alerted me of the presence of a Win32:CTX virus/worm. I moved it to the chest and the Panda scan continued with the following results:


Incident Status Location

Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8tgbq4sc.default\cookies.txt[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8tgbq4sc.default\cookies.txt[dcsxgq7n010000kr2okmzov40_3v7w]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8tgbq4sc.default\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8tgbq4sc.default\cookies.txt[80503492]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8tgbq4sc.default\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8tgbq4sc.default\cookies.txt[34419056]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8tgbq4sc.default\cookies.txt[89451406]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8tgbq4sc.default\cookies.txt[]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\RNt1RV.exe
Adware:adware/ist.istbar Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\shortcuts.txt

#6 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:06:38 AM

Posted 22 February 2006 - 04:59 PM

Just manually navigate to and delete the entire contents of these folders in bold:

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8tgbq4sc.default\

C:\Documents and Settings\Administrator\Local Settings\Temp\

You will need to have Windows configured to Show all hidden files & folders for the first folder.

:thumbsup:
Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)

#7 sullivan

sullivan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:KS
  • Local time:01:38 AM

Posted 22 February 2006 - 06:15 PM

Much Thanks, that seemed to remove all errors as far as Panda is concerned, at the expense of my Firefox plugins and bookmarks. Not a big problem since I wasn't using very frequently, which then raises the question of why the files in question were located in the Firefox folder.

I did notice that during the last Panda scan that avast again warned me about the Win32:CTX virus. Is that just a result of it disliking activeX, or should it be cause for concern?

#8 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:06:38 AM

Posted 22 February 2006 - 07:57 PM

Can you tell me the location of the Avast detection?

The exact filepath would be handy.
Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)

#9 sullivan

sullivan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:KS
  • Local time:01:38 AM

Posted 22 February 2006 - 08:34 PM

I apologize if I'm lacking pertinent information in my posts, I'm a help forum newb :thumbsup:

The locations are as follows:

WIN32:CTX

C:\WINNT\system32\ActiveScan\4412.tmp
C:\WINNT\system32\ActiveScan\8B.tmp

All the other files that Avast was moving were located in my Temp folder which I cleared out, but the most recent locations and filenames of the original bugs are as follows.

WIN32:Trojan-gen:

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\V9UKFHa02084 (no file extension)

WIN32:IstBar-AC:

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AAWTMP\C533732781\95FE6\start.exe


Thanks again for all the help thus far.

#10 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:06:38 AM

Posted 23 February 2006 - 04:24 AM

Ok, we'll give the machine a blast with Ewido Anti-Malware to be on the safe side.

Download and install Ewido Anti-Malware.
  • When installing Ewido, under "Additonal Options" uncheck "Install Background Guard" and "Install Scan Via Context Menu".
  • Launch Ewido by double-clicking the desktop icon and click 'OK' at the "Database could not be found!" warning.
  • Click "Update" on the left side of the main screen to update the definitions file.
  • Then click "Start Update".
  • When you receive the "Update successful" prompt, Click on Scanner.
  • Click on Complete System Scan and the scan will begin.
  • Warning: Do NOT open any other windows or your Control Panel while scanning as it may prevent scan completion!!
  • When prompted to clean the first infection, select "Remove" and checkmark the box beside "Perform action on all infections" in the left corner.
  • Upon scan completion, click the Save report button and save the report.txt to your desktop.
  • Then close Ewido and post the scan results please.

Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)

#11 sullivan

sullivan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:KS
  • Local time:01:38 AM

Posted 23 February 2006 - 02:40 PM

Looks like most of the stuff was already in my recycle bin and I had neglected to empty it. I ran a second scan after removing all of those items and it came up squeaky clean. Any further action I should take?

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 1:18:46 PM, 2/23/2006
+ Report-Checksum: 99B58457

+ Scan result:

C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc67.exe -> Downloader.IstBar : Cleaned with backup
:mozilla.61:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.62:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.63:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.66:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.67:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.78:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.85:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.89:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.90:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.94:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.97:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.102:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.103:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.104:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.105:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.106:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.107:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.110:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.111:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.113:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.114:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.115:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.116:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.142:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.143:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.144:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.151:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.152:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.153:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.154:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.156:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.157:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.165:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.166:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.167:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.168:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.174:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.175:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.176:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.190:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Trafic : Cleaned with backup
:mozilla.191:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.192:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.194:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.195:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.204:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.205:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.206:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.212:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.227:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.229:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.230:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.236:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.238:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.239:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.250:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.251:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.252:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.256:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.257:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.258:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.259:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.260:C:\RECYCLER\S-1-5-21-1123561945-651377827-839522115-500\Dc9.txt -> TrackingCookie.Questionmarket : Cleaned with backup


::Report End

#12 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:06:38 AM

Posted 23 February 2006 - 03:52 PM

I'd say you're in the clear now. :thumbsup:

Now that you're clean again, please follow these simple steps to keep yourself safe and secure in the future.


Re-enable Your Protection

If asked to reveal your hidden system files and folders during the course of the fix, please rehide those now by reversing the steps here.

Please also re-enable the real-time protection for any anti-spyware programs I asked you to disable before proceeding with the fix.


Disable and Re-enable System Restore to Flush Infected Restore Points

If you are using Windows ME or XP, you should disable and re-enable system restore to make sure there are no infected files found in your restore points.

You can find instructions on how to disable and re-enable system restore here:

Windows XP System Restore Guide

or

Managing Windows Millenium System Restore

Re-enable System Restore with instructions from the tutorial above and create a new Restore point.


Block Access to Untrustworthy Sites

You can prevent your computer from visiting a myriad of untrustworthy sites and ad-servers by installing a customised hosts file. One of the best available is the MVPS Hosts File. Simply follow the instructions to install the file in the correct location. This will not only make surfing safer but will improve website load times and block popups from many of the large ad-servers.


Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet



Safe Surfing

JM :flowers:




Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

Edited by John_McKenna, 06 March 2006 - 05:33 PM.

Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users