Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan found by SAS


  • This topic is locked This topic is locked
7 replies to this topic

#1 wicky

wicky

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Glowinnadark, Washington
  • Local time:08:37 PM

Posted 27 August 2012 - 07:05 PM

Super Anti-Spyware said it found Trojans and requested me to scan. I scanned, it went through it's removal process...but with a Trojan, I can't be sure SAS actually removed it. Here's the log from SAS:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/27/2012 at 04:24 PM

Application Version : 5.5.1012

Core Rules Database Version : 9126
Trace Rules Database Version: 6938

Scan type : Complete Scan
Total Scan Time : 01:37:25

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 411
Memory threats detected : 3
Registry items scanned : 33177
Registry threats detected : 0
File items scanned : 31779
File threats detected : 7

Trojan.Agent/Gen-Kryptik
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SUPERANTISPYWARE.COM\SUPERANTISPYWARE\SDDLLS\SD10005.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SUPERANTISPYWARE.COM\SUPERANTISPYWARE\SDDLLS\SD10005.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SUPERANTISPYWARE.COM\SUPERANTISPYWARE\SDDLLS\SD10006.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SUPERANTISPYWARE.COM\SUPERANTISPYWARE\SDDLLS\SD10006.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SUPERANTISPYWARE.COM\SUPERANTISPYWARE\SDDLLS\SD10007.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SUPERANTISPYWARE.COM\SUPERANTISPYWARE\SDDLLS\SD10007.DLL
C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\ASWARASR.EXE
C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\ASWMONVD.DLL
C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\ASWW8NTF.DLL
C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\SCREENHOOKS32.DLL

BC AdBot (Login to Remove)

 


#2 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 30 August 2012 - 06:03 PM

Hi wicky

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

White Warrior

#3 wicky

wicky
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Glowinnadark, Washington

Posted 30 August 2012 - 09:20 PM

Thank you, White Warrior. Just let me know whenever you are ready.

#4 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 31 August 2012 - 08:12 AM

Hi wicky and welcome.

Those findings appear to be false positives. Super Anti-Spyware(SAS) has acknowledged that it is a problem and has issued a patch to correct it.
For more information on it go here:
http://www.ghacks.net/2012/08/27/superantispyware-trojan-agentgen-kryptik-false-positives/
http://community.norton.com/t5/Norton-360/trojan-agent-gen-kryptik/td-p/791194

To check to see if the computer is clean please run the following program.

Please download Malwarebytes' Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

We need to see some information about what is happening in your machine. Please perform the following scans.

  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control
here

I need to see
MBAM log
DDS log

White Warrior.

Edited by White Warrior, 31 August 2012 - 08:14 AM.


#5 wicky

wicky
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Glowinnadark, Washington
  • Local time:08:37 PM

Posted 31 August 2012 - 09:22 PM

I don't know how to disconnect from the internet (other than turning the computer all the way off) nor do I have any idea how to reconnect if it does disconnect. I did turn off the AV and ran the files. If you actually need me to disconnect, please get me the instructions on how to do so safely.
MBAM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.26.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jilana Conaway :: LENOVO-CD1A357F [administrator]

8/31/2012 2:05:38 PM
mbam-log-2012-08-31 (14-05-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 181306
Time elapsed: 8 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

dds notepad

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by Jilana Conaway at 19:14:21 on 2012-08-31
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3063.2535 [GMT

-7:00]
.
AV: avast! Antivirus *Disabled/Updated*

{7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\spider.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} -

c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} -

c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} -

c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} -

c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program

files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} -

c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program

files\avast software\avast\aswWebRepIE.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java

update\jusched.exe"
mRunOnce: [Delete_c:\windows\downloaded program files\connector.dll] command

/c del c:\windows\downlo~1\CONNEC~1.DLL
mRunOnce: [Delete_c:\windows\downloaded program files\connector.exe] command

/c del c:\windows\downlo~1\CONNEC~2.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program

files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

{53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/m

uweb_site.cab?1343647309484
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -

hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} -

hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{8154EE9F-FB7E-4945-BC85-9258C7F507CA} : DhcpNameServer =

75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager:

{56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop

search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} -

c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jilana conaway\application

data\mozilla\firefox\profiles\fevgxtpm.default\
FF - prefs.js: browser.startup.homepage -

hxxp://xfinity.comcast.net/?cid=mtmh04132012
FF - prefs.js: keyword.URL -

hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application

data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserreco

rdext.dll
FF - plugin: c:\documents and settings\all users\application

data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dl

l
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10516.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-5-1 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-5-1 353688]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys

[2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS

[2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe

[2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-5-1

21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast

software\avast\AvastSvc.exe [2012-5-1 44808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe

[2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe

[2012-7-3 160944]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla

maintenance service\maintenanceservice.exe [2012-5-10 114144]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2011-12-16 15544]
S3 WinRM;Windows Remote Management

(WS-Management);c:\windows\system32\svchost.exe -k WINRM [1980-1-1 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.

exe [2010-3-18 753504]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update

Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe

[2012-4-1 250568]
S4 gupdatem;Google Update Service (gupdatem);c:\program

files\google\update\googleupdate.exe /medsvc --> c:\program

files\google\update\GoogleUpdate.exe [?]
S4 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe

[2012-3-30 1295416]
S4 Secunia Update Agent;Secunia Update Agent;c:\program

files\secunia\psi\sua.exe [2012-3-30 681016]
.
=============== Created Last 30 ================
.
2012-08-30 21:38:21 143872 ----a-w-

c:\windows\system32\javacpl.cpl
2012-08-30 21:38:14 93672 ----a-w-

c:\windows\system32\WindowsAccessBridge.dll
2012-08-30 04:00:35 73696 ----a-w- c:\program files\mozilla

firefox\breakpadinjector.dll
2012-08-25 06:58:29 -------- d-----w- c:\documents and

settings\jilana conaway\jagexcache
2012-08-14 14:09:29 -------- d-----w- c:\documents and

settings\jilana conaway\application data\SUPERAntiSpyware.com
2012-08-14 14:08:33 -------- d-----w- c:\program

files\SUPERAntiSpyware
2012-08-07 15:24:58 -------- d-----w- c:\documents and

settings\jilana conaway\application data\Windows Search
.
==================== Find3M ====================
.
2012-08-30 21:37:56 821736 ----a-w-

c:\windows\system32\npDeployJava1.dll
2012-08-30 21:37:55 746984 ----a-w-

c:\windows\system32\deployJava1.dll
2012-08-23 23:34:22 696520 ----a-w-

c:\windows\system32\FlashPlayerApp.exe
2012-08-23 23:34:21 73416 ----a-w-

c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58:51 78336 ----a-w-

c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w-

c:\windows\system32\drivers\rdpwd.sys
2012-07-03 20:46:44 22344 ----a-w-

c:\windows\system32\drivers\mbam.sys
2012-07-03 16:21:53 721000 ----a-w-

c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 13:40:15 1866112 ----a-w-

c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w-

c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ----a-w-

c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ------w-

c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
2012-06-05 15:50:25 1372672 ------w-

c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w-

c:\windows\system32\msxml3.dll
2012-06-05 00:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w-

c:\windows\system32\schannel.dll
.
============= FINISH: 19:15:25.73 ===============

dds attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST

THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/31/2011 1:12:00 PM
System Uptime: 8/30/2012 2:26:54 PM (29 hours

ago)
.
Motherboard: LENOVO | | Grantsdale
Processor: Intel®

Celeron® CPU 2.80GHz | Socket 423 |

2793/133mhz
.
==== Disk Partitions

=========================
.
C: is FIXED (NTFS) - 68 GiB total, 44.143 GiB

free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items

=============
.
==== System Restore Points

===================
.
No restore point in system.
.
==== Installed Programs

======================
.
7-Zip 9.20
Access IBM
Access IBM Message Center
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Amazon Cloud Drive
Apple Application Support
Apple Software Update
avast! Free Antivirus
CCleaner
DLA
ESET Online Scanner v3
FaxTools
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1

(KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1

(KB958484)
Hotfix for Windows Media Format 11 SDK

(KB929399)
Hotfix for Windows Media Format 11 SDK

(KB939209)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HSF2014 56K Data Fax Modem
IBM 32-bit Runtime Environment for Java 2,

v1.4.2
IBM Rescue and Recovery with Rapid Restore
IBM Themes
Intel® Graphics Media Accelerator Driver
ISO Recorder
Java 7 Update 7
Java Auto Updater
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update

(KB2656353)
Microsoft .NET Framework 1.1 Security Update

(KB2656370)
Microsoft .NET Framework 1.1 Security Update

(KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic

Service Provider Package
Microsoft Compression Client Pack 1.0 for

Windows XP
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature

Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable -

KB2467175
Microsoft Visual C++ 2008 Redistributable -

x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable -

x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86

Redistributable - 10.0.30319
Mouse Suite
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero Media Player
PC-Doctor 5 for Windows
Picture Control Utility
QuickTime
Realtek AC'97 Audio
REALTEK GbE & FE Ethernet PCI NIC Driver
RecordNow Audio
RecordNow Copy
RecordNow Data
Remove Multimedia Center
Secunia PSI (3.0.0.0006)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework

3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework

3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework

4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework

4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework

4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework

4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework

4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework

4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework

4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework

4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework

4 Extended (KB2487367)
Security Update for Microsoft .NET Framework

4 Extended (KB2656351)
Security Update for Microsoft Windows

(KB2564958)
Security Update for Step By Step Interactive

Training (KB898458)
Security Update for Step By Step Interactive

Training (KB923723)
Security Update for Windows Internet Explorer

8 (KB2416400)
Security Update for Windows Internet Explorer

8 (KB2482017)
Security Update for Windows Internet Explorer

8 (KB2497640)
Security Update for Windows Internet Explorer

8 (KB2510531)
Security Update for Windows Internet Explorer

8 (KB2530548)
Security Update for Windows Internet Explorer

8 (KB2544521)
Security Update for Windows Internet Explorer

8 (KB2559049)
Security Update for Windows Internet Explorer

8 (KB2586448)
Security Update for Windows Internet Explorer

8 (KB2618444)
Security Update for Windows Internet Explorer

8 (KB2647516)
Security Update for Windows Internet Explorer

8 (KB2675157)
Security Update for Windows Internet Explorer

8 (KB2699988)
Security Update for Windows Internet Explorer

8 (KB2722913)
Security Update for Windows Internet Explorer

8 (KB971961)
Security Update for Windows Internet Explorer

8 (KB981332)
Security Update for Windows Internet Explorer

8 (KB982381)
Security Update for Windows Media Player

(KB2378111)
Security Update for Windows Media Player

(KB952069)
Security Update for Windows Media Player

(KB954155)
Security Update for Windows Media Player

(KB973540)
Security Update for Windows Media Player

(KB975558)
Security Update for Windows Media Player

(KB978695)
Security Update for Windows Media Player 11

(KB954154)
Security Update for Windows Search 4 -

KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Skype™ 5.10
Sonic Express Labeler
Sonic Update Manager
Spybot - Search & Destroy
SUPERAntiSpyware
System Requirements Lab for Intel
Update for Microsoft .NET Framework 3.5 SP1

(KB963707)
Update for Microsoft .NET Framework 4

Extended (KB2533523)
Update for Windows Internet Explorer 8

(KB2598845)
Update for Windows Internet Explorer 8

(KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Wallpapers
WebFldrs XP
Windows Genuine Advantage Validation Tool

(KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week

========
.
8/30/2012 9:53:20 PM, error: Service Control

Manager [7034] - The Java Quick Starter

service terminated unexpectedly. It has done

this 1 time(s).
8/30/2012 2:21:27 PM, error: Service Control

Manager [7023] - The Application Management

service terminated with the following error:

The specified module could not be found.
8/27/2012 4:29:00 PM, error: Service Control

Manager [7000] - The Windows Search service

failed to start due to the following error:

The system cannot find the file specified.
8/26/2012 11:19:42 PM, error: Service Control

Manager [7031] - The SAS Core Service

service terminated unexpectedly. It has done

this 1 time(s). The following corrective

action will be taken in 1000 milliseconds:

Restart the service.
.
==== End Of File ===========================

#6 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 01 September 2012 - 06:46 PM

Hi wicky.

Good job. Your logs look clean.

SuperAntiSpyware deleted files from its own program and from Avast, so these two programs will no longer function properly.
I recommend that you uninstall then reinstall these two programs.

Now some preventative steps to ensure you don't get infected:

It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

You can check your system for out of date software manually, or by using automated tools such as Secunia's Personal Software Inspector. This goes doubly for security applications such as antivirus and other antimalware products based on definition lists, where out of date lists mean no detection of newer malware.

Finally, read this tutorial and follow each of the steps:
http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Happy Surfing.

White Warrior.

Edited by White Warrior, 01 September 2012 - 06:47 PM.


#7 wicky

wicky
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Glowinnadark, Washington

Posted 01 September 2012 - 09:27 PM

Okay, great! I do all those steps regularly already (learned them from here) and was just making sure I wasn't infected after SAS popping up with those Trojans. Thank you very much for your time!

#8 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:37 PM

Posted 03 September 2012 - 02:18 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users