Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojans Have Taken My Computer


  • Please log in to reply
36 replies to this topic

#1 vise

vise

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Location:LOnDoN, DaGeNHam, BEconTREe
  • Local time:05:01 PM

Posted 23 March 2006 - 02:17 PM

ok so i downoaded a process library thing to know and understand my task manager much beter.
I found out that oun of my proceses - System - was a Trojan - Net Controller Trojan 1.08.
So i began searching round the internet for forusm and stuff , and programs to get rid of it. I tried NOAdware and XoftSpy SE which both failed cos I need to pay.
The poth scaned my computer and found like 30 more trojans and bad cookies

I wanted to delete but would not do so. here r two images from xoftSpy results - http://img530.imageshack.us/my.php?image=s...hotscan15gd.jpg
and
http://img483.imageshack.us/my.php?image=scan24qn.jpg

as u can see i have quite a few problems :thumbsup: :flowers: :trumpet:

and im desperat for help - ::can any1 provie me with a xoftspy serial, or any good software to delete these life wreckers, or and way possible to help me out - plz people - ur smart and im - well, new to this whole computer thing- PLEASE HELP!!!!!!!! anything free?!

BC AdBot (Login to Remove)

 


#2 vise

vise
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Location:LOnDoN, DaGeNHam, BEconTREe
  • Local time:05:01 PM

Posted 23 March 2006 - 02:54 PM

cmon people im hanging on one finger plz!

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,768 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:01 PM

Posted 23 March 2006 - 04:50 PM

If your using Win XP/2000 download and scan with Ewido Anti-Malware v3.5
Ewido Install and Scan Instructions

Edit: NoAdware and XoftSpy were originally included in the list of "rogue/suspect" anti-spyware programs. They were de-listed after the vendors took steps to correct identified problems.

That an application has been de-listed should not be understood as an endorsement or recommendation of any kind. We still recommend that users consult the short list of "trustworthy" anti-spyware applications.

Read here.

Edited by quietman7, 23 March 2006 - 04:57 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 vise

vise
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Location:LOnDoN, DaGeNHam, BEconTREe
  • Local time:05:01 PM

Posted 23 March 2006 - 05:24 PM

ok ty - done 2 left unremoved - im doing avast! now any other help?

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,768 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:01 PM

Posted 24 March 2006 - 05:25 AM

Post the results of your scans or any infected files that are found but not deleted.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 vise

vise
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Location:LOnDoN, DaGeNHam, BEconTREe
  • Local time:05:01 PM

Posted 24 March 2006 - 07:08 AM

xxxxx - hold on

Edited by KoanYorel, 25 March 2006 - 08:46 AM.


#7 vise

vise
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Location:LOnDoN, DaGeNHam, BEconTREe
  • Local time:05:01 PM

Posted 24 March 2006 - 07:15 AM

ok here is the report for the ewido scan i done - - i had 56 infected files and 54 were cleaned - but nothing states that in the report
2 were uncleaned - wats heppening?

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 22:20:21, 23/03/2006
+ Report-Checksum: DCDF61BA

+ Scan result:

:mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies-1.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies-2.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies-2.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies-2.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies-3.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies-3.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies-3.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies-4.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies-4.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies-4.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adtech[1].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-idg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@paycounter[2].txt -> TrackingCookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@sel.as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@sel.as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Program Files\LimeWire\.NetworkShare\vids\XoftSpy 4.09.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Cleaned with backup


::Report End


at the moment im starting an avast! scan to check for any more problems that might have been missed , i started yesterday but it took too long - anyway ill check back in about 2 hours lol

Edited by KoanYorel, 25 March 2006 - 08:45 AM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,768 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:01 PM

Posted 24 March 2006 - 07:54 AM

The ewido report indicates that it cleaned all those bad files by saying "Cleaned with backup" after each one. The report does not show that it was unable to clean anything. What two files are you saying it did not clean?

After your avast scan you should perform these online Virus scans:
[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component]

Trend Micro Housecall Scan
Panda ActiveScan
ActiveScan Panda does not remove adware/spyware but will autoclean for viruses & worms.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 vise

vise
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Location:LOnDoN, DaGeNHam, BEconTREe
  • Local time:05:01 PM

Posted 24 March 2006 - 09:45 AM

i dont use IE - i use FIREFOX :D - i done a avast scan - and its realy weird - realy realy realy weird! - i got like 60 files that i dont know about and when i try to quaantine them - it says password protected or unable to find - ill post picture in a few mins - thing was theree was no log thingy

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,768 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:01 PM

Posted 24 March 2006 - 09:48 AM

Trend Micro Housecall Scan for Firefox
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 vise

vise
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Location:LOnDoN, DaGeNHam, BEconTREe
  • Local time:05:01 PM

Posted 24 March 2006 - 10:36 AM

ok here is the avast! scan pic take a few hpurs - 2 approx - ago

Posted Image

and here is the log by ewido another scan performed 2day- i will perform other scans soon

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 14:41:06, 24/03/2006
+ Report-Checksum: 1CF9FEFD

+ Scan result:

:mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cvnbwmai.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup


::Report End


Edited by vise, 24 March 2006 - 10:36 AM.


#12 vise

vise
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Location:LOnDoN, DaGeNHam, BEconTREe
  • Local time:05:01 PM

Posted 24 March 2006 - 10:57 AM

omg this is soooo weird - i started that panda scan that u told me to - and look wat i got!!!!!!!!!!
-
-
------------------------------------------------

Posted Image

------------------------------------------------


A bloomin virus - is it safe to continue?

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,768 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:01 PM

Posted 24 March 2006 - 11:05 AM

pskavs.dll is a legitimate file installed by Panda but there are a couple of AV vendors that tag it as malicious. This includes Avast and ClamAV. Just shut down avast while your running the scan and turn it back on when done.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 vise

vise
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Location:LOnDoN, DaGeNHam, BEconTREe
  • Local time:05:01 PM

Posted 24 March 2006 - 11:25 AM

ty for fast replies :thumbsup:

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,768 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:01 PM

Posted 24 March 2006 - 11:30 AM

Edit: I thought you were done. Disregard setting a new restore point for now. We will do that later.

Edited by quietman7, 24 March 2006 - 12:13 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users