Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log...please Help...


  • This topic is locked This topic is locked
6 replies to this topic

#1 alwaysready

alwaysready

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 27 June 2006 - 01:35 PM

there are these websites which keep popping up on its own :thumbsup: PLEASE HELP.

Logfile of HijackThis v1.99.1
Scan saved at 12:03:35 AM, on 6/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\mpssvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kaushik\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: SOHOConnection.lnk = C:\Program Files\SOHOConnection 2.1\jre\bin\javaw.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase5059.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E57A828-D6EB-479F-AE32-CB07276B54FA}: NameServer = 218.248.255.145 61.1.96.69
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\mv6ml9j11.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

BC AdBot (Login to Remove)

 


m

#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:03 AM

Posted 27 June 2006 - 02:46 PM

Hello there,

It is a good idea to print off these instructions - they will be needed later when internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
It is important that you complete the following instructions in the correct order, and also that you don't miss anything out!

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.
If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
David

#3 alwaysready

alwaysready
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 27 June 2006 - 04:09 PM

Hi David....

I think its working fine now. Thanx a lotttt m8...dat was an easy way u u helped me out of it.

The log of Look2Me :


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 6/28/2006 2:24:38 AM

Infected! C:\WINDOWS\system32\jt6m07j1e.dll
Infected! C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP10\A0002499.dll
Infected! C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP10\A0002555.dll
Infected! C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP11\A0002647.dll
Infected! C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP11\A0002648.dll
Infected! C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP12\A0002675.dll
Infected! C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP13\A0002688.dll
Infected! C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP13\A0002700.dll
Infected! C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP13\A0002712.dll
Infected! C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP13\A0002714.dll
Infected! C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP13\A0002722.dll
Infected! C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP13\A0002730.dll
Infected! C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP13\A0002737.dll
Infected! C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP13\A0002757.dll
Infected! C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP14\A0002797.dll
Infected! C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP14\A0002818.dll
Infected! C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP14\A0002829.dll
Infected! C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP14\A0002843.dll
Infected! C:\WINDOWS\system32\gxu32.dll
Infected! C:\WINDOWS\system32\irn4l55q1.dll
Infected! C:\WINDOWS\system32\iwfxres.dll
Infected! C:\WINDOWS\system32\jt6m07j1e.dll
Infected! C:\WINDOWS\system32\kodlv.dll
Infected! C:\WINDOWS\system32\kydhe.dll
Infected! C:\WINDOWS\system32\lvn6095se.dll
Infected! C:\WINDOWS\system32\mv44l9hq1.dll
Infected! C:\WINDOWS\system32\pCpgraph.dll
Infected! C:\WINDOWS\system32\vjmdbg.dll
Infected! C:\WINDOWS\system32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\jt6m07j1e.dll
C:\WINDOWS\system32\jt6m07j1e.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP10\A0002499.dll
C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP10\A0002499.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP10\A0002555.dll
C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP10\A0002555.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP11\A0002647.dll
C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP11\A0002647.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP11\A0002648.dll
C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP11\A0002648.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP12\A0002675.dll
C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP12\A0002675.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP13\A0002688.dll
C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP13\A0002688.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP13\A0002700.dll
C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP13\A0002700.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP13\A0002712.dll
C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP13\A0002712.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP13\A0002714.dll
C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP13\A0002714.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP13\A0002722.dll
C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP13\A0002722.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP13\A0002730.dll
C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP13\A0002730.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP13\A0002737.dll
C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP13\A0002737.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP13\A0002757.dll
C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP13\A0002757.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP14\A0002797.dll
C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP14\A0002797.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP14\A0002818.dll
C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP14\A0002818.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP14\A0002829.dll
C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP14\A0002829.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP14\A0002843.dll
C:\System Volume Information\_restore{EDBBA8C1-CD66-45B5-A565-66B69DD540F4}\RP14\A0002843.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\gxu32.dll
C:\WINDOWS\system32\gxu32.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\irn4l55q1.dll
C:\WINDOWS\system32\irn4l55q1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\iwfxres.dll
C:\WINDOWS\system32\iwfxres.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\jt6m07j1e.dll
C:\WINDOWS\system32\jt6m07j1e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\kodlv.dll
C:\WINDOWS\system32\kodlv.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\kydhe.dll
C:\WINDOWS\system32\kydhe.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\lvn6095se.dll
C:\WINDOWS\system32\lvn6095se.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mv44l9hq1.dll
C:\WINDOWS\system32\mv44l9hq1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\pCpgraph.dll
C:\WINDOWS\system32\pCpgraph.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\vjmdbg.dll
C:\WINDOWS\system32\vjmdbg.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Control Panel

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{EB5488C6-AF4B-4B5B-8109-CEC770F3E56C}"
HKCR\Clsid\{EB5488C6-AF4B-4B5B-8109-CEC770F3E56C}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A2A046FB-E972-4849-953A-8CF1749571A3}"
HKCR\Clsid\{A2A046FB-E972-4849-953A-8CF1749571A3}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A888BED6-EA5A-43F1-A91E-6477278FA136}"
HKCR\Clsid\{A888BED6-EA5A-43F1-A91E-6477278FA136}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded



The Log of Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 2:34:06 AM, on 6/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\mpssvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Documents and Settings\Kaushik\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: SOHOConnection.lnk = C:\Program Files\SOHOConnection 2.1\jre\bin\javaw.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase5059.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E57A828-D6EB-479F-AE32-CB07276B54FA}: NameServer = 218.248.255.145 61.1.96.69
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


Please check if there is any problem still der..Thanx again buddy

Kaushik

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:03 AM

Posted 28 June 2006 - 03:24 AM

Hey Kaushik

The log is looking clean now, but with all infections like this, they never come alone, so I want to check for any infected files lying around.

* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report in your next reply by using Add Reply.

David

#5 alwaysready

alwaysready
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 28 June 2006 - 03:02 PM

Hi David!!

Have performed the online panda scan as u asked for. The report is attached below.


Incident Status Location

Adware:Adware/DollarRevenue Not disinfected C:\dfndra_1.exe
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kaushik\Cookies\kaushik@ad.yieldmanager[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Kaushik\Cookies\kaushik@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kaushik\Cookies\kaushik@advertising[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Kaushik\Cookies\kaushik@as-us.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kaushik\Cookies\kaushik@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kaushik\Cookies\kaushik@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Kaushik\Cookies\kaushik@azjmp[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Kaushik\Cookies\kaushik@burstnet[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Kaushik\Cookies\kaushik@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kaushik\Cookies\kaushik@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Kaushik\Cookies\kaushik@fastclick[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Kaushik\Cookies\kaushik@media.fastclick[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Kaushik\Cookies\kaushik@questionmarket[2].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Kaushik\Cookies\kaushik@yadro[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Kaushik\Cookies\kaushik@zedo[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kaushik\Local Settings\Temp\Cookies\kaushik@ad.yieldmanager[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kaushik\Local Settings\Temp\Cookies\kaushik@atdmt[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Kaushik\Local Settings\Temp\Cookies\kaushik@microsoftwga.112.2o7[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Kaushik\Local Settings\Temp\Cookies\kaushik@statcounter[1].txt
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Kaushik\Local Settings\Temp\temp.fr5443

Please temme if there is any problem. Thanx for the help.

Kaushik

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:03 AM

Posted 28 June 2006 - 04:06 PM

Hey there Kaushik,

Please delete this file:
C:\dfndra_1.exe

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Please reboot and let me know how the computer is running,
David

#7 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:03 AM

Posted 09 July 2006 - 07:34 AM

Since this issue appears resolved, this Topic is now closed.

If you need this topic reopened, please request this by sending me
a PM with the address of the thread using the link here. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users