Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected By Lots Of Spyware. Get Lots Of Popup Windows!


  • This topic is locked This topic is locked
10 replies to this topic

#1 eperezruberte

eperezruberte

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 21 August 2006 - 10:26 PM

Hello Bleepers! :thumbsup:
You have helped me in the past and I am back. This time, this is my mom's computer and she didn't have a firewall (until now) and so this thing was infected beyond anything I have seen!
I will be posting the log below, but first let me tell you a few things. I did follow the preparation instructions as best as I could, however, there were certain things I could not do.
Ad-Aware:
I kept running Ad-Aware and rebooting and it kept finding 50+ new critical items every time. I then disconnected the internet access to the computer and ran it. This way I got it down to 2 entries it said it couldn't removed and it couldn't remove them even after restarting.
Spybot:
A similar thing happened with Spybot, except I connected to the internet only to download the software and updates and disconnected to do the scan and fixes. Spybot also said it couldn't fix certain items, EVEN AFTER doing it during rebooting.
I then ran HouseCall, Bit Defender and Avert Stinger (Panda was taking too long and I wasn't sure if it was stalled).
Then, I installed ZoneAlarm and Finally ran HijackThis.
Hopefully you can help me get this thing cleaned up and it top shape soon! :flowers:
Thank you in advance for all your help!
------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:17:20 PM, on 8/21/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\mvzzbbdA.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Corel\Suite8\Programs\DAD8.EXE
C:\WINNT\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINNT\System32\lnehb.exe
F2 - REG:system.ini: UserInit=userinit.exe,vjlllsk.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [mvzzbbdA] C:\WINNT\mvzzbbdA.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\System32\uendbn.exe reg_run
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: gameutil.exe.lnk = C:\program files\ati technologies\redline\gameutil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Nero\InCD\InCDsrv.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:51 AM

Posted 22 August 2006 - 06:01 AM

Hello,

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1 for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.

Click here to get Service Pack 1

Warning: You must only update to Service Pack 1, and not Service Pack 2. Doing this before your computer is clean can cause Windows to become unstable. We will update to SP2 after the log is clean.

After you have updated your computer to SP1, please restart your computer and post a new HJT log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 eperezruberte

eperezruberte
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 26 August 2006 - 04:09 PM

Hey, Mikiemoes!

Thanks for your help! Well, I installed Service Pack 1 (or I think I did) and ran HJT again. I followed the instructions to download the updates, etc., etc., but I am not sure if it installed Service Pack 1. I did not see any confirmation after the fact spelling out that Service Pack 1 was installed. However, I ran the Updates again and it said it did not find any updates to install, so I think it got installed. Here is my new log. Appreciate all the help you can give me!
=============================

Logfile of HijackThis v1.99.1
Scan saved at 5:04:33 PM, on 8/26/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\mvzzbbdA.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Corel\Suite8\Programs\DAD8.EXE
C:\WINNT\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINNT\System32\lnehb.exe
F2 - REG:system.ini: UserInit=userinit.exe,vjlllsk.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [mvzzbbdA] C:\WINNT\mvzzbbdA.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\System32\uendbn.exe reg_run
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: gameutil.exe.lnk = C:\program files\ati technologies\redline\gameutil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156616343575
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156616336763
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Nero\InCD\InCDsrv.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:51 AM

Posted 27 August 2006 - 02:48 AM

Hello,

I don't think that any service pack was installed here -- as a sidenote, in case you are having an illegal version of XP, you won't be able to update unfortunately and your system will stay vulnerable. That's why in these cases we strongly recommend to get a genuine version of XP to protect your computer in the future, because without these updates, you're wideopen for reinfection, even with the best antivirus and firewall installed.

Anyway, let's deal with the malware now..

It is important you don't miss a step and perform everything in the right order!!

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINNT\System32\lnehb.exe
F2 - REG:system.ini: UserInit=userinit.exe,vjlllsk.exe
O4 - HKLM\..\Run: [mvzzbbdA] C:\WINNT\mvzzbbdA.exe
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\System32\uendbn.exe reg_run


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Delete next file:

C:\WINNT\mvzzbbdA.exe

* Download Brute Force Uninstaller.
Unzip it to a folder of itís own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script
( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.


Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

--------------------

Please download, install, and update Ewido anti-spyware
  • Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close Ewido and reboot!!
    I need the log later.
-------------------------

* Download Combofix to your desktop.
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog and the log from Ewido.
You may need several replies to post the logs.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 eperezruberte

eperezruberte
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 27 August 2006 - 06:14 PM

OK. I did everything as you suggested. Thanks a lot for your help.
Only one thing I would like to point out before posting all the logs here:
Ewido kept finding Downloader.Qoologic.bj and it kept popping a window where I selected "Clean and Quarantine", but it just kept doing it.
OK, I will post the logs in three different posts. Here is the Ewido log:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:56:15 PM 8/27/2006

+ Scan result:



C:\WINNT\system32\cv3wanv28.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINNT\system32\w9seq.dll -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINNT\system32\__delete_on_reboot__b_l_n_d_r_v_v_._d_l_l_ -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\WINNT\system32\__delete_on_reboot__l_n_e_h_b_._e_x_e_ -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\WINNT\system32\__delete_on_reboot__u_e_n_d_b_n_._e_x_e_ -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\WINNT\system32\bccgm.dat -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
[1076] C:\WINNT\System32\blndrvv.dll -> Downloader.Qoologic.bj : Error during cleaning.
[1156] C:\WINNT\System32\blndrvv.dll -> Downloader.Qoologic.bj : Error during cleaning.
[1556] C:\WINNT\System32\blndrvv.dll -> Downloader.Qoologic.bj : Error during cleaning.
[1576] C:\WINNT\System32\blndrvv.dll -> Downloader.Qoologic.bj : Error during cleaning.
[3532] C:\WINNT\System32\blndrvv.dll -> Downloader.Qoologic.bj : Error during cleaning.
C:\Documents and Settings\Administrator\Local Settings\Temp\s224.1.exe -> Dropper.Agent.abb : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\0HI3WXY3\adsetup_silent.1.32[1].exe -> Dropper.Agent.abb : Cleaned with backup (quarantined).
C:\WINNT\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0HI3WXY3\adsetup_silent.1.32[1].exe -> Dropper.Agent.abb : Cleaned with backup (quarantined).
C:\bintheredunthat\mvzzbbdA.exe -> Hijacker.VB.ij : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator.MIRNA\Cookies\system@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Cookies\system@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\WINNT\system32\config\systemprofile\Cookies\system@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator.MIRNA\Cookies\administrator@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator.MIRNA\Cookies\administrator@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator.MIRNA\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator.MIRNA\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator.MIRNA\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
C:\WINNT\system32\config\systemprofile\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator.MIRNA\Cookies\administrator@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator.MIRNA\Cookies\system@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Cookies\system@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Cookies\system@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
C:\WINNT\system32\config\systemprofile\Cookies\system@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator.MIRNA\Cookies\administrator@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator.MIRNA\Cookies\administrator@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).


::Report end

#6 eperezruberte

eperezruberte
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 27 August 2006 - 06:16 PM

Now, the Combofix log:
Administrator - 06-08-27 19:04:56.32
ComboFix 06.08.27BT - Running from: C:\Documents and Settings\Administrator.MIRNA\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))


* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *


O4 - HKEY_CURRENT_USER\...\Run C:\WINNT\system32\uendbn.exe
O4 - HKEY_LOCAL_MACHINE\...\Run C:\WINNT\System32\uendbn.exe
F2 -REG:system.ini: UserInit C:\WINNT\system32\vjlllsk.exe


* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-08-27 18:58 127488 --a------ C:\WINNT\system32\uendbn.exe
2006-08-27 18:58 127488 --a------ C:\WINNT\system32\bccgm.dat
2006-08-27 18:31 265 --a------ C:\WINNT\tatjr.dll


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


06-08-27 18:58 127488 uendbn.exe.qoo
06-08-27 18:58 127488 bccgm.dat.qoo
06-08-27 18:31 265 tatjr.dll.qoo

DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Default User\Application Data\NetMon
C:\Program Files\windows

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\Common Files\DOBE~1
C:\QooBox\Purity\Program Files\Common Files\DOBE~1\DOBE~1
C:\QooBox\Purity\Program Files\Common Files\DOBE~1\DOBE~1\ctxad-437.0000


((((((((((((((((((((((((((((((( Files Created from 2006-07-27 to 2006-08-27 ))))))))))))))))))))))))))))))))))


2006-08-27 18:26 127,208 --a------ C:\WINNT\system32\mucltui.dll
2006-08-26 15:18 7,680 --------- C:\WINNT\system32\bitsprx2.dll
2006-08-26 15:18 7,168 --------- C:\WINNT\system32\bitsprx3.dll
2006-08-26 15:18 331,776 --a------ C:\WINNT\system32\winhttp.dll
2006-08-26 15:18 17,408 --a------ C:\WINNT\system32\qmgrprxy.dll
2006-08-26 15:18 158,720 --------- C:\WINNT\system32\xpob2res.dll
2006-08-26 14:19 465,176 --a------ C:\WINNT\system32\wuapi.dll
2006-08-26 14:19 41,240 --a------ C:\WINNT\system32\wups.dll
2006-08-26 14:19 194,328 --a------ C:\WINNT\system32\wuaueng1.dll
2006-08-26 14:19 18,200 --a------ C:\WINNT\system32\wups2.dll
2006-08-26 14:19 172,312 --a------ C:\WINNT\system32\wuauclt1.exe
2006-08-26 14:19 127,256 --a------ C:\WINNT\system32\wucltui.dll
2006-08-01 00:30 90,624 --a------ C:\WINNT\system32\msoert2.dll
2006-08-01 00:30 9,728 --a------ C:\WINNT\system32\mstinit.exe
2006-08-01 00:30 77,824 --a------ C:\WINNT\system32\isign32.dll
2006-08-01 00:30 73,728 --a------ C:\WINNT\system32\ils.dll
2006-08-01 00:30 69,632 --a------ C:\WINNT\system32\icwdial.dll
2006-08-01 00:30 65,536 --a------ C:\WINNT\system32\msconf.dll
2006-08-01 00:30 64,512 --a------ C:\WINNT\system32\acctres.dll
2006-08-01 00:30 61,952 --a------ C:\WINNT\system32\srclient.dll
2006-08-01 00:30 61,440 --a------ C:\WINNT\system32\icwphbk.dll
2006-08-01 00:30 593,920 --a------ C:\WINNT\system32\inetcomm.dll
2006-08-01 00:30 47,616 --a------ C:\WINNT\system32\inetres.dll
2006-08-01 00:30 40,960 --a------ C:\WINNT\system32\safrslv.dll
2006-08-01 00:30 39,424 --a------ C:\WINNT\system32\safrcdlg.dll
2006-08-01 00:30 361,984 --a------ C:\WINNT\system32\qmgr.dll
2006-08-01 00:30 33,280 --a------ C:\WINNT\system32\racpldlg.dll
2006-08-01 00:30 32,768 --a------ C:\WINNT\system32\mnmsrvc.exe
2006-08-01 00:30 32,384 --a------ C:\WINNT\system32\mnmdd.dll
2006-08-01 00:30 28,672 --a------ C:\WINNT\system32\isrdbg32.dll
2006-08-01 00:30 266,240 --a------ C:\WINNT\system32\inetcfg.dll
2006-08-01 00:30 26,624 --a------ C:\WINNT\system32\safrdm.dll
2006-08-01 00:30 249,856 --a------ C:\WINNT\system32\mstask.dll
2006-08-01 00:30 24,576 --a------ C:\WINNT\system32\nmmkcert.dll
2006-08-01 00:30 228,864 --a------ C:\WINNT\system32\msoeacct.dll
2006-08-01 00:30 218,112 --a------ C:\WINNT\system32\srrstr.dll
2006-08-01 00:30 16,384 --a------ C:\WINNT\system32\icfgnt5.dll
2006-08-01 00:30 158,720 --a------ C:\WINNT\system32\schedsvc.dll
2006-08-01 00:30 155,136 --a------ C:\WINNT\system32\srsvc.dll
2006-08-01 00:30 12,288 --a------ C:\WINNT\system32\nmevtmsg.dll
2006-08-01 00:30 11,264 --a------ C:\WINNT\system32\atrace.dll
2006-08-01 00:29 98,816 --a------ C:\WINNT\system32\clipbrd.exe
2006-08-01 00:29 9,728 --a------ C:\WINNT\system32\xolehlp.dll
2006-08-01 00:29 9,728 --a------ C:\WINNT\system32\reset.exe
2006-08-01 00:29 88,576 --a------ C:\WINNT\system32\tscfgwmi.dll
2006-08-01 00:29 869,376 --a------ C:\WINNT\system32\msdtctm.dll
2006-08-01 00:29 85,504 --a------ C:\WINNT\system32\catsrvps.dll
2006-08-01 00:29 83,968 --a------ C:\WINNT\system32\mtxoci.dll
2006-08-01 00:29 82,432 --a------ C:\WINNT\system32\comrepl.dll
2006-08-01 00:29 80,384 --a------ C:\WINNT\system32\charmap.exe
2006-08-01 00:29 8,704 --a------ C:\WINNT\system32\icaapi.dll
2006-08-01 00:29 73,864 --a------ C:\WINNT\system32\rdpwsx.dll
2006-08-01 00:29 73,216 --a------ C:\WINNT\system32\avwav.dll
2006-08-01 00:29 7,168 --a------ C:\WINNT\system32\fxsperf.dll
2006-08-01 00:29 68,096 --a------ C:\WINNT\system32\fxscom.dll
2006-08-01 00:29 61,952 --a------ C:\WINNT\system32\rdshost.exe
2006-08-01 00:29 605,696 --a------ C:\WINNT\system32\getuname.dll
2006-08-01 00:29 6,656 --a------ C:\WINNT\system32\fxsres.dll
2006-08-01 00:29 6,144 --a------ C:\WINNT\system32\msdtc.exe
2006-08-01 00:29 583,168 --a------ C:\WINNT\system32\catsrvut.dll
2006-08-01 00:29 56,832 --a------ C:\WINNT\system32\sol.exe
2006-08-01 00:29 56,832 --a------ C:\WINNT\system32\colbact.dll
2006-08-01 00:29 56,320 --a------ C:\WINNT\system32\remotepg.dll
2006-08-01 00:29 559,616 --a------ C:\WINNT\system32\fxsst.dll
2006-08-01 00:29 55,296 --a------ C:\WINNT\system32\freecell.exe
2006-08-01 00:29 54,784 --a------ C:\WINNT\system32\msdtclog.dll
2006-08-01 00:29 54,272 --a------ C:\WINNT\system32\stclient.dll
2006-08-01 00:29 534,016 --a------ C:\WINNT\system32\spider.exe
2006-08-01 00:29 53,760 --a------ C:\WINNT\system32\fxsevent.dll
2006-08-01 00:29 503,296 --a------ C:\WINNT\system32\mstscax.dll
2006-08-01 00:29 5,632 --a------ C:\WINNT\system32\write.exe
2006-08-01 00:29 5,120 --a------ C:\WINNT\system32\dcomcnfg.exe
2006-08-01 00:29 495,616 --a------ C:\WINNT\system32\comuid.dll
2006-08-01 00:29 489,984 --a------ C:\WINNT\system32\hypertrm.dll
2006-08-01 00:29 468,480 --a------ C:\WINNT\system32\clbcatq.dll
2006-08-01 00:29 442,880 --a------ C:\WINNT\system32\fxsapi.dll
2006-08-01 00:29 44,544 --a------ C:\WINNT\system32\hticons.dll
2006-08-01 00:29 41,984 --a------ C:\WINNT\system32\rdpclip.exe
2006-08-01 00:29 40,448 --a------ C:\WINNT\system32\tscupgrd.exe
2006-08-01 00:29 4,096 --a------ C:\WINNT\system32\wuauserv.dll
2006-08-01 00:29 4,096 --a------ C:\WINNT\system32\rdpcfgex.dll
2006-08-01 00:29 4,096 --a------ C:\WINNT\system32\mtxex.dll
2006-08-01 00:29 395,264 --a------ C:\WINNT\system32\fxsxp32.dll
2006-08-01 00:29 391,168 --a------ C:\WINNT\system32\fxstiff.dll
2006-08-01 00:29 385,536 --a------ C:\WINNT\system32\mstsc.exe
2006-08-01 00:29 360,960 --a------ C:\WINNT\system32\msdtcprx.dll
2006-08-01 00:29 35,328 --a------ C:\WINNT\system32\winchat.exe
2006-08-01 00:29 339,968 --a------ C:\WINNT\system32\mspaint.exe
2006-08-01 00:29 33,792 --a------ C:\WINNT\system32\regini.exe
2006-08-01 00:29 32,768 --a------ C:\WINNT\system32\cfgbkend.dll
2006-08-01 00:29 31,744 --a------ C:\WINNT\system32\fxsroute.dll
2006-08-01 00:29 271,872 --a------ C:\WINNT\system32\fxscomex.dll
2006-08-01 00:29 25,600 --a------ C:\WINNT\system32\comaddin.dll
2006-08-01 00:29 25,088 --a------ C:\WINNT\system32\mtxlegih.dll
2006-08-01 00:29 249,344 --a------ C:\WINNT\system32\fxssvc.exe
2006-08-01 00:29 24,064 --a------ C:\WINNT\system32\fxsdrv.dll
2006-08-01 00:29 236,032 --a------ C:\WINNT\system32\fxst30.dll
2006-08-01 00:29 227,840 --a------ C:\WINNT\system32\avtapi.dll
2006-08-01 00:29 22,016 --a------ C:\WINNT\system32\qwinsta.exe
2006-08-01 00:29 22,016 --a------ C:\WINNT\system32\fxsmon.dll
2006-08-01 00:29 216,064 --a------ C:\WINNT\system32\fxscover.exe
2006-08-01 00:29 215,040 --a------ C:\WINNT\system32\catsrv.dll
2006-08-01 00:29 20,992 --a------ C:\WINNT\system32\msg.exe
2006-08-01 00:29 20,992 --a------ C:\WINNT\system32\fxsext32.dll
2006-08-01 00:29 20,480 --a------ C:\WINNT\system32\mtxdm.dll
2006-08-01 00:29 197,632 --a------ C:\WINNT\system32\termsrv.dll
2006-08-01 00:29 186,368 --a------ C:\WINNT\system32\fxswzrd.dll
2006-08-01 00:29 18,432 --a------ C:\WINNT\system32\qprocess.exe
2006-08-01 00:29 179,200 --a------ C:\WINNT\system32\accwiz.exe
2006-08-01 00:29 16,896 --a------ C:\WINNT\system32\tsshutdn.exe
2006-08-01 00:29 16,896 --a------ C:\WINNT\system32\qappsrv.exe
2006-08-01 00:29 16,384 --a------ C:\WINNT\system32\tskill.exe
2006-08-01 00:29 16,384 --a------ C:\WINNT\system32\avmeter.dll
2006-08-01 00:29 151,040 --a------ C:\WINNT\system32\msdtcuiu.dll
2006-08-01 00:29 15,872 --a------ C:\WINNT\system32\rwinsta.exe
2006-08-01 00:29 15,872 --a------ C:\WINNT\system32\cdmodem.dll
2006-08-01 00:29 15,360 --a------ C:\WINNT\system32\logoff.exe
2006-08-01 00:29 149,504 --a------ C:\WINNT\system32\fxsui.dll
2006-08-01 00:29 147,456 --a------ C:\WINNT\system32\comsnap.dll
2006-08-01 00:29 14,848 --a------ C:\WINNT\system32\tsdiscon.exe
2006-08-01 00:29 14,848 --a------ C:\WINNT\system32\tscon.exe
2006-08-01 00:29 14,848 --a------ C:\WINNT\system32\shadow.exe
2006-08-01 00:29 14,848 --a------ C:\WINNT\system32\rdpsnd.dll
2006-08-01 00:29 138,752 --a------ C:\WINNT\system32\sndvol32.exe
2006-08-01 00:29 134,656 --a------ C:\WINNT\system32\rdchost.dll
2006-08-01 00:29 132,608 --a------ C:\WINNT\system32\fxsclntR.dll
2006-08-01 00:29 131,584 --a------ C:\WINNT\system32\fxsclnt.exe
2006-08-01 00:29 130,048 --a------ C:\WINNT\system32\sessmgr.exe
2006-08-01 00:29 126,976 --a------ C:\WINNT\system32\mshearts.exe
2006-08-01 00:29 124,416 --a------ C:\WINNT\system32\sndrec32.exe
2006-08-01 00:29 124,184 --a------ C:\WINNT\system32\wuauclt.exe
2006-08-01 00:29 12,288 --a------ C:\WINNT\system32\rdsaddin.exe
2006-08-01 00:29 119,808 --a------ C:\WINNT\system32\winmine.exe
2006-08-01 00:29 116,736 --a------ C:\WINNT\system32\mplay32.exe
2006-08-01 00:29 114,688 --a------ C:\WINNT\system32\calc.exe
2006-08-01 00:29 111,104 --a------ C:\WINNT\system32\fxscfgwz.dll
2006-08-01 00:29 11,264 --a------ C:\WINNT\system32\fxssend.exe
2006-08-01 00:29 100,864 --a------ C:\WINNT\system32\clbcatex.dll
2006-08-01 00:29 1,343,768 --a------ C:\WINNT\system32\wuaueng.dll
2006-08-01 00:29 1,161 --a------ C:\WINNT\system32\usrlogon.cmd
2006-08-01 00:29 1,139,200 --a------ C:\WINNT\system32\comsvcs.dll
2006-08-01 00:28 57,344 --a------ C:\WINNT\system32\licwmi.dll
2006-08-01 00:28 53,248 --a------ C:\WINNT\system32\servdeps.dll
2006-08-01 00:28 174,592 --a------ C:\WINNT\system32\cmprops.dll
2006-08-01 00:28 16,384 --a------ C:\WINNT\system32\mmfutil.dll
2006-08-01 00:26 4,096 --a------ C:\WINNT\system32\ksuser.dll
2006-08-01 00:20 8,192 -ra------ C:\WINNT\system32\kbdhept.dll
2006-08-01 00:20 70,656 --a------ C:\WINNT\system32\storprop.dll
2006-08-01 00:20 7,168 -ra------ C:\WINNT\system32\kbdcz.dll
2006-08-01 00:20 6,656 -ra------ C:\WINNT\system32\kbdycl.dll
2006-08-01 00:20 6,656 -ra------ C:\WINNT\system32\kbdsl1.dll
2006-08-01 00:20 6,656 -ra------ C:\WINNT\system32\kbdsl.dll
2006-08-01 00:20 6,656 -ra------ C:\WINNT\system32\kbdpl.dll
2006-08-01 00:20 6,656 -ra------ C:\WINNT\system32\kbdhu.dll
2006-08-01 00:20 6,656 -ra------ C:\WINNT\system32\kbdhela3.dll
2006-08-01 00:20 6,656 -ra------ C:\WINNT\system32\kbdcz2.dll
2006-08-01 00:20 6,656 -ra------ C:\WINNT\system32\kbdcz1.dll
2006-08-01 00:20 6,656 -ra------ C:\WINNT\system32\kbdcr.dll
2006-08-01 00:20 6,656 -ra------ C:\WINNT\system32\KBDAL.DLL
2006-08-01 00:20 6,144 -ra------ C:\WINNT\system32\kbdtuq.dll
2006-08-01 00:20 6,144 -ra------ C:\WINNT\system32\kbdtuf.dll
2006-08-01 00:20 6,144 -ra------ C:\WINNT\system32\kbdlv1.dll
2006-08-01 00:20 6,144 -ra------ C:\WINNT\system32\kbdlv.dll
2006-08-01 00:20 6,144 -ra------ C:\WINNT\system32\kbdhela2.dll
2006-08-01 00:20 6,144 -ra------ C:\WINNT\system32\kbdgkl.dll
2006-08-01 00:20 6,144 -ra------ C:\WINNT\system32\kbdest.dll
2006-08-01 00:20 5,632 -ra------ C:\WINNT\system32\kbdycc.dll
2006-08-01 00:20 5,632 -ra------ C:\WINNT\system32\kbduzb.dll
2006-08-01 00:20 5,632 -ra------ C:\WINNT\system32\kbdur.dll
2006-08-01 00:20 5,632 -ra------ C:\WINNT\system32\kbdtat.dll
2006-08-01 00:20 5,632 -ra------ C:\WINNT\system32\kbdru1.dll
2006-08-01 00:20 5,632 -ra------ C:\WINNT\system32\kbdru.dll
2006-08-01 00:20 5,632 -ra------ C:\WINNT\system32\kbdro.dll
2006-08-01 00:20 5,632 -ra------ C:\WINNT\system32\kbdpl1.dll
2006-08-01 00:20 5,632 -ra------ C:\WINNT\system32\kbdmon.dll
2006-08-01 00:20 5,632 -ra------ C:\WINNT\system32\kbdlt1.dll
2006-08-01 00:20 5,632 -ra------ C:\WINNT\system32\kbdlt.dll
2006-08-01 00:20 5,632 -ra------ C:\WINNT\system32\kbdkyr.dll
2006-08-01 00:20 5,632 -ra------ C:\WINNT\system32\kbdkaz.dll
2006-08-01 00:20 5,632 -ra------ C:\WINNT\system32\kbdhu1.dll
2006-08-01 00:20 5,632 -ra------ C:\WINNT\system32\kbdhe319.dll
2006-08-01 00:20 5,632 -ra------ C:\WINNT\system32\kbdhe220.dll
2006-08-01 00:20 5,632 -ra------ C:\WINNT\system32\kbdhe.dll
2006-08-01 00:20 5,632 -ra------ C:\WINNT\system32\kbdbu.dll
2006-08-01 00:20 5,632 -ra------ C:\WINNT\system32\kbdblr.dll
2006-08-01 00:20 5,632 -ra------ C:\WINNT\system32\kbdazel.dll
2006-08-01 00:20 5,632 -ra------ C:\WINNT\system32\kbdaze.dll
2006-08-01 00:20 24,661 --a------ C:\WINNT\system32\spxcoins.dll
2006-08-01 00:20 176,157 --a------ C:\WINNT\system32\dgrpsetu.dll
2006-08-01 00:20 13,312 --a------ C:\WINNT\system32\irclass.dll
2006-08-01 00:20 103,424 --a------ C:\WINNT\system32\EqnClass.Dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-27 19:05 -------- d-a------ C:\Program Files\Common Files
2006-08-27 18:41 -------- d-------- C:\Program Files\Ewido
2006-08-27 18:28 -------- d-------- C:\Program Files\HijackThis
2006-08-26 14:19 -------- d-ah----- C:\Program Files\WindowsUpdate
2006-08-19 17:03 -------- d-------- C:\Program Files\Advanced Searchbar
2006-08-19 16:21 -------- d---s---- C:\Documents and Settings\Administrator.MIRNA\Application Data\Microsoft
2006-08-19 16:06 -------- d-------- C:\Program Files\Internet Explorer
2006-08-19 16:03 -------- d-------- C:\Program Files\Java
2006-08-19 16:03 -------- d-------- C:\Documents and Settings\Administrator.MIRNA\Application Data\Sun
2006-08-19 16:02 -------- d-------- C:\Program Files\Common Files\Java
2006-08-16 01:22 -------- d-------- C:\Program Files\Outlook Express
2006-08-16 01:22 -------- d-------- C:\Program Files\Common Files\rqif
2006-08-16 01:15 -------- d-------- C:\Program Files\Lavasoft
2006-08-16 01:15 -------- d-------- C:\Program Files\Ad-aware6
2006-08-16 01:15 -------- d-------- C:\Documents and Settings\Administrator.MIRNA\Application Data\Lavasoft
2006-08-01 00:48 -------- d-------- C:\Program Files\Ahead
2006-08-01 00:38 -------- d-------- C:\Program Files\Windows Media Player
2006-08-01 00:38 -------- d-------- C:\Program Files\Messenger
2006-08-01 00:32 -------- d-------- C:\Program Files\xerox
2006-08-01 00:31 -------- d-------- C:\Program Files\Online Services
2006-08-01 00:30 -------- d-------- C:\Program Files\NetMeeting
2006-08-01 00:30 -------- d-------- C:\Program Files\Movie Maker
2006-08-01 00:30 -------- d-------- C:\Program Files\Common Files\System
2006-08-01 00:30 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-08-01 00:29 -------- d-------- C:\Program Files\Windows NT
2006-08-01 00:29 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-01 00:29 -------- d-------- C:\Program Files\MSN
2006-08-01 00:20 -------- d-a------ C:\Program Files\Common Files\Microsoft Shared
2006-08-01 00:20 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-07-23 21:02 -------- d-------- C:\Documents and Settings\Administrator.MIRNA\Application Data\Ulead Systems
2006-07-23 20:53 -------- d-------- C:\Program Files\Common Files\Services
2006-07-23 20:53 -------- d-------- C:\Documents and Settings\Administrator.MIRNA\Application Data\Identities


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe /logon"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"NeroCheck"="C:\\WINNT\\System32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"!ewido"="\"C:\\Program Files\\Ewido\\ewido.exe\" /minimized"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,10,03,00,00,1f,00,00,00,e0,00,00,00,d6,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"



Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\McAfee.com Scan for Viruses - My Computer (MIRNA-Administrator).job

Completion time: Sun 08/27/2006 19:07:08.71
ComboFix.txt

Edited by eperezruberte, 27 August 2006 - 06:17 PM.


#7 eperezruberte

eperezruberte
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 27 August 2006 - 06:18 PM

And Finally, the HijackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 7:17:16 PM, on 8/27/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Ewido\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Corel\Suite8\Programs\DAD8.EXE
C:\Program Files\Ewido\guard.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\Ewido\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: gameutil.exe.lnk = C:\program files\ati technologies\redline\gameutil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156616343575
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156616336763
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\Ewido\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Nero\InCD\InCDsrv.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:51 AM

Posted 28 August 2006 - 12:12 AM

Hello,

That's ok about Ewido finding qoologic all the time -- I knew combofix could deal properly with Qoologic, so that one is gone now.

Let's deal with the leftovers now...

I see you are still having an older version of Adaware. (Adaware 6). Please uinstall that version and download and install the Adaware SE version from here:
http://www.lavasoftusa.com/

Delete next folders:

C:\Program Files\Advanced Searchbar <== folder if you didn't install this, but first look if it is present in software > add/remove programs and uninstall it. Then delete the folder if still present.
C:\Program Files\Common Files\rqif <==folder

Then perform a full scan with Adaware SE and let it delete everything it is finding.

Your hijackthislog looks clean again. :thumbsup:
Let me know in your next reply how things are running now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 eperezruberte

eperezruberte
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 02 September 2006 - 04:38 PM

Thanks for all your help miekie!

Below I have added my latest hijackthis logo, just in case. There are a few things I want to point out, though.

1. I did have the latest version of ad-aware. However, I went online and downloaded and re-installed it.
2. After all this, I installed McAfee Anti-Virus and it still found some weird stuff. And after I ran Ad-Aware, McAfee gives me like 8-10 warnings about some files that are supposedly marketing and popup windows stuff. (one of them was "CasClient" and "something-Zeno"). I deleted them.
3. There is still one folder (in C:\) called QooBox and it caught my attention because of that Qoologic malware that was deleted by Combofix. Should I be concerned about this? Should I delete this folder?

Thanks! Here is my log:
------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 5:30:59 PM, on 9/2/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\logonui.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Ewido\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Corel\Suite8\Programs\DAD8.EXE
C:\PROGRA~1\McAfee\MSC\McLogCln.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Ewido\guard.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINNT\System32\wuauclt.exe
C:\WINNT\system32\ntvdm.exe
C:\Program Files\ASUS\Probe\ASUSPROB.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\Ewido\ewido.exe" /minimized
O4 - HKLM\..\Run: [McLogLch_exe] C:\Program Files\McAfee\MSC\McLogLch.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: gameutil.exe.lnk = C:\program files\ati technologies\redline\gameutil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\Ewido\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Nero\InCD\InCDsrv.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:51 AM

Posted 03 September 2006 - 02:25 AM

Hello,

Yes, that's why I asked to perform a scan afterwards to get rid of the leftovers. Because not all malware related files are present in logs. But we killed the active infection and malware related files that were present in the logs. So once the active infection is gone, scanners won't have any problem this time to delete leftovers.

Yes, you may delete the C:\qoobox
That's a backup folder Combofix created where qoologic related files are present in. It's a bit the same as a quarantaine folder from virusscans.

Your hijackthislog still looks clean... :thumbsup:

To keep this clean in the future, I would suggest the following things:

Most important thing here --- Visit asap http://windowsupdate.microsoft.com to download and install all the updates and security patches!!
Because your system is extremely vulnerable right now and malware can get installed without any problem - even with the best antivirus and firewall installed.

Install Spywareblaster
SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Let your antispywarescanner(s) scan frequently and don't forget to update before.

And I do suggest you perform an online virusscan once in a while. (Housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.
Also make sure that your virusscanner, the one that is installed on your system is always up to date!

Make sure your windows has the latest updates: http://windowsupdate.microsoft.com/

If you are having XP SP2, read here how to configure Security Features for Internet Explorer:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

Also visit this Free Online Scanner for PC Health and Safety and Microsoft Security At Home for tips to Protect your Pc, Protect yourself and Protect your Family.

More info on how to prevent malware you can also find here (By Tony Klein)
and here: http://wiki.castlecops.com/Malware_Prevent...nt_Re-infection

Also read: Simple and easy ways to keep your computer safe and secure on the Internet

Happy surfing again! :flowers:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:51 AM

Posted 03 September 2006 - 05:35 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users