Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected With Something.

  • Please log in to reply
4 replies to this topic

#1 kjmarket


  • Members
  • 9 posts
  • Local time:05:06 AM

Posted 31 January 2007 - 10:01 PM

I've had a problem with spyware and virus for weeks now and am at the point where I need help. The more ad/spyware and viruses I remove, the more that Bitdefender detects. I had Juan.D, Juan.E, Vundo, and many others that I've gotten rid of. The problem is that something is reinstalling everything rather quickly. I went from fine to bad in minutes today. A deep-system-scan with Bitdefender, found the following:

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C7Y30HYZ\ShootOut_Game_Client[1].exe=>(NSIS o)=>zlib_nsis0018
(Infected: Trojan.Hacktool.Prockill.A)

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C7Y30HYZ\ShootOut_Game_Client[1].exe=>(NSIS o)=>zlib_nsis0020=>(NSIS g)=>zlib_nsis0001
(Infected: Trojan.Hacktool.Prockill.A)

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IDKFGTC1\ldr[1].txt=>/index.htm
(Infected: Generic.XPL.ADODB.102CB3F7)

(Infected: DeepScan:Generic.Malware.SYddldg.BCD9DA12)

The last one causes my Bitdefender to pop a lot saying it detected it and moved the file...like between 5-10 times a minute. If I go into safe mode to delete it, the file isn't there, so it is being quarantined fine.

As for the rest...I cannot find any information about them using google or any other search, and cannot remove them, nor can bitdefender. Disinfection always fails and moving always fails.

One other thing, and the thing I had suspected was the culprit, was something that always comes up when I use any type of Ad/Spyware scans. It is TrojanDownloader.Win32.Agent.E. The scans are able to delete this, so I no longer suspect it. Its just another file being reinstalled by the culprit. The wierd thing, however, is that a file in system32, awvvs.dll, which is a file run whenever Internet Explorer runs, is being detected as the trojandownloader.win32..agent.e virus, instead of the winhost32.exe int he same folder that all websites listed as the file to remove...a file I do not have.

I'm really at a loss, and could use some help, ASAP. In the time it took to type and paste this, my Bitdefender has popped up with OLD viruses and spyware that I've already removed. Please let me know if you need any other information or a HijackThis log.

BC AdBot (Login to Remove)


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 37,112 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:06 AM

Posted 01 February 2007 - 01:37 AM

Welcome to BC kjmarket :thumbsup:

A deeper look at your system is needed. I suggest you follow the directions in this guide. Then create an HJT log, you will find the directions in the guide.

Create a new topic in this forum, not here and give it a good descriptive title. Briefly summarize what the problems are, what you have done to try to solve it, and what worked and didn't work and paste in your HJT log. You may wish to include the link to this thread.

After you post your log, DO NOT make any further changes to your computer: deleting files, editing the registry, using special fix tools, installing or uninstalling software etc. as this will make it more difficult for the HJT team to help you.

Please be patient as the HJT team is very busy. DO NOT bump your log as the team may think that someone is already helping you. If you have not had a response in five days, add a response to the five days no response topic and paste in the link to your thread.

Orange Blossom :flowers:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


#3 fozzie


    aut viam inveniam aut faciam

  • Members
  • 3,516 posts
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:11:06 AM

Posted 01 February 2007 - 11:07 AM

Prior to this you might want to do the following

Run the Bitdefender scan in in SAFE MODE

* Clean your Cache and Cookies in IE:

* Close all instances of Outlook Express and Internet Explorer
* Go to Control Panel > Internet Options > General tab
* Under Browsing History, click "Delete".
* Click "Delete Files", "Delete cookies" and "Delete history"
* Click Close below.

* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

* Go to Tools > Options.
* Click Privacy in the menu..
* Click the Clear now button below.. A new window will popup what to clear.
* Select all and click the Clear button again.
* Click OK to close the Options window

* Clean other Temporary files + Recycle bin

* Go to start > run and type: cleanmgr and click ok.
* Let it scan your system for files to remove.
* Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
* Press OK to remove them.

Download SUPERAntiSypware Free for Home Users

* Double-click SUPERAntiSypware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Udates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
* When done, select "Scan for Harmful Software".
* There are three scanning options. Choose "Perform Complete Scan" and click "Next".
* When done, a Scan Summary will appear with potentially harmful items that were detected. Click "OK".
* Make sure they all have a checkmark next to them and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* Click Preferences and then click the statistics/logs tab.
* Click the dated log and press View log. A text file will appear so you can see the results.
* Select close to exit the program.
* Scan in SAFE MODE

After that, download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in SAFE MODE using the F8 method.

Scan with DrWeb-CureIt as follows:

* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

#4 kjmarket

  • Topic Starter

  • Members
  • 9 posts
  • Local time:05:06 AM

Posted 01 February 2007 - 02:59 PM

Can't do much of anything in safe mode, as it sort of locks my computer when I boot into safe mode. It loads fine, but then my desktop icons and taskbar dissapear.

#5 fozzie


    aut viam inveniam aut faciam

  • Members
  • 3,516 posts
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:11:06 AM

Posted 01 February 2007 - 04:53 PM

In that case go ahead and post a HJT log. Please refer to this thread.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users