Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I-worm/stration, I-worm/nuwar, Downloader Infection


  • This topic is locked This topic is locked
4 replies to this topic

#1 Dick Wolff

Dick Wolff

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 02 February 2007 - 04:37 AM

I was tricked into clicking on a supposed Greeting Card weblink in an email which downloaded, I think, Greeting Card.exe which had already activated itself. The virus was hijacking the internet connection to do something - a fast broadband connection became slow. AVG Anti-Virus identified Downloader.Tibs, adirss.exe and various game.exe files, but deleting them from the vault only provided temporary respite because they would be re-created.

I have followed your instructions to the letter : cleanmgr, CWShredder, AdAware and Spybot in safe mode, Panda Antivirus, McAfee AVERT. In between the last two I also did a full scan with my now-upgraded AVG Internet Security.

AdAware found 16 objects which I deleted. Some 10 of these were cookies, but a couple were hacker tools of some sort. Spybot got nothing. The Panda scan produced a report but wanted more money from my to disinfect which I wasn't prepared to spend. The following is the report and in brackets I have described what i did with each item :


Potentially unwanted tool:application/altnet Not disinfected
C:\Documents and Settings\Administrator\Start Menu\Programs\Altnet
(There was no content (hidden or otherwise) in the Altnet folder. I deleted it.)
Adware:adware/aureate-radiate Not disinfected
c:\program files\MediaRing Talk
(I uninstalled MediaRing Talk)

Potentially unwanted tool:application/myway Not disinfected
c:\program files\MyWay
(This had four subfolders, one of which (1bin) had been accessed on 27th Jan although the most recent current content in it was 2003. There was a My Search Bar folder showing in Control Panel/Add Remove Programs which wouldn't uninstall. I deleted the MyWay folder and subfolders. I subsequently removed a reference to MyBar in the registry using Regcleaner)
Adware:adware/savenow Not disinfected
Windows Registry
(seems to be related to Canon printer. Didn't know how to deal with it. Later I cleared stuff out of the registry using Regcleaner - stuff that I was sure was redundant or didn't exist. Don't remember seeing any reference to adware/savenow).
Virus:Bck/CrackBox Disinfected
C:\Data\Sam's Stuff\downloaded stuff\exe\Microsoft Pinball Arcade.exe
(Pinball Arcade didn't show in installed programs, so I couldn't uninstall it, but I think it appeared in the registry and I cleared it out. I deleted the whole downloaded stuff folder.)

It may not be related, but Microsoft Internet Relay Chat mIRC showed in Control Panel/Add Remove Programs as having been frequently used, and last used today. It certainly hasn't - not for months - so I uninstalled the program)
Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\p2psetup.exe
Couldn't find any reference to P2P applications. I deleted this file and many others in this Temp folder.
Spyware:Cookie/adultfriendfinder Not disinfected
C:\Documents and Settings\Karen\Cookies\karen@adultfriendfinder[2].txt

(Deleted all cookies except the index.dat file in Karen and in Dick folders)
Spyware:Cookie/Screensavers Not disinfected
C:\Documents and Settings\Karen\Cookies\karen@i.screensavers[1].txt
Spyware:Cookie/Xmts Not disinfected
C:\Documents and Settings\Karen\Cookies\karen@xmts[1].txt
- - - - - - - - - - - - -

Logfile of HijackThis v1.99.1
Scan saved at 09:11:17, on 02/02/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\System32\CTSVCCDA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Belkin\F1U201.401\usbshare.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaul...rch/search.html
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F1U201.401.lnk = Belkin\F1U201.401\usbshare.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Palm\Hotsync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\avgfwafu.dll
O12 - Plugin for .exe: C:\Program Files\Opera\PLUGINS\NPGetRt1.dll
O12 - Plugin for .zip: C:\Program Files\Opera\PLUGINS\NPGetRt1.dll
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146309707829
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSVCCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:12 PM

Posted 04 February 2007 - 10:33 PM

Hi Dick Wolff,

I am SifuMike and I will be helping you. :thumbsup:

How is your computer acting now that you have done some scans?


Disable your antivirus program and go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan". This scan may take a few hours. It all depends on the number of files on your computer.

When BitDefender completes the scan, select the "Detected Problems" tab.
Click on "Click here to export scan".
Save the file as an HTML to your Desktop.
Then click on the saved file and allow it to open with your browser.
Go to Edit - Select All then copy/paste that log back here.
Post the BitDefender log.

****************

Download ATF (Atribune Temp File) Cleaner© by Atribune DO NOT run it yet.

Download and install AVG Anti-Spyware 7.5 (formerly Ewido)
This is a 30 day trial of the program

1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept the default installation path: C:\Program Files\AVG Anti-Spyware 7.5 and click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. You can select "Change state" to inactivate 'Resident Sheild' and 'Automatic Updates'. If you choose to do this, then right click on ewdio in the system tray and uncheck "Start with Windows".
7. Select the "Update" button and click "Start update". If you are having problems with the updater, manually update with the Ewido Full database installer from here.
8. Exit AVG Anti-Spyware 7.5 when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method so Windows will start with minimal drivers and running processes.
To do this restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly.
A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

1.) Double-click the small BLUE Garbage Can ATF-Cleaner.exe file to run the program.
2.) At the top, under Main choose: Select All
3.) Click the Empty Selected button.

If you use the Firefox browser:
1.) At the top, click Firefox and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use the Opera browser:
1.) At the top, click Opera and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


Scan with AVG Anti-Spyware 7.5 as follows:

1. Launch AVG Anti-Spyware 7.5, click on the "Scanner" button and choose the "Settings" tab.

Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.

Under "How to Scan?" check all (default).

Under "Possibly unwanted software" check all (default).

Under "What to Scan?" make sure "Scan every file" is selected (default).

Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".

2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.

4. IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.

Make sure that Set all elements to: shows Quarantine
(1)
, if not click on the link and choose Quarantine from the popup menu.
(2) At the bottom of the window click on the Apply all Actions button.
(3) When done, click the Save Scan Report button.
(4) Click the Save Report as button.
Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt.
Save to your desktop.
A copy of each report will also be saved in C:\Program Files\AVG Anti-Spyware 7.5\Reports\
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot to Normal Mode.

When done, submit the AVG Anti-Spyware 7.5 log, the [b]BitDefender
logand a fresh Hijackthis log.

Edited by SifuMike, 04 February 2007 - 10:35 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Dick Wolff

Dick Wolff
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 05 February 2007 - 01:54 PM

Here is the BitDefender log :

BitDefender Online Scanner



Scan report generated at: Mon, Feb 05, 2007 - 12:35:37





Scan path: A:\;C:\;D:\;E:\;







Statistics

Time
01:53:29

Files
257273

Folders
5860

Boot Sectors
2

Archives
6780

Packed Files
14464




Results

Identified Viruses
7

Infected Files
12

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
12




Engines Info

Virus Definitions
418558

Engine build
AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\$VAULT$.AVG\18094608.FIL
Infected with: Trojan.Peed.AG

C:\$VAULT$.AVG\18094608.FIL
Disinfection failed

C:\$VAULT$.AVG\18094608.FIL
Deleted

C:\Data\Temp\delete me\Trash.mbx=>(IFRAME)
Infected with: Exploit.Html.Filedownload.F

C:\Data\Temp\delete me\Trash.mbx=>(IFRAME)
Disinfection failed

C:\Data\Temp\delete me\Trash.mbx=>(IFRAME)
Deleted

C:\Data\Temp\delete me\Trash.mbx
Updated

C:\Data\Temp\delete me\Trash.mbx=>(message 15)
Infected with: Exploit.Iframe.Vulnerability.B

C:\Data\Temp\delete me\Trash.mbx=>(message 15)
Disinfection failed

C:\Data\Temp\delete me\Trash.mbx=>(message 15)
Deleted

C:\Data\Temp\delete me\Trash.mbx
Updated

C:\Data\Temp\delete me\Trash.mbx=>(message 78)
Infected with: Exploit.Iframe.Vulnerability.B

C:\Data\Temp\delete me\Trash.mbx=>(message 78)
Disinfection failed

C:\Data\Temp\delete me\Trash.mbx=>(message 78)
Deleted

C:\Data\Temp\delete me\Trash.mbx
Updated

C:\Documents and Settings\Administrator\Recent\kmd202gu_en.exe.lnk=>C:\Downloads\kmd202gu_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 9)=>(ZIP Sfx s)=>cd_htm.dll
Detected with: Adware.CyDoor

C:\Documents and Settings\Administrator\Recent\kmd202gu_en.exe.lnk=>C:\Downloads\kmd202gu_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 9)=>(ZIP Sfx s)=>cd_htm.dll
Disinfection failed

C:\Documents and Settings\Administrator\Recent\kmd202gu_en.exe.lnk=>C:\Downloads\kmd202gu_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 9)=>(ZIP Sfx s)=>cd_htm.dll
Deleted

C:\Documents and Settings\Administrator\Recent\kmd202gu_en.exe.lnk=>C:\Downloads\kmd202gu_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 9)=>(ZIP Sfx s)
Updated

C:\Documents and Settings\Administrator\Recent\kmd202gu_en.exe.lnk=>C:\Downloads\kmd202gu_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 9)
Update failed

C:\Downloads\kmd170_en.exe=>(Instyler o)=>(Instyler Module 2)=>(ZIP Sfx s)=>cd_htm.dll
Detected with: Adware.CyDoor

C:\Downloads\kmd170_en.exe=>(Instyler o)=>(Instyler Module 2)=>(ZIP Sfx s)=>cd_htm.dll
Disinfection failed

C:\Downloads\kmd170_en.exe=>(Instyler o)=>(Instyler Module 2)=>(ZIP Sfx s)=>cd_htm.dll
Deleted

C:\Downloads\kmd170_en.exe=>(Instyler o)=>(Instyler Module 2)=>(ZIP Sfx s)
Updated

C:\Downloads\kmd170_en.exe=>(Instyler o)=>(Instyler Module 2)
Update failed

C:\Downloads\kmd170_en.exe=>(Instyler o)=>(Instyler Module 13)
Infected with: Trojan.Downloader.3346.A

C:\Downloads\kmd170_en.exe=>(Instyler o)=>(Instyler Module 13)
Disinfection failed

C:\Downloads\kmd170_en.exe=>(Instyler o)=>(Instyler Module 13)
Deleted

C:\Downloads\kmd170_en.exe=>(Instyler o)
Update failed

C:\Downloads\kmd171gu_en.exe=>(Instyler o)=>(Instyler Module 3)=>(ZIP Sfx s)=>cd_htm.dll
Detected with: Adware.CyDoor

C:\Downloads\kmd171gu_en.exe=>(Instyler o)=>(Instyler Module 3)=>(ZIP Sfx s)=>cd_htm.dll
Disinfection failed

C:\Downloads\kmd171gu_en.exe=>(Instyler o)=>(Instyler Module 3)=>(ZIP Sfx s)=>cd_htm.dll
Deleted

C:\Downloads\kmd171gu_en.exe=>(Instyler o)=>(Instyler Module 3)=>(ZIP Sfx s)
Updated

C:\Downloads\kmd171gu_en.exe=>(Instyler o)=>(Instyler Module 3)
Update failed

C:\Downloads\kmd202gu_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 9)=>(ZIP Sfx s)=>cd_htm.dll
Detected with: Adware.CyDoor

C:\Downloads\kmd202gu_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 9)=>(ZIP Sfx s)=>cd_htm.dll
Disinfection failed

C:\Downloads\kmd202gu_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 9)=>(ZIP Sfx s)=>cd_htm.dll
Deleted

C:\Downloads\kmd202gu_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 9)=>(ZIP Sfx s)
Updated

C:\Downloads\kmd202gu_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 9)
Update failed

C:\Program Files\Kazaa\Help\mymedia.htm
Detected with: Application.Kazaa.B

C:\Program Files\Kazaa\Help\mymedia.htm
Disinfection failed

C:\Program Files\Kazaa\Help\mymedia.htm
Deleted

C:\Program Files\Kazaa\My Shared Folder\kmd210_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 2)=>(ZIP Sfx s)=>cd_htm.dll
Detected with: Adware.CyDoor

C:\Program Files\Kazaa\My Shared Folder\kmd210_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 2)=>(ZIP Sfx s)=>cd_htm.dll
Disinfection failed

C:\Program Files\Kazaa\My Shared Folder\kmd210_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 2)=>(ZIP Sfx s)=>cd_htm.dll
Deleted

C:\Program Files\Kazaa\My Shared Folder\kmd210_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 2)=>(ZIP Sfx s)
Updated

C:\Program Files\Kazaa\My Shared Folder\kmd210_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 2)
Update failed

C:\Program Files\The All-Seeing Eye\movenrun.exe
Infected with: Trojan.Zapchast.H

C:\Program Files\The All-Seeing Eye\movenrun.exe
Disinfection failed

C:\Program Files\The All-Seeing Eye\movenrun.exe
Deleted

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:12 PM

Posted 05 February 2007 - 03:05 PM

Hi Dick Wolff,

BidDefender removed lots of malware. :thumbsup:

Post the AVG antispyware log when you done running it.

BTW, do you still have Kazaa installed?

Let's look in a different place for signs. :flowers:

Open HijackThis
Go to ‘config’
Go to ‘misc tools’
Press the button ‘open uninstall manager’
Press 'save list'
A notepad file will open.
Post the content here in your reply.
Close HijackThis.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:12 PM

Posted 13 February 2007 - 11:04 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users