Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Wipe


  • Please log in to reply
6 replies to this topic

#1 Trinilady

Trinilady

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 29 June 2007 - 04:08 PM

Hello everyone, I'm sorry for not introducing myself but I'm so upset right now!! I need help with this.

My computer have been infected with Malwipe. I renewed my Norton and ran it, no help. I downloaded that program from Lava, no help.

It's controlling my computer. I tried restarting in safe mode to run the scans again, I cannot do it.

Please someone, tell me how to get rid of this.

Moderator Edit: Moved topic to the more appropriate forum. ~ Animal

Edited by Animal, 29 June 2007 - 06:36 PM.


BC AdBot (Login to Remove)

 


#2 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:09:28 PM

Posted 29 June 2007 - 04:35 PM

Hi, :thumbsup: to bleeping computer, Trinilady. I am Oldf@rt, and I will attempt to help you with malwarewipe. I am only a HJT trainee, so I may ask you to post a hijackthis log later on. Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
after you have accomplished this, Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#3 Trinilady

Trinilady
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 29 June 2007 - 04:45 PM

Thank you!! I'm working on it now!!

#4 Trinilady

Trinilady
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 30 June 2007 - 02:12 AM

Good morning Old F*rt, this is what the log said -



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/30/2007 at 01:26 AM

Application Version : 3.9.1008

Core Rules Database Version : 3262
Trace Rules Database Version: 1273

Scan type : Complete Scan
Total Scan Time : 02:26:07

Memory items scanned : 563
Memory threats detected : 5
Registry items scanned : 6268
Registry threats detected : 146
File items scanned : 76539
File threats detected : 60

Trojan.Smitfraud Variant
C:\WINDOWS\SYSTEM32\AFKVVY.DLL
C:\WINDOWS\SYSTEM32\AFKVVY.DLL
HKLM\Software\Classes\CLSID\{4688f900-0d0c-4788-b297-59cc10e70ccc}
HKCR\CLSID\{4688F900-0D0C-4788-B297-59CC10E70CCC}
HKCR\CLSID\{4688F900-0D0C-4788-B297-59CC10E70CCC}\InProcServer32
HKCR\CLSID\{4688F900-0D0C-4788-B297-59CC10E70CCC}\InProcServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{4688f900-0d0c-4788-b297-59cc10e70ccc}

Trojan.Media-Codec/V3
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESMN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESMN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESMIN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESMIN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IMSMAIN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IMSMAIN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IMSMN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IMSMN.EXE
[user32.dll] C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESMN.EXE
[rare] C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IMSMAIN.EXE
HKLM\Software\Classes\CLSID\{36ADA89D-2440-4DC4-820A-3A05E8630935}
HKCR\CLSID\{36ADA89D-2440-4DC4-820A-3A05E8630935}
HKCR\CLSID\{36ADA89D-2440-4DC4-820A-3A05E8630935}#xxx
HKCR\CLSID\{36ADA89D-2440-4DC4-820A-3A05E8630935}\InprocServer32
HKCR\CLSID\{36ADA89D-2440-4DC4-820A-3A05E8630935}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESPLG.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36ADA89D-2440-4DC4-820A-3A05E8630935}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in#UninstallString
C:\Program Files\Video ActiveX Access\iesunst.exe
C:\Program Files\Video ActiveX Access\ot.ico
C:\Program Files\Video ActiveX Access\ts.ico
C:\Program Files\Video ActiveX Access\uninst.exe
C:\Program Files\Video ActiveX Access
C:\WINDOWS\Prefetch\IESMIN.EXE-036E4524.pf
C:\WINDOWS\Prefetch\IESMN.EXE-033DF62E.pf
C:\WINDOWS\Prefetch\IMSMAIN.EXE-0F631905.pf
C:\WINDOWS\Prefetch\IMSMN.EXE-217C3E2D.pf

Adware.MyWay
HKLM\Software\Classes\CLSID\{014DA6C1-189F-421a-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C1-189F-421A-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C1-189F-421A-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C1-189F-421A-88CD-07CFE51CFF10}\InprocServer32
HKCR\CLSID\{014DA6C1-189F-421A-88CD-07CFE51CFF10}\InprocServer32#ThreadingModel
HKCR\CLSID\{014DA6C1-189F-421A-88CD-07CFE51CFF10}\Programmable
HKCR\CLSID\{014DA6C1-189F-421A-88CD-07CFE51CFF10}\TypeLib
BLANK
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{014DA6C1-189F-421a-88CD-07CFE51CFF10}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{014DA6C9-189F-421a-88CD-07CFE51CFF10}
HKU\S-1-5-21-1292428093-1647877149-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKU\S-1-5-21-1292428093-1647877149-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{014DA6C9-189F-421A-88CD-07CFE51CFF10}

Adware.HBHelper
HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{E12BFF69-38A7-406e-A8EF-2738107A7831}
HKCR\CLSID\{E12BFF69-38A7-406E-A8EF-2738107A7831}
HKCR\CLSID\{E12BFF69-38A7-406E-A8EF-2738107A7831}\InprocServer32
HKCR\CLSID\{E12BFF69-38A7-406E-A8EF-2738107A7831}\InprocServer32#ThreadingModel
C:\DOCUME~1\HASSRAH\LOCALS~1\TEMP\JUAN.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E12BFF69-38A7-406e-A8EF-2738107A7831}
HKCR\CLSID\{E12BFF69-38A7-406E-A8EF-2738107A7831}

Unclassified.Unknown Origin
HKU\S-1-5-21-1292428093-1647877149-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{6AE02E1C-8859-4F57-9097-5A55A56A4CAF}
HKU\S-1-5-21-1292428093-1647877149-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{6AE02E1C-8859-4F57-9097-5A55A56A4CAF}

Adware.Tracking Cookie
C:\Documents and Settings\Hassrah\Cookies\hassrah@mediaplex[1].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@directtrack[1].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@go.winantivirus[1].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@adrevolver[1].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@ad.zanox[1].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@2o7[2].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@a[1].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@dr1[2].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@overture[1].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@winantivirus[2].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@doubleclick[1].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@ehg-samsungusa.hitbox[1].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@revsci[2].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@ad.yieldmanager[2].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@cpvfeed[1].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@clickbank[2].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@hitbox[1].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@adrevolver[2].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@angleinteractive.directtrack[1].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@statcounter[1].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@richmedia.yahoo[1].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@rambler[2].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@atdmt[2].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@cgi-bin[2].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@tacoda[2].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@tradedoubler[1].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@advertising[1].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@questionmarket[2].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@ehg-groupernetworks.hitbox[2].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@www.everyclick[1].txt
C:\Documents and Settings\Hassrah\Cookies\hassrah@atwola[1].txt

Registry Cleaner Trial
HKU\S-1-5-21-1292428093-1647877149-725345543-1003\Software\Registry Cleaner
HKU\S-1-5-21-1292428093-1647877149-725345543-1003\Software\SoftwareOnline.com
C:\Documents and Settings\Hassrah\Application Data\Registry Cleaner\Backups
C:\Documents and Settings\Hassrah\Application Data\Registry Cleaner\RegClean.ini
C:\Documents and Settings\Hassrah\Application Data\Registry Cleaner

Trojan.Media-Codec
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object#ProductionEnvironment
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object#URLInfoAbout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#user32.dll [ C:\Program Files\Video ActiveX Access\iesmn.exe ]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#rare [ C:\Program Files\Video ActiveX Access\imsmain.exe ]

Browser Hijacker.Deskbar
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

Malware.SpyLocked
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#UninstallString
HKCR\TypeLib\{099A05C2-CDA0-41FF-9A38-DD8B6149A766}
HKCR\TypeLib\{099A05C2-CDA0-41FF-9A38-DD8B6149A766}\1.0
HKCR\TypeLib\{099A05C2-CDA0-41FF-9A38-DD8B6149A766}\1.0\0
HKCR\TypeLib\{099A05C2-CDA0-41FF-9A38-DD8B6149A766}\1.0\FLAGS
HKCR\TypeLib\{099A05C2-CDA0-41FF-9A38-DD8B6149A766}\1.0\HELPDIR
HKCR\Interface\{2F223FDC-164A-492C-82D0-055FD8CE349C}
HKCR\Interface\{2F223FDC-164A-492C-82D0-055FD8CE349C}\ProxyStubClsid
HKCR\Interface\{2F223FDC-164A-492C-82D0-055FD8CE349C}\ProxyStubClsid32
HKCR\Interface\{2F223FDC-164A-492C-82D0-055FD8CE349C}\TypeLib
HKCR\Interface\{2F223FDC-164A-492C-82D0-055FD8CE349C}\TypeLib#Version
HKCR\Interface\{4D3BC08F-3C13-4CD1-80F4-F5A7B7D0388F}
HKCR\Interface\{4D3BC08F-3C13-4CD1-80F4-F5A7B7D0388F}\ProxyStubClsid
HKCR\Interface\{4D3BC08F-3C13-4CD1-80F4-F5A7B7D0388F}\ProxyStubClsid32
HKCR\Interface\{4D3BC08F-3C13-4CD1-80F4-F5A7B7D0388F}\TypeLib
HKCR\Interface\{4D3BC08F-3C13-4CD1-80F4-F5A7B7D0388F}\TypeLib#Version
HKCR\Interface\{5BA3EE9B-A96E-4301-B839-388AFEFCD9F4}
HKCR\Interface\{5BA3EE9B-A96E-4301-B839-388AFEFCD9F4}\ProxyStubClsid
HKCR\Interface\{5BA3EE9B-A96E-4301-B839-388AFEFCD9F4}\ProxyStubClsid32
HKCR\Interface\{5BA3EE9B-A96E-4301-B839-388AFEFCD9F4}\TypeLib
HKCR\Interface\{5BA3EE9B-A96E-4301-B839-388AFEFCD9F4}\TypeLib#Version
HKCR\Interface\{85292BEE-65FF-41AD-8E72-B385D1C93C89}
HKCR\Interface\{85292BEE-65FF-41AD-8E72-B385D1C93C89}\ProxyStubClsid
HKCR\Interface\{85292BEE-65FF-41AD-8E72-B385D1C93C89}\ProxyStubClsid32
HKCR\Interface\{85292BEE-65FF-41AD-8E72-B385D1C93C89}\TypeLib
HKCR\Interface\{85292BEE-65FF-41AD-8E72-B385D1C93C89}\TypeLib#Version
HKCR\Interface\{861ADDA2-0216-49AC-AA5B-62F64F1D91D1}
HKCR\Interface\{861ADDA2-0216-49AC-AA5B-62F64F1D91D1}\ProxyStubClsid
HKCR\Interface\{861ADDA2-0216-49AC-AA5B-62F64F1D91D1}\ProxyStubClsid32
HKCR\Interface\{861ADDA2-0216-49AC-AA5B-62F64F1D91D1}\TypeLib
HKCR\Interface\{861ADDA2-0216-49AC-AA5B-62F64F1D91D1}\TypeLib#Version
HKCR\Interface\{8D3014AE-0854-4222-A733-D9DD0149D9FA}
HKCR\Interface\{8D3014AE-0854-4222-A733-D9DD0149D9FA}\ProxyStubClsid
HKCR\Interface\{8D3014AE-0854-4222-A733-D9DD0149D9FA}\ProxyStubClsid32
HKCR\Interface\{8D3014AE-0854-4222-A733-D9DD0149D9FA}\TypeLib
HKCR\Interface\{8D3014AE-0854-4222-A733-D9DD0149D9FA}\TypeLib#Version
HKCR\Interface\{9A9E938C-4A18-4B36-A973-DADCD8A1C268}
HKCR\Interface\{9A9E938C-4A18-4B36-A973-DADCD8A1C268}\ProxyStubClsid
HKCR\Interface\{9A9E938C-4A18-4B36-A973-DADCD8A1C268}\ProxyStubClsid32
HKCR\Interface\{9A9E938C-4A18-4B36-A973-DADCD8A1C268}\TypeLib
HKCR\Interface\{9A9E938C-4A18-4B36-A973-DADCD8A1C268}\TypeLib#Version
HKCR\Interface\{9C4D0D3F-F36E-42A3-9B35-A43C08AB1866}
HKCR\Interface\{9C4D0D3F-F36E-42A3-9B35-A43C08AB1866}\ProxyStubClsid
HKCR\Interface\{9C4D0D3F-F36E-42A3-9B35-A43C08AB1866}\ProxyStubClsid32
HKCR\Interface\{9C4D0D3F-F36E-42A3-9B35-A43C08AB1866}\TypeLib
HKCR\Interface\{9C4D0D3F-F36E-42A3-9B35-A43C08AB1866}\TypeLib#Version
HKCR\Interface\{ABD41A08-5C4D-4CDB-8310-A681E73755BF}
HKCR\Interface\{ABD41A08-5C4D-4CDB-8310-A681E73755BF}\ProxyStubClsid
HKCR\Interface\{ABD41A08-5C4D-4CDB-8310-A681E73755BF}\ProxyStubClsid32
HKCR\Interface\{ABD41A08-5C4D-4CDB-8310-A681E73755BF}\TypeLib
HKCR\Interface\{ABD41A08-5C4D-4CDB-8310-A681E73755BF}\TypeLib#Version
HKCR\Interface\{B151B421-A97B-4C1D-B555-EED8A35BA5C8}
HKCR\Interface\{B151B421-A97B-4C1D-B555-EED8A35BA5C8}\ProxyStubClsid
HKCR\Interface\{B151B421-A97B-4C1D-B555-EED8A35BA5C8}\ProxyStubClsid32
HKCR\Interface\{B151B421-A97B-4C1D-B555-EED8A35BA5C8}\TypeLib
HKCR\Interface\{B151B421-A97B-4C1D-B555-EED8A35BA5C8}\TypeLib#Version
HKCR\Interface\{B3D80493-3013-4E93-A878-4CEFC401F4A6}
HKCR\Interface\{B3D80493-3013-4E93-A878-4CEFC401F4A6}\ProxyStubClsid
HKCR\Interface\{B3D80493-3013-4E93-A878-4CEFC401F4A6}\ProxyStubClsid32
HKCR\Interface\{B3D80493-3013-4E93-A878-4CEFC401F4A6}\TypeLib
HKCR\Interface\{B3D80493-3013-4E93-A878-4CEFC401F4A6}\TypeLib#Version
HKCR\Interface\{BDC7BB72-6C19-415D-86C3-76CC46EC00A9}
HKCR\Interface\{BDC7BB72-6C19-415D-86C3-76CC46EC00A9}\ProxyStubClsid
HKCR\Interface\{BDC7BB72-6C19-415D-86C3-76CC46EC00A9}\ProxyStubClsid32
HKCR\Interface\{BDC7BB72-6C19-415D-86C3-76CC46EC00A9}\TypeLib
HKCR\Interface\{BDC7BB72-6C19-415D-86C3-76CC46EC00A9}\TypeLib#Version
HKCR\Interface\{CE351B84-F0D6-4FA0-AAD7-3C0616EA647E}
HKCR\Interface\{CE351B84-F0D6-4FA0-AAD7-3C0616EA647E}\ProxyStubClsid
HKCR\Interface\{CE351B84-F0D6-4FA0-AAD7-3C0616EA647E}\ProxyStubClsid32
HKCR\Interface\{CE351B84-F0D6-4FA0-AAD7-3C0616EA647E}\TypeLib
HKCR\Interface\{CE351B84-F0D6-4FA0-AAD7-3C0616EA647E}\TypeLib#Version
HKCR\Interface\{D64DCDAE-38CD-488C-A85C-00A0B5C03AE8}
HKCR\Interface\{D64DCDAE-38CD-488C-A85C-00A0B5C03AE8}\ProxyStubClsid
HKCR\Interface\{D64DCDAE-38CD-488C-A85C-00A0B5C03AE8}\ProxyStubClsid32
HKCR\Interface\{D64DCDAE-38CD-488C-A85C-00A0B5C03AE8}\TypeLib
HKCR\Interface\{D64DCDAE-38CD-488C-A85C-00A0B5C03AE8}\TypeLib#Version
HKCR\Interface\{D9F4D801-2431-465A-B754-AB9E3B649E8C}
HKCR\Interface\{D9F4D801-2431-465A-B754-AB9E3B649E8C}\ProxyStubClsid
HKCR\Interface\{D9F4D801-2431-465A-B754-AB9E3B649E8C}\ProxyStubClsid32
HKCR\Interface\{D9F4D801-2431-465A-B754-AB9E3B649E8C}\TypeLib
HKCR\Interface\{D9F4D801-2431-465A-B754-AB9E3B649E8C}\TypeLib#Version
HKCR\Interface\{E0DBB136-FCD7-4180-9207-D4A9E822002E}
HKCR\Interface\{E0DBB136-FCD7-4180-9207-D4A9E822002E}\ProxyStubClsid
HKCR\Interface\{E0DBB136-FCD7-4180-9207-D4A9E822002E}\ProxyStubClsid32
HKCR\Interface\{E0DBB136-FCD7-4180-9207-D4A9E822002E}\TypeLib
HKCR\Interface\{E0DBB136-FCD7-4180-9207-D4A9E822002E}\TypeLib#Version
C:\Program Files\SpyLocked 4.3

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\HASSRAH\FAVORITES\ONLINE SECURITY TEST.URL
C:\RECYCLER\S-1-5-21-1292428093-1647877149-725345543-1003\DC2533.URL
C:\RECYCLER\S-1-5-21-1292428093-1647877149-725345543-1003\DC2534.URL
I:\RECYCLER\S-1-5-21-1292428093-1647877149-725345543-1003\DI2.URL
I:\RECYCLER\S-1-5-21-1292428093-1647877149-725345543-1003\DI3.URL

Trojan.Downloader-Gen/A
C:\DOCUMENTS AND SETTINGS\HASSRAH\LOCAL SETTINGS\TEMP\A.EXE

Malware.AntiVirusGolden
C:\PROGRAM FILES\AVG\ANTIVIRUSGOLD 4.8\ANTIVIRUSGOLD 4.8.EXE

Trace.Known Threat Sources
C:\Documents and Settings\Hassrah\Local Settings\Temporary Internet Files\Content.IE5\WFS5CP2F\index[1].htm

#5 Trinilady

Trinilady
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 30 June 2007 - 03:46 AM

BitDefender Online Scanner



Scan report generated at: Sat, Jun 30, 2007 - 09:33:33





Scan path: A:\;C:\;D:\;E:\;G:\;H:\;I:\;







Statistics

Time
01:16:10

Files
222808

Folders
6460

Boot Sectors
6

Archives
1867

Packed Files
9454




Results

Identified Viruses
14

Infected Files
27

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
45




Engines Info

Virus Definitions
636090

Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0076295B.tmp=>(Quarantine-2)
Infected with: Trojan.Peed.Gen

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0076295B.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0076295B.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09CB25DD.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09CB25DD.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09CB25DD.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D3532A8.tmp=>(Quarantine-2)
Infected with: Java.Trojan.OpenConnection.F

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D3532A8.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D3532A8.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D514057.htm=>(Quarantine-2)=>(JAVASCRIPT 1)
Infected with: Trojan.Downloader.Js.Psyme.AN

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D514057.htm=>(Quarantine-2)=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D514057.htm=>(Quarantine-2)=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D514057.htm=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D514057.htm
Update failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DA503FA.jar=>(Quarantine-2)=>BlackBox.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DA503FA.jar=>(Quarantine-2)=>BlackBox.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DA503FA.jar=>(Quarantine-2)=>BlackBox.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DA503FA.jar=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DA503FA.jar=>(Quarantine-2)=>VerifierBug.class
Infected with: Java.Trojan.Exploit.Bytverify.C

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DA503FA.jar=>(Quarantine-2)=>VerifierBug.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DA503FA.jar=>(Quarantine-2)=>VerifierBug.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DA503FA.jar=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DA503FA.jar=>(Quarantine-2)=>Dummy.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DA503FA.jar=>(Quarantine-2)=>Dummy.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DA503FA.jar=>(Quarantine-2)=>Dummy.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DA503FA.jar=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DA503FA.jar=>(Quarantine-2)=>Beyond.class
Infected with: Java.Trojan.Exploit.Bytverify.C

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DA503FA.jar=>(Quarantine-2)=>Beyond.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DA503FA.jar=>(Quarantine-2)=>Beyond.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DA503FA.jar=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DA503FA.jar
Update failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E947CF4.htm=>(Quarantine-2)
Infected with: Generic.XPL.MhtRedir.46E88856

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E947CF4.htm=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E947CF4.htm=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1ECC7763.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1ECC7763.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1ECC7763.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29E35970.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29E35970.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29E35970.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A6E76CE.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A6E76CE.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A6E76CE.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A744AC7.tmp=>(Quarantine-2)
Infected with: Java.Trojan.ClassLoader.U

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A744AC7.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A744AC7.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A7774C3.tmp=>(Quarantine-2)
Infected with: Trojan.Pws.Cimuz.T

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A7774C3.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A7774C3.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FE145C3.tmp=>(Quarantine-2)
Infected with: Java.Trojan.ClassLoader.U

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FE145C3.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FE145C3.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C3E39F4.izs=>(Quarantine-2)
Infected with: JS.Trojan.Winbomb.F

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C3E39F4.izs=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C3E39F4.izs=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\436B2A5B.tmp=>(Quarantine-2)
Infected with: Java.Trojan.ClassLoader.U

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\436B2A5B.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\436B2A5B.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\458C1D7A.tmp=>(Quarantine-2)
Infected with: Java.Trojan.ClassLoader.U

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\458C1D7A.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\458C1D7A.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\476D54A9.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\476D54A9.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\476D54A9.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CAB4832.dll=>(Quarantine-2)
Infected with: DeepScan:Generic.Dialer.D197CA38

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CAB4832.dll=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CAB4832.dll=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CAF722E.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Keenval.E

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CAF722E.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CAF722E.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D8A4302.tmp=>(Quarantine-2)
Infected with: Trojan.Exploit.Byteverify.O

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D8A4302.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D8A4302.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D8E6CFF.tmp=>(Quarantine-2)
Infected with: Trojan.Java.Classloader.Dummy.A

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D8E6CFF.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D8E6CFF.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\Hassrah\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-c2e0584-7c525a25.zip=>javautil.zip=>Dummy.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\Hassrah\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-c2e0584-7c525a25.zip=>javautil.zip=>Dummy.class
Disinfection failed

C:\Documents and Settings\Hassrah\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-c2e0584-7c525a25.zip=>javautil.zip=>Dummy.class
Deleted

C:\Documents and Settings\Hassrah\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-c2e0584-7c525a25.zip=>javautil.zip
Updated

C:\Documents and Settings\Hassrah\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-c2e0584-7c525a25.zip
Updated

C:\Documents and Settings\Hassrah\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-c2e0584-7c525a25.zip=>Dummy.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\Hassrah\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-c2e0584-7c525a25.zip=>Dummy.class
Disinfection failed

C:\Documents and Settings\Hassrah\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-c2e0584-7c525a25.zip=>Dummy.class
Deleted

C:\Documents and Settings\Hassrah\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-c2e0584-7c525a25.zip
Updated

G:\diego\System Volume Information\_restore{BD24BE1B-3231-4A92-A785-F9DC13DBBB85}\RP109\A0043952.exe
Infected with: Trojan.Agent.AY

G:\diego\System Volume Information\_restore{BD24BE1B-3231-4A92-A785-F9DC13DBBB85}\RP109\A0043952.exe
Disinfection failed

G:\diego\System Volume Information\_restore{BD24BE1B-3231-4A92-A785-F9DC13DBBB85}\RP109\A0043952.exe
Deleted

G:\diego\System Volume Information\_restore{BD24BE1B-3231-4A92-A785-F9DC13DBBB85}\RP109\A0043953.exe
Infected with: Trojan.Agent.AY

G:\diego\System Volume Information\_restore{BD24BE1B-3231-4A92-A785-F9DC13DBBB85}\RP109\A0043953.exe
Disinfection failed

G:\diego\System Volume Information\_restore{BD24BE1B-3231-4A92-A785-F9DC13DBBB85}\RP109\A0043953.exe
Deleted

#6 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:09:28 PM

Posted 30 June 2007 - 09:12 AM

To me , it looks like the malwarewipe is gone, however I would like for you post a hijack this log to insure that your machine is clean. Please follow the instructions in this thread: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#7 Trinilady

Trinilady
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 01 July 2007 - 07:49 AM

Thank you for your help!! It is very appreciated!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users