[Referred]Ad-ware logfile (please help!)

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

[Referred]Ad-ware logfile (please help!), Viruses, spyware/adware - Need Help!

Options

Mannen View Member Profile	May 9 2005, 06:03 AM Post #2
Ad-Aware Expert Posts: 110 OS: Xp	Hi and welcome! You have bad files running which Adaware doesn't detect yet so please try this first Scan your computer with these two online virusscans. Post the logs here Panda onlinescan TrendMicro onlinescan Cheers Mannen

IBG View Member Profile	May 9 2005, 10:13 AM Post #3
Member Posts: 25 OS: Windows XP	Here is the Panda log, I'll post the TrendMicro in my next post. Thanks for your help. Incident Status Location Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\DrPMon.dll Adware:Adware/Transponder No disinfected c:\windows\system32\yccnva.exe Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Bolger.dll Adware:Adware/Transponder No disinfected c:\windows\system32\yccnva.exe Adware:Adware/SaveNow No disinfected Windows Registry Adware:Adware/nCase No disinfected C:\DOCUME~1\G-Diddy\LOCALS~1\Temp\180sainstaller.exe Spyware:Spyware/Dyfuca No disinfected Windows Registry Adware:Adware/CWS.Yexe No disinfected C:\WINDOWS\System32\services Adware:Adware/Apropos No disinfected C:\Program Files\cxtpls Adware:Adware/ISearch No disinfected C:\WINDOWS\delprot.ini Adware:Adware/TopConvert No disinfected Windows Registry Adware:Adware/nCase No disinfected C:\Documents and Settings\G-Diddy\Local Settings\Temp\180SAInstaller.exe Adware:Adware/ISearch No disinfected C:\Documents and Settings\G-Diddy\Local Settings\Temp\B186323323\build2.0xe Adware:Adware/Transponder No disinfected C:\Documents and Settings\G-Diddy\Local Settings\Temporary Internet Files\Content.IE5\8TM7CX6V\svcproc[1].exe Adware:Adware/Transponder No disinfected C:\Documents and Settings\G-Diddy\Local Settings\Temporary Internet Files\Content.IE5\MREVQDMJ\Nail[1].exe Adware:Adware/Transponder No disinfected C:\Documents and Settings\G-Diddy\Local Settings\Temporary Internet Files\Content.IE5\SDA7CXIR\DrPMon[1].dll Adware:Adware/Transponder No disinfected C:\Documents and Settings\G-Diddy\Local Settings\Temporary Internet Files\Content.IE5\UVKDQ7GP\Poller[1].exe Adware:Adware/Transponder No disinfected C:\RECYCLER\S-1-5-21-117609710-688789844-854245398-1003\Dc3.exe Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Bolger.dll Adware:Adware/ISearch No disinfected C:\WINDOWS\delprot.ini Adware:Adware/Transponder No disinfected C:\WINDOWS\Nail.exe Adware:Adware/Transponder No disinfected C:\WINDOWS\svcproc.exe Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\DrPMon.dll Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\yccnva.exe Adware:Adware/Startpage.CN No disinfected C:\WINDOWS\webdlg32.dll Adware:Adware/SBSoft No disinfected C:\WINDOWS\webdlg32.inf Adware:Adware/Popup.pop No disinfected C:\WINDOWS\winsx.dll Adware:Adware/Popup.pop No disinfected C:\WINDOWS\winsx.inf

IBG View Member Profile	May 9 2005, 11:39 AM Post #4
Member Posts: 25 OS: Windows XP	TrendMicro Housecall scan results log: Virus Scan 6 viruses detected Results: We have detected 6 infected file(s) with 6 virus(es) on your computer. Only 0 out of 0 infected files are displayed. Detected File Associated Virus Name C:\Documents and Settings\G-Diddy\Local Settings\Temporary Internet Files\Content.IE5\MREVQDMJ\Nail[1].exe TROJ_NAIL.A C:\Documents and Settings\G-Diddy\Local Settings\Temporary Internet Files\Content.IE5\UVKDQ7GP\Poller[1].exe TROJ_AGENT.ABS C:\RECYCLER\S-1-5-21-117609710-688789844-854245398-1003\Dc3.exe TROJ_NAIL.A C:\WINDOWS\system32\yccnva.exe TROJ_AGENT.ABS C:\WINDOWS\dwuighrbue.exe TROJ_BUDDY.F C:\WINDOWS\Nail.exe TROJ_NAIL.A Trojan/Worm Check No worm/Trojan horse detected What we checked: Malicious activity by a Trojan horse program. Although a Trojan seems like a harmless program, it contains malicious code and once installed can cause damage to your computer. Results: We have detected 0 Trojan horse program(s) and worm(s) on your computer. Only 0 out of 0 Trojan horse programs and worms are displayed. Trojan/Worm Name Trojan/Worm Type Spyware Check 11 spyware programs detected What we checked: Whether personal information was tracked and reported by spyware. Spyware is often installed secretly with legitimate programs downloaded from the Internet. Results: We have detected 11 spyware(s) on your computer. Only 0 out of 0 spywares are displayed. Spyware Name Spyware Type COOKIE_1020 Cookie COOKIE_1802 Cookie COOKIE_2513 Cookie COOKIE_3184 Cookie COOKIE_3185 Cookie COOKIE_3186 Cookie ADW_BADBITOR.A Adware SPYW_WEBSEARCH.A Spyware ADW_BETTERNET.A Adware ADW_APROPOS.O Adware ADW_BOLGER.A Adware Microsoft Vulnerability Check 2 vulnerabilities detected What we checked: Microsoft known security vulnerabilities. These are issues Microsoft has identified and released Critical Updates to fix. Results: We have detected 2 vulnerability/vulnerabilities on your computer. Only 0 out of 0 vulnerabilities are displayed. Risk Level Issue How to Fix Highly Critical This vulnerability enables local users to execute arbitrary code through an RPC call. This is caused by a buffer overflow in the RPC Locator service for Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP. MS03-001 Critical This security update addresses and resolves a vulnerability in Internet Explorer that could allow remote code execution. A Web page can be crafted to exploit this vulnerability such that an arbitrary application can be executed on visiting systems with the same priviledge as the currently logged on user. MS04-040

Mannen View Member Profile	May 9 2005, 12:23 PM Post #5
Ad-Aware Expert Posts: 110 OS: Xp	Good evening! Please try this below, you have a nasty infection which can require Hijackthis to completly remove all traces. So if this fails I will transfer you over to the Hjt forum Go to Start->Run and type Services.msc then hit Ok. Scroll down and find the service called "System Startup Service (SvcProc)" . When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. Go to control panel > add/remove programs and look for "cxtpls" and "180search Assistant" If found please uninstall them How to see hidden files and folders http://www.xtra.co.nz/help/0,,4155-1916458,00.html Download this tool called Killbox. http://www.bleepingcomputer.com/files/spyware/KillBox.zip Unzip where you want and run it Disconnect from the internet and close all browsers Select the Delete on Reboot option. In the "Full Path of File to Delete" field copy/paste these files below. Copy one file at a time and click the red circle with the white X in it. First click yes, then when it asks you to reboot, click No. Then enter the other files and click yes to reboot when you are done with the last For the .dll files select "unregister before deleting" C:\WINDOWS\system32\DrPMon.dll c:\windows\system32\yccnva.exe C:\WINDOWS\Bolger.dll C:\Program Files\cxtpls\ C:\WINDOWS\delprot.ini C:\WINDOWS\Bolger.dll C:\WINDOWS\delprot.ini C:\WINDOWS\Nail.exe C:\WINDOWS\svcproc.exe C:\WINDOWS\system32\yccnva.exe C:\WINDOWS\webdlg32.dll C:\WINDOWS\webdlg32.inf C:\WINDOWS\winsx.dll C:\WINDOWS\winsx.inf If any of the files cant be deleted try the same thing in safe mode After you are done with the above please start your computer in safe mode Can you clean (delete) the following directory contents (but not the directory folder) If you have anything you know you want to keep here, can you move it to a different folder for the time being: * C:\Windows\Temp\ * C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <=This will delete all your cached internet content including cookies. This is recommended and strongly suggested. * C:\Documents and Settings\<Your Profile>\Local Settings\Temp\ * C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\ * C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\ * Empty your "Recycle Bin". Then scan with Adaware and delete everything found. Reboot to "normal" mode and post a fresh Adaware log and tell us how things are Cheers Mannen

Mannen View Member Profile	May 9 2005, 05:01 PM Post #7
Ad-Aware Expert Posts: 110 OS: Xp	Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance. Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.

IBG View Member Profile	May 25 2005, 02:15 PM Post #8
Member Posts: 25 OS: Windows XP	This has been fixed.. thanks for your help.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal [Referred]ad-aware log (please help me)	7 / 2,139	21st May 2005 - 05:38 PM virus kill started - last by Andy_veal
Lavasoft Support (Ad-aware) [Referred]Ad-ware logfile (please help!)	0 / 0	9th May 2005 - 05:01 PM IBG started - last by Mannen
Virus, Spyware and Trojan Removal HiJackThis LOGFILE, please help!	1 / 854	21st August 2005 - 11:40 AM tdicruz33 started - last by tdicruz33
Virus, Spyware and Trojan Removal My Logfile Please Help! [RESOLVED]	8 / 309	3rd December 2005 - 03:35 AM Greg Hill started - last by Crustyoldbloke