[dvk01]

when avenger deletes a driver or service it reboots itself twice so don't do anything until it has rebooted itself for the second time

[Advertisements]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bqfetkrf

*******************

Script file located at: \??\C:\Documents and Settings\knxedefw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver WinSSL unloaded successfully.
File C:\WINDOWS\System32\WinSSLRun.dll deleted successfully.
File C:\WINDOWS\System32\WinSSLCore.dll deleted successfully.


File C:\WINDOWS\loadssl.exe not found!
Deletion of file C:\WINDOWS\loadssl.exe failed!

Could not process line:
C:\WINDOWS\loadssl.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

[playsoldier3]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bqfetkrf

*******************

Script file located at: \??\C:\Documents and Settings\knxedefw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver WinSSL unloaded successfully.
File C:\WINDOWS\System32\WinSSLRun.dll deleted successfully.
File C:\WINDOWS\System32\WinSSLCore.dll deleted successfully.


File C:\WINDOWS\loadssl.exe not found!
Deletion of file C:\WINDOWS\loadssl.exe failed!

Could not process line:
C:\WINDOWS\loadssl.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

[dvk01]

were there any other zip files in teh avenger folder

if so please upload them to spykiller

the one you uploaded was the previous deletions

the latest one is always just called backup.zip

earlier ones are backup_time & date.zip

[playsoldier3]

ok i posted the backup.zip

[dvk01]

thanks got it

all the files are being submitted to all teh antivirus & antispyware companies to hopefuly stop it

some know some of it as trojan flood ads

[playsoldier3]

so what does trojan flood ads do?
i recently in the past few days made purchases online, does that mean credit card will be stolen?

[dvk01]

from waht I can see it isn't a password stealer or anything just floods you with adverts


teh analysis hasn't shown any info going out just more junk being downloaded

so you should be safe

it's always wise in these cases though to change all passwords & keep a close eye on bank or credit card & inform teh company if anything suspicious occurs

[JSntgRvr]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.