Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slew of problems related to Seriall.com adware...


  • Please log in to reply

#1
Zhariken

Zhariken

    New Member

  • Member
  • Pip
  • 1 posts
Hi,

I'm having much the same problem as many people who have posted in regards to Seriall.com. I've run through quite a few steps and cleaned some of it up, but I'm worried that much of it remains. Any help would be greatly appreciated, especially as this is a work-related computer. Thank you in advance.



HijackThis log (note: Hijack this was run AFTER the other programs listed below):
Logfile of HijackThis v1.99.1
Scan saved at 7:45:49 PM, on 10/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\TEMP\BWF76B.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ishost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\ismini.exe
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\{98BBE4DF-05D0-1033-1121-030311110001}\Update.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\j2 Messenger 4.2\J2GTray.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Maria\Desktop\clean\analyse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.10.2:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Maria\Application Data\Mozilla\Profiles\default\a6eywvbo.slt\prefs.js)
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - C:\WINDOWS\System32\jkkhigd.dll
O2 - BHO: (no name) - {16030FA6-FD1F-8FAF-66C6-03967B4CC5A9} - C:\WINDOWS\System32\afppbbb.dll
O2 - BHO: (no name) - {27D23988-781F-8C46-51A1-0889C1649B4D} - C:\WINDOWS\System32\wenpgjb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\System32\yxckplch.dll
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{38BBE4DF-05D0-1033-1121-030311110001}\MyToolBar.dll
O2 - BHO: (no name) - {CAB910A3-FC05-4D3F-A756-911B3CE8FC4D} - C:\WINDOWS\System32\urqon.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{38BBE4DF-05D0-1033-1121-030311110001}\MyToolBar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [j2 4.2] "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [satsgdh.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\satsgdh.dll,phmfx
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [qfsrgvi.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\qfsrgvi.dll,yruqogc
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: j2 4.2.lnk = C:\Program Files\j2 Messenger 4.2\J2GTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.1.10.2:4343/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://10.1.10.2:4343/officescan/console/ClientInstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://10.1.10.2:4343/officescan/console/ClientInstall/setup.cab
O16 - DPF: {164B7670-301E-11D4-AF4E-005056B6005A} (Svsainst Control) - http://www.swiftview.com/product/current/svinstall_s_green_pro.exe
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://10.1.10.2:4343/SMB/console/html/root/AtxEnc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.1.10.2:4343/officescan/console/ClientInstall/RemoveCtrl.cab
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) - https://accounting.quickbooks.com/c1/v14.223/qboax8.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://ts1/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AF54BFA2-474E-4B82-A5F3-B79E6F7A80B1} (QuickBooks Online Edition Import Utilities Class v4) - https://accounting.quickbooks.com/c1/v15.232/qboimax4.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - https://wc.wachovia.com/Common/cab/ikcntrls.cab
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - E:\CDS300\__CDS2.dll (file missing)
O20 - Winlogon Notify: jkkhigd - C:\WINDOWS\SYSTEM32\jkkhigd.dll
O20 - Winlogon Notify: opppn - C:\WINDOWS\System32\opppn.dll (file missing)
O20 - Winlogon Notify: urqon - C:\WINDOWS\System32\urqon.dll
O20 - Winlogon Notify: winevl32 - C:\WINDOWS\SYSTEM32\winevl32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe





Counterspy:
Spyware Scan Details
Start Date: 10/10/2006 3:54:02 PM
End Date: 10/10/2006 4:24:32 PM
Total Time: 30 mins 30 secs 

Detected spyware

Safety Bar Toolbar  more information...
Status: Deleted

Infected files detected
c:\program files\safety bar\safetybar.dll
c:\program files\safety bar\uninstall.bat

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{052b12f7-86fa-4921-8482-26c42316b522} 
HKEY_CLASSES_ROOT\CLSID\{052b12f7-86fa-4921-8482-26c42316b522}\InprocServer32 C:\Program Files\Safety Bar\SafetyBar.dll
HKEY_CLASSES_ROOT\CLSID\{052b12f7-86fa-4921-8482-26c42316b522}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{052b12f7-86fa-4921-8482-26c42316b522} Safety Bar


DesktopScam Trojan Downloader  more information...
Details: DesktopScam is a trojan that is downloaded with rogue security applicatons in order to frighten the affected user into purchasing the rogue program.
Status: Deleted

Infected files detected
c:\documents and settings\all users\start menu\security troubleshooting.url
c:\documents and settings\maria\favorites\antivirus test online.url
c:\windows\system32\ot.ico
c:\documents and settings\all users\start menu\online security guide.url
c:\windows\system32\issearch.exe
c:\windows\system32\components\flx7.dll


SpySheriff Rogue Security Program  more information...
Details: SpySheriff is a purported anti-spyware application to scan for and remove spyware from users' computers.
Status: Deleted

Infected files detected
C:\WINDOWS\system32\components\flx7.dll


AvenueMedia.InternetOptimizer Browser Plug-in  more information...
Details: Internet Optimizer, also known as DyFuCA, is an adware application that hijacks the user's browser error page.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer SlowInfoCache 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer Changed 0


SurfAccuracy Adware (General)  more information...
Details: SurfAccuracy is an adware application that displays advertisements on the desktop and records keystrokes that are entered into certain search engines.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SAcc 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SAcc SlowInfoCache 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SAcc Changed 0


Virtumonde Adware (General)  more information...
Details: Virtumonde is an adware program that displays pop-up advertisements on the desktop. Virtumonde also downloads other software from various remote servers.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} 
HKEY_CLASSES_ROOT\clsid\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152}\InprocServer32 C:\WINDOWS\System32\opppn.dll
HKEY_CLASSES_ROOT\clsid\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152}\InprocServer32 ThreadingModel apartment
HKEY_CLASSES_ROOT\clsid\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152}\ProgID MSEvents.MSEvents.1
HKEY_CLASSES_ROOT\clsid\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152}\TypeLib {BAD59A24-6891-417D-A041-C8FD495B77F1}
HKEY_CLASSES_ROOT\clsid\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152}\VersionIndependentProgID MSEvents.MSEvents
HKEY_CLASSES_ROOT\clsid\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} MSEvents Object
HKEY_CLASSES_ROOT\clsid\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} AppID 


Trojan.WinlogonHook.Delf.A Trojan  more information...
Details: WinlogonHook.Delf.A is a backdoor trojan that gives an attacker the ability to control the infected machine without the user's knowledge.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Data 32788713
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR LSTV 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Brnd 3020
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR MSLIST 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR PID 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Rid 200
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR LID 48
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SCLIST 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SSLIST 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR BSTV 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SSTV 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR BPTV 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR PSTV 


Trojan.Smitfraud Trojan  more information...
Details: Trojan.Smitfraud is a group of programs that are used to download rogue security products and change the user's desktop to display false warnings that the computer is infected with spyware.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler incestuously {03413bf7-e34c-445b-bfc0-a2b127255871}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad incestuously {03413bf7-e34c-445b-bfc0-a2b127255871}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A43385F0-7113-496D-96D7-B9B550E3FCCA} 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A43385F0-7113-496D-96D7-B9B550E3FCCA} 
HKEY_CLASSES_ROOT\CLSID\{A43385F0-7113-496D-96D7-B9B550E3FCCA} 
HKEY_CLASSES_ROOT\CLSID\{A43385F0-7113-496D-96D7-B9B550E3FCCA}\InprocServer32 C:\WINDOWS\System32\ixt0.dll
HKEY_CLASSES_ROOT\CLSID\{A43385F0-7113-496D-96D7-B9B550E3FCCA}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{A43385F0-7113-496D-96D7-B9B550E3FCCA} 



Panda Activescan:
Incident																		Status						Location																																																														

Adware:Adware/SuperSpider								   Not disinfected			   C:\WINDOWS\system32\winevl32.dll																																																								
Adware:adware/pornmagpass								   Not disinfected			   c:\windows\system32\ishost.exe																																																								  
Adware:adware/safetybar									 Not disinfected			   c:\documents and settings\all users\desktop\Online Security Guide.url																																														   
Adware:adware/sidesearch									Not disinfected			   Windows Registry																																																												
Potentially unwanted tool:Application/Processor			 Not disinfected			   C:\Documents and Settings\Maria\Desktop\VIRUS REMOVAL\VundoFix\process.exe																																												  
Potentially unwanted tool:Application/Processor			 Not disinfected			   C:\Documents and Settings\Maria\Desktop\VIRUS REMOVAL\VundoFix.exe[process.exe]																																												 
Adware:Adware/Maxifiles										Not disinfected			   C:\Documents and Settings\Maria\Local Settings\Temporary Internet Files\Content.IE5\OBCD2BEV\wlzip32[1].exe																																					 
Adware:Adware/Maxifiles									 Not disinfected			   C:\Program Files\Common Files\{38BBE4DF-05D0-1033-1121-030311110001}\Activate.exe																																											   
Adware:Adware/Maxifiles										Not disinfected			   C:\Program Files\Common Files\{38BBE4DF-05D0-1033-1121-030311110001}\MyToolBar.dll																																											  
Adware:Adware/DollarRevenue									Not disinfected			   C:\Program Files\Common Files\{38BBE4DF-05D0-1033-1121-030311110001}\Uninst.exe																																												 
Adware:Adware/Maxifiles										Not disinfected			   C:\Program Files\Common Files\{98BBE4DF-05D0-1033-1121-030311110001}\services.dll																																											   
Adware:Adware/Maxifiles										Not disinfected			   C:\Program Files\Common Files\{98BBE4DF-05D0-1033-1121-030311110001}\Update.exe																																												 
Potentially unwanted tool:Application/VSToolbar				Not disinfected			   C:\WINDOWS\system32\toqnivdw.exe																																																								
Spyware:Spyware/Virtumonde										Not disinfected			   C:\WINDOWS\system32\yxckplch.dll																																																								
Adware:Adware/Maxifiles										Not disinfected			   C:\WINDOWS\Temp\win2B.tmp.exe																																																								   

Edited by Zhariken, 11 October 2006 - 07:05 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP