Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan has taken over Chicago


  • Please log in to reply

#1
Peelymonster

Peelymonster

    Member

  • Member
  • PipPip
  • 31 posts
Hi G2G! :blink:

I'm hoping you can help - we got this Trojan about 6 weeks ago. This is the first time I've had to really work on it. I followed your steps and here are my results:

ATF Cleaner - Would not download (one of the issues with this particular trojan is it messes up our internet)
System Restore - created a system restore. Also have Registry Mechanic which creates a system restore.
AVG Anti-Spyware - Ran this program, but it did NOT create a report.
SUPERAntiSpyware Home Edition - Ran this program - report is attached
Panda Activescan - Gave me the download screen, but did not download anything
Windows Update - pulled the latest, already have it setup for automatic updates
Hijack This - Ran this program - report is attached

FYI - In addition to Registry Mechanic, I also run Norton Internet Security 2006, AdAware, Spybot Search & Destroy, CleanUp & CWShredder. None of these have been able to fix this trojan. Here is the name of the Trojan as identified by Norton: Mlsdf8h6764984.exe.

Please let me know what I need to do to get this rascal off my pc. Thanks! :whistling:

SUPERAntiSpyware Scan Log
Generated 12/26/2006 at 12:44 PM

Application Version : 3.4.1000

Core Rules Database Version : 3143
Trace Rules Database Version: 1159

Scan type : Complete Scan
Total Scan Time : 03:12:40

Memory items scanned : 523
Memory threats detected : 0
Registry items scanned : 4698
Registry threats detected : 34
File items scanned : 145084
File threats detected : 8

Adware.Viewpoint Toolbar
HKLM\Software\Classes\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\InProcServer32
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\InProcServer32#ThreadingModel
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\ProgID
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\Programmable
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\TypeLib
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\VersionIndependentProgID
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Peel Family - Admin\Cookies\peel family - admin@interclick[2].txt
C:\Documents and Settings\Peel Family - Admin\Cookies\peel family - admin@statcounter[1].txt

Adware.180solutions/ZangoSearch
HKCR\SAIX.InstallerCaller
HKCR\SAIX.InstallerCaller\CLSID
HKCR\SAIX.InstallerCaller\CurVer
HKCR\SAIX.InstallerCaller.1
HKCR\SAIX.InstallerCaller.1\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SAIX.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SAIX.dll#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SAIX.dll#{DECEAAA2-370A-49BB-9362-68C3A58DDC62}

Adware.QuickLinks
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quicklinks
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quicklinks#DisplayName

Trojan.cmdService
HKLM\SYSTEM\CurrentControlSet\Services\cmdService
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Type
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc

Adware.Unknown Origin
C:\PROGRAM FILES\COMMON FILES\KROF\KROFD\CLASS-BARREL

Trojan.Downloader-Gen/SK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3046FB0E-23DA-444A-B309-38C3377047CB}\RP899\A0135532.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3046FB0E-23DA-444A-B309-38C3377047CB}\RP920\A0139810.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3046FB0E-23DA-444A-B309-38C3377047CB}\RP931\A0143054.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3046FB0E-23DA-444A-B309-38C3377047CB}\RP934\A0144134.EXE


=====================
Attached File  HiJackThis_log.txt   10.07KB   63 downloads

Edit: Attach HJT log

Edited by wannabe1, 26 December 2006 - 08:50 PM.

  • 0

Advertisements


#2
Dwight

Dwight

    Member

  • Member
  • PipPipPip
  • 480 posts
Hi Peelymonster. Please go to malware forum and follow the instructions at the top
Specially the CLICK HERE.
That will give you several steps that will help you clean up 70 percent of
all problems by yourself. If at the end of the process you are still having
difficulty and you may not be
Then post a hijackthis log in THAT forum.
Click Here before posting a Hijack This log.
http://geekstogo.com...o_Here-f37.html

Please be patient it may take some time before one of the
experts can address you problem.

If you are still having problems after getting a clean bill of health from
the malware expert, please return to this thread.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP