Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Worm.Brontok.c/eksplorasi.exe

Started by maldo , Feb 07 2007 06:01 PM

  • This topic is locked This topic is locked

#1
maldo
Posted 07 February 2007 - 06:01 PM

maldo

    New Member

  • Member
  • Pip
  • 1 posts
Hello,

Everytime I start my computer I get a message saying that eksplorasi.exe was not found.
Also, I'm not able to run regedit or regedt32, it says that the administrator has disabled the modification of the Registry, and this is an administrator account.

I followed all the instructions you guys have for before posting a message, and apparently my system is still infected with something and I don't know what it is.

Your help is much appreciated.

Here are the logs I got after completing the first 5 steps you guys suggested:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 02:55:37 p.m. 06/02/2007

+ Scan result:

C:\Documents and Settings\Alejandra\Configuración local\Temp\Cookies\alejandra@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP59\A0006309.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP59\A0006310.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP59\A0006311.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP59\A0006312.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP59\A0006313.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP59\A0006314.com -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP59\A0006315.scr -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP59\A0006316.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP59\A0006317.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP59\A0006318.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP59\A0006331.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP59\A0006332.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP59\A0006333.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP59\A0006334.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP59\A0006335.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP59\A0006336.com -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP59\A0006337.scr -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP59\A0006338.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP59\A0006339.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP59\A0006348.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP60\A0006367.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP60\A0006368.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP60\A0006369.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP60\A0006370.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP60\A0006371.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP60\A0006426.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP60\A0006427.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP60\A0006428.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP60\A0006429.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP60\A0006430.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP60\A0006431.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP60\A0006432.pif -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP60\A0006433.com -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP60\A0006434.scr -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP60\A0006435.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006448.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006449.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006450.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006451.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006452.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006459.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006460.pif -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006461.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006462.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006465.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006466.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006467.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006468.com -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006469.COM -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006470.EXE -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006471.EXE -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006472.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006473.EXE -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006474.EXE -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006475.COM -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006476.EXE -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006477.EXE -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006478.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006479.EXE -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006480.EXE -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006481.COM -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006482.EXE -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006483.EXE -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006484.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006485.EXE -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006486.EXE -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006487.COM -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006488.EXE -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006489.EXE -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006490.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006491.EXE -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006492.EXE -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006493.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006494.COM -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006495.COM -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006496.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006497.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006498.exe -> Worm.Brontok.c : Cleaned.
C:\System Volume Information\_restore{D6BC9DDF-8D40-4F59-9D43-882AA4E3C6B3}\RP61\A0006499.scr -> Worm.Brontok.c : Cleaned.

::Report end



Panda Activescan results:

Incident Status Location

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Alejandra.CHILA\Cookies\alejandra@doubleclick[1].txt

HijackThis report:
Logfile of HijackThis v1.99.1
Scan saved at 05:09:30 p.m., on 07/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\Archivos de programa\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Archivos de programa\HPQ\Quick Launch Buttons\EabServr.exe
C:\Archivos de programa\Java\jre1.5.0_10\bin\jusched.exe
C:\Archivos de programa\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\HPQ\Shared\hpqwmi.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Documents and Settings\Alejandra.CHILA\Mis documentos\Limpiar compu Chila\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
O1 - Hosts: "http://www.w3.org/TR...ml4/loose.dtd">
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <script LANGUAGE="JavaScript">
O1 - Hosts: <!--
O1 - Hosts: if (window != top)
O1 - Hosts: top.location.href = location.href;
O1 - Hosts: // -->
O1 - Hosts: </script>
O1 - Hosts: <title>Site Unavailable</title>
O1 - Hosts: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
O1 - Hosts: <style type="text/css">
O1 - Hosts: body{text-align:center;}
O1 - Hosts: .geohead {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;width:750px;margin:10px 0 10px 0;height:35px;}
O1 - Hosts: .geohead #geologo {width:270px;display:block; float:left; }
O1 - Hosts: .geohead #rightside {width:480px;display:block; float:right;border-bottom:1px solid #999999; height:27px;}
O1 - Hosts: .geohead #rightside #welcome {width:50%;display:block; float:left; text-align:left;}
O1 - Hosts: .geohead #rightside #wlinks {width:50%;display:block; float:right; text-align:right;}
O1 - Hosts: .ftr { margin:0px; color:#404040; font:x-small Arial,sans-serif; text-align:center; width:750px;}
O1 - Hosts: .bodywrap{display:block;height:470px;}
O1 - Hosts: .bodycnt{width:510px; display:block; float:left; background-color:#EEE9F5; height:auto; text-align:left; font-family:Arial, Helvetica, sans-serif;font-size:13px; color:#000000; padding:20px 20px 35px 20px;}
O1 - Hosts: .title { font-family:Arial, Helvetica, sans-serif; font-weight:bold; font-size:24px; color:#7C56A9}
O1 - Hosts: .adcnt{width:172px; display:block; float:right; text-align:left;cursor:pointer;cursor:hand;}
O1 - Hosts: .adcnt td {text-align:left;}
O1 - Hosts: .adsubt{font-size:10px; font-family:verdana; font-weight:bold; color:#b4b4b4; cursor:default;margin-top:5px;}
O1 - Hosts: .ybadge { font-family: Verdana, Arial, Helvetica, sans-serif; font-size:10px; color: #666666; margin-top:10px;}
O1 - Hosts: .ybadge img {margin-top:6px;}
O1 - Hosts: .adtable {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;border: 1px solid #d6dbe7; background-color:#eff7ff; padding:3px; margin-bottom:10px; width:172px;}
O1 - Hosts: .adttl{font-weight:bold;margin-bottom:3px;}
O1 - Hosts: .addescr{color:#6b6b6b; margin-bottom:3px;}
O1 - Hosts: .adlink a {color:#008200; text-decoration:none;}
O1 - Hosts: </style>
O1 - Hosts: </head>
O1 - Hosts: <body>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE -->
O1 - Hosts: <div id="maincnt">
O1 - Hosts: <div class="geohead"><div id="geologo"><a href="http://geocities.yah...yahoo.com"><img height=33 alt="Yahoo! GeoCities" src="http://us.i1.yimg.co...a/ma_geo_1.gif" width=259 border=0></a></div>
O1 - Hosts: <div id="rightside"><div id="wlinks"><a href="http://geocities.yah....com">GeoCities Home</a> - <a href="http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.co...>Help</a></div>
O1 - Hosts: </div></div>
O1 - Hosts: <div class="bodywrap">
O1 - Hosts: <div class="bodycnt">
O1 - Hosts: <div class="title">Sorry, this GeoCities site is currently unavailable.</div>
O1 - Hosts: <p>The GeoCities web site you were trying to view has temporarily exceeded its data transfer limit. Please try again later. </p>
O1 - Hosts: <p>Are you the site owner?
O1 - Hosts: Avoid service interruptions in the future by increasing your data transfer limit!
O1 - Hosts: <a href="http://help.yahoo.co...ansfer-05.html" target="_blank">Find out how.</a> </p>
O1 - Hosts: <p><a href="http://help.yahoo.co.../geo/transfer/" target="_blank">Learn more about data transfer.</a></p>
O1 - Hosts: </div>
O1 - Hosts: <div class="adcnt">
O1 - Hosts: <a target="_top" href="http://geocities.yah...yahoo.com"><img src="http://us.i1.yimg.co...ast_small2.gif" alt="Yahoo! GeoCities" border="0" height="15" hspace="0" vspace="0" width="141"></a>
O1 - Hosts: <div class="adsubt">SPONSORED LINKS</div>
O1 - Hosts: <!--<table width="172" border="0" bgcolor="#FFFFFF" class="adtable"><tr><td align=left>-->
O1 - Hosts: <div class="adtable">
O1 - Hosts: <div class="adttl" title="Reliable plans include domain &amp; 24x7 support."><a href="http://pa.yahoo.com/...com/webhosting" target="_blank">Yahoo! Web Hosting<br>
O1 - Hosts: $25 Setup Waived</a></div>
O1 - Hosts: <div class="addescr" title="Reliable plans include domain &amp; 24x7 support.">Reliable plans include domain &amp; 24x7 support.</div>
O1 - Hosts: <div class="adlink" title="Reliable plans include domain &amp; 24x7 support."><a href="http://pa.yahoo.com/...com/webhosting" target="_blank">webhosting.yahoo.com</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="adtable">
O1 - Hosts: <div class="adttl" title="Reliable plans include domain &amp; 24x7 support."><a href="http://pa.yahoo.com/...o.com/domains/" target="_blank">Domain Names from Yahoo! only $9.95/yr</a></div>
O1 - Hosts: <div class="addescr" title="Includes starter web page, email & domain forwarding, 24x7 support.">Includes starter web page, email & domain forwarding, 24x7 support.</div>
O1 - Hosts: <div class="adlink" title="Includes starter web page, email & domain forwarding, 24x7 support."><a href="http://pa.yahoo.com/...o.com/domains/" target="_blank">domains.yahoo.com</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="adtable">
O1 - Hosts: <div class="adttl" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="http://pa.yahoo.com/...yahoo.com/mail" target="_blank">Yahoo! Business Email<br> Domain Included</a></div>
O1 - Hosts: <div class="addescr" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.">Setup fee waived. Up to 10 emails, SpamGuard, forwarding &amp; virus scanning.</div>
O1 - Hosts: <div class="adlink" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="http://pa.yahoo.com/...yahoo.com/mail" target="_blank">smallbusiness.yahoo.com</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="adtable">
O1 - Hosts: <div class="adttl" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="http://pa.yahoo.com/...o.com/merchant" target="_blank">Ecommerce from Yahoo!<br> 1 Month Free</a></div>
O1 - Hosts: <div class="addescr" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support.">$50 setup fee waived. A reliable ecommerce plan, 24x7 support.</div>
O1 - Hosts: <div class="adlink" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="http://pa.yahoo.com/...o.com/merchant" target="_blank">smallbusiness.yahoo.com</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="ybadge">
O1 - Hosts: Get your own web site at <br><a target="_top" href="http://geocities.yah...ahoo.com">Yahoo! GeoCities</a>
O1 - Hosts: <a href="http://smallbusiness...om/webhosting/" target="_top"><img src="http://us.i1.yimg.co...dby_purp_2.gif" alt="Hosted by Yahoo! Web Hosting" align="middle" border="0" height="31" width="88"></a>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class=ftr>
O1 - Hosts: <hr size=1 width=100%>
O1 - Hosts: Copyright &copy;
O1 - Hosts: 2005 Yahoo! Inc. All rights reserved<br>
O1 - Hosts: <a href="http://privacy.yahoo...s/geo/">Privacy Policy</a>
O1 - Hosts: - <a href="http://docs.yahoo.co...html">Copyright Policy</a>
O1 - Hosts: - <a href="http://docs.yahoo.co...>Guidelines</a>
O1 - Hosts: - <a href="http://docs.yahoo.co...rms.html">Terms of Service</a>
O1 - Hosts: - <a href="http://help.yahoo.co.../geo/">Help</a>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </body>
O1 - Hosts: </html>
O1 - Hosts: <!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet>
O1 - Hosts: <IMG SRC="http://geo.yahoo.com...07856&f=us-w59" ALT=1 WIDTH=1 HEIGHT=1>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Archivos de programa\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Archivos de programa\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Archivos de programa\hp LaserJet 1000\fwdl.exe
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\sempalong.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\ARCHIV~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\Alejandra.CHILA\Configuración local\Datos de programa\smss.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Archivos de programa\HPQ\Shared\hpqwmi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\ARCHIV~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe



Uninstall_list report
Actualización de seguridad para el Reproductor de Windows Media (KB911564)
Actualización de seguridad para el Reproductor de Windows Media 10 (KB917734)
Actualización de seguridad para el Reproductor de Windows Media 6.4 (KB925398)
Actualización de seguridad para Windows Internet Explorer 7 (KB929969)
Actualización de seguridad para Windows XP (KB890046)
Actualización de seguridad para Windows XP (KB893756)
Actualización de seguridad para Windows XP (KB896358)
Actualización de seguridad para Windows XP (KB896423)
Actualización de seguridad para Windows XP (KB896424)
Actualización de seguridad para Windows XP (KB896428)
Actualización de seguridad para Windows XP (KB899587)
Actualización de seguridad para Windows XP (KB899591)
Actualización de seguridad para Windows XP (KB900725)
Actualización de seguridad para Windows XP (KB901017)
Actualización de seguridad para Windows XP (KB901214)
Actualización de seguridad para Windows XP (KB902400)
Actualización de seguridad para Windows XP (KB904706)
Actualización de seguridad para Windows XP (KB905414)
Actualización de seguridad para Windows XP (KB905749)
Actualización de seguridad para Windows XP (KB908519)
Actualización de seguridad para Windows XP (KB911562)
Actualización de seguridad para Windows XP (KB911567)
Actualización de seguridad para Windows XP (KB911927)
Actualización de seguridad para Windows XP (KB912919)
Actualización de seguridad para Windows XP (KB913580)
Actualización de seguridad para Windows XP (KB914388)
Actualización de seguridad para Windows XP (KB914389)
Actualización de seguridad para Windows XP (KB917344)
Actualización de seguridad para Windows XP (KB917422)
Actualización de seguridad para Windows XP (KB917953)
Actualización de seguridad para Windows XP (KB918439)
Actualización de seguridad para Windows XP (KB918899)
Actualización de seguridad para Windows XP (KB919007)
Actualización de seguridad para Windows XP (KB920213)
Actualización de seguridad para Windows XP (KB920214)
Actualización de seguridad para Windows XP (KB920670)
Actualización de seguridad para Windows XP (KB920683)
Actualización de seguridad para Windows XP (KB920685)
Actualización de seguridad para Windows XP (KB921398)
Actualización de seguridad para Windows XP (KB921883)
Actualización de seguridad para Windows XP (KB922616)
Actualización de seguridad para Windows XP (KB922760)
Actualización de seguridad para Windows XP (KB922819)
Actualización de seguridad para Windows XP (KB923191)
Actualización de seguridad para Windows XP (KB923414)
Actualización de seguridad para Windows XP (KB923689)
Actualización de seguridad para Windows XP (KB923694)
Actualización de seguridad para Windows XP (KB923980)
Actualización de seguridad para Windows XP (KB924191)
Actualización de seguridad para Windows XP (KB924270)
Actualización de seguridad para Windows XP (KB924496)
Actualización de seguridad para Windows XP (KB925454)
Actualización de seguridad para Windows XP (KB925486)
Actualización de seguridad para Windows XP (KB926255)
Actualización para Windows XP (KB894391)
Actualización para Windows XP (KB898461)
Actualización para Windows XP (KB900485)
Actualización para Windows XP (KB904942)
Actualización para Windows XP (KB908531)
Actualización para Windows XP (KB910437)
Actualización para Windows XP (KB911280)
Actualización para Windows XP (KB916595)
Actualización para Windows XP (KB920872)
Actualización para Windows XP (KB922582)
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1 - Español
Apple Software Update
AVG Anti-Spyware 7.5
Broadcom 802.11 Wireless LAN Adapter
CC_ccStart
ccCommon
Conexant AC-Link Audio
HijackThis 1.99.1
Hotfix for Windows XP (KB915865)
HP Deskjet 6500 Series
HP Help and Support
hp LaserJet 1000
HP Software Update
HP User Guides 0001
HP Wireless Assistant
Intel® Graphics Media Accelerator Driver for Mobile
InterVideo WinDVD
iTunes
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 9
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 1.1 Spanish Language Pack
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
MSRedist
muvee autoProducer 4.0 - SE
Norton AntiVirus 2004 Professional
Norton AntiVirus 2004 Professional (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Panda ActiveScan
Quick Launch Buttons 5.10 B2
QuickTime
REALTEK Gigabit and Fast Ethernet NIC Driver
Reproductor de Windows Media 10
Revisión de Windows XP - KB873333
Revisión de Windows XP - KB873339
Revisión de Windows XP - KB884575
Revisión de Windows XP - KB885250
Revisión de Windows XP - KB885464
Revisión de Windows XP - KB885835
Revisión de Windows XP - KB885836
Revisión de Windows XP - KB885855
Revisión de Windows XP - KB885884
Revisión de Windows XP - KB886185
Revisión de Windows XP - KB887472
Revisión de Windows XP - KB888113
Revisión de Windows XP - KB888239
Revisión de Windows XP - KB888302
Revisión de Windows XP - KB890047
Revisión de Windows XP - KB890175
Revisión de Windows XP - KB890859
Revisión de Windows XP - KB891781
Revisión para Windows XP (KB914440)
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SUPERAntiSpyware Free Edition
Symantec Script Blocking Installer
SymNet
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime


Thanks in advance for your help.
  • 0

Advertisements

#2
miekiemoes
Posted 08 February 2007 - 08:27 AM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hello,

Looks like Brontok is already removed from your system, only some registry leftovers are remaining... so we'll get rid of them.

But first, * Download: HostsXpert
Unzip hoster to an own folder, eg C:\HostsXpert
Start Hoster.exe, click 'Restore Original Hosts' and click OK.

Then,
* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\sempalong.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\Alejandra.CHILA\Configuración local\Datos de programa\smss.exe"
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!
Don't worry if you get an error in Hijackthis.

Also run this removal tool to deal with some leftovers + restores registry keys:
http://[email protected]

Then reboot and post a new Hijackthislog in your next reply.
  • 0

#3
miekiemoes
Posted 17 February 2007 - 08:10 AM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP