Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

worm.win32.skynet

Started by bigjohnson8778 , Jan 31 2008 06:46 AM

  • Please log in to reply

#16
bigjohnson8778
Posted 11 February 2008 - 05:54 PM

bigjohnson8778

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
its cool man, heres the results

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Mon 02/11/2008
The current time is: 17:45:53.03


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\DELLSU~1\BAK

03/15/2007 10:09 AM 460,784 DSAgnt.exe
1 File(s) 460,784 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

10/13/2004 10:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

06/08/2006 06:38 AM 98,304 qttask.exe
1 File(s) 98,304 bytes

Directory of C:\PROGRA~1\ANALOG~1\CORE\BAK

10/14/2004 06:42 PM 1,404,928 smax4pnp.exe
1 File(s) 1,404,928 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK

08/22/2007 04:43 AM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes

Directory of C:\PROGRA~1\MCAFEE\SPAMKI~1\BAK

07/12/2005 06:05 PM 1,117,184 MSKDetct.exe
1 File(s) 1,117,184 bytes

Directory of C:\PROGRA~1\MI1933~1\OFFICE12\BAK

10/26/2006 11:47 PM 31,016 GrooveMonitor.exe
1 File(s) 31,016 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~2.0\READER\BAK

03/30/2006 03:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

06/10/2005 09:44 AM 81,920 issch.exe
06/10/2005 09:44 AM 249,856 isuspm.exe
2 File(s) 331,776 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

05/17/2007 10:29 AM 185,896 realsched.exe
1 File(s) 185,896 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

07/12/2007 03:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

460784 Mar 15 2007 "C:\Program Files\DellSupport\DSAgnt.exe"
460784 Mar 15 2007 "C:\Program Files\DellSupport\bak\DSAgnt.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\msmsgs.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
98304 Jun 8 2006 "C:\Program Files\QuickTime\qttask.exe"
98304 Jun 8 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
1404928 Oct 14 2004 "C:\drivers\audio\onboard\SMax4PNP.exe"
1404928 Oct 14 2004 "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
1404928 Oct 14 2004 "C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
40960 Aug 21 2007 "C:\Program Files\Google\googletoolbar1user.exe"
1476152 Feb 22 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
68856 Aug 22 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
1145896 May 17 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138168 Aug 22 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 Aug 22 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
1117184 Jul 12 2005 "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe"
1117184 Jul 12 2005 "C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe"
65824 Oct 26 2006 "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"
31016 Oct 26 2006 "C:\Program Files\Microsoft Office\Office12\bak\GrooveMonitor.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
81920 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"
81920 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
185896 May 17 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185896 May 17 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
32881 Nov 19 2003 "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"


end of report
  • 0

Advertisements

#17
loophole
Posted 12 February 2008 - 04:06 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Not sure why its not replacing the files so we will do it manually

Open notepad and copy/paste the text in RED below into it:

@echo off
If exist "C:\Program Files\DellSupport\DSAgnt.exe" del /q "C:\Program Files\DellSupport\DSAgnt.exe"
copy "C:\Program Files\DellSupport\bak\DSAgnt.exe" "C:\Program Files\DellSupport"
If exist "C:\Program Files\Messenger\msmsgs.exe" del /q "C:\Program Files\Messenger\msmsgs.exe"
copy ""C:\Program Files\Messenger\bak\msmsgs.exe" "C:\Program Files\Messenger"
If exist "C:\Program Files\QuickTime\qttask.exe" del /q "C:\Program Files\QuickTime\qttask.exe"
copy "C:\Program Files\QuickTime\bak\qttask.exe" "C:\Program Files\QuickTime"
If exist "C:\Program Files\Analog Devices\Core\smax4pnp.exe" del /q "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
copy "C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe" "C:\Program Files\Analog Devices\Core"
If exist "C:\Program Files\QuickTime\qttask.exe" del /q "C:\Program Files\QuickTime\qttask.exe"
copy "C:\Program Files\QuickTime\bak\qttask.exe" "C:\Program Files\QuickTime"
If exist "C:\Program Files\Google\GoogleToolbarNotifier" del /q "C:\Program Files\Google\GoogleToolbarNotifier"
copy "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe" "C:\WINDOWS\system32"
If exist "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" del /q "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe"
copy "C:\Program Files\McAfee\SpamKiller\Bak\MSKDetct.exe" "C:\Program Files\McAfee\SpamKiller"
If exist "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" del /q "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"
copy "C:\Program Files\Microsoft Office\Office12\Bak\GrooveAuditService.exe"" "C:\Program Files\Microsoft Office\Office12"
If exist "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" del /q "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"
copy "C:\Program Files\Adobe\Acrobat 7.0\Reader\Bak\AdobeUpdateManager.exe" "C:\Program Files\Adobe\Acrobat 7.0"
If exist "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" del /q "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"
copy "C:\Program Files\Common Files\InstallShield\UpdateService\Bak\issch.exe" "C:\Program Files\Common Files\InstallShield"
If exist C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" del /q C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe"
copy C:\Program Files\Common Files\InstallShield\UpdateService\Bak\isuspm.exe" C:\Program Files\Common Files\InstallShield"
If exist "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" del /q "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
copy "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe" "C:\Program Files\Common Files\Real\Update_OB"
If exist "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" del /q "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
copy "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe" "C:\Program Files\Java\jre1.6.0_02\bin"
exit

Save this as runme.bat, Change the "save as" to all files

You should have a new fgile on your desktop.

Reboot the computer into safemode. Continually tap the F8 key as the system is booting, choose safemode when presented with the option.

Double click the runme.bat, a black screen will appear and disappear quickly.

Reboot into normal windows and run option one of Find AWF again
  • 0

#18
bigjohnson8778
Posted 13 February 2008 - 01:11 AM

bigjohnson8778

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Wed 02/13/2008
The current time is: 1:05:19.90


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\DELLSU~1\BAK

03/15/2007 10:09 AM 460,784 DSAgnt.exe
1 File(s) 460,784 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

10/13/2004 10:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

06/08/2006 06:38 AM 98,304 qttask.exe
1 File(s) 98,304 bytes

Directory of C:\PROGRA~1\ANALOG~1\CORE\BAK

10/14/2004 06:42 PM 1,404,928 smax4pnp.exe
1 File(s) 1,404,928 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK

08/22/2007 04:43 AM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes

Directory of C:\PROGRA~1\MCAFEE\SPAMKI~1\BAK

07/12/2005 06:05 PM 1,117,184 MSKDetct.exe
1 File(s) 1,117,184 bytes

Directory of C:\PROGRA~1\MI1933~1\OFFICE12\BAK

10/26/2006 11:47 PM 31,016 GrooveMonitor.exe
1 File(s) 31,016 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~2.0\READER\BAK

03/30/2006 03:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

06/10/2005 09:44 AM 81,920 issch.exe
06/10/2005 09:44 AM 249,856 isuspm.exe
2 File(s) 331,776 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

05/17/2007 10:29 AM 185,896 realsched.exe
1 File(s) 185,896 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

07/12/2007 03:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

460784 Mar 15 2007 "C:\Program Files\DellSupport\DSAgnt.exe"
460784 Mar 15 2007 "C:\Program Files\DellSupport\bak\DSAgnt.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
98304 Jun 8 2006 "C:\Program Files\QuickTime\qttask.exe"
98304 Jun 8 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
1404928 Oct 14 2004 "C:\drivers\audio\onboard\SMax4PNP.exe"
1404928 Oct 14 2004 "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
1404928 Oct 14 2004 "C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
40960 Aug 21 2007 "C:\Program Files\Google\googletoolbar1user.exe"
68856 Aug 22 2007 "C:\WINDOWS\system32\GoogleToolbarNotifier.exe"
1476152 Feb 22 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
1145896 May 17 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138168 Aug 22 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 Aug 22 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
1117184 Jul 12 2005 "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe"
1117184 Jul 12 2005 "C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe"
31016 Oct 26 2006 "C:\Program Files\Microsoft Office\Office12\bak\GrooveMonitor.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\AdobeUpdateManager.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
81920 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\issch.exe"
81920 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
185896 May 17 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185896 May 17 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
32881 Nov 19 2003 "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"


end of report
  • 0

#19
loophole
Posted 13 February 2008 - 06:30 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
.

That looks better, how are tings running?
  • 0

#20
bigjohnson8778
Posted 13 February 2008 - 10:53 AM

bigjohnson8778

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
pretty much like normal, another question, what can i do to better protect myself? i have norton right now but thats it. Anything else youd recommend?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP