Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ultimate cleaner, Zedo, proNomgr, system32, trojan.qhost.abh [RESOLVED

Started by ztastorm , Jan 31 2008 03:28 PM

  • This topic is locked This topic is locked

#16
kahdah
Posted 03 February 2008 - 11:22 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Post that log in your next reply.

(Note if you cannot open the log it produces then right click on it and choose rename.
Rename it to .txt and you will be able to open it)
  • 0

Advertisements

#17
ztastorm
Posted 03 February 2008 - 12:44 PM

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
ppctl.dll;C:\Program Files\Common Files\PestPatrol;Probably DLOADER.Trojan;;
SktInstall.exe;C:\Program Files\Verizon\Verizon Internet Security Suite;Probably BACKDOOR.Trojan;;
autorun.exe.vir;C:\QooBox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup;Trojan.Fakealert.origin;Incurable.Moved.;
printer.exe.vir;C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data;Trojan.Fakealert.origin;Incurable.Moved.;
findfast.exe.vir;C:\QooBox\Quarantine\C\Documents and Settings\Owner\Start Menu\Programs\Startup;Trojan.Fakealert.origin;Incurable.Moved.;
shell.exe.vir;C:\QooBox\Quarantine\C\WINDOWS;Trojan.Fakealert.origin;Incurable.Moved.;
000070.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.DownLoader.42622;Deleted.;
blbwjfev.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.260;Deleted.;
ecgwnony.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.269;Deleted.;
gbmalprl.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.269;Deleted.;
gfcplfmc.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Click.16975;Deleted.;
htmlbjef.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.260;Deleted.;
omcxsbxm.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.260;Deleted.;
printer.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Fakealert.origin;Incurable.Moved.;
sbjetysq.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Click.16975;Deleted.;
spoolvs.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Fakealert.origin;Incurable.Moved.;
wwlocmoh.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.260;Deleted.;
A0021262.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\Fifoed;Trojan.Inject.351;Cured.;
A0021263.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\Fifoed;Trojan.Inject.351;Cured.;
A0021264.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\Fifoed;Trojan.Inject.351;Cured.;
A0021269.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\Fifoed;Trojan.Inject.351;Cured.;
A0021270.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\Fifoed;Trojan.Inject.351;Cured.;
A0022593.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP259;Trojan.Fakealert.origin;Incurable.Moved.;
A0023298.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP259;Trojan.Fakealert.origin;Incurable.Moved.;
A0023301.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP259;Trojan.Fakealert.origin;Incurable.Moved.;
A0023315.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP260;Trojan.Fakealert.origin;Incurable.Moved.;
A0023316.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP260;Trojan.Fakealert.origin;Incurable.Moved.;
A0023317.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP260;Trojan.Fakealert.origin;Incurable.Moved.;
A0023318.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP260;Trojan.Fakealert.origin;Incurable.Moved.;
A0023320.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP260;Trojan.Winpop.origin;Incurable.Moved.;
A0023333.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP260;Trojan.Fakealert.origin;Incurable.Moved.;
A0023334.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP260;Trojan.Fakealert.origin;Incurable.Moved.;
A0023336.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP260;Trojan.Fakealert.origin;Incurable.Moved.;
A0023337.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP260;Trojan.Fakealert.origin;Incurable.Moved.;
A0023342.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP260;Trojan.Fakealert.origin;Incurable.Moved.;
A0023343.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP260;Trojan.Fakealert.origin;Incurable.Moved.;
A0023344.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP260;Trojan.DownLoader.38373;Deleted.;
A0023346.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP260;Trojan.DownLoader.38373;Deleted.;
A0023348.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP261;Trojan.Fakealert.origin;Incurable.Moved.;
A0023349.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP261;Trojan.Fakealert.origin;Incurable.Moved.;
A0023350.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP261;Trojan.Fakealert.origin;Incurable.Moved.;
A0023351.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP261;Trojan.Fakealert.origin;Incurable.Moved.;
A0023377.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP262;Trojan.Fakealert.origin;Incurable.Moved.;
A0023379.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP262;Trojan.Fakealert.origin;Incurable.Moved.;
A0023380.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP262;Trojan.Fakealert.origin;Incurable.Moved.;
A0023381.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP262;Trojan.Fakealert.origin;Incurable.Moved.;
A0023382.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP262;Trojan.Fakealert.origin;Incurable.Moved.;
A0023383.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP262;Trojan.Fakealert.origin;Incurable.Moved.;
A0023386.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP262;Trojan.DownLoader.42622;Deleted.;
A0023388.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP262;Trojan.Virtumod.260;Deleted.;
A0023393.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP262;Trojan.Virtumod.260;Deleted.;
A0023397.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP262;Trojan.Virtumod.260;Deleted.;
A0023406.bat;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP262;Probably BATCH.Virus;;
A0023409.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP262;Trojan.Virtumod.260;Deleted.;
A0023413.dll;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP262;Trojan.Virtumod.260;Deleted.;
A0023655.bat;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP263;Probably BATCH.Virus;;
A0023696.bat;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP263;Probably BATCH.Virus;;
A0023741.bat;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP264;Probably BATCH.Virus;;
park31.dll;C:\WINDOWS\system32;Trojan.PWS.Banker.origin;Incurable.Moved.;
KbdVolume.dll;C:\_OTMoveIt\MovedFiles\02032008_101638\WINDOWS\Installer\{e8b77ec8-465a-40a4-8183-16925a8cc28b};Trojan.Click.16772;Deleted.;
  • 0

#18
kahdah
Posted 03 February 2008 - 12:57 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
How are things running now any more Popups?
  • 0

#19
ztastorm
Posted 03 February 2008 - 02:59 PM

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
So far so good - haven't had anything pop up! Thankyou so much!
Is it all fixed now?
  • 0

#20
kahdah
Posted 03 February 2008 - 03:11 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Just to be safe I would like to run one more scan.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

  • 0

#21
ztastorm
Posted 03 February 2008 - 05:57 PM

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
It found more spyware:


Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Owner\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.com]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Owner\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0022593.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023298.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023301.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023315.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023316.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023317.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023318.exe
Adware:Adware/Matcash Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023320.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023333.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023334.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023336.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023337.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023342.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023343.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023348.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023349.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023350.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023351.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023377.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023379.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023380.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023381.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023382.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023383.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\autorun.exe.vir
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\findfast.exe.vir
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\printer.ex0.vir
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\printer.exe.vir
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\shell.exe.vir
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\spoolvs.exe.vir
Adware:Adware/UltimateCleaner Not disinfected C:\Program Files\ucleaner_setup.exe
Adware:Adware/UltimateDefender Not disinfected C:\Program Files\udefender_setup.exe
Adware:Adware/Matcash Not disinfected C:\QooBox\Quarantine\C\avenger\backup.zip.vir[avenger/Dot1XCfg/Dot1XCfg.exe]
Virus:Trj/Downloader.PLF Disinfected C:\QooBox\Quarantine\C\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\snapsnet.exe.vir
Adware:Adware/Yazzle Not disinfected C:\QooBox\Quarantine\C\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\yazzsnet.exe.vir
Possible Virus. Not disinfected C:\QooBox\Quarantine\C\Program Files\QdrDrive\qdrloader.exe.vir
Adware:Adware/Adband Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\000080.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\catchme2008-02-02_191129.98.zip[byxvtro.dll]
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\catchme2008-02-02_191129.98.zip[mljgf.dll]
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\catchme2008-02-02_191129.98.zip[omcxsbxm.dll]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\Nircmd.exe
  • 0

#22
kahdah
Posted 03 February 2008 - 06:38 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
All but the Ultimate defender ans Ultimate Cleaner has already been removed it found all other items in quarantine.
=================================
Please download RogueRemover by RubberDucky here.
  • Double-click rr-free-setup.exe to begin installing the program.
  • Follow the setup instructions for installation.
  • Double-click the RogueRemover icon on your desktop.
  • Once the program runs, select Check for Updates.
  • When prompted, select Check for Updates.
  • If prompted again, click Download to receive the latest updates.
  • When completed, close the update window.
  • Next, click Scan
  • If it detects anything, select to remove all objects found.
  • Close RogueRemover
=================
After that
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program Files\ucleaner_setup.exe 
C:\Program Files\udefender_setup.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Let me know if Rouge Remover finds anything and also post the OTMove it2 log.
  • 0

#23
ztastorm
Posted 03 February 2008 - 07:36 PM

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Rogue Remover found Ultimate Defender and Ultimate Cleaner..here is the OTMoveIT2 log:

C:\Program Files\ucleaner_setup.exe moved successfully.
C:\Program Files\udefender_setup.exe moved successfully.

OTMoveIt2 v1.0.17 log created on 02032008_203234



What should I do with all of these programs that I've downloaded so far to fix this problem? I have a bunch of desktop icons and I'm not sure what to do with them...
  • 0

#24
kahdah
Posted 03 February 2008 - 07:41 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
We will clean them up now.

You can uninstall SUperantispyware ,and rouge remover.
Remove dr.web also.

Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK


    • Posted Image

    The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Clean System Restore points.

Also delete anything that we used that is left over.
Also please delete your cookies.
You can do this by going to Start > Run type in cookies.
Delete all .txt files in there and empty your recycle bin again.
================================
After that one more scan is necessary to fininsh up.

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

  • 0

#25
ztastorm
Posted 03 February 2008 - 08:18 PM

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
everytime I try to run this new program a window pops up telling me there's an error and to close my browser. I'm going to try again..
  • 0

Advertisements

#26
kahdah
Posted 03 February 2008 - 08:20 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
There is probably an active x that you need to install first.
If it will not work then try the Panda scan again.
  • 0

#27
ztastorm
Posted 03 February 2008 - 08:24 PM

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
yeah i just tried again and it won't work..it downloads fine, but jams up when it tries to scan. I'll try panda now
  • 0

#28
ztastorm
Posted 04 February 2008 - 06:32 AM

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Incident Status Location

Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0022593.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023298.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023301.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023315.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023316.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023317.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023318.exe
Adware:Adware/Matcash Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023320.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023333.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023334.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023336.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023337.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023342.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023343.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023348.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023349.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023350.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023351.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023377.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023379.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023380.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023381.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023382.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0023383.exe
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\autorun.exe.vir
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\findfast.exe.vir
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\printer.ex0.vir
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\printer.exe.vir
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\shell.exe.vir
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\spoolvs.exe.vir
  • 0

#29
kahdah
Posted 04 February 2008 - 07:11 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Great looks good.
Please delete this folder C:\Documents and Settings\Owner\DoctorWeb
then empty your recycle bin.
==========================================
After that Fix these entries with Hijackthis if they are still present:

O21 - SSODL: KbdVolume - {e8b77ec8-465a-40a4-8183-16925a8cc28b} - C:\WINDOWS\Installer\{e8b77ec8-465a-40a4-8183-16925a8cc28b}\KbdVolume.dll
O21 - SSODL: zip - {88b75b04-eb80-454e-996d-bec86992f57f} - C:\WINDOWS\Installer\{88b75b04-eb80-454e-996d-bec86992f57f}\zip.dll

then close Hijackthis.
If they are not present then disregard.
==============================
After that :
Then I will need you to reset your System Restore points, please note that you will need to log into your computer with an account which has full administrator access.
You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
Click on *Start
Right-click *My Computer
Click *Properties
Click the *System Restore tab
Check *Turn off System Restore
Click *Apply, and then click *OK.

2. Reboot.

3. Turn ON System Restore.
Click on *Start
Right-click *My Computer
Click *Properties
*UN-Check *Turn off System Restore*
Check *Turn on System Restore
Click *Apply, and then click *OK.


How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb;en-us;310405
=====================
After that Your log is clean. :)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
  • 0

#30
ztastorm
Posted 04 February 2008 - 08:33 PM

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Thank you so much for your all of your help and patience!!! :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP