Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HJT log

Started by blackstone , Feb 28 2008 12:38 PM

  • Please log in to reply

#16
Ryan
Posted 01 March 2008 - 11:54 PM

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
One of the items that was detected was a keylogger. I recommend that you change passwords to any online account you have from a clean computer. If you perform any secure action online such as banking, ebay/auction, or use PayPal, I recommend that you keep an eye on those accounts for a couple of months.

(Keylogger) Please delete the following file: C:\Documents and Settings\Larry\Desktop\Video Tools\Super Video Suite\Download_AVSVideoToolsTrial.exe

For the rest of the files, it is up to you whether you want to delete them or not. I recommend that you do delete them unless you absolutely need the files. Next to each infection is a link to more information about it.

Infected: Trojan-Clicker.HTML.IFrame.jr http://research.sunb...threatid=163243

C:\Internet Marketing\Websites\Dan Kennedy A-Z\Dan Kennedy A-Z\120\disclaimer.htm
C:\Internet Marketing\Websites\Dan Kennedy A-Z\Dan Kennedy A-Z\120\earnings.htm
C:\Internet Marketing\Websites\Dan Kennedy A-Z\Dan Kennedy A-Z\120\privacy.htm
C:\Internet Marketing\Websites\Dan Kennedy A-Z\Dan Kennedy A-Z\120\tos.htm



Infected: Exploit.PHP.Deftool.e http://research.sunb...;threatid=49814

C:\Internet Marketing\ClickAdsPro\clickadsprolite\clickadsprolite\admin.php
C:\Internet Marketing\ClickAdsPro\clickadsprolite\clickadsprolite\ads.php
C:\Internet Marketing\ClickAdsPro\clickadsprolite\clickadsprolite\generate.php
C:\Internet Marketing\CB Ads Genie\cbadsgenie\generate.php
C:\Internet Marketing\CB Ads Genie\cbadsgenie\ads.php
C:\Internet Marketing\CB Ads Genie\cbadsgenie\admin.php
C:\Internet Marketing\Master resell rights\cbadsgenie\generate.php
C:\Internet Marketing\Master resell rights\cbadsgenie\ads.php
C:\Internet Marketing\Master resell rights\cbadsgenie\admin.php
C:\Internet Marketing\Master resell rights\clickadsprolite\admin.php
C:\Internet Marketing\Master resell rights\clickadsprolite\ads.php
C:\Internet Marketing\Master resell rights\clickadsprolite\generate.php
C:\Documents and Settings\Larry\Desktop\Downloads\NicheContentWebsites\free-members-317\free-give-away-content\fashion-school-site\flags.php
C:\Documents and Settings\Larry\Desktop\Downloads\NicheContentWebsites\free-members-317\free-give-away-content\fashion-school-site\lang.php



Old Backups

C:\Old Computer\old C\WINDOWS\SYSTEM\PussyHigh-uninstall.exe
C:\Old Computer\old C\WINDOWS\SYSTEM\SYSsfitb.dll
C:\Old Computer\old C\E\Reseller\Dan Kennedy A-Z\120\disclaimer.htm
C:\Old Computer\old C\E\Reseller\Dan Kennedy A-Z\120\earnings.htm
C:\Old Computer\old C\E\Reseller\Dan Kennedy A-Z\120\privacy.htm
C:\Old Computer\old C\E\Reseller\Dan Kennedy A-Z\120\tos.htm




== Remove Programs ==

Please go to Add/Remove Programs in the Control Panel, and remove the following programs
ewido security suite (is now AVG AntiSpyware)
J2SE Runtime Environment 5.0 Update 11
And any program that you did not install and/or wish to remove.
Reboot your computer.


== Install Latest Java ==

Please go to THIS page, and click on the Download link that is in the Java Runtime Environment (JRE) 6 section.

Click the radio button next to Accept License Agreement after reviewing it. The page will refresh - this is normal.

Download the Windows Offline Installation, Multi-language. You will want to save this to a location you will remember.

Once it has finished downloading, double click it, and follow the prompts to install.

If it asks to reboot, select Yes.

Post a new HiJack This log.

-Ryan
  • 0

Advertisements

#17
blackstone
Posted 02 March 2008 - 06:12 AM

blackstone

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts
Thanks, again. Ryan
Trend Micro keeps showing a TROJ_Generic.ADV
called owcstp16.dll
I did a search and couldn't find anything conclusive. Is this a necessary file and can/should it be deleted?
I'll get busy on the others
Larry
  • 0

#18
Ryan
Posted 02 March 2008 - 10:36 AM

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Please go to http://www.uploadmalware.com and submit the file so I can take a look it. Also, if you did not submit the c:\windows\system32\cmd32.exe file, also submit that one.

-Ryan
  • 0

#19
blackstone
Posted 02 March 2008 - 10:57 AM

blackstone

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts
Ryan, uploaded the 2 files

Also, got rid of the keylogger, removed the programs and am about to dl the Java.
Still working on the EXploit and old backups

Thanks, again

Larry

PS uploaded under username larryfoster
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP