Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HJT log


  • Please log in to reply

#16
Ryan

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
One of the items that was detected was a keylogger. I recommend that you change passwords to any online account you have from a clean computer. If you perform any secure action online such as banking, ebay/auction, or use PayPal, I recommend that you keep an eye on those accounts for a couple of months.

(Keylogger) Please delete the following file: C:\Documents and Settings\Larry\Desktop\Video Tools\Super Video Suite\Download_AVSVideoToolsTrial.exe

For the rest of the files, it is up to you whether you want to delete them or not. I recommend that you do delete them unless you absolutely need the files. Next to each infection is a link to more information about it.

Infected: Trojan-Clicker.HTML.IFrame.jr http://research.sunb...threatid=163243

C:\Internet Marketing\Websites\Dan Kennedy A-Z\Dan Kennedy A-Z\120\disclaimer.htm
C:\Internet Marketing\Websites\Dan Kennedy A-Z\Dan Kennedy A-Z\120\earnings.htm
C:\Internet Marketing\Websites\Dan Kennedy A-Z\Dan Kennedy A-Z\120\privacy.htm
C:\Internet Marketing\Websites\Dan Kennedy A-Z\Dan Kennedy A-Z\120\tos.htm



Infected: Exploit.PHP.Deftool.e http://research.sunb...;threatid=49814

C:\Internet Marketing\ClickAdsPro\clickadsprolite\clickadsprolite\admin.php
C:\Internet Marketing\ClickAdsPro\clickadsprolite\clickadsprolite\ads.php
C:\Internet Marketing\ClickAdsPro\clickadsprolite\clickadsprolite\generate.php
C:\Internet Marketing\CB Ads Genie\cbadsgenie\generate.php
C:\Internet Marketing\CB Ads Genie\cbadsgenie\ads.php
C:\Internet Marketing\CB Ads Genie\cbadsgenie\admin.php
C:\Internet Marketing\Master resell rights\cbadsgenie\generate.php
C:\Internet Marketing\Master resell rights\cbadsgenie\ads.php
C:\Internet Marketing\Master resell rights\cbadsgenie\admin.php
C:\Internet Marketing\Master resell rights\clickadsprolite\admin.php
C:\Internet Marketing\Master resell rights\clickadsprolite\ads.php
C:\Internet Marketing\Master resell rights\clickadsprolite\generate.php
C:\Documents and Settings\Larry\Desktop\Downloads\NicheContentWebsites\free-members-317\free-give-away-content\fashion-school-site\flags.php
C:\Documents and Settings\Larry\Desktop\Downloads\NicheContentWebsites\free-members-317\free-give-away-content\fashion-school-site\lang.php



Old Backups

C:\Old Computer\old C\WINDOWS\SYSTEM\PussyHigh-uninstall.exe
C:\Old Computer\old C\WINDOWS\SYSTEM\SYSsfitb.dll
C:\Old Computer\old C\E\Reseller\Dan Kennedy A-Z\120\disclaimer.htm
C:\Old Computer\old C\E\Reseller\Dan Kennedy A-Z\120\earnings.htm
C:\Old Computer\old C\E\Reseller\Dan Kennedy A-Z\120\privacy.htm
C:\Old Computer\old C\E\Reseller\Dan Kennedy A-Z\120\tos.htm




== Remove Programs ==

Please go to Add/Remove Programs in the Control Panel, and remove the following programs
ewido security suite (is now AVG AntiSpyware)
J2SE Runtime Environment 5.0 Update 11
And any program that you did not install and/or wish to remove.
Reboot your computer.


== Install Latest Java ==

Please go to THIS page, and click on the Download link that is in the Java Runtime Environment (JRE) 6 section.

Click the radio button next to Accept License Agreement after reviewing it. The page will refresh - this is normal.

Download the Windows Offline Installation, Multi-language. You will want to save this to a location you will remember.

Once it has finished downloading, double click it, and follow the prompts to install.

If it asks to reboot, select Yes.

Post a new HiJack This log.

-Ryan
  • 0

Advertisements


#17
blackstone

blackstone

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts
Thanks, again. Ryan
Trend Micro keeps showing a TROJ_Generic.ADV
called owcstp16.dll
I did a search and couldn't find anything conclusive. Is this a necessary file and can/should it be deleted?
I'll get busy on the others
Larry
  • 0

#18
Ryan

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Please go to http://www.uploadmalware.com and submit the file so I can take a look it. Also, if you did not submit the c:\windows\system32\cmd32.exe file, also submit that one.

-Ryan
  • 0

#19
blackstone

blackstone

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts
Ryan, uploaded the 2 files

Also, got rid of the keylogger, removed the programs and am about to dl the Java.
Still working on the EXploit and old backups

Thanks, again

Larry

PS uploaded under username larryfoster
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP