Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

kxvo.exe PLEASE HELP [RESOLVED]


  • This topic is locked This topic is locked

#346
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
indeed, good news! hmm..avg has no feature of posting logs from its virus vault or does it have? if ever, kindly inform me with the details and i will post the log.
  • 0

Advertisements


#347
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Open up AVG interface then at the top Choose History then Scan Results.
Open up the last scan results then choose the option underneath the infections found for Export the results to a file.
Save it somewhere that you can find it and then post it here.
  • 0

#348
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
this was the last completed scan of avg though it does not contain the infection log because it was detected by the active shield.

"Scan ""Scheduled scan"" was finished."
"Infections found:";"0"
"Infected objects removed or healed:";"0"
"Not removed or healed:";"0"
"Spyware found:";"0"
"Spyware removed:";"0"
"Not removed:";"0"
"Warnings count:";"51"
"Information count:";"0"
"Scan started:";"Sunday, August 24, 2008, 11:00:01 AM"
"Scan finished:";"Sunday, August 24, 2008, 11:46:15 AM (46 minute(s) 14 second(s))"
"Total object scanned:";"418847"
"User who launched the scan:";"SYSTEM"

"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\247realmedia.com.855b46d";"Found Tracking cookie.247realmedia";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\247realmedia.com.d90d45cf";"Found Tracking cookie.247realmedia";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\ad.yieldmanager.com.e762f029";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\adbrite.com.44f92a69";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\adbrite.com.557c9f74";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\adbrite.com.71beeff9";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\adrevolver.com.9b9d670a";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\adrevolver.com.f6cfcad4";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\fastclick.net.fac3d6f0";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\media.adrevolver.com.5fed601d";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\realmedia.com.68087763";"Found Tracking cookie.Realmedia";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\realmedia.com.ef906bac";"Found Tracking cookie.Realmedia";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\tacoda.net.27341d57";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\tacoda.net.5935e89";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\tacoda.net.c4fe2ebb";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\tacoda.net.e9f57f8";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\tacoda.net.ed9c50d1";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\zedo.com.14a38114";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\zedo.com.775ee79c";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\zedo.com.a5b6a132";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\zedo.com.c1dd09f2";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\zedo.com.cef1c7af";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\0c1p9h85.default\cookies.txt:\zedo.com.dd15d628";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Cookies\[email protected][2].txt";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Cookies\[email protected][2].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Cookies\[email protected][2].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Cookies\[email protected][2].txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Cookies\[email protected][2].txt:\ad.yieldmanager.com.e762f029";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Cookies\[email protected][2].txt";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Cookies\[email protected][2].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Cookies\[email protected][1].txt";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Cookies\[email protected][1].txt:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Cookies\[email protected][2].txt";"Found Tracking cookie.Webtrends";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Cookies\[email protected][2].txt:\m.webtrends.com.b4ca7df0";"Found Tracking cookie.Webtrends";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Cookies\[email protected][1].txt";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Cookies\[email protected][1].txt:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Cookies\[email protected][2].txt";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Cookies\[email protected][2].txt:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Cookies\[email protected][2].txt:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Cookies\[email protected][2].txt:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Cookies\[email protected][2].txt:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Cookies\[email protected][2].txt:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Adrian\Cookies\[email protected][2].txt:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
  • 0

#349
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok no problem let's run this scanto double check.
Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Start Scanning at the bottom of the page.
  • Install the Active X controls when prompted.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

  • 0

#350
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
Scanning Report
Sunday, September 28, 2008 22:45:07 - 00:53:01

Computer name: OFFICE
Scanning type: Scan system for malware, rootkits
Target: C:\ F:\
Result: 5 malware found
TrackingCookie.2o7 (spyware)

* System

TrackingCookie.Adinterax (spyware)

* System

TrackingCookie.Atdmt (spyware)

* System

TrackingCookie.Doubleclick (spyware)

* System

TrackingCookie.Yieldmanager (spyware)

* System

Statistics
Scanned:

* Files: 40003
* System: 3410
* Not scanned: 7

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 5
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* F:\MY DOCUMENTS2\ADRIAN'S FOLDER\OTHERS\COMP_INSTALLERS\SHUTDOWN\SHUTDOWN.EXE

Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Hydra: 2.8.8110, 2008-09-28
* F-Secure AVP: 7.0.171, 2008-09-28
* F-Secure Pegasus: 1.20.0, 2008-08-10
* F-Secure Blacklight: 2.2.1092

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
  • 0

#351
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Great this computer is clean finally :)

How about the other 2 computers?
Let me know about them and we will clean each one by one.
  • 0

#352
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
is that for real? how can we back check with another software? can we try to clean the removable disk so that there will be slimmer chance for recurrence? thanks for helping this far.

hmm. yesterday, avg detected my auto shutdown tool as a virus. however, when i ran this scan, it seemed to not detect it as one.
  • 0

#353
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi we did check with all software nothing was showing but when we ran combofix it cleared the autorun infection out.
So we then replaced the Hosts file which was why he redirects were present.

So if you feel confident that you are clean we can proceed on to the next computers.
If you want to wait a few days then we will do that.

Let me know how you want to proceed but from everthing I have seen you are clean.
  • 0

#354
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
okay. i will be observing my system's performance for the succeeding days before we proceed. maybe AVG just misrepresented my shut down tool as it features a forced shutdown in the system when scheduled. thanks much!
  • 0

#355
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok yes most anti virus programs detect custom tools as malware but I can assure you it is a false positive.
Usually Antivirus vendors fix detections like these with updates so is probably why it didn't detect it again.
Let me know how it goes and we will proceed to the next one.
  • 0

Advertisements


#356
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
hi kahdah..im satisfied with how my system works at present.are there necessary clean-up steps for this computer? thanks!
  • 0

#357
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok let me know about the other computers as well.
=================================
Cleanup:

Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Use a Firewall:

Install and use a firewall with outbound protection
While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
I therefore strongly recommend that you install one of the following free firewalls: Sunbelt Free Firewall or Zonealarm
See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
Note: You should only have one firewall installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.


=============================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingc...143.html#manual
=====================================
After that your log is clean. :)

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
  • 0

#358
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
done with the clean up. which log do i post for the 2nd computer? its also having some redirections and have slowed its performance which i suspect to be the effect of the virus. thanks!
  • 0

#359
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi ok for the second computer only do the below:

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • 0

#360
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
i'll post the log later... :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP