Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Desktoptrojan.win32.blackbird

Started by don1105 , Apr 01 2008 04:12 AM

  • Please log in to reply

#1
don1105
Posted 01 April 2008 - 04:12 AM

don1105

    New Member

  • Member
  • Pip
  • 1 posts
Hiya,

I had this trojan on my desktop noticed it when i kept getting spyware ads and pop ups that i had never downloaded. I managed to get rid of it off combofix and had this report come up of it. Was posting on here to make sure that it has gone from my computer its seems to have gone but would just like some advice please

many thanks
dave oneill

ComboFix 08-03-30.5 - Computer 2008-04-01 10:42:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.146 [GMT 1:00]
Running from: C:\Documents and Settings\Computer\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Computer\Desktop\Error Cleaner.url
C:\Documents and Settings\Computer\Desktop\Privacy Protector.url
C:\Documents and Settings\Computer\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Computer\DesktopEditorFKWP1.5.exe
C:\Documents and Settings\Computer\DesktopEditorFKWP2.0.exe
C:\Documents and Settings\Computer\Desktopfilemanagerclient.exe
C:\Documents and Settings\Computer\Desktopfkwp1.5.exe
C:\Documents and Settings\Computer\Desktopfkwp2.0.exe
C:\Documents and Settings\Computer\Desktopfwebd.exe
C:\Documents and Settings\Computer\DesktopFWebdEditor.exe
C:\Documents and Settings\Computer\DesktopTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Computer\Desktopvirii
C:\Documents and Settings\Computer\Favorites\Privacy Protector.url
C:\Documents and Settings\Computer\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\rs.txt
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\Web\def.htm
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

.
((((((((((((((((((((((((( Files Created from 2008-03-01 to 2008-04-01 )))))))))))))))))))))))))))))))
.

2008-03-31 23:55 . 2008-03-31 23:55 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-03-30 14:41 . 2008-03-30 14:48 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-03-25 21:39 . 2008-03-25 21:39 121 --a------ C:\WINDOWS\wininit.ini
2008-03-25 12:31 . 2008-03-25 12:31 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-25 12:31 . 2008-03-25 13:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-25 11:11 . 2008-03-25 11:11 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-25 11:02 . 2008-03-25 11:12 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-25 11:02 . 2008-03-25 11:02 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-25 11:02 . 2008-03-25 11:02 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-25 11:02 . 2008-03-25 11:02 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-24 11:46 . 2008-03-24 11:46 <DIR> d--h----- C:\WINDOWS\PIF
2008-03-24 10:42 . 2008-03-28 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\hcjkhydo
2008-03-23 22:18 . 2008-03-23 22:38 <DIR> d-------- C:\Documents and Settings\Computer\Application Data\Yahoo!
2008-03-23 22:13 . 2008-03-23 22:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-23 22:12 . 2008-03-24 01:10 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-21 12:00 . 2008-03-21 12:00 268 --ah----- C:\sqmdata01.sqm
2008-03-21 12:00 . 2008-03-21 12:00 244 --ah----- C:\sqmnoopt01.sqm
2008-03-21 01:27 . 2008-03-21 01:27 268 --ah----- C:\sqmdata00.sqm
2008-03-21 01:27 . 2008-03-21 01:27 244 --ah----- C:\sqmnoopt00.sqm
2008-03-21 00:43 . 2008-03-21 00:43 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-21 00:43 . 2008-03-24 09:57 <DIR> d-------- C:\Documents and Settings\Computer\Contacts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 09:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-03-31 23:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-24 00:34 --------- d-----w C:\Program Files\Java
2008-03-18 22:31 5,330 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-18 22:29 --------- d-----w C:\Documents and Settings\Computer\Application Data\Corel
2008-02-22 20:16 --------- d-----w C:\Program Files\18 Wheels of Steel American Long Haul
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-30 17:14 33,001,008 ----a-w C:\Program Files\L2007esd_00.exe
2007-03-10 13:44 294 -c--a-w C:\Documents and Settings\Computer\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 22:57 395776]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-11-14 18:53 1032376]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"nbaoongx"="C:\WINDOWS\system32\dqfcfodu.exe" [ ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD4683"="cmd /c del C:\Documents and Settings\Computer\Favorites\Error Cleaner.url" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 03:38 282624 C:\WINDOWS\stsystra.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-12-04 11:14 71216]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-01-11 18:24 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-11 18:24 98304]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-08-14 15:20 462336]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 20:05 1117184]
"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 17:10 1658965]
"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 14:47 16384]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.exe" [2007-01-25 18:50 321072]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-11-14 18:53 1032376]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"jBjV2fDtSQ"= C:\Documents and Settings\All Users\Application Data\hcjkhydo\loxsrazk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2006-07-14 13:46 45056 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys [2006-01-12 23:27]
R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys [2006-01-12 23:29]
S3 musbehco;musbehco;C:\DOCUME~1\Computer\LOCALS~1\Temp\musbehco.sys []
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 15:49]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2005-12-28 12:49]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62747560-e1f8-11db-8fa3-00038a000015}]
\Shell\AutoRun\command - J:\LaunchU3.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-01 09:26:31 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 10:44:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-01 10:46:58
ComboFix-quarantined-files.txt 2008-04-01 09:46:35
Pre-Run: 207,025,315,840 bytes free
Post-Run: 207,729,618,944 bytes free
.
2008-03-28 18:01:05 --- E O F ---
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP