Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Desktoptrojan.win32.blackbird


  • Please log in to reply

#1
don1105

don1105

    New Member

  • Member
  • Pip
  • 1 posts
Hiya,

I had this trojan on my desktop noticed it when i kept getting spyware ads and pop ups that i had never downloaded. I managed to get rid of it off combofix and had this report come up of it. Was posting on here to make sure that it has gone from my computer its seems to have gone but would just like some advice please

many thanks
dave oneill

ComboFix 08-03-30.5 - Computer 2008-04-01 10:42:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.146 [GMT 1:00]
Running from: C:\Documents and Settings\Computer\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Computer\Desktop\Error Cleaner.url
C:\Documents and Settings\Computer\Desktop\Privacy Protector.url
C:\Documents and Settings\Computer\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Computer\DesktopEditorFKWP1.5.exe
C:\Documents and Settings\Computer\DesktopEditorFKWP2.0.exe
C:\Documents and Settings\Computer\Desktopfilemanagerclient.exe
C:\Documents and Settings\Computer\Desktopfkwp1.5.exe
C:\Documents and Settings\Computer\Desktopfkwp2.0.exe
C:\Documents and Settings\Computer\Desktopfwebd.exe
C:\Documents and Settings\Computer\DesktopFWebdEditor.exe
C:\Documents and Settings\Computer\DesktopTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Computer\Desktopvirii
C:\Documents and Settings\Computer\Favorites\Privacy Protector.url
C:\Documents and Settings\Computer\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\rs.txt
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\[email protected]@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\Web\def.htm
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

.
((((((((((((((((((((((((( Files Created from 2008-03-01 to 2008-04-01 )))))))))))))))))))))))))))))))
.

2008-03-31 23:55 . 2008-03-31 23:55 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-03-30 14:41 . 2008-03-30 14:48 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-03-25 21:39 . 2008-03-25 21:39 121 --a------ C:\WINDOWS\wininit.ini
2008-03-25 12:31 . 2008-03-25 12:31 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-25 12:31 . 2008-03-25 13:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-25 11:11 . 2008-03-25 11:11 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-25 11:02 . 2008-03-25 11:12 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-25 11:02 . 2008-03-25 11:02 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-25 11:02 . 2008-03-25 11:02 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-25 11:02 . 2008-03-25 11:02 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-24 11:46 . 2008-03-24 11:46 <DIR> d--h----- C:\WINDOWS\PIF
2008-03-24 10:42 . 2008-03-28 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\hcjkhydo
2008-03-23 22:18 . 2008-03-23 22:38 <DIR> d-------- C:\Documents and Settings\Computer\Application Data\Yahoo!
2008-03-23 22:13 . 2008-03-23 22:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-23 22:12 . 2008-03-24 01:10 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-21 12:00 . 2008-03-21 12:00 268 --ah----- C:\sqmdata01.sqm
2008-03-21 12:00 . 2008-03-21 12:00 244 --ah----- C:\sqmnoopt01.sqm
2008-03-21 01:27 . 2008-03-21 01:27 268 --ah----- C:\sqmdata00.sqm
2008-03-21 01:27 . 2008-03-21 01:27 244 --ah----- C:\sqmnoopt00.sqm
2008-03-21 00:43 . 2008-03-21 00:43 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-21 00:43 . 2008-03-24 09:57 <DIR> d-------- C:\Documents and Settings\Computer\Contacts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 09:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-03-31 23:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-24 00:34 --------- d-----w C:\Program Files\Java
2008-03-18 22:31 5,330 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-18 22:29 --------- d-----w C:\Documents and Settings\Computer\Application Data\Corel
2008-02-22 20:16 --------- d-----w C:\Program Files\18 Wheels of Steel American Long Haul
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-30 17:14 33,001,008 ----a-w C:\Program Files\L2007esd_00.exe
2007-03-10 13:44 294 -c--a-w C:\Documents and Settings\Computer\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 22:57 395776]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-11-14 18:53 1032376]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"nbaoongx"="C:\WINDOWS\system32\dqfcfodu.exe" [ ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD4683"="cmd /c del C:\Documents and Settings\Computer\Favorites\Error Cleaner.url" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 03:38 282624 C:\WINDOWS\stsystra.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-12-04 11:14 71216]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-01-11 18:24 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-11 18:24 98304]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-08-14 15:20 462336]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 20:05 1117184]
"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 17:10 1658965]
"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 14:47 16384]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.exe" [2007-01-25 18:50 321072]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-11-14 18:53 1032376]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"jBjV2fDtSQ"= C:\Documents and Settings\All Users\Application Data\hcjkhydo\loxsrazk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2006-07-14 13:46 45056 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys [2006-01-12 23:27]
R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys [2006-01-12 23:29]
S3 musbehco;musbehco;C:\DOCUME~1\Computer\LOCALS~1\Temp\musbehco.sys []
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 15:49]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2005-12-28 12:49]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62747560-e1f8-11db-8fa3-00038a000015}]
\Shell\AutoRun\command - J:\LaunchU3.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-01 09:26:31 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 10:44:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-01 10:46:58
ComboFix-quarantined-files.txt 2008-04-01 09:46:35
Pre-Run: 207,025,315,840 bytes free
Post-Run: 207,729,618,944 bytes free
.
2008-03-28 18:01:05 --- E O F ---
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP