Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

malware/trojan


  • Please log in to reply

#16
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Good Talia,

Can you run the Kaspersky scan now and post me the results. Also let me know how your machine is performing.

Regards,
RatHat
  • 0

Advertisements


#17
dancemom93

dancemom93

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hello again RatHat!

I tried to run the Kaspersky and it stated something about having administration rights and that my comp
wasn't set properly on "some scale"????

BUT the goooood news is that my computer is running VERY VERY WELL thanks to YOU!!!!!!!!!!!

:)
  • 0

#18
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK, lets try a different online scan to see if there is anything else hiding away in there, as I want to be completely sure you are clean befor letting you go OK:

Please go HERE to run Panda's TotalScan
  • Select the radio button for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location (Such as your Desktop). Post the contents of the TotalScan report in your next reply

Regards,
RatHat
  • 0

#19
dancemom93

dancemom93

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hey RatHat....

guess who? It's Talia and I don't know what to do that panda activescan is stilllllllllllllllllllllll
running since 10am and it's only at 44%

what should i do??? does that seem right???

thanx :)
  • 0

#20
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
That is a long time Talia, what percentage is it at now? If it has moved a reasonable amount, then leave it running but if it is still around the same, shut it down and we'll look at another method.

Regards,
RatHat
  • 0

#21
dancemom93

dancemom93

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi RatHat

OK its done now but I don't see anywhere on it that says scan details so that I can SAVE it?????

THX Talia :)
  • 0

#22
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK Talia, you have to highlight the page by dragging your mouse over all the text, then when it is highlighted, press Ctrl and C at the same time. This will copy everything there.

Now open Notepad, and press Ctrl and V at the same time to paste it in. Save that Notepad file to your Desktop then come here and copy and paste it into your next reply.
  • 0

#23
dancemom93

dancemom93

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi RatHat....sorry I didn't get back to u sooner...

OK I think I have it for u (the panda scan) and YES the computer is running alot better!!!!

You are pretty WONDERFUL (in case u didn't know that!)

have a good day! :)




Language >>
Deutsch English Español Français Italiano Nederlands Português ??????? Svenska
Home | Give us your opinion! | Help
Results Scanning
Searching for viruses, spyware, Trojans and other threats. It also uses heuristic technologies to detect unknown viruses.

100%
Item in progress:
Files scanned: 405118
Files infected: 111
Suspicious files detected: 0
Vulnerabilities detected: 0


You are infected!



We have detected that the Norton Security Online protection on your PC is enabled and up-to-date.



You need better protection for your PC. With Panda solutions you will be protected against more than 3 million viruses, spyware and other threats.








Register free to disinfect viruses, worms and Trojans.












DEMO

Export to:
Threats with free disinfection (1)
Low danger level (1) Rootkit/Booto.... Virus Latent Show + Info
1. C:\System Volume Information\_restore{202550A...6-051D24DDBF8F}\RP1097\A0199759.sys


Only available for registered users.
Register free - I'm registered
Threats disinfected with the paid version (41)
Medium danger level (3) Spyware/7r7t Spyware Latent Show + Info
1. C:\Deckard\System Scanner\20080408132615\back...~1\Talia\LOCALS~1\Temp\snapsnet.exe

Spyware/Virtum... Spyware Latent Show + Info
1. C:\System Volume Information\_restore{202550A...6-051D24DDBF8F}\RP1079\A0189323.dll
2. C:\System Volume Information\_restore{202550A...6-051D24DDBF8F}\RP1079\A0189324.dll
3. C:\System Volume Information\_restore{202550A...6-051D24DDBF8F}\RP1079\A0189325.dll
4. C:\System Volume Information\_restore{202550A...6-051D24DDBF8F}\RP1079\A0190222.dll

Spyware/Virtum... Spyware Latent Show + Info
1. C:\System Volume Information\_restore{202550A...6-051D24DDBF8F}\RP1097\A0199745.dll
2. C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\futygfjv.dll.vir


Low danger level (38) Application/Vi... Tracking Application Latent Show + Info
1. C:\Deckard\System Scanner\20080408132615\back...ate\Vendor\ProgFiles\ViewBarBHO.dll

Cookie/Bluestr... Tracking Cookie Latent Show + Info
1. C:\Documents and Settings\Talia\Cookies\[email protected][2].txt

Cookie/onestat... Tracking Cookie Latent Show + Info
1. C:\Deckard\System Scanner\20080408132615\back...p\Cookies\[email protected][2].txt

Cookie/Apmebf Tracking Cookie Latent Show + Info
1. C:\Documents and Settings\Talia\Application D...2.default\cookies.txt[.apmebf.com/]
2. C:\Deckard\System Scanner\20080408132615\back...~1\Temp\Cookies\[email protected][1].txt
3. C:\Documents and Settings\Talia\Cookies\[email protected][2].txt

Cookie/Questio... Tracking Cookie Latent Show + Info
1. C:\Deckard\System Scanner\20080408132615\back...Cookies\[email protected][1].txt
2. C:\Documents and Settings\Talia\Application D...t\cookies.txt[.questionmarket.com/]
3. C:\Documents and Settings\Talia\Cookies\[email protected][2].txt

Cookie/PointRo... Tracking Cookie Latent Show + Info
1. C:\Deckard\System Scanner\20080408132615\back...\Cookies\[email protected][2].txt
2. C:\Documents and Settings\Talia\Cookies\[email protected][1].txt
3. C:\Documents and Settings\Talia\Application D...lt\cookies.txt[.ads.pointroll.com/]

Cookie/YieldMa... Tracking Cookie Latent Show + Info
1. C:\Documents and Settings\Talia\Application D...\cookies.txt[.ad.yieldmanager.com/]
2. C:\Deckard\System Scanner\20080408132615\back...ookies\[email protected][2].txt
3. C:\Documents and Settings\Talia\Cookies\[email protected][1].txt
4. C:\Documents and Settings\Talia\Application D...t\cookies.txt[ad.yieldmanager.com/]

Cookie/Atlas D... Tracking Cookie Latent Show + Info
1. C:\Documents and Settings\Talia\Application D...y2.default\cookies.txt[.atdmt.com/]
2. C:\Documents and Settings\Talia\Cookies\[email protected][2].txt
3. C:\Deckard\System Scanner\20080408132615\back...S~1\Temp\Cookies\[email protected][2].txt

Cookie/Doublec... Tracking Cookie Latent Show + Info
1. C:\Documents and Settings\Talia\Application D...ault\cookies.txt[.doubleclick.net/]
2. C:\Deckard\System Scanner\20080408132615\back...mp\Cookies\[email protected][2].txt
3. C:\Documents and Settings\Talia\Cookies\[email protected][1].txt

Cookie/Casalem... Tracking Cookie Latent Show + Info
1. C:\Documents and Settings\Talia\Application D...ault\cookies.txt[.casalemedia.com/]
2. C:\Deckard\System Scanner\20080408132615\back...mp\Cookies\[email protected][2].txt
3. C:\Documents and Settings\Talia\Cookies\[email protected][1].txt

Cookie/Mediapl... Tracking Cookie Latent Show + Info
1. C:\Deckard\System Scanner\20080408132615\back...Temp\Cookies\[email protected][1].txt
2. C:\Documents and Settings\Talia\Cookies\[email protected][1].txt
3. C:\Documents and Settings\Talia\Application D...efault\cookies.txt[.mediaplex.com/]

Cookie/Atwola Tracking Cookie Latent Show + Info
1. C:\Deckard\System Scanner\20080408132615\back...~1\Temp\Cookies\[email protected][1].txt

Cookie/Traffic... Tracking Cookie Latent Show + Info
1. C:\Deckard\System Scanner\20080408132615\back...Temp\Cookies\[email protected][1].txt
2. C:\Documents and Settings\Talia\Application D...efault\cookies.txt[.trafficmp.com/]

Cookie/Adrevol... Tracking Cookie Latent Show + Info
1. C:\Documents and Settings\Talia\Cookies\[email protected][2].txt

Cookie/BurstBe... Tracking Cookie Latent Show + Info
1. C:\Deckard\System Scanner\20080408132615\back...ookies\[email protected][1].txt

Cookie/Tribalf... Tracking Cookie Latent Show + Info
1. C:\Documents and Settings\Talia\Application D...ult\cookies.txt[.tribalfusion.com/]
2. C:\Deckard\System Scanner\20080408132615\back...p\Cookies\[email protected][1].txt
3. C:\Documents and Settings\Talia\Cookies\[email protected][2].txt

adware/dyfuca Adware Latent Show + Info
1. hkey_local_machine\software\microsoft\windows...agement\arpcache\internet optimizer

Adware/WinAnti... Adware Latent Show + Info
1. C:\Deckard\System Scanner\20080408132615\back...UWA7P_0001_N91M0809NetInstaller.inf

HackTool/SRunn... Hack Tool Latent Show + Info
1. C:\System Volume Information\_restore{202550A...6-051D24DDBF8F}\RP1095\A0197657.exe

Application/Ps... Tracking Application Latent Show + Info
1. C:\WINDOWS\PSEXESVC.EXE
2. C:\System Volume Information\_restore{202550A...6-051D24DDBF8F}\RP1097\A0199764.EXE
3. C:\System Volume Information\_restore{202550A...6-051D24DDBF8F}\RP1101\A0202117.EXE

Cookie/Go Tracking Cookie Latent Show + Info
1. C:\Deckard\System Scanner\20080408132615\back...CALS~1\Temp\Cookies\[email protected][2].txt

Cookie/RealMed... Tracking Cookie Latent Show + Info
1. C:\Documents and Settings\Talia\Cookies\[email protected][1].txt
2. C:\Documents and Settings\Talia\Application D...ult\cookies.txt[.247realmedia.com/]

Cookie/FastCli... Tracking Cookie Latent Show + Info
1. C:\Documents and Settings\Talia\Application D...efault\cookies.txt[.fastclick.net/]
2. C:\Deckard\System Scanner\20080408132615\back...Temp\Cookies\[email protected][2].txt
3. C:\Documents and Settings\Talia\Cookies\[email protected][2].txt

Cookie/Zedo Tracking Cookie Latent Show + Info
1. C:\Deckard\System Scanner\20080408132615\back...LS~1\Temp\Cookies\[email protected][1].txt

Cookie/Adverti... Tracking Cookie Latent Show + Info
1. C:\Deckard\System Scanner\20080408132615\back...mp\Cookies\[email protected][2].txt
2. C:\Documents and Settings\Talia\Cookies\[email protected][1].txt
3. C:\Documents and Settings\Talia\Application D...ault\cookies.txt[.advertising.com/]

Adware/WebHanc... Adware Latent Show + Info Not disinfectable
1. C:\Deckard\System Scanner\20080408132615\back...LS~1\Temp\syswcc32.exe[whAgent.exe]
2. C:\System Volume Information\_restore{202550A...6-051D24DDBF8F}\RP1095\A0197660.exe

Application/PR... Tracking Application Latent Show + Info
1. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22.tmp

Cookie/BurstNe... Tracking Cookie Latent Show + Info
1. C:\Deckard\System Scanner\20080408132615\back...\Temp\Cookies\[email protected][2].txt

Adware/WebHanc... Adware Latent Show + Info Not disinfectable
1. C:\System Volume Information\_restore{202550A...6-051D24DDBF8F}\RP1095\A0197662.exe
2. C:\Deckard\System Scanner\20080408132615\back...\Temp\syswcc32.exe[whInstaller.exe]

Cookie/Hitbox Tracking Cookie Latent Show + Info
1. C:\Deckard\System Scanner\20080408132615\back...Cookies\[email protected][2].txt

Cookie/Statcou... Tracking Cookie Latent Show + Info
1. C:\Deckard\System Scanner\20080408132615\back...mp\Cookies\[email protected][1].txt

Cookie/Clickba... Tracking Cookie Latent Show + Info
1. C:\Deckard\System Scanner\20080408132615\back...Temp\Cookies\[email protected][1].txt

Cookie/Adrevol... Tracking Cookie Latent Show + Info
1. C:\Documents and Settings\Talia\Cookies\[email protected][1].txt

adware/ncase Adware Latent Show + Info
1. c:\temp\salm_gdf.dat
2. c:\temp\salmau.dat

Cookie/AdDynam... Tracking Cookie Latent Show + Info
1. C:\Deckard\System Scanner\20080408132615\back...\Cookies\[email protected][2].txt

Cookie/RealMed... Tracking Cookie Latent Show + Info
1. C:\Documents and Settings\Talia\Application D...efault\cookies.txt[.realmedia.com/]
2. C:\Deckard\System Scanner\20080408132615\back...Temp\Cookies\[email protected][1].txt
3. C:\Documents and Settings\Talia\Cookies\[email protected][2].txt

Adware/Exact.S... Adware Latent Show + Info
1. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19.tmp

Cookie/Overtur... Tracking Cookie Latent Show + Info
1. C:\Deckard\System Scanner\20080408132615\back...\Temp\Cookies\[email protected][1].txt


Only available in paid version.
Buy - I am a client
Suspicious files (0)

Vulnerabilities (0)
  • 0

#24
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hey Talia,

We are nearly done!

Please run ATF Cleaner again as outlined in Post 4.

Next, download OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Double-click OTMoveIt2.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

c:\temp\salm_gdf.dat
c:\temp\salmau.dat


Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Open Notepad, and copy everything in the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy).
  • Save the Notepad file to your Desktop as OTM.txt.
  • Close OTMoveIt
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please include the contents of OTM.txt in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Let me know how it went, and if you had any problems. Oh, and by the way, thanks for the compliment, it is actually my pleasure to help you Talia.

Regards,
RatHat
  • 0

#25
dancemom93

dancemom93

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Good morning RatHat

I did everything that u requested. I guess Combofix uninstalled it ran but I don't know how to tell if it's gone or not???

My computer is running very nicely, THANKS TO YOU!!!!!

I am so happy and grateful for all your help! I hope in the future if I have any problems I can have your assistance, but
I'm not sure will I be able to ask for your help or do I just get whowever??????? (I hope I don't have any problems again
but you never know?)

anyway have a GREAT weekend and once again u are WONDERFUL! :)

here is the results from OTmoveit:



c:\temp\salm_gdf.dat moved successfully.
c:\temp\salmau.dat moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04112008_081309
  • 0

Advertisements


#26
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hey Talia,

OK! Well done, your log is clean again! :)

Should you ever need to get back to me with another problem, just post a new topic and put "For RatHat" in the title somewhere, and I'll pick it up. I hope that you won't have to though, and that you dont get any more problems with your computer. Now, we need to remove all the remaining tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

Click Here to download OTCleanIt
Double-click OTCleanIt.exe to run it.
Click the Clean up button
Click Yes to the reboot.

OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Next, lets reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

Reset Hidden/System Files & Folders
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
  • CHECK the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows
  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


In addition to Windows updates, you also need to ensure that your version of Java is the latest.Click here to download the latest version (Java Runtime Environment (JRE) 6 Update 5). Once downloaded, install it and then Reboot your computer.

It is most important that you also uninstall older versions of Java.
  • Click Start, Control Panel, Add/Remove Programs.
  • Delete all Java updates except Java ™ 6 Update 5
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OK, now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.

Anti Spyware
  • SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. A tutorial can be found here.
  • Spybot Search & Destroy a powerful tool which can "search and destroy" nasties that make it onto your system. Now with an Immunize section that will help prevent future infections. A tutorial can be found here.
  • AdAware another very powerful tool which searches and kills nasties that infect your system. A tutorial can be found here. AdAware and Spybot Search & Destroy compliment each other very well.

Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Next lets look at Firewalls. These help to prevent unauthorised access both to and from the internet or your local network. A firewall is considered a first line of defense in protecting private information. Below are two free firewalls to choose from, if you do not already have one. Note: You only need one firewall one your system.

Personal Firewalls~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Nearly done! If you like to use chat, MSN and Yahoo have vunerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

Instant Messengers~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Lastly, it is a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

Temp File Cleaners
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Note: Do NOT run this program if you have XP Professional 64 bit edition.
  • ATF Cleaner A very powerful cleaning program for XP and Windows 2000 only. Note: You may have this already as part of the fixes you have run.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I will keep this log open for the next couple of days, so if you have any further problems post another reply here.

OK, all the best, and stay safe!

Best regards,
RatHat
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP