Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected - nuwar,eicar.mod, mitglieder [RESOLVED]


  • This topic is locked This topic is locked

#1
gcbro

gcbro

    Member

  • Member
  • PipPipPip
  • 163 posts
I am having the following symptoms: computer is running slow, had some pop-ups, website not loading completely in Firefox.

Panda Activescan found infections.

I am attaching HJT log, Uninstall list and Activescan log.

Thanks,
Gina



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:31 PM, on 4/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\wpcumi.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\iPhoneRingToneMaker\iPhoneRingToneMaker.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: iPhoneRingToneMaker.lnk = C:\Program Files\iPhoneRingToneMaker\iPhoneRingToneMaker.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...eb-20070115.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\System32\STacSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8859 bytes


Ad-Aware 2007
Adobe Flash Player Plugin
Adobe Reader 8.1.2
AIM 6
Apple Mobile Device Support
Apple Software Update
AVG 7.5
Canon MP Navigator 3.0
Canon MP160
Canon MP160 User Registration
Canon My Printer
Citrix Presentation Server Web Client for Win32
COD4 Rcon Commander (BETA)
DivX Codec
EPSON Copy Utility 3
EPSON Printer Software
EPSON Scan
FitDay PC version 1.0
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Intel® PROSet/Wireless Software
iPhoneRingToneMaker 1.4.4
iPhoneRingToneMaker 2.1.0
IrfanView (remove only)
iTunes
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Macromedia Flash Player 8
mCore
mDriver
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher 2007
Microsoft Office Publisher 2007 Trial
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
mMHouse
Mozilla Firefox (2.0.0.13)
Mozilla Thunderbird (2.0.0.12)
mPfMgr
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 Parser and SDK
Notebook Hardware Control 2.0 Pre-Release-06
ObjectDock
Opanda IExif 2.3
Panda ActiveScan 2.0
Photodex Presenter
Print Server Driver
Protected Music Converter 0.99.40b
QuickBooks Pro 2007
QuickBooks Product Listing Service
QuickTime
Safari
ScanSoft OmniPage SE 4.0
SigmaTel Audio
SpeedFan (remove only)
SUPERAntiSpyware Free Edition
SupportSoft Assisted Service
Synaptics Pointing Device Driver
The Font Thing
Viewpoint Media Player
Windows Media Player Firefox Plugin
Xfire (remove only)



;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-04-11 11:45:18
PROTECTIONS: 2
MALWARE: 26
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
AVG 7.5.519 7.5.519 Yes Yes
avast! antivirus 4.7.1098 [VPS 080227-0] 4.7.1098 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00055522 Eicar.Mod Virus No 0 No No C:\Users\Gina\AppData\Roaming\Thunderbird\Profiles\xci6yefs.default\Mail\mail.bellsouth-2.net\Sent[~0000290.~]
00055522 Eicar.Mod Virus No 0 No No C:\Windows.old\Documents and Settings\Owner.Gina\Application Data\Thunderbird\Profiles\m06kjpwv.default\Mail\mail.bellsouth-2.net\Sent[~0000289.~]
00055522 Eicar.Mod Virus No 0 No No C:\Windows.old\Documents and Settings\Owner.Gina\Application Data\Thunderbird\Profiles\m06kjpwv.default\Mail\mail.bellsouth-2.net\Sent[~0000290.~]
00055522 Eicar.Mod Virus No 0 No No C:\Users\Gina\AppData\Roaming\Thunderbird\Profiles\xci6yefs.default\Mail\mail.bellsouth-2.net\Sent[~0000289.~]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.atdmt.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.247realmedia.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.fastclick.net/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.mediaplex.com/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.statcounter.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.burstnet.com/]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[www.burstbeacon.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.advertising.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[statse.webtrendslive.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.ads.pointroll.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.zedo.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.bluestreak.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.adrevolver.com/]
00241453 Trj/Mitglieder.DC!CME-766 Virus/Trojan No 1 Yes No C:\Windows.old\Documents and Settings\Owner.Gina\Application Data\Thunderbird\Profiles\m06kjpwv.default\Mail\mail.bellsouth-2.net\Inbox[2.zip][06_05_2005.exe]
00241453 Trj/Mitglieder.DC!CME-766 Virus/Trojan No 1 Yes No C:\Users\Gina\AppData\Roaming\Thunderbird\Profiles\xci6yefs.default\Mail\mail.bellsouth-2.net\Inbox[2.zip][06_05_2005.exe]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Windows.old\Documents and Settings\Owner.Gina\Application Data\Mozilla\Firefox\Profiles\ehkz2k0r.default\cookies.txt[.atwola.com/]
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\wg0xbyia.default\cookies.txt[.ads.addynamix.com/]
00366355 W32/Nuwar.D.worm Virus/Worm No 1 Yes No C:\Users\Gina\AppData\Roaming\Thunderbird\Profiles\xci6yefs.default\Mail\mail.bellsouth.net\Inbox[Video.exe]
00366355 W32/Nuwar.D.worm Virus/Worm No 1 Yes No C:\Users\Gina\AppData\Roaming\Thunderbird\Profiles\xci6yefs.default\Mail\mail.bellsouth.net\Junk[Video.exe]
00366355 W32/Nuwar.D.worm Virus/Worm No 1 Yes No C:\Windows.old\Documents and Settings\Owner.Gina\Application Data\Thunderbird\Profiles\m06kjpwv.default\Mail\mail.bellsouth.net\Inbox[Video.exe]
00366355 W32/Nuwar.D.worm Virus/Worm No 1 Yes No C:\Windows.old\Documents and Settings\Owner.Gina\Application Data\Thunderbird\Profiles\m06kjpwv.default\Mail\mail.bellsouth.net\Junk[Video.exe]
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location �0�
3
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description �0�
3
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Hi Gina, a lot of those infected files are residing in your junk, inbox and sent folders in the Thunderbird email client. Please go in and delete all of them. Just empty the junk and trash bin folders. You will then need to go into the inbox and sent folders and try looking for those infected emails (see the Panda log to see if it points out which ones to look for exactly).

Download ATF Cleaner at http://www.atribune..../click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Restart the computer and see if you still have any issues now.
  • 0

#3
gcbro

gcbro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 163 posts
Hi greyknight17,

Thanks for your response.

I had already deleted the files that the Panda scan found. I don't seem to have anymore malware related problems.

Thanks for volunteering your time to help.

Gina
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
No problem Gina. Glad the problem is resolved now :)

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.
  • 0

#5
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP