Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

another TrojanDownloader.XS / wml.exe / blue background


  • Please log in to reply

#1
spahlke

spahlke

    New Member

  • Member
  • Pip
  • 2 posts
Hi there,
I see many others have or had issues like I have right now - one wrong click started it ... and I'm totally new to HijackThis as well.

Dell D810 Laptop got infested yesterday - results were a blue background with "click here for anti-spyware" message, total system slow down with explore.exe and iexplore.exe using 99% of CPU resources.

First downloaded and installed CounterSpy from Sunbelt - scan took a long time and removed some small issues but not the 2 major ones.
Then installed Spy Doctor - scan was faster, also found a few little issues - still no solution for the 2 major ones. Still had the blue background and messages for
- TrojanDownloader.XS
- wml.exe
- URL to antispyware-reviews.biz with reference to PCCleaner coming up.

Then I saw this posting http://www.geekstogo...er-t189771.html and followed the advice for SmitfraudFix (by S!Ri) - that removed the blue background. Excellent, one step.

It also addressed some of the slowdown issues with explore and iexplore but still the messages the issues (TrojanDownloader.XS, wml.exe, URL to antispyware-reviews.biz) are popping up. My current HijackThis logfile is below:

I appreciate any of your help !

Thanks
Stephan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:24:01 PM, on 4/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\efilwdaj\afctmjgh.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\OEM05Mon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\WINDOWS\system32\sravitkh.exe
C:\Program Files\Quicken\bagent.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\WINDOWS\system32\urqPiGaW.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: qtvglped - {16B35F26-7FBC-45AD-83E2-4991CB73F477} - C:\WINDOWS\qtvglped.dll (file missing)
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\System32\WLTRAY
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [\\sp2dell\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P40 "\\sp2dell\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [WinPLOSION] "C:\Program Files\WinPLOSION\winplosion.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R300 Series on SP2DELL] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P46 "Auto EPSON Stylus Photo R300 Series on SP2DELL" /O21 "\\SP2DELL\EPSON Color" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O3 "USB" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SMART Mirror Driver Monitor Service] "C:\Documents and Settings\Stephan\Application Data
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [OEM05Mon.exe] C:\WINDOWS\OEM05Mon.exe
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RssReader] C:\Program Files\RssReader\RssReader.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [fagiahbe] C:\WINDOWS\system32\sravitkh.exe
O4 - HKLM\..\Policies\Explorer\Run: [qS6fi80HAe] C:\Documents and Settings\All Users\Application Data\efilwdaj\afctmjgh.exe
O4 - Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZJfox000
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {35279267-31C1-42D6-95FC-AA060BCFA43D} (BasicNimBUS Control) - http://nimbus.ibbson...8/cab/basic.cab
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://192.168.15.50...layerWeb11g.ocx
O16 - DPF: {A8F8B0AD-7530-462E-9393-43A5B44E1E65} (NimWebFrameMap Control) - http://nimbus.ibbson...cab/console.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontec...2ie06101001.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7C77DAF-BC1B-40E1-87B9-D145D1A89793}: Domain = nw.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7C77DAF-BC1B-40E1-87B9-D145D1A89793}: NameServer = 10.208.4.2,10.0.250.100
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nw.net,mantas.com,sotas.com,kds.sra.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nw.net,mantas.com,sotas.com,kds.sra.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: urqPiGaW - C:\WINDOWS\SYSTEM32\urqPiGaW.dll
O21 - SSODL: DrvAvp - {db0aa32a-5658-4ded-b3e5-e87187ff1803} - C:\WINDOWS\Resources\DrvAvp.dll (file missing)
O21 - SSODL: UnknownWin - {43905b39-5147-4b3f-866c-94847c1a51e7} - C:\WINDOWS\Resources\UnknownWin.dll (file missing)
O21 - SSODL: KernelComponent - {008c6757-7ed1-42ba-80c8-ca09918acfbd} - C:\WINDOWS\Resources\KernelComponent.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: OracleOraClient10gHomeClientCache - Unknown owner - C:\oracle\product\10.2.0\BIN\ONRSD.EXE
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SMART Mirror Driver Monitor Service - SMART Technologies Inc. - C:\Documents and Settings\Stephan\Application Data\SMART Technologies Inc\Bridgit\monitorservice.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 13741 bytes
  • 0

Advertisements


#2
spahlke

spahlke

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Now I installed and ran MBAM - sorry, should have done this before. It found many infections and seems to have resolved my problem.
Here is the logfile:



Malwarebytes' Anti-Malware 1.11
Database version: 651

Scan type: Quick Scan
Objects scanned: 34760
Time elapsed: 18 minute(s), 40 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 28
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 72

Memory Processes Infected:
C:\WINDOWS\system32\sravitkh.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\All Users\Application Data\efilwdaj\afctmjgh.exe (Trojan.FakeAlert) -> No action taken.

Memory Modules Infected:
C:\WINDOWS\system32\urqPiGaW.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ee5a1465-1e73-4784-8f63-45983fdf0db8} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee5a1465-1e73-4784-8f63-45983fdf0db8} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqpigaw (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{069e8b19-0eac-45d6-a5b3-a10ff9b69f4c} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b3dce744-06c7-4c09-b99d-f54254c0954f} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ea8279e1-f6b8-495a-8c6a-cb47bd8356d1} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c7ccfdab-ccb0-46ad-8bf9-45aff6c7b742} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{54ad4e13-63b8-4e0e-8362-8fadac79e395} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d069b450-92f9-4f6b-b61d-cdac0c4d32e6} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0daf43b9-f17c-4b53-8448-039bd9484757} (Trojan.Clicker) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Tencent (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Golden Palace Casino PT (Trojan.DNSChanger) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> No action taken.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\qtvglped.btko (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fagiahbe (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qS6fi80HAe (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{ee5a1465-1e73-4784-8f63-45983fdf0db8} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\PC-Cleaner (Rogue.PC-Cleaner) -> No action taken.
C:\WINDOWS\system32smp (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\Stephan\Desktopvirii (Fake.Dropped.Malware) -> No action taken.

Files Infected:
C:\WINDOWS\system32\sravitkh.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\All Users\Application Data\efilwdaj\afctmjgh.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\urqPiGaW.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\Installer\{0daf43b9-f17c-4b53-8448-039bd9484757}\zip.dll (Trojan.Clicker) -> No action taken.
C:\WINDOWS\Web\def.htm (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\geBssrRi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jkkLBuvv.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\urqNEwvs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\lgmxvpatamk.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\npqtsrak.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\rtqmekwg.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32smp\msrc.exe (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\Stephan\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\Stephan\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\Stephan\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\Stephan\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\Stephan\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32akttzn.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32anticipator.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32awtoolb.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32bdn.com (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32bsva-egihsg52.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32dpcproxy.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32emesx.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\[email protected]@@k.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32hoproxy.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32hxiwlgpm.dat (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32hxiwlgpm.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32medup012.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32medup020.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32msgp.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32msnbho.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32mssecu.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32msvchost.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32mtr2.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32mwin32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32netode.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32newsd32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32ps1.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32psof1.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32psoft1.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32regc64.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32regm64.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32Rundl1.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32sncntr.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32ssurf022.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32ssvchost.com (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32ssvchost.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32sysreq.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32taack.dat (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32taack.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32temp#01.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32thun.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32thun32.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32VBIEWER.OCX (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32vbsys2.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32vcatchpi.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32winlogonpc.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32winsystem.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\System32WINWGPX.EXE (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Stephan\Desktopblackbird.jpg (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\Stephan\DesktopEditorFKWP1.5.exe (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\Stephan\DesktopEditorFKWP2.0.exe (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\Stephan\Desktopfilemanagerclient.exe (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\Stephan\Desktopfkwp1.5.exe (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\Stephan\Desktopfkwp2.0.exe (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\Stephan\Desktopfwebd.exe (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\Stephan\DesktopFWebdEditor.exe (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\Stephan\DesktopTrojan.Win32.BlackBird.exe (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\Stephan\g2mdlhlpx.exe (Trojan.Agent) -> No action taken.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP