Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Problems


  • Please log in to reply

#16
fright01

fright01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, June 01, 2008 5:59:15 PM
Operating System: Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/06/2008
Kaspersky Anti-Virus database records: 821463
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 63465
Number of viruses found: 16
Number of infected objects: 37
Number of suspicious objects: 0
Duration of the scan process: 02:00:08

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\Winamp\Plugins\Gracenote\cddb.db Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\µTorrent Downloads\Cute FTP Professional v8.0.7 Build 31.5.2007\patch\patch.exe Infected: Trojan-Dropper.Win32.Delf.ase skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\ih85jdcf.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\ih85jdcf.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\ih85jdcf.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\ih85jdcf.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008060120080602\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\temp\~DF18E5.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\temp\~DF1B25.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\temp\~DFE9DF.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\temp\~DFEA25.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\temp\~ROMFN_00000F80 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\report.rpt Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\Application Data\Microsoft\dtsc\16434.exe.vir Infected: Trojan-Downloader.Win32.Agent.plz skipped
C:\QooBox\Quarantine\C\Program Files\Network Monitor\netmon.exe.vir Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\QooBox\Quarantine\C\WINDOWS\dm8w\asappsrv.dll.vir Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\QooBox\Quarantine\C\WINDOWS\dm8w\command.exe.vir Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\1026c\cosDRV3.exe.vir Infected: Trojan.Win32.Agent.lom skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\acom1\wdpars11.exe.vir Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bTMP\autdx2.exe.vir Infected: Trojan-Downloader.Win32.Small.vvk skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\clbdll.dll.vir Infected: Trojan.Win32.Agent.mxo skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rev3\zoolckr.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.bg skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rwwnw64d.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.bg skipped
C:\QooBox\Quarantine\catchme2008-05-29_161024.78.zip/clbdriver.sys Infected: Trojan.Win32.DNSChanger.dds skipped
C:\QooBox\Quarantine\catchme2008-05-29_161024.78.zip ZIP: infected - 1 skipped
C:\SDFix\backups\backups.zip/backups/vntiho061083.exe Infected: Trojan-Downloader.Win32.VB.epp skipped
C:\SDFix\backups\backups.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{5290DEA7-EE08-4383-AE76-3F3F0806BF8F}\RP2\A0006887.exe/data0006 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 skipped
C:\System Volume Information\_restore{5290DEA7-EE08-4383-AE76-3F3F0806BF8F}\RP2\A0006887.exe Inno: infected - 1 skipped
C:\System Volume Information\_restore{5290DEA7-EE08-4383-AE76-3F3F0806BF8F}\RP2\A0007197.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{5290DEA7-EE08-4383-AE76-3F3F0806BF8F}\RP2\A0007198.exe Infected: not-a-virus:AdWare.Win32.WebHancer.423 skipped
C:\System Volume Information\_restore{5290DEA7-EE08-4383-AE76-3F3F0806BF8F}\RP2\A0007200.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{5290DEA7-EE08-4383-AE76-3F3F0806BF8F}\RP2\A0007201.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{5290DEA7-EE08-4383-AE76-3F3F0806BF8F}\RP2\A0008125.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{5290DEA7-EE08-4383-AE76-3F3F0806BF8F}\RP2\A0008128.dll Infected: Trojan.Win32.Agent.mxo skipped
C:\System Volume Information\_restore{5290DEA7-EE08-4383-AE76-3F3F0806BF8F}\RP2\A0008129.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bg skipped
C:\System Volume Information\_restore{5290DEA7-EE08-4383-AE76-3F3F0806BF8F}\RP2\A0008133.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{5290DEA7-EE08-4383-AE76-3F3F0806BF8F}\RP2\A0008134.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{5290DEA7-EE08-4383-AE76-3F3F0806BF8F}\RP2\A0009250.exe Infected: Trojan-Downloader.Win32.VB.epp skipped
C:\System Volume Information\_restore{5290DEA7-EE08-4383-AE76-3F3F0806BF8F}\RP2\A0009357.exe Infected: Trojan-Downloader.Win32.VB.epp skipped
C:\System Volume Information\_restore{5290DEA7-EE08-4383-AE76-3F3F0806BF8F}\RP6\A0009927.exe Infected: Trojan-Dropper.Win32.Delf.ase skipped
C:\System Volume Information\_restore{5290DEA7-EE08-4383-AE76-3F3F0806BF8F}\RP6\A0009937.exe Infected: not-virus:Hoax.Win32.Renos.cqi skipped
C:\System Volume Information\_restore{5290DEA7-EE08-4383-AE76-3F3F0806BF8F}\RP7\A0009997.exe Infected: Trojan.Win32.Agent.lom skipped
C:\System Volume Information\_restore{5290DEA7-EE08-4383-AE76-3F3F0806BF8F}\RP7\A0009998.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{5290DEA7-EE08-4383-AE76-3F3F0806BF8F}\RP7\A0009999.exe Infected: Trojan-Downloader.Win32.Small.vvk skipped
C:\System Volume Information\_restore{5290DEA7-EE08-4383-AE76-3F3F0806BF8F}\RP7\A0010000.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bg skipped
C:\System Volume Information\_restore{5290DEA7-EE08-4383-AE76-3F3F0806BF8F}\RP7\A0010004.exe Infected: Trojan-Downloader.Win32.Agent.plz skipped
C:\System Volume Information\_restore{5290DEA7-EE08-4383-AE76-3F3F0806BF8F}\RP7\A0010099.sys Infected: Trojan.Win32.DNSChanger.dqm skipped
C:\System Volume Information\_restore{5290DEA7-EE08-4383-AE76-3F3F0806BF8F}\RP8\A0010259.sys Infected: Trojan.Win32.DNSChanger.dds skipped
C:\System Volume Information\_restore{5290DEA7-EE08-4383-AE76-3F3F0806BF8F}\RP8\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{5290DEA7-EE08-4383-AE76-3F3F0806BF8F}\RP8\change.log Object is locked skipped

Scan process completed.
  • 0

Advertisements


#17
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Navigate to this file name and delete it.

C:\Documents and Settings\Administrator\Desktop\µTorrent Downloads\Cute FTP Professional v8.0.7 Build 31.5.2007\patch\patch.exe
============
After that post back with another Hijackthis log and let me know how things are running?
  • 0

#18
fright01

fright01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
http://frightful720....hijackthis3.log

but yeah, that is the file that kinda started it :)
but lately the only thing kaspersky has been requesting to block has been everything I do, except the virus soo I think it is just waiting in the shadows
  • 0

#19
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi PLease open Hijackthis choose do a system scan only.
Then place a check mark next to the following entries. (Only fix these if you did not set the permissions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

Then click on Fix Checked and then close Hijackthis.
===================================
Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image


Then please delete C:\SDFix and any .txt files related to what we used in your C:\ drive.

Also delete\uninstall anything that we used that may be left over.
=====================================
After that your log is clean. :)

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

Edited by kahdah, 02 June 2008 - 07:55 PM.

  • 0

#20
fright01

fright01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hmm, thanks :) so thats all?
Well, you were very helpful :) What is a good active scanner? That monitors stuff? Similar to zone alarm or kaspersky
  • 0

#21
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
All that you really need is one good antivirus scanner and one good antispyware scanner.
Running at all times.
Kaspersky is what I would recommend for antivirus But antispyware could be any of the below:
SUPERAntiSpyware. < Scanner free but not a real time shield unless you pay for it
MalwarebytesANtimalware <Scanner free but not a real time shield unless you pay for it
Windows Defender <It is real time protection and it is free
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP