Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32.Trojan.Yspy


  • This topic is locked This topic is locked

#241
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I decided to run ATF Cleaner again, and the AV program Kaspersky saw it as an invader I believe, or another process was trying to use it, not sure. So I blocked it. The program came up after that.

7/15/2008 15:35:55 C:\WINDOWS\Explorer.EXE Intrusive process: C:\WINDOWS\Explorer.EXE Process ID (PID): 484 Attempt of process intrusion: C:\ATF-Cleaner.exe Process ID (PID): 2288

7/15/2008 15:35:55 C:\WINDOWS\Explorer.EXE Action blocked.
  • 0

Advertisements


#242
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
http://onecare.live....-us/default.htm
Windows Live One Care Safety Scanner. Would you happen to know if this is a decent scanner? Do you think I should try it out?
  • 0

#243
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I still have problems. I updated Kaspersky and it is now hitting on the problems with the hidden files that Sophos anti root kit showed previously. C:\system volume information\_restore...
I do not know what to do about this. Kaspersky could not disenfect them. I could delete them, but it might be trouble. The first one shows up as Adware: not-a-virus:Adware.Win32.Agent.aeh
It has detected virus Heur.invader
adware: not a virus:Adware.Win32.Weatherbug a
This is just so far...these are all in the same area as those hidden files, and FINALLY an antivirus program has seem them. I scanned previously with Kaspersky and it didn't see it. I told Dr. Web about where this was, and they needed to put out a update for that. I will see what else it finds.
  • 0

#244
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
detected: Trojan program Trojan-Downloader.JS.gen (modification) File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP601\A0281036.msi//omnF01.cab/omn_Kernel.js0

This one could not be disinfected, but it allowed me to put it in quarantine, so I did.

detected: adware not-a-virus:AdWare.Win32.SearchIt.t File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP601\A0281045.exe//WiseSFXDropper//WISE0015.BIN

This one could not be disinfected either, but did not allow the option of quarantine.
  • 0

#245
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts
Hi, kelkay :)

Sorry for the delay. koko_crunch seems to be having connection problems. The detections you mention in your last report are part of your System Restore.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Please download OTCleanIT by OldTimer.
  • Save it to your desktop.
  • Please double-click OTCleanIT.exe to run it. (Vista users, please right click on OTCleanIT.exe and select "Run as an Administrator")
  • This will delete the tools we used in the removal of malware, including this program.
  • If you are asked to reboot to complete the removal process then please do so
Upon restart, manually remove any remaining tools.

Rescan and post the report.
  • 0

#246
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Yes, thank you. I am 82% done with the scan of Kaspersky, and when it is done I will follow your directions. Thanks for explaining that, it makes sense! :)
  • 0

#247
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Ok I cleared the System Restore, and reset it. I then made a new restore point for JUST IN CASE. I then did the OTCleanIt. Then I did a Sophos Anti-Rootkit scan just for the heck of it, and it is now CLEARED of those nasty hidden files, because of the System Restore reset. I am very happy about this, because that was bugging me. So now you want me to do a scan, I don't know which one, Kaspersky again? I will start it and see if you say anything different. It took almost 6 hours to do the last scan. So I'd better get started.

Edited by kelkay, 19 July 2008 - 04:52 PM.

  • 0

#248
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts
Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u6-windows-i586-p.exe and select "Run as an Administrator.")

  • 0

#249
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, July 20, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, July 20, 2008 04:34:51
Records in database: 976134
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 144393
Threat name: 2
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 02:43:47


File name / Threat name / Threats count
C:\ATT_SST_Installer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 2
C:\Documents and Settings\Kelly\My Documents\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

The selected area was scanned.
  • 0

#250
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I didn't really know Smitfraudfix was still on my computer. I tried to go to add remove programs, but cannot delete it that way. The CleanIt program didn't get it. I have two folders, plus more I found. There are two folders, with lots of exe files in them. There are also two .cmd files left from smitfraudfix too. Can these all just be deleted and sent to the recycle bin, or will that cause any problems?
The Smitfraud files were on the desktop initially, I do not know how they got moved. I thought the CleanIt program took care of them, but now I see it didn't.

Edited by kelkay, 20 July 2008 - 11:11 AM.

  • 0

Advertisements


#251
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I thought that my computer was FINALLY about to be clear of infection. I decided to run SuperAntiSpyware and it has run 15 minutes so far and has found 111 instances of adware, malware, trojans etc... I am wondering where the hole is so I can plug it up. This is beyond crazy... I will post results when the scan is through.
Just wondering if I should let SuperAntiSpyware put these things in quarantine, disinfect, or whatever... or should we try to do this with another program. It is pretty good at finding stuff, but whether it is good at disinfecting, I do not know. Please advise.

Edited by kelkay, 20 July 2008 - 11:50 AM.

  • 0

#252
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,938 posts
Delete the following folders:

C:\Documents and Settings\Kelly\My Documents\SmitfraudFix
C:\Program Files\Mozilla Firefox\SmitfraudFix

When scanning, be careful with false positives. Rather post the results here and we will let you know.
  • 0

#253
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Alright, thank you!!
  • 0

#254
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I deleted the files. SuperAntiSpyware should be done in a few minutes, and I will post the results. The people on this site have been so helpful, I cannot thank you enough for all your help so far.
  • 0

#255
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/20/2008 at 01:49 PM

Application Version : 4.15.1000

Core Rules Database Version : 3508
Trace Rules Database Version: 1499

Scan type : Complete Scan
Total Scan Time : 01:34:23

Memory items scanned : 458
Memory threats detected : 0
Registry items scanned : 7031
Registry threats detected : 0
File items scanned : 141271
File threats detected : 111

Adware.SurfSideKick
C:\Program Files\SurfSideKick 3

Adware.Apropos Media
C:\Program Files\Aprps

Adware.SpywareStrike
C:\Program Files\SpywareStrike

Adware.WhenU
C:\Program Files\Save
C:\Program Files\Common Files\WhenU
C:\Program Files\WHENUSEARCH

Adware.180solutions/ZangoSearch
C:\Program Files\Zango
C:\Program Files\Zango Programs

Adware.Surf Accuracy
C:\Program Files\SurfAccuracy

Adware.IST/ISTBar (Slotch Bar)
C:\Program Files\ISTBar

Adware.Ezula
C:\WINDOWS\system32\ezstub.exe
C:\WINDOWS\eZinstall.exe
C:\Program Files\Ezula
C:\Program Files\Web Offer

Trojan.SpySheriff
C:\Program Files\SpySheriff

Adware.WebHancer
C:\Program Files\WEBHANCER
C:\Program Files\whInstall

Spyware.WebSearch (WinTools/Huntbar)
C:\Program Files\Common Files\WinTools

Trojan.AdwarePunisher
C:\Program Files\AdwarePunisher

Adware.ClickSpring
C:\Program Files\PuritySCAN

Adware.Sandboxer (MemoryWatcher)
C:\Program Files\MemoryWatcher

Adware.WebNexus
C:\WINDOWS\system32\wuauclt.dll
C:\WINDOWS\wupdt.exe

Adware.BookedSpace
C:\WINDOWS\bsx32
C:\WINDOWS\bs2.dll
C:\WINDOWS\bs3.dll
C:\WINDOWS\bsx5.dll
C:\WINDOWS\bxxs5.dll
C:\WINDOWS\oo4.dll
C:\WINDOWS\system32\acd.dll
C:\WINDOWS\system32\anaamon.dll
C:\WINDOWS\system32\bs2.dll
C:\WINDOWS\system32\bs3.dll
C:\WINDOWS\system32\bsx5.dll
C:\WINDOWS\system32\bxsx5.dll
C:\WINDOWS\system32\bxxs5.dll
C:\WINDOWS\system32\oo4.dll
C:\WINDOWS\system32\rem00001.dll

Trojan.MalwareWipe
C:\Program Files\MalwareWipe.com

Trojan.WinFixer 2006
C:\Program Files\Common Files\WinFixer 2006
C:\Program Files\WinFixer_2006
C:\WINDOWS\system32\dfe1.exe

Trojan.NewDotNet
C:\Program Files\NewDotNet

Adware.Adservs
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._

Adware.Starware
C:\Program Files\Starware

Adware.HotBar/SpamBlockerUtility (Low Risk)
C:\Program Files\SpamBlockerUtility

Adware.HotBar/ShopperReports (Low Risk)
C:\Program Files\ShopperReports

Adware.IST/YourSiteBar
C:\Program Files\YourSiteBar

Trojan.UnSpyPC Spyware Scanner
C:\Program Files\UnSpyPC

Trojan.Unknown Origin
C:\WINDOWS\mslagent

Trojan.PestTrap
C:\Program Files\PestTrap

Trojan.RazeSpyware
C:\Program Files\RazeSpyware

Trojan.AdwareSheriff
C:\Program Files\AdwareSheriff

Trojan.RemedyAntiSpy
C:\Program Files\RemedyAntispy

Trojan.HitVirus
C:\Program Files\HitVirus

Trojan.ADWareBazooka
C:\Program Files\ADWareBazooka

Trojan.RegiFast
C:\Program Files\RegiFast

Adware.Toolbar888
C:\Program Files\Toolbar888

Trojan.SpyFalcon
C:\Program Files\SpyFalcon

Adware.ClearSearch
C:\Program Files\ClearSearch

Trojan.BraveSentry
C:\Program Files\BraveSentry

Adware.Best Offers Network
C:\Program Files\TBONBin

Adware.TrustInCash
C:\Program Files\TrustIn Bar
C:\Program Files\TrustIn Search
C:\Program Files\TrustIn Contextual
C:\Program Files\TrustIn Popups
C:\WINDOWS\system32\tisa.cnf

Trojan.Spyware Stormer
C:\Program Files\Spyware Stormer

Trojan.CDSC63R
C:\WINDOWS\system32\cdscsix3.dll

Adware.Elite Media
C:\WINDOWS\etb

Malware.AlertSpy
C:\Program Files\AlertSpy

Spyware.E2G
C:\Program Files\E2G

Adware.IPWins
C:\Program Files\ipwindows

Adware.BargainBuddy/NaviSearch
C:\Program Files\BullsEye Network
C:\Program Files\NaviSearch

Malware.RegFreeze
C:\Program Files\RegFreeze

Malware.Adware Finder
C:\Program Files\AdFinderToolbar
C:\Program Files\AdwareFinder

Malware.KillAndClean
C:\Program Files\KillAndClean

Malware.AntiVirusGolden
C:\Program Files\AntiviralGolden

Trojan.Media-Codec
C:\Program Files\Media-Codec
C:\Program Files\MMediaCodec

Malware.Antispyware Soldier
C:\Program Files\Antispyware Soldier

Adware.180solutions/Seekmo
C:\Program Files\Seekmo

Malware.DriveCleaner
C:\Program Files\DriveCleaner 2006 Free

Malware.PestCapture
C:\Program Files\PestCapture

Malware.AntiVermins
C:\Program Files\AntiVermins

Adware.AdSponsor
C:\Program Files\AdSponsor

Malware.MalwareAlarm
C:\Program Files\MalwareAlarm

Malware.ContraVirus
C:\Program Files\ContraVirus

Malware.SpyDawn
C:\Program Files\SpyDawn

Malware.MalwareStopper
C:\Program Files\MalwareStopper

Adware.Web Buying
C:\Program Files\Web Buying

Adware.IST/SideFind
C:\Program Files\SideFind

Unclassified.PC MightyMax
C:\Program Files\PC MightyMax

Malware.LocusSoftware Inc/AVSystemCare
C:\Program Files\AVSystemCare

Rogue.AntiVirusProtection
C:\Program Files\Antivirus Protection

Rogue.SpywareRemover
C:\Program Files\Spyware Remover

Rogue.Installer/Trace
C:\Program Files\180search assistant
C:\Program Files\180searchassistant
C:\Program Files\stc

Spyware.ShopNav
C:\Program Files\Srng

Rogue.MyNetProtector
C:\Program Files\MyNetProtector

Rogue.AdwareSpy
C:\Program Files\AdwareSpy

Rogue.ETDScanner
C:\Program Files\ETD Security Scanner

Rogue.MySpyProtector
C:\Program Files\MySpyProtector

Rogue.PCHealthPlan
C:\Program Files\PC Health Plan

Rogue.MandelEnterprise/Variants
C:\Program Files\Adware Patrol
C:\Program Files\Doctor Adware
C:\Program Files\Doctor Adware Pro
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP