But now, as I try to run the applications and following the instructions from the Malaware/Spyware Cleaning guide, I am having issues.
I am able to run TFC to completion, and the PC restarts. In finishing the restart. am now getting two warning banners, about two .dll files that can't be loaded.
The first RUNDLL warning banner that pops up is: "error loading fatopoe.dll" the specified module could not be found.
Followed shortly with another RUBDLL warning " Error loading c:\documen~1\NETWOR~1\ntload.dll the specified module could not be found.
So, I hit "OK" to move on, and things look ok.
So, then I tried to execute "System Restore step. I had downloaded it directly to the desktop, double click to run, I ge the "publisher could not be verfied" banner, so I choose to "run", when I do, I get another warning banner ".NET Framework Initialization Error", content line shows: "C:\windows\microsoft.net\Framework\v2.0.5072\mscorwks.dll could not be loaded".
So, then I went ahead and ran the "erunt" utility, and that ran fine.
Then I moved on to Rootkill, since I already ran "malaware" previously.
Rootkill was launched from the desktop, it put up a banner that it was initializing, and the application seemed to freeze, No update, status, notices or anything.
So, I figured ok, go ahead and capture the OTL log, when I pasted the infomation into the Custom Scan Log as stated, and ran the quick scan, the application started, and update the status at the bottom, until it seemed to freeze at "Scanning NetSvcs Setting...."
In addition, I did start the Kapersky Scan, and stopped after it ran for over 10 hours, but the following is what was captured:
------------------------------------------------------------------------
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, December 16, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, December 16, 2009 13:54:30
Records in database: 3378309
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan statistics:
Objects scanned: 202503
Threats found: 10
Infected objects found: 21
Suspicious objects found: 0
Scan duration: 10:15:46
File name / Threat / Threats count
c:\documents and settings\all users\application data\adobe\sp.dll/c:\documents and settings\all users\application data\adobe\sp.dll Infected: Trojan-Proxy.Win32.Agent.byn 3
C:\Documents and Settings\Administrator.JOSEPH_MAIN_PC\My Documents\JJJoseph\jjjoseph\receive\NewSpy.exe Infected: not-a-virus:Monitor.Win32.RealSpy.b 1
C:\Documents and Settings\Administrator.JOSEPH_MAIN_PC\My Documents\JJJoseph\jjjoseph\receive\NewSpy.exe Infected: not-a-virus:Monitor.Win32.RealSpy.a 1
C:\Documents and Settings\All Users\Application Data\Adobe\sp.DLL Infected: Trojan-Proxy.Win32.Agent.byn 1
C:\Documents and Settings\Default User\My Documents\JJJoseph\jjjoseph\receive\kmd202.exe Infected: Trojan-Downloader.Win32.VB.kxl 1
C:\Documents and Settings\Default User\My Documents\JJJoseph\jjjoseph\receive\NewSpy.exe Infected: not-a-virus:Monitor.Win32.RealSpy.b 1
C:\Documents and Settings\Default User\My Documents\JJJoseph\jjjoseph\receive\NewSpy.exe Infected: not-a-virus:Monitor.Win32.RealSpy.a 1
C:\Documents and Settings\Owner\Local Settings\temp\B1.tmp Infected: Trojan.Win32.Cosmu.ebn 1
C:\Documents and Settings\Owner\My Documents\JJJoseph\jjjoseph\receive\kmd202.exe Infected: Trojan-Downloader.Win32.VB.kxl 1
C:\Documents and Settings\Owner\My Documents\JJJoseph\jjjoseph\receive\NewSpy.exe Infected: not-a-virus:Monitor.Win32.RealSpy.b 1
C:\Documents and Settings\Owner\My Documents\JJJoseph\jjjoseph\receive\NewSpy.exe Infected: not-a-virus:Monitor.Win32.RealSpy.a 1
C:\jujf.exe Infected: Trojan.Win32.Koblu.bld 1
C:\Qoobox\Quarantine\C\WINDOWS\System.exe.vir Infected: Trojan.Win32.Buzus.cqwm 1
C:\WINDOWS\Downloaded Program Files\ForbesDownloader.ocx Infected: Trojan-Downloader.Win32.Genome.pzy 1
C:\WINDOWS\system32\config\systemprofile\My Documents\JJJoseph\jjjoseph\receive\kmd202.exe Infected: Trojan-Downloader.Win32.VB.kxl 1
C:\WINDOWS\system32\config\systemprofile\My Documents\JJJoseph\jjjoseph\receive\NewSpy.exe Infected: not-a-virus:Monitor.Win32.RealSpy.b 1
C:\WINDOWS\system32\config\systemprofile\My Documents\JJJoseph\jjjoseph\receive\NewSpy.exe Infected: not-a-virus:Monitor.Win32.RealSpy.a 1
C:\WINDOWS\system32\crt4.dll Infected: Backdoor.Win32.Delf.rxu 1
C:\WINDOWS\system32\lsm32.sys Infected: Trojan.Win32.VB.zjv 1
Scanning stopped by the user.
-----------------------------------------------------------------------
So, I would appreciate and assistance or recommendation as the best way to proceed...
Thanks in advance..
JJJSLJ
Edited by jjjoseph, 16 December 2009 - 09:00 PM.
Sign In
Create Account
