My desktop display image was hijacked at the same time and a blue warning screen appeared instead stating I was infected. On right clicking properties I can only get screensaver and settings. I now have a black screen behind the icons
I found this warning image in my program files and I have it in my recycle bin along with an online casino, anti spam, mobile phone and other shortcuts.
I think a program called bsm.exe came in at the same time since I found that in the program files timed at the same time as the trojan appearance. Would this have caused the display problem?
I have been through the downloads, run the programs and have the hijack this log.
--------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 13:06:07, 19/05/2005
+ Report-Checksum: 1DF7D1AF
+ Date of database: 19/05/2005
+ Version of scan engine: v3.0
+ Duration: 34 min
+ Scanned Files: 71789
+ Speed: 35.14 Files/Second
+ Infected files: 19
+ Removed files: 19
+ Files put in quarantine: 19
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
F:\
+ Scan result:
C:\Documents and Settings\Gerry\Cookies\gerry@79635536[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gerry\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gerry\Cookies\gerry@burstnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gerry\Cookies\gerry@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gerry\Cookies\gerry@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gerry\Cookies\gerry@marksandspencer[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gerry\Cookies\gerry@network[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gerry\Cookies\gerry@next[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gerry\Cookies\gerry@realmedia[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gerry\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gerry\Cookies\gerry@tradedoubler[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gerry\Cookies\gerry@tribalfusion[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gerry\Local Settings\Temporary Internet Files\Content.IE5\2LOJCLGV\dba1865[2].exe -> Dialer.Generic -> Cleaned with backup
C:\Program Files\Virtual Maid\Virtual Maid.dll -> Spyware.MaidBar.b -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1454471165-688789844-725345543-1003\Dc55.exe -> Dialer.Generic -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1454471165-688789844-725345543-1003\Dc6.exe -> Dialer.Generic -> Cleaned with backup
C:\WINDOWS\system32\msmsgs.exe -> TrojanDownloader.Zlob.i -> Cleaned with backup
C:\WINDOWS\system32\wldr.dll -> TrojanDownloader.Agent.le -> Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__msole32.exe -> Spyware.Agent.cr -> Cleaned with backup
::Report End
Hope I have followed all the help instructions correctly.