Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

about blank,yellow triangle warnings, bsm.exe[RESOLVED]


  • This topic is locked This topic is locked

#1
gerry adams

gerry adams

    New Member

  • Member
  • Pip
  • 2 posts
When using Explorer, a trojan appears to have come in. Avast identified it as puper.e but can't delete stating it is in registry. Avast also shows I have a Recycler trojan.

My desktop display image was hijacked at the same time and a blue warning screen appeared instead stating I was infected. On right clicking properties I can only get screensaver and settings. I now have a black screen behind the icons
I found this warning image in my program files and I have it in my recycle bin along with an online casino, anti spam, mobile phone and other shortcuts.
I think a program called bsm.exe came in at the same time since I found that in the program files timed at the same time as the trojan appearance. Would this have caused the display problem?
I have been through the downloads, run the programs and have the hijack this log.



--------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 13:06:07, 19/05/2005
+ Report-Checksum: 1DF7D1AF

+ Date of database: 19/05/2005
+ Version of scan engine: v3.0

+ Duration: 34 min
+ Scanned Files: 71789
+ Speed: 35.14 Files/Second
+ Infected files: 19
+ Removed files: 19
+ Files put in quarantine: 19
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
F:\

+ Scan result:
C:\Documents and Settings\Gerry\Cookies\gerry@79635536[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gerry\Cookies\gerry@ads.guardian.co[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gerry\Cookies\gerry@burstnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gerry\Cookies\gerry@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gerry\Cookies\gerry@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gerry\Cookies\gerry@marksandspencer[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gerry\Cookies\gerry@network[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gerry\Cookies\gerry@next[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gerry\Cookies\gerry@realmedia[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gerry\Cookies\gerry@server.iad.liveperson[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gerry\Cookies\gerry@tradedoubler[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gerry\Cookies\gerry@tribalfusion[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gerry\Local Settings\Temporary Internet Files\Content.IE5\2LOJCLGV\dba1865[2].exe -> Dialer.Generic -> Cleaned with backup
C:\Program Files\Virtual Maid\Virtual Maid.dll -> Spyware.MaidBar.b -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1454471165-688789844-725345543-1003\Dc55.exe -> Dialer.Generic -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1454471165-688789844-725345543-1003\Dc6.exe -> Dialer.Generic -> Cleaned with backup
C:\WINDOWS\system32\msmsgs.exe -> TrojanDownloader.Zlob.i -> Cleaned with backup
C:\WINDOWS\system32\wldr.dll -> TrojanDownloader.Agent.le -> Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__msole32.exe -> Spyware.Agent.cr -> Cleaned with backup


::Report End

Hope I have followed all the help instructions correctly. :tazz:
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

You need to follow the instructions on the sticky topic. See the first link below in my signature (Read this before posting...) and follow the steps outlined there. Post the HijackThis log here when ready.
  • 0

#3
gerry adams

gerry adams

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
:tazz: ;) Thanks for the advice. I must have missed something out the first time I followed the instructions.
Glad to say that my display has returned, the yellow triangle has gone and I am now on Firefox. The only action I have taken since the programs cleaned my PC is changing the browser home page.
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP