Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

vmain.class trojan and others

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 2 posts
Recently, I have noticed that my internet speed went super slow then the next day my symantec endpoint found a bunch of Trojans such as 19 vmain.class threats, 6 _____vload.class threats, 1 GoogleCode.class, and 1 Google.Uploader.class. All of these files were located in a folder of Spyware Doctor. Also it did not affect my computer speed at all just the internet. My internet should be up to 768kbs to 1mb and its running at 250kbs as of now and will not go any faster. I have read other topics with the same Trojans and followed the cleaning method of this thread http://www.geekstogo...howtopic=278606. One problem was I could not use the ComboFix since I have Windows Vista 64-bit and also did not use the OTL. Also my computer got infected back in 5/17/2010 from a Rogue Antivirus so I marked the quarantine files in RED. But other than that I did the following steps in regular mode because I was not sure if it mattered to it in Safe Mode.

EDIT: Also I just noticed that under my processes that are running is a process known as csrss.exe and the description is blank and i looked it up and its supposedly known as Trojan.Webus but nothing is picking it up and also when I go to end the process I get the access denied screen.

HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:21:26 PM, on 7/5/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Users\DJ\AppData\Local\TVersity\Media Server\MediaServer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Registry Mechanic\RegMech.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3102285875-513200047-3782347557-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-3102285875-513200047-3782347557-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-3102285875-513200047-3782347557-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Mcx1')
O4 - HKUS\S-1-5-21-3102285875-513200047-3782347557-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Mcx2')
O4 - S-1-5-21-3102285875-513200047-3782347557-1005 User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Mcx1')
O4 - S-1-5-21-3102285875-513200047-3782347557-1006 User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Mcx2')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.s...abs/tgctlcm.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Users\DJ\AppData\Local\TVersity\Media Server\MediaServer.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

End of file - 13783 bytes

STEP 1. Used ATF cleaner and CCleaner.

STEP 2. Used the CCleaner to clean the registry and also used Registry Mechanic.

STEP 3. Used Malwarebytes Anit-Malware
LOG: Malwarebytes' Anti-Malware 1.46

Database version: 4272

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

7/3/2010 4:04:18 PM
mbam-log-2010-07-03 (16-04-18).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 306384
Time elapsed: 1 hour(s), 39 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Zugo (Adware.Zugo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Quarantine Files from 5/17/2010 Trojan.Agent, Rogue.AntivirusSuite and Rogue.AntivirusSuite.Gen

STEP 4. Used SUPERAntiSpyware
LOG: SUPERAntiSpyware Scan Log

Generated 07/03/2010 at 05:37 PM

Application Version : 4.40.1002

Core Rules Database Version : 5153
Trace Rules Database Version: 2965

Scan type : Complete Scan
Total Scan Time : 01:24:48

Memory items scanned : 586
Memory threats detected : 0
Registry items scanned : 14868
Registry threats detected : 0
File items scanned : 40976
File threats detected : 1

Adware.Tracking Cookie.doubleclick.net [ C:\Users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\erjhqqoo.default\cookies.sqlite ]

STEP 5. Used Spyware Doctor
NO LOG: but I do have Quarantine files in there from a 5/17/2010 when my computer got infected and its 6 Trojan.Generic and
each file is from Java Sun folder.

STEP 6. Kaspersky Online Scanner
LOG: --------------------------------------------------------------------------------
Sunday, July 4, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version:
Last database update: Saturday, July 03, 2010 20:02:32
Records in database: 4253574

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:

Scan statistics:
Objects scanned: 150072
Threats found: 12
Infected objects found: 31
Suspicious objects found: 0
Scan duration: 05:03:32

File name / Threat / Threats count
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5b43c10a-712efe0f Infected: Exploit.Java.Agent.ar 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5b43c10a-712efe0f Infected: Exploit.Java.Agent.as 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-42a2b660 Infected: Exploit.Java.Agent.f 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\1a25d2cf-616d901b Infected: Exploit.Java.Agent.f 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\29d9bb55-50e85f19 Infected: Trojan-Downloader.Java.Agent.fe 3
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\10dec256-78a309ae Infected: Trojan-Downloader.Java.Agent.fe 3
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\27c3f96-73f0e1ef Infected: Exploit.Java.Agent.ar 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\27c3f96-73f0e1ef Infected: Exploit.Java.Agent.as 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\2c3b3a57-774dd583 Infected: Exploit.Java.Agent.f 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\30feb821-7346b295 Infected: Exploit.Java.Agent.f 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\6aed6d62-470fc9f1 Infected: Exploit.Java.Agent.f 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\7cde92e5-16e1adc2 Infected: Trojan.Java.Agent.y 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\7cde92e5-16e1adc2 Infected: Exploit.Java.Agent.j 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\7cde92e5-16e1adc2 Infected: Exploit.Java.Agent.k 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-63edc372 Infected: Trojan-Downloader.Java.Agent.fe 3
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\5473416c-75bd3303 Infected: Exploit.Java.Agent.f 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\e649f74-54568f0b Infected: Exploit.Java.Agent.f 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\68e558f5-12ef9cac Infected: Exploit.Java.Agent.ar 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\68e558f5-12ef9cac Infected: Exploit.Java.Agent.as 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\3900a9c6-5e029288 Infected: Trojan-Downloader.Java.Agent.eg 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\3900a9c6-5e029288 Infected: Trojan-Downloader.Java.Agent.fb 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\3900a9c6-5e029288 Infected: Trojan-Downloader.Java.Agent.el 1
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\5b3d5486-32307015 Infected: Exploit.Java.Agent.f 1
C:\Users\DJ\Apps\DKP_10_3264.rar Infected: Packed.Win32.Black.a 1
C:\Users\DJ\Apps\DKP_10_3264.rar Infected: not-a-virus:Monitor.Win32.KeyLogger.xh 1

Selected area has been scanned.

STEP 7. ESet Online Scanner
LOG: [email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=
# OnlineScanner.ocx=
# api_version=3.0.2
# EOSSerial=371c0d3e2a9a9b4eab70bcef04290605
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-07-04 10:13:48
# local_time=2010-07-04 03:13:48 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776638 100 56 22324361 114820923 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=152936
# found=16
# cleaned=16
# scan_time=16213
C:\Program Files\Shark007\Tools\settings64.exe Win32/Packed.Autoit.Gen application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-42a2b660 a variant of Java/TrojanDownloader.Agent.NAN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\1a25d2cf-616d901b multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\4c3fce10-6d931c1f Java/TrojanDownloader.Agent.NAQ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\2c3b3a57-774dd583 Java/TrojanDownloader.Agent.NAP trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\30feb821-7346b295 a variant of Java/TrojanDownloader.Agent.NAN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\6aed6d62-470fc9f1 a variant of Java/TrojanDownloader.Agent.NAN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\7cde92e5-16e1adc2 a variant of Java/Exploit.Agent.NAC trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\23ea3369-76da805a multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7fe5a66b-414c39de a variant of Java/Exploit.Agent.NAC trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\5473416c-75bd3303 a variant of Java/TrojanDownloader.Agent.NAN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\e649f74-54568f0b a variant of Java/TrojanDownloader.Agent.NAN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\3900a9c6-5e029288 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\5b3d5486-32307015 a variant of Java/TrojanDownloader.Agent.NAN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\Apps\DKP_10_3264.rar probably a variant of Win32/Obfuscated trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\DJ\Apps\NERO\Nero- Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

Can Someone plz help me out because I want to get rid of this for good and get my internet back up to its proper speed.

Thanks, DJ

Edited by yaboy7, 07 July 2010 - 02:19 PM.

  • 0


Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP