Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan horse generic_r.CWM, trojan horse ZeroAccess.UG [Solved]


  • This topic is locked This topic is locked

#16
Ategenos

Ategenos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
using 12.0.7601.1754 WMP 12 for Windows 7


and I redid the log.


µTorrent
Adobe Digital Editions 2.0
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.04)
Advanced SystemCare Ultimate 6
Apple Application Support
Apple Software Update
AVG PC TuneUp Language Pack (en-US)
AVG SafeGuard toolbar
DAEMON Tools Pro
Devil May Cry 3 Special Edition
EAX™ Unified (SHELL)
ffdshow [rev 2527] [2008-12-19]
FINAL FANTASY VIII
Google Chrome
Google Earth Plug-in
Google Talk Plugin
HP Deskjet 3050 J610 series Help
HP Photo Creations
HP Update
Java 7 Update 17
Java Auto Updater
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 18.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA PhysX
Razer Game Booster
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
SlingHealth ActiveX
Spybot - Search & Destroy
Steam
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
WebSlingPlayer ActiveX
WModem Driver Installer
  • 0

Advertisements


#17
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld



These logs are looking allot better. But we still have some work to do.


uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove


µTorrent
Java 7 Update 17


[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic



"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

  • 0

#18
Ategenos

Ategenos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Ya I use utorrent to exchange files with family and the wife. I clicked on the wrong file to download and it is what I believe caused the virus in the first place. As far setting I do not share anything at all. My P2P setup is set to "ghost" But I did notice that when the infection occurred settings were changed. I just saw this response after working all day and I will start with the list of tasks you assigned and will get back to you as soon as I am able. Thank you for your concern. I also wanted to mention that my wife today received an email from centurylink our isp. It was quite harsh. They stated they had detected the sirefef virus because it had attacked their servers from my computer and was attempting to spread to others. So it all adds up. They threatened to terminate our services =/ saying we were compromised. Anyways I'll get to work. I do not think I will get to it all tonight though. Might be a day. Again thank you for the support and your help. I am extremely grateful. I have never had such a horrible infection in all of my years..... but I also have never received the amount of great advice support and service as I have here. You are a god send.
  • 0

#19
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Thank you for that and I will be looking for you when you are ready


gringo
  • 0

#20
Ategenos

Ategenos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.23.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Mother Jones :: MOTHERFUERJON [administrator]

Protection: Enabled

9/23/2013 11:49:35 AM
mbam-log-2013-09-23 (11-49-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201929
Time elapsed: 3 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{02704B93-E3AF-7251-C73C-E52279DBD04B} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\ProgramData\InstallMate\{79083672-C1EC-4C99-AE72-89CEA2EB1484}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{79083672-C1EC-4C99-AE72-89CEA2EB1484}\TsuDll.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Users\Mother Jones\Downloads\frostwire-5.5.2.windows.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Mother Jones\Downloads\Setup.exe (Adware.IBryte) -> Quarantined and deleted successfully.

(end)
  • 0

#21
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Ategenos


Did you also run the Hijackthis program?

Gringo
  • 0

#22
Ategenos

Ategenos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
yes, sorry just got off work. gonna do it now.
  • 0

#23
Ategenos

Ategenos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:45:12 PM, on 9/23/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
CHROME: 16.0.904.0
FIREFOX: 18.0 (en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
C:\Program Files (x86)\Optimizer Pro\OptProStart.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Mother [bleep]er Jones\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3289847
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:63040;https=127.0.0.1:63040
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R3 - URLSearchHook: WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll
O2 - BHO: Qwiklinx - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Mother [bleep]er Jones\AppData\Roaming\Qwiklinx\Qwiklinx.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: WhiteSmoke New - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Mother [bleep]er Jones\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ConduitFloatingPlugin_klibnahbojhkanfgaglnlalfkgpcppfi] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3289847\plugins\TBVerifier.dll",RunConduitFloatingPlugin klibnahbojhkanfgaglnlalfkgpcppfi
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} (SlingHealth Class) - http://dishconnectiv...SlingHealth.cab
O20 - AppInit_DLLs: c:\progra~2\optimi~1\optpro~1.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater15.5.0 - Unknown owner - (no file)
O23 - Service: WajamUpdater - Wajam - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 7399 bytes
  • 0

#24
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [uTorrent] "C:\Users\Mother [bleep]er Jones\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
      O4 - HKCU\..\Run: [ConduitFloatingPlugin_klibnahbojhkanfgaglnlalfkgpcppfi] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3289847\plugins\TBVerifier.dll",RunConduitFloatingPlugin klibnahbojhkanfgaglnlalfkgpcppfi

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here

Gringo
  • 0

#25
Ategenos

Ategenos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
not looking good =P at 93% and it has found 25 infected files. 4 are bagle.gen.zip worm...... -.- sigh.......
  • 0

Advertisements


#26
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

" 4 are bagle.gen.zip worm"
Those are inside Spybots quarantine folder - That is just how it reads them


Gringo
  • 0

#27
Ategenos

Ategenos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
oh ok, it's been scanning for over 4 hours now.
  • 0

#28
Ategenos

Ategenos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
here's the scan

C:\AdwCleaner\Quarantine\C\Program Files (x86)\DefaultTab\DefaultTabSearch.exe.vir a variant of Win32/Toolbar.DefaultTab.B application
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\AdwCleaner\Quarantine\C\ProgramData\visualbee\VisualBeeSoftware.exe.vir a variant of Win32/Toolbar.Babylon.A application
C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave1.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave2.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave3.zip Win32/Bagle.gen.zip worm
C:\Qoobox\Quarantine\C\Users\Mother [bleep]er Jones\AppData\Local\Google\Chrome\User Data\Default\Extensions\coenochipghpnjjgkfedbheagbgfcdnj\1\516a371ee67f13.76573986.js.vir Win32/Adware.MultiPlug.H application
C:\System Volume Information\SystemRestore\FRStaging\Users\Mother [bleep]er Jones\AppData\Local\Temp\DAEMONToolsPro530-0359.exe Win32/OpenCandy application
C:\System Volume Information\SystemRestore\FRStaging\Users\Mother [bleep]er Jones\AppData\Local\Temp\SearchProtectionSetup.exe probably a variant of Win32/Toolbar.Widgi application
C:\System Volume Information\SystemRestore\FRStaging\Users\Mother [bleep]er Jones\AppData\Roaming\Mozilla\Firefox\Profiles\u8ehhjwb.default\extensions\staged\[email protected]\content\bg.js Win32/Adware.MultiPlug.H application
C:\System Volume Information\SystemRestore\FRStaging\Users\Mother [bleep]er Jones\AppData\Roaming\Yontoo\YontooDesktop.exe a variant of MSIL/WebCake.B application
C:\System Volume Information\SystemRestore\FRStaging\Users\Mother [bleep]er Jones\Downloads\Uniblue RegistryBooster 2011 5.0.12.1 + serial [TrT-TcT]\Uniblue RegistryBooster 2011 5.0.12.1 + serial [TrT-TcT]\Uniblue RegistryBooster 2011 5.0.12.1 + serial [TrT-TcT]\registrybooster.exe Win32/RegistryBooster application
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave1.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave2.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave3.zip Win32/Bagle.gen.zip worm
C:\Users\Mother [bleep]er Jones\AppData\Local\Updater23986\Updater23986.exe a variant of Win32/Toolbar.CrossRider.C application
C:\Users\Mother [bleep]er Jones\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\130123194550597.rsc multiple threats
C:\Users\Mother [bleep]er Jones\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\130124192852985.rsc a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Mother [bleep]er Jones\Desktop\Setup.exe a variant of Win32/Adware.iBryte.G application
C:\Users\Mother [bleep]er Jones\Documents\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Mother [bleep]er Jones\Downloads\AdobeFlash_setup(1).exe a variant of Win32/InstallCore.AZ application
C:\Users\Mother [bleep]er Jones\Downloads\AdobeFlash_setup(2).exe a variant of Win32/InstallCore.AZ application
C:\Users\Mother [bleep]er Jones\Downloads\AdobeFlash_setup.exe a variant of Win32/InstallCore.AZ application
C:\Users\Mother [bleep]er Jones\Downloads\Justified_S04E06_HDTV_x264-2HD_[eztv]_secure.exe Win32/TopMedia.B application
C:\Users\Mother [bleep]er Jones\Downloads\media.player.codec.pack.v4.2.4.setup.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Mother [bleep]er Jones\Downloads\SoftonicDownloader_for_steam.exe Win32/SoftonicDownloader.E application
C:\Users\Mother [bleep]er Jones\Downloads\DAEMON Tools Pro Advanced v5.2.0. 0348 Including Crack [h33t][iahq76]\DAEMONToolsPro520-0348.exe Win32/OpenCandy application
C:\Users\Mother [bleep]er Jones\Downloads\The Sims 3 - Razor1911 Final MAXSPEED\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro.iso a variant of Win32/Keygen.GU application
C:\Users\Mother [bleep]er Jones\Downloads\Uniblue RegistryBooster 2011 5.0.12.1 + serial [TrT-TcT]__a03652\Uniblue RegistryBooster 2011 5.0.12.1 + serial [TrT-TcT]\Uniblue RegistryBooster 2011 5.0.12.1 + serial [TrT-TcT].rar Win32/RegistryBooster application
C:\Users\Mother [bleep]er Jones\Pictures\New folder\registrybooster.exe Win32/RegistryBooster application
  • 0

#29
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
No worries I will be here when it is ready


gringo
  • 0

#30
Ategenos

Ategenos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
that's it, it's done. I posted log in last reply
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP