Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Perfect Keylogger (Sum 1 is watching me!) [RESOLVED]

Started by CRazzym3x , Jun 15 2005 02:40 AM

This topic is locked

#1
CRazzym3x

Posted 15 June 2005 - 02:40 AM

Member

Member
37 posts

Well I dont know how but my internet was getting slow so I thought I had some spyware although I did not know from where. I downloaded SD (Search & Destroy) [Anti-Spyware Program]. I run the set-up and after a little while the set up closed I was like huh? So I tried again and same thing happed. I did the install fast and could make it, but now everytime I open it it closes and there is no way I can be fast enough to chek for problems.

I started googling and found out that this program called "Perfect Keylogger" can atach a keylogger into any file and can make the keylogger close all the anti spyware stuff so my best guess is that I have that. Now, I don't want someone looking at what I;m doing specialy since I play games and dont want people hacking me. Could sum1 please help me on how to remove this?

Thanks in advanzced

P.S. The keylogger does NOT appear in the process list I read it at their website.

UPDATE: I tried LavaSoft's Ad-Aware, the keylogger closes it too.

Edited by CRazzym3x, 15 June 2005 - 02:46 AM.

#2
CRazzym3x

Posted 15 June 2005 - 02:46 AM

Member

Topic Starter
Member
37 posts

Updated With More Info

Heres my hijack this log file.

Logfile of HijackThis v1.99.1
Scan saved at 1:50:18 AM, on 6/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\EzButton\CPLDBL10.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Microsoft Shared\DAO\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft Office\Office\3082\OLFSNT40.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\Toshiba\Ivp\netint\netint.exe
C:\Program Files\BPK\key.exe
C:\Program Files\AVPersonal\GUARDGUI.EXE
C:\Program Files\AVPersonal\GUARDGUI.EXE
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\AVPersonal\GUARDGUI.EXE
C:\WINDOWS\System32\bpk.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\CRazym3x\Desktop\Cosas k no importan\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [CPLDBL10] C:\Program Files\EzButton\CPLDBL10.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [duIy1] C:\WINDOWS\ubikw.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WinService32] C:\Program Files\Common Files\Microsoft Shared\DAO\System32\svchost.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [explorer] C:\WINDOWS\System32\explorer.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [bpk] C:\WINDOWS\System32\bpk.exe
O4 - HKLM\..\Run: [key] C:\Program Files\BPK\key.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program Files\MessengerDiscovery\MessengerDiscovery.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Puerto Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\3082\OLFSNT40.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)

Edited by CRazzym3x, 15 June 2005 - 02:50 AM.

#3
CRazzym3x

Posted 17 June 2005 - 06:25 PM

Member

Topic Starter
Member
37 posts

bump

#4
Excal

Posted 20 June 2005 - 07:24 PM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

Hi CRazzym3x and welcome to GeeksToGo! My name is Excal and I will be helping you.

I can see that you have some malware issues. This maybe a few step process in removing it. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

Please go here and upload

C:\Program Files\Common Files\Microsoft Shared\DAO\System32\svchost.exe

then please post the results in your next reply.

Download and install CleanUp! Here*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
We will use this program later.

Please download ISTFIX Here
Please do not run yet

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Go to Start->Run and type in services.msc and hit OK. Then look for ZESOFT - Unknown owner and double click on it. Click on the Stop button and under Startup type, choose Disabled.

4. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

5. Close all browsers, windows and unneeded programs.

6. Open HiJack and do a scan.

7. Put a Check next to the following items:

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll (file missing)
O4 - HKLM\..\Run: [duIy1] C:\WINDOWS\ubikw.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)

8. click the Fix Checked box

9. Please run IstFix.

10. Please remove these entries from Add/Remove Programs in the Control Panel(if present):

ViewManager

11. Please remove the following folders using Windows Explorer (if present):

C:\Program Files\Viewpoint
C:\Program Files\ISTsvc

12. Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\ubikw.exe
C:\WINDOWS\web\related.htm
C:\WINDOWS\zeta.exe
C:\WINDOWS\System32\msbe.dll

13. Run the program CleanUp!

14. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

14. Please post an Active scan log and a fresh HiJackThis log. Let me know how your computer is running.

Edited by Excal, 20 June 2005 - 07:25 PM.

#5
CRazzym3x

Posted 20 June 2005 - 08:08 PM

Member

Topic Starter
Member
37 posts

First of all thanks alot for this.. second.. I canot downlaod clean up when i go on their webpage.. it closes this is because of the same "Perfect keylogger" which closes any anti spyware programs..

AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found not-a-virus:Monitor.Win32.007SpySoft.306
NOD32
Found probably unknown NewHeur_PE (probable variant)
Norman Virus Control
Found nothing
VBA32
Found nothing

#6
Excal

Posted 20 June 2005 - 08:48 PM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

When you get to steps 13, 14 and 15 replace them with these.

13. Please delete your temporary files. Double Click My Computer (WinXP: Navigate to Start --->My Computer) You will see an icon representing your harddrive (most likely C: Drive) Right Click on the hard drive icon and click Properties at the bottom of the fly out window. One the very first tab (General) you will see a button labeled "Disk Cleanup"...click that button. Make sure the following are checked: Downloaded Program Files Temporary Internet Files and Recycle Bin Click OK and Disk Cleanup will delete those files for you.

14. Reboot into normal mode and please run this online virus scan: Kaspersky - Save the results from the scan!

15. Please post the Kaspersky log and a fresh HiJackThis log. Let me know how your computer is running.

Thanks,

:tazz:

Excal

#7
CRazzym3x

Posted 20 June 2005 - 09:53 PM

Member

Topic Starter
Member
37 posts

I did this but Firefox will now just not laod any webpages... no error comes out or timeout but google wont load nor any other webpage.. I tried Wireless conection and via Local Area conection.

I did everything you listed there.. but i canot do th eonline scan in step 14 cus i have no internet on the other computer .. thanks again

IE wont work neither.. and MSN nor any other aplication that connects to ths internet.

Edited by CRazzym3x, 20 June 2005 - 09:55 PM.

#8
Excal

Posted 20 June 2005 - 10:02 PM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

I just want to get this straight. You have no connection whatsoever on that other computer?

Thanks,

:tazz:

Excal

#9
CRazzym3x

Posted 20 June 2005 - 10:04 PM

Member

Topic Starter
Member
37 posts

You beat me heh,

I fixed the conection thingy by Recreating the conection and rebooting. Im somewhat good at computers thats why I wanted to joint he Geeks to Go University so that problem is fixed I will post the log of the online scanner in a second. Thanks again.

Edited by CRazzym3x, 20 June 2005 - 10:08 PM.

#10
CRazzym3x

Posted 21 June 2005 - 01:53 AM

Member

Topic Starter
Member
37 posts

Wow that scan took a while alright so here is the html and the .txt for the virus scan thing.

-------------------------------------------------------------------------------
KASPERSKY ANTI-VIRUS WEB SCANNER REPORT
Monday, June 20, 2005 14:46:18
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Anti-Virus Web Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 21/06/2005
Kaspersky Anti-Virus database records: 127052
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 115388
Number of viruses found: 14
Number of infected objects: 105
Number of suspicious objects: 0
Duration of the scan process: 8935 sec

Infected Object Name - Virus Name
C:\Documents and Settings\CRazym3x\Desktop\Downloads\i_bpk_agentland.exe/bpkr.exe Infected: Trojan-Spy.Win32.Perfloger.a
C:\Documents and Settings\CRazym3x\Desktop\Downloads\i_bpk_agentland.exe Infected: Trojan-Spy.Win32.Perfloger.a
C:\Documents and Settings\CRazym3x\Desktop\Downloads\SC-Keylog Pro 3.1\scklpro.exe/data0008 Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\Documents and Settings\CRazym3x\Desktop\Downloads\SC-Keylog Pro 3.1\scklpro.exe/data0009 Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\Documents and Settings\CRazym3x\Desktop\Downloads\SC-Keylog Pro 3.1\scklpro.exe/data0011 Infected: Trojan-Spy.Win32.SCKeyLog.t
C:\Documents and Settings\CRazym3x\Desktop\Downloads\SC-Keylog Pro 3.1\scklpro.exe/data0012 Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\Documents and Settings\CRazym3x\Desktop\Downloads\SC-Keylog Pro 3.1\scklpro.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\Documents and Settings\CRazym3x\Desktop\Downloads\sc-keylogprodemo.exe/data0009 Infected: Trojan-Spy.Win32.SCKeyLog.z
C:\Documents and Settings\CRazym3x\Desktop\Downloads\sc-keylogprodemo.exe/data0011 Infected: Trojan-Spy.Win32.SCKeyLog.z
C:\Documents and Settings\CRazym3x\Desktop\Downloads\sc-keylogprodemo.exe Infected: Trojan-Spy.Win32.SCKeyLog.z
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\2_iSpyNow v2.0 (keylogger).zip/iSpyNow v2.0.zip/hs-is2py.rar/ispynow-setup.exe/ispynow.exe Infected: Backdoor.Win32.Delf.bz
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\2_iSpyNow v2.0 (keylogger).zip/iSpyNow v2.0.zip/hs-is2py.rar/ispynow-setup.exe Infected: Backdoor.Win32.Delf.bz
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\2_iSpyNow v2.0 (keylogger).zip/iSpyNow v2.0.zip/hs-is2py.rar Infected: Backdoor.Win32.Delf.bz
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\2_iSpyNow v2.0 (keylogger).zip/iSpyNow v2.0.zip Infected: Backdoor.Win32.Delf.bz
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\2_iSpyNow v2.0 (keylogger).zip/iSpyNow v2.0 Full.zip/ispynow-setup.exe/ispynow.exe Infected: Backdoor.Win32.Delf.bz
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\2_iSpyNow v2.0 (keylogger).zip/iSpyNow v2.0 Full.zip/ispynow-setup.exe Infected: Backdoor.Win32.Delf.bz
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\2_iSpyNow v2.0 (keylogger).zip/iSpyNow v2.0 Full.zip Infected: Backdoor.Win32.Delf.bz
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\2_iSpyNow v2.0 (keylogger).zip/ISpyNow v2.0 WinALL.zip/hs-is2py.rar/ispynow-setup.exe/ispynow.exe Infected: Backdoor.Win32.Delf.bz
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\2_iSpyNow v2.0 (keylogger).zip/ISpyNow v2.0 WinALL.zip/hs-is2py.rar/ispynow-setup.exe Infected: Backdoor.Win32.Delf.bz
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\2_iSpyNow v2.0 (keylogger).zip/ISpyNow v2.0 WinALL.zip/hs-is2py.rar Infected: Backdoor.Win32.Delf.bz
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\2_iSpyNow v2.0 (keylogger).zip/ISpyNow v2.0 WinALL.zip Infected: Backdoor.Win32.Delf.bz
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\2_iSpyNow v2.0 (keylogger).zip/ISpyNow v2.0 WinALL_Retail.zip/ISpyNow.v2.0.WinALL.RETAiL-HS/ispynow-setup.exe/ispynow.exe Infected: Backdoor.Win32.Delf.bz
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\2_iSpyNow v2.0 (keylogger).zip/ISpyNow v2.0 WinALL_Retail.zip/ISpyNow.v2.0.WinALL.RETAiL-HS/ispynow-setup.exe Infected: Backdoor.Win32.Delf.bz
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\2_iSpyNow v2.0 (keylogger).zip/ISpyNow v2.0 WinALL_Retail.zip Infected: Backdoor.Win32.Delf.bz
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\2_iSpyNow v2.0 (keylogger).zip Infected: Backdoor.Win32.Delf.bz
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\Perfect.Keylogger-v1.6.0.1-Winall-Keygen-Xrtc.rar/i_bpk2003.exe/bpkr.exe Infected: Trojan-Spy.Win32.Perfloger.f
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\Perfect.Keylogger-v1.6.0.1-Winall-Keygen-Xrtc.rar/i_bpk2003.exe Infected: Trojan-Spy.Win32.Perfloger.f
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\Perfect.Keylogger-v1.6.0.1-Winall-Keygen-Xrtc.rar Infected: Trojan-Spy.Win32.Perfloger.f
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\Perfect.Keylogger.v1.6.2.0.Incl.Keymaker-EMBRACE.from.NovaStorm.info_rar.vir/Perfect.Keylogger.v1.6.2.0.Incl.Keymaker-EMBRACE/e-pk1620.zip/embrace.rar/i_bpk2003.exe/bpkr.exe Infected: Trojan.Win32.KillAV.dt
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\Perfect.Keylogger.v1.6.2.0.Incl.Keymaker-EMBRACE.from.NovaStorm.info_rar.vir/Perfect.Keylogger.v1.6.2.0.Incl.Keymaker-EMBRACE/e-pk1620.zip/embrace.rar/i_bpk2003.exe Infected: Trojan.Win32.KillAV.dt
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\Perfect.Keylogger.v1.6.2.0.Incl.Keymaker-EMBRACE.from.NovaStorm.info_rar.vir/Perfect.Keylogger.v1.6.2.0.Incl.Keymaker-EMBRACE/e-pk1620.zip/embrace.rar Infected: Trojan.Win32.KillAV.dt
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\Perfect.Keylogger.v1.6.2.0.Incl.Keymaker-EMBRACE.from.NovaStorm.info_rar.vir/Perfect.Keylogger.v1.6.2.0.Incl.Keymaker-EMBRACE/e-pk1620.zip Infected: Trojan.Win32.KillAV.dt
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\Perfect.Keylogger.v1.6.2.0.Incl.Keymaker-EMBRACE.from.NovaStorm.info_rar.vir Infected: Trojan.Win32.KillAV.dt
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\SC-Keylog Pro 3.1\SC-Keylog Pro 3.1\scklpro.exe/data0008 Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\SC-Keylog Pro 3.1\SC-Keylog Pro 3.1\scklpro.exe/data0009 Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\SC-Keylog Pro 3.1\SC-Keylog Pro 3.1\scklpro.exe/data0011 Infected: Trojan-Spy.Win32.SCKeyLog.t
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\SC-Keylog Pro 3.1\SC-Keylog Pro 3.1\scklpro.exe/data0012 Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\SC-Keylog Pro 3.1\SC-Keylog Pro 3.1\scklpro.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\SC-Keylog Pro 3.1.rar/SC-Keylog Pro 3.1/scklpro.exe/data0008 Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\SC-Keylog Pro 3.1.rar/SC-Keylog Pro 3.1/scklpro.exe/data0009 Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\SC-Keylog Pro 3.1.rar/SC-Keylog Pro 3.1/scklpro.exe/data0011 Infected: Trojan-Spy.Win32.SCKeyLog.t
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\SC-Keylog Pro 3.1.rar/SC-Keylog Pro 3.1/scklpro.exe/data0012 Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\SC-Keylog Pro 3.1.rar/SC-Keylog Pro 3.1/scklpro.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\SC-Keylog Pro 3.1.rar Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\Program Files\SCKLPRO\klrmA Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\Program Files\SCKLPRO\Main.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\Program Files\Spybot - Search & Destroy\inst_SpybotSD.exe/rinst.exe Infected: Trojan-Spy.Win32.Perfloger.f
C:\Program Files\Spybot - Search & Destroy\inst_SpybotSD.exe Infected: Trojan-Spy.Win32.Perfloger.f
C:\Program Files\Tibia\inst_Tibia.exe/rinst.exe Infected: Trojan.Win32.KillAV.dt
C:\Program Files\Tibia\inst_Tibia.exe Infected: Trojan.Win32.KillAV.dt
C:\removekl.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP101\A0024353.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP101\A0024354.dll Infected: Trojan-Spy.Win32.SCKeyLog.t
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP102\A0024432.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP103\A0024438.dll Infected: Trojan-Spy.Win32.TKitSpy
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP103\A0024439.exe Infected: Trojan-Spy.Win32.TKitSpy
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP103\A0024440.VXD Infected: Trojan-Spy.Win32.TKitSpy
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP103\A0024626.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP103\A0024635.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP103\A0024654.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP103\A0024673.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP103\A0024682.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP103\A0024683.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP103\A0024685.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP103\A0024687.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP103\A0024689.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP103\A0024691.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP104\A0024732.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP104\A0024738.exe Infected: Trojan-Downloader.Win32.IstBar.ij
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP104\A0024742.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP104\A0024743.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP104\A0024750.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0024798.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0024856.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0024857.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0024858.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0024859.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0024861.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0024862.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0024863.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0024864.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0024865.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0024866.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0024867.exe Infected: Trojan-Spy.Win32.SCKeyLog.20
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0026974.exe Infected: Trojan-Spy.Win32.Perfloger.f
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0026980.exe Infected: Trojan-Spy.Win32.Perfloger.f
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0026985.exe Infected: Trojan.Win32.KillAV.dt
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0026988.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0026989.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0026990.scr Infected: Trojan-Spy.Win32.SCKeyLog.o
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP139\A0029882.exe/rinst.exe Infected: Trojan.Win32.KillAV.dt
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP139\A0029882.exe/TibiaMC.exe/rinst.exe Infected: Trojan-Spy.Win32.Perfloger.f
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP139\A0029882.exe/TibiaMC.exe Infected: Trojan-Spy.Win32.Perfloger.f
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP139\A0029882.exe Infected: Trojan-Spy.Win32.Perfloger.f
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP139\A0029883.exe/rinst.exe Infected: Trojan-Spy.Win32.Perfloger.f
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP139\A0029883.exe Infected: Trojan-Spy.Win32.Perfloger.f
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP52\A0011953.exe Infected: Backdoor.Win32.Dragonbot.i
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP68\A0015172.exe Infected: Trojan-Downloader.Win32.Dyfuca.dx
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP88\A0020265.exe Infected: Backdoor.Win32.Delf.bz
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP93\A0022990.exe Infected: Trojan-Spy.Win32.SCKeyLog.o
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP93\A0022992.exe Infected: Trojan-Spy.Win32.SCKeyLog.o
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP93\A0022993.exe Infected: Trojan-Spy.Win32.SCKeyLog.o
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP93\A0022994.exe Infected: Trojan-Spy.Win32.SCKeyLog.o
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP95\A0023111.exe Infected: Trojan-Spy.Win32.SCKeyLog.v
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP96\A0023118.exe Infected: Trojan-Spy.Win32.SCKeyLog.v

Scan process completed.

Attached Files

Scan_Results.html 62.09KB 12 downloads

#11
Excal

Posted 21 June 2005 - 06:53 AM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

It seems like some of the programs you have downloaded seems to be infected. Please remove these programs in the fix.

Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Please remove these entries from Add/Remove Programs in the Control Panel(if present):

sc-keylogprodemo
2_iSpyNow v2.0
Perfect.Keylogger-v1.6.0.1
SC-Keylog Pro 3.1
Spybot - Search & Destroy (will give u a good link for this one when u r cleaned)
SCKLPRO

5. Please remove the following folders using Windows Explorer (if present):

C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\Perfect.Keylogger-v1.6.0.1-Winall-Keygen-Xrtc.rar
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\SC-Keylog Pro 3.1.rar
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\SC-Keylog Pro 3.1\SC-Keylog Pro 3.1
C:\Program Files\Spybot - Search & Destroy
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\Perfect.Keylogger.v1.6.2.0.Incl.Keymaker-EMBRACE.from.NovaStorm.info_rar.vir
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\2_iSpyNow v2.0 (keylogger).zip/iSpyNow v2.0.zip
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\2_iSpyNow v2.0 (keylogger).zipISpyNow v2.0 WinALL_Retail.zip
C:\Program Files\SCKLPRO
C:\Program Files\Tibia

6. Please run Killbox.

Select "Delete on Reboot".
Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\Documents and Settings\CRazym3x\Desktop\Downloads\i_bpk_agentland.exe
C:\Documents and Settings\CRazym3x\Desktop\Downloads\i_bpk_agentland.exe/bpkr.exe
C:\Documents and Settings\CRazym3x\Desktop\Downloads\SC-Keylog Pro 3.1
C:\Documents and Settings\CRazym3x\Desktop\Downloads\sc-keylogprodemo.exe
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\2_iSpyNow v2.0 (keylogger).zip/iSpyNow v2.0.zip
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\2_iSpyNow v2.0 (keylogger).zip/ISpyNow v2.0 WinALL_Retail.zip
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\2_iSpyNow v2.0 (keylogger).zip/ISpyNow v2.0 WinALL_Retail.zip
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\2_iSpyNow v2.0 (keylogger).zip
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\Perfect.Keylogger-v1.6.0.1-Winall-Keygen-Xrtc.rar/i_bpk2003.exe/bpkr.exe
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\Perfect.Keylogger-v1.6.0.1-Winall-Keygen-Xrtc.rar/i_bpk2003.exe
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\Perfect.Keylogger-v1.6.0.1-Winall-Keygen-Xrtc.rar
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\Perfect.Keylogger.v1.6.2.0.Incl.Keymaker-EMBRACE.from.NovaStorm.info_rar.vir/Perfect.Keylogger.v1.6.2.0.Incl.Keymaker-EMBRACE/e-pk1620.zip/embrace.rar/i_bpk2003.exe/bpkr.exe
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\Perfect.Keylogger.v1.6.2.0.Incl.Keymaker-EMBRACE.from.NovaStorm.info_rar.vir/Perfect.Keylogger.v1.6.2.0.Incl.Keymaker-EMBRACE/e-pk1620.zip/embrace.rar/i_bpk2003.exe
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\Perfect.Keylogger.v1.6.2.0.Incl.Keymaker-EMBRACE.from.NovaStorm.info_rar.vir/Perfect.Keylogger.v1.6.2.0.Incl.Keymaker-EMBRACE/e-pk1620.zip/embrace.rar
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\Perfect.Keylogger.v1.6.2.0.Incl.Keymaker-EMBRACE.from.NovaStorm.info_rar.vir/Perfect.Keylogger.v1.6.2.0.Incl.Keymaker-EMBRACE/e-pk1620.zip
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\Perfect.Keylogger.v1.6.2.0.Incl.Keymaker-EMBRACE.from.NovaStorm.info_rar.vir
C:\Documents and Settings\CRazym3x\Desktop\Musik\Musik\SC-Keylog Pro 3.1.rar
C:\removekl.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP101\A0024353.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP101\A0024354.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP102\A0024432.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP103\A0024438.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP103\A0024439.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP103\A0024440.VXD
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP103\A0024626.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP103\A0024635.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP103\A0024654.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP103\A0024673.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP103\A0024682.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP103\A0024683.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP103\A0024685.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP103\A0024687.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP103\A0024689.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP103\A0024691.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP104\A0024732.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP104\A0024738.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP104\A0024742.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP104\A0024743.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP104\A0024750.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0024798.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0024856.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0024857.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0024858.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0024859.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0024861.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0024862.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0024863.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0024864.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0024865.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0024866.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0024867.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0026974.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0026980.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0026985.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0026988.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0026989.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP105\A0026990.scr
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP139\A0029882.exe/rinst.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP139\A0029882.exe/TibiaMC.exe/rinst.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP139\A0029882.exe/TibiaMC.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP139\A0029882.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP139\A0029883.exe/rinst.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP139\A0029883.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP52\A0011953.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP68\A0015172.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP88\A0020265.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP93\A0022990.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP93\A0022992.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP93\A0022993.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP93\A0022994.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP95\A0023111.exe
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP96\A0023118.exe
Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

7. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

8. Please post the Active scan log and a fresh HiJackThis log. Let me know how your computer is running.

#12
CRazzym3x

Posted 21 June 2005 - 05:17 PM

Member

Topic Starter
Member
37 posts

Active Scan Log

Incident Status Location

Possible Virus. No disinfected C:\Documents and Settings\CRazym3x\Desktop\Downloads\Tibia_Proxy_109\Setup.msi[unk_0043][File74]
Possible Virus. No disinfected C:\Program Files\Tibia Proxy\Recovery.exe

Hijack This Log

Logfile of HijackThis v1.99.1
Scan saved at 6:17:17 AM, on 6/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Microsoft Shared\DAO\System32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Tibia\tibia.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\CRazym3x\Desktop\Cosas k no importan\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\PROGRA~1\BPK\keywb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [CPLDBL10] C:\Program Files\EzButton\CPLDBL10.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WinService32] C:\Program Files\Common Files\Microsoft Shared\DAO\System32\svchost.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [explorer] C:\WINDOWS\System32\explorer.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Puerto Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\3082\OLFSNT40.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Ty again

#13
Excal

Posted 21 June 2005 - 05:30 PM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

Hi CRazzym3x,

Are you familiar with or have you installed this?

C:\Program Files\Common Files\Microsoft Shared\DAO\System32\svchost.exe

Please let me know so I can contiune with your fix

Can you please go to start>My computer>Program Files>Common Files>Microsoft Shared>DAO>system32 then find svchost.exe, right click on it should be a option to zip/compress and email. Email it to this address. [email protected]. Please put suspcious file in the subject.

EDIT* U can also delete those two files that showed up in the online scan.

:tazz:

Excal

Edited by Excal, 21 June 2005 - 05:31 PM.

#14
CRazzym3x

Posted 21 June 2005 - 07:35 PM

Member

Topic Starter
Member
37 posts

Hello thanks again I sent the email with 2 download links since Gmail would not allo wme to send .exe nor zip files which contain .exe in it.

I am not familiar with that and I did not install that.

#15
Excal

Posted 21 June 2005 - 07:56 PM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

Hi CRazzym3x,

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Close all browsers, windows and unneeded programs.

5. Open HiJack and do a scan.

6. Put a Check next to the following items:

O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\PROGRA~1\BPK\keywb.dll (file missing)
O4 - HKLM\..\Run: [WinService32] C:\Program Files\Common Files\Microsoft Shared\DAO\System32\svchost.exe

7. click the Fix Checked box

8. Please remove the following folders using Windows Explorer (if present):

C:\Program Files\Common Files\Microsoft Shared\DAO

9. Let me know how your computer is running.