Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Stumped :s

Started by Adhater , Jun 16 2005 03:33 PM

  • Please log in to reply

#1
Adhater
Posted 16 June 2005 - 03:33 PM

Adhater

    New Member

  • Member
  • Pip
  • 3 posts
Well, i'm stumped. I have a hardy spyware infection on my computer and everything i have tried has lead to nothing but time wasted.

I've tried scanning with Adaware, spybot, spy doctor, spy sweeper, cwsshredder, about buster and hijack this. All in safemode and to top it off i did a full system scan with my norton after each scan AND proceeded to delete various executables and dll's manually. Deleted everything in my temp folder, temp internet folder, prefech folder. It keeps coming back nomatter what i do or try. I've been at it for 3 days and i'm completely stumped and out of ideas, hopefully someone here isn't :s

Some details about the things i'm experiencing:

Everytime i open an IE or explorer window an executable is run on my system that consumes 99% of my cpu recourses. I'm getting frequent pop-up and my home page has been changed to 'about:blanc' and won't change back. I noticed some softawre in my software list called 'home search assistant, shopping wizzard (x2), search extender and offer optimizer'. Attemps to uninstall these send me to a website where i can download a tool that doesn't seem to work (it doesn't remove the progs).

Here is a norton log listing the trojans norton found. These are the files that run with each new explorer or IE window:

16/06/2005 23:03:34,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,Dr N0,ATHLONDELUXE,Source: E:\WINDOWS\winlf.exe
16/06/2005 23:03:34,Auto-Protect,Trojan Horse,Repair failed,File,N/A,N/A,Dr N0,ATHLONDELUXE,Source: E:\WINDOWS\winlf.exe
16/06/2005 22:51:09,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,Dr N0,ATHLONDELUXE,Source: E:\WINDOWS\javaqh32.exe
16/06/2005 22:51:09,Auto-Protect,Trojan Horse,Repair failed,File,N/A,N/A,Dr N0,ATHLONDELUXE,Source: E:\WINDOWS\javaqh32.exe
16/06/2005 22:50:53,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,Dr N0,ATHLONDELUXE,Source: E:\WINDOWS\d3im.exe
16/06/2005 22:50:53,Auto-Protect,Trojan Horse,Repair failed,File,N/A,N/A,Dr N0,ATHLONDELUXE,Source: E:\WINDOWS\d3im.exe
16/06/2005 22:49:47,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,Dr N0,ATHLONDELUXE,Source: E:\WINDOWS\d3nd.exe
16/06/2005 22:49:47,Auto-Protect,Trojan Horse,Repair failed,File,N/A,N/A,Dr N0,ATHLONDELUXE,Source: E:\WINDOWS\d3nd.exe
16/06/2005 22:47:10,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,Dr N0,ATHLONDELUXE,Source: E:\WINDOWS\system32\addxo32.exe
16/06/2005 22:47:10,Auto-Protect,Trojan Horse,Repair failed,File,N/A,N/A,Dr N0,ATHLONDELUXE,Source: E:\WINDOWS\system32\addxo32.exe
16/06/2005 17:41:47,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,Dr N0,ATHLONDELUXE,Source: E:\WINDOWS\addsl.exe
16/06/2005 17:41:47,Auto-Protect,Trojan Horse,Repair failed,File,N/A,N/A,Dr N0,ATHLONDELUXE,Source: E:\WINDOWS\addsl.exe
16/06/2005 17:40:27,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,Dr N0,ATHLONDELUXE,Source: E:\WINDOWS\addsl.exe
16/06/2005 17:40:27,Auto-Protect,Trojan Horse,Repair failed,File,N/A,N/A,Dr N0,ATHLONDELUXE,Source: E:\WINDOWS\addsl.exe
16/06/2005 17:40:07,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,Dr N0,ATHLONDELUXE,Source: E:\WINDOWS\addsl.exe
16/06/2005 17:40:07,Auto-Protect,Trojan Horse,Repair failed,File,N/A,N/A,Dr N0,ATHLONDELUXE,Source: E:\WINDOWS\addsl.exe
16/06/2005 17:37:17,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,Dr N0,ATHLONDELUXE,Source: E:\WINDOWS\addsl.exe
16/06/2005 17:37:17,Auto-Protect,Trojan Horse,Repair failed,File,N/A,N/A,Dr N0,ATHLONDELUXE,Source: E:\WINDOWS\addsl.exe
16/06/2005 17:33:47,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,Dr N0,ATHLONDELUXE,Source: E:\WINDOWS\addsl.exe
16/06/2005 17:33:47,Auto-Protect,Trojan Horse,Repair failed,File,N/A,N/A,Dr N0,ATHLONDELUXE,Source: E:\WINDOWS\addsl.exe
16/06/2005 17:31:27,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,Dr N0,ATHLONDELUXE,Source: E:\WINDOWS\addsl.exe
16/06/2005 17:31:27,Auto-Protect,Trojan Horse,Repair failed,File,N/A,N/A,Dr N0,ATHLONDELUXE,Source: E:\WINDOWS\addsl.exe
16/06/2005 17:29:27,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,Dr N0,ATHLONDELUXE,Source: E:\WINDOWS\addsl.exe
16/06/2005 17:29:27,Auto-Protect,Trojan Horse,Repair failed,File,N/A,N/A,Dr N0,ATHLONDELUXE,Source: E:\WINDOWS\addsl.exe
16/06/2005 17:28:18,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,Dr N0,ATHLONDELUXE,Source: E:\WINDOWS\addsl.exe
16/06/2005 17:28:18,Auto-Protect,Trojan Horse,Repair failed,File,N/A,N/A,Dr N0,ATHLONDELUXE,Source: E:\WINDOWS\addsl.exe

And here is a hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 23:29:11, on 16/06/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\D-Tools\daemon.exe
E:\WINDOWS\System32\rundll32.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
E:\WINDOWS\System32\ctfmon.exe
E:\WINDOWS\System32\NotifyPhoneBook.exe
E:\program files\valve\steam\steam.exe
E:\Program Files\MSGTAG\MSGTAG.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\MSI\Core Center\CoreCenter.exe
E:\Program Files\Proxomitron Naoko-4\Proxomitron.exe
E:\WINDOWS\System32\alg.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
E:\WINDOWS\System32\nvsvc32.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\PROGRA~1\SPYWAR~1\swdoctor.exe
E:\WINDOWS\System32\taskmgr.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\ewido\security suite\ewidoctrl.exe
E:\Program Files\ewido\security suite\ewidoguard.exe
C:\appz\DEATHTOSPYWARE!!!\hijackthis\HijackThis.exe
E:\WINDOWS\system32\applj32.exe
E:\WINDOWS\system32\crnu32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\WINDOWS\tpbsf.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINDOWS\tpbsf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://E:\WINDOWS\tpbsf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\WINDOWS\tpbsf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINDOWS\tpbsf.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://E:\WINDOWS\tpbsf.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://E:\WINDOWS\tpbsf.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080;https=localhost:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {AFE9366B-5984-4CD9-5214-CD1D2AC39783} - E:\WINDOWS\system32\ieyd32.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [USRpdA] E:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "E:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] E:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Creative WebCam Tray] E:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [d3fu32.exe] E:\WINDOWS\d3fu32.exe
O4 - HKLM\..\RunServices: [strmsnmgrs] msnxmsgrsc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "e:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSGTAG] "E:\Program Files\MSGTAG\MSGTAG.exe" /startup
O4 - HKCU\..\Run: [strmsnmgrs] msnxmsgrsc.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: The Proxomitron.lnk = E:\Program Files\Proxomitron Naoko-4\Proxomitron.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CoreCenter.lnk = E:\Program Files\MSI\Core Center\CoreCenter.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED7C7C88-11C3-4897-82ED-9532D527FDBF}: NameServer = 212.71.8.11,212.71.0.2
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - E:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - E:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - E:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - E:\Documents and Settings\Dr N0\Local Settings\Temporary Internet Files\Content.IE5\US8FQ523\sfuninstall[1].exe" service (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Hopefully someone can help me. I'm getting fed up with running at the speed of a p2 and having my taskmanager open all the time ready to kill trojans trying to run on my computer :s
  • 0

Advertisements

#2
Adhater
Posted 16 June 2005 - 05:53 PM

Adhater

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I made a scan with Ewido and this is the repport it gave me...

ewido security suite - Scan rapport
---------------------------------------------------------

+ Gemaakt op: 1:52:23, 17/06/2005
+ Rapport samenvatting: E3F63B4C

+ Datum van de database: 16/06/2005
+ Versienummer van de scanner: v3.0

+ Duur: 103 min
+ Gescande bestanden: 308490
+ Snelheid: 49.91 Bestanden/Seconde
+ Geinfecteerde bestanden: 55
+ Verwijderde bestanden: 55
+ Bestanden in quarantaine gezet: 0
+ Bestanden die niet konden worden geopend: 0
+ Bestanden die niet konden worden schoongemaakt: 0

+ Binder: Ja
+ Crypter: Ja
+ Archieven: Ja

+ Gescande items:
C:\
E:\

+ Scan resultaten:
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\administrator@geocities[1].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\administrator@guestbook[2].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\administrator@linkexchange[2].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\administrator@mysearchnow[1].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\administrator@myway[1].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\administrator@S001-00-3-20-111278-2753[1].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\administrator@S006-01-1-10-203449-47972[2].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\administrator@S009-00-12-21-203449-44872[2].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\administrator@S113245[2].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\administrator@S130343[2].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\administrator@S130376[1].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\administrator@S139232[2].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\administrator@S151568[2].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\administrator@S152628[1].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Harry Ballz\Cookies\harry ballz@3[2].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Harry Ballz\Cookies\harry [email protected][1].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Harry Ballz\Cookies\harry ballz@com[2].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Harry Ballz\Cookies\harry [email protected][1].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Harry Ballz\Cookies\harry [email protected][1].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Harry Ballz\Cookies\harry ballz@geocities[1].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
C:\Documents and Settings\Harry Ballz\Cookies\harry ballz@xiti[1].txt -> Spyware.Tracking-Cookie -> Schoongemaakt zonder backup
E:\Documents and Settings\All Users\Documenten\install.exe -> Backdoor.Robobot.x -> Schoongemaakt zonder backup
E:\Program Files\Common Files\ajpllrlh\apjhttcnrp\ncprbpjld.exe -> Spyware.Gator -> Schoongemaakt zonder backup
E:\Program Files\Common Files\ajpllrlh\llnhrlhj\faptbllp.exe -> Spyware.Gator -> Schoongemaakt zonder backup
E:\WINDOWS\apinm.dll -> TrojanDownloader.Agent.pe -> Schoongemaakt zonder backup
E:\WINDOWS\mfcwq32.exe -> TrojanDownloader.Agent.bq -> Schoongemaakt zonder backup
E:\WINDOWS\n_ffcrrj.log -> TrojanDownloader.Agent.bc -> Schoongemaakt zonder backup
E:\WINDOWS\n_izypig.dat -> TrojanDownloader.Agent.bq -> Schoongemaakt zonder backup
E:\WINDOWS\n_joazrx.dat -> TrojanDownloader.Agent.bq -> Schoongemaakt zonder backup
E:\WINDOWS\n_ptnasd.log -> TrojanDownloader.Agent.bq -> Schoongemaakt zonder backup
E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KT2JGLQF\belgium[1].exe -> Dialer.Generic -> Schoongemaakt zonder backup
E:\WINDOWS\system32\__delete_on_reboot__ieyd32.dll -> TrojanDownloader.Agent.bc -> Schoongemaakt zonder backup
E:\WINDOWS\tpbsf.dll -> Spyware.SearchPage -> Schoongemaakt zonder backup


::Einde rapport
  • 0

#3
Adhater
Posted 16 June 2005 - 08:26 PM

Adhater

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hmmmm,

It seems that in all my desparate effort i actually managed to remove this plague. Sofar so good. No more trajons running and my browser is no longer getting hijacked. I'm gonna hold my breath over the next couple of days. If a reinfection appears i will make another post here but i think for now i'm going to be ok :tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP