Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My results with AntiVirus Gold


  • Please log in to reply

#1
Doondarin

Doondarin

    New Member

  • Member
  • Pip
  • 3 posts
I followed what has been explained to others, and have had some success. I was not able to download the Hijack This software, but I did download the others. Now my Windows XP has regressed to Windows 2000, for some weird reason and I have a Windows sidebar that won't go away from my desktop. Any suggestions?


This is the result of my Ewido scan:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:06:05 PM, 7/5/2005
+ Report-Checksum: 7037D002

+ Scan result:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\S-1-5-21-1214440339-926492609-725345543-1000\Software\Microsoft\Internet Explorer\Explorer Bars\{2CF0B992-5EEB-4143-99C0-5297EF71F444} -> Spyware.BrowserAid : Cleaned with backup
HKU\S-1-5-21-1214440339-926492609-725345543-1000\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7QRP5UAB\load01[1].exe -> Backdoor.Dumador.cz : Cleaned with backup
C:\Documents and Settings\Serena\Cookies\serena@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Serena\Cookies\serena@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Serena\Cookies\serena@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\88776928-DE79-44FC-B483-E05D44\7B7642AB-CB87-4434-B3FF-D92A09 -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F588CEE6-AD02-4825-92FF-41BFEB\5B61D259-BCB8-43AF-A8D4-06FFF9 -> TrojanDownloader.Agent.pi : Cleaned with backup
C:\winloadhh.dll -> TrojanDownloader.Small.asy : Cleaned with backup
C:\WINNT\Downloaded Program Files\gdnUS1865.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINNT\gds5.dll -> TrojanDownloader.Small.azf : Cleaned with backup
C:\WINNT\Ipmc.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINNT\ModemDet.txt:aztdel -> Trojan.Agent.em : Cleaned with backup
C:\WINNT\security_and_privacy.htm:qshui -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\sysmf32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\system32\24234.exe -> Backdoor.Dumador.cz : Cleaned with backup
C:\WINNT\system32\4223718.exe -> Backdoor.Dumador.cz : Cleaned with backup
C:\WINNT\system32\529119531.exe -> Backdoor.Dumador.cz : Cleaned with backup
C:\WINNT\system32\57630546.exe -> Backdoor.Dumador.cz : Cleaned with backup
C:\WINNT\system32\615529078.exe -> Backdoor.Dumador.cz : Cleaned with backup
C:\WINNT\system32\701944109.exe -> Backdoor.Dumador.cz : Cleaned with backup
C:\WINNT\system32\intel32.exe -> Trojan.Agent.ff : Cleaned with backup
C:\WINNT\system32\winldra.exe -> Backdoor.Dumador.cz : Cleaned with backup
C:\WINNT\system32\zolker001.dll -> TrojanDownloader.Agent.pi : Cleaned with backup
C:\WINNT\UnstSA5.exe -> TrojanDropper.Delf.z : Cleaned with backup
C:\WINNT\UPGRADE.TXT:vhjbaw -> Trojan.Agent.em : Cleaned with backup
C:\WINNT\WinPoET_PreInstallation.txt:wyspcb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\_default.pif:ebfpb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\_default.pif:tzuwf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\_default.pif:vhcfr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\_default.pif:zjydq -> TrojanDownloader.Agent.bq : Cleaned with backup


::Report End


This is the result of my active scan:
Incident Status Location

Virus:W32/Smitfraud.B Disinfected Operating system
Adware:Adware/Smitfraud No disinfected C:\WINNT\System32\OLEADM.dll
Adware:Adware/CWS.Yexe No disinfected C:\WINNT\stchost.exe
Adware:Adware/Smitfraud No disinfected C:\WINNT\System32\intel32.exe
Virus:Bck/Haxdoor.A Disinfected Operating system
Adware:Adware/SAHAgent No disinfected C:\WINNT\System32\SahImages
Adware:Adware/CWS.Yexe No disinfected C:\WINNT\stchost.exe
Adware:Adware/VirtualBouncer No disinfected C:\WINNT\Downloaded Program Files\BundleOuter*.exe
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Virus:Trj/Dumarin.H Disinfected Operating system
Adware:Adware Program No disinfected C:\$$$_.log
Adware:Adware/CWS.Searchmeup No disinfected C:\WINNT\toolbar.exe
Adware:Adware/StoolBar No disinfected Windows Registry
Adware:Adware/AzeSearch No disinfected C:\WINNT\System32\ztoolbar.bmp
Virus:Bck/Dumador.O Disinfected Operating system
Adware:Adware/Adsmart No disinfected C:\dkload.exe
Adware:Adware/Popuper No disinfected Windows Registry
Adware:Adware/Smitfraud No disinfected C:\WINNT\System32\oleadm.dll
Adware:Adware/PsGuard No disinfected C:\Documents and Settings\All Users\Desktop\PSGuard.lnk
Adware:Adware Program No disinfected C:\$$$_.log
Adware:Adware/CWS.Searchmeup No disinfected C:\dkload.exe
Adware:Adware/PsGuard No disinfected C:\Documents and Settings\All Users\Desktop\PSGuard.lnk
Adware:Adware/AzeSearch No disinfected C:\Documents and Settings\All Users\Start Menu\PopUp Blocker.lnk
Adware:Adware/AzeSearch No disinfected C:\Documents and Settings\All Users\Start Menu\Spyware Remover.lnk
Virus:Trj/Classloader.B Disinfected C:\Documents and Settings\Dave Gibson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\in_s.class-18fee360-78152e91.class
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Dave Gibson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar.jar-6a595dd3-66083253.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Dave Gibson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar.jar-6a595dd3-66083253.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Dave Gibson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar.jar-6a595dd3-66083253.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Dave Gibson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar.jar-6a595dd3-66083253.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Dave Gibson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fdafaa7-2899a417.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Dave Gibson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fdafaa7-2899a417.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Dave Gibson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fdafaa7-2899a417.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Dave Gibson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fdafaa7-2899a417.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Dave Gibson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4e089340-388aa5c9.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Dave Gibson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4e089340-388aa5c9.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Dave Gibson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4e089340-388aa5c9.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Dave Gibson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4e089340-388aa5c9.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Dave Gibson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-54c913c1-4d975df5.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Dave Gibson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-54c913c1-4d975df5.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Dave Gibson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-54c913c1-4d975df5.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Dave Gibson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-54c913c1-4d975df5.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Dave Gibson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-68717ba7-5785c8df.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Dave Gibson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-68717ba7-5785c8df.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Dave Gibson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-68717ba7-5785c8df.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Dave Gibson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-68717ba7-5785c8df.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Dave Gibson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-6f6bfb45-213ea776.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Dave Gibson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-6f6bfb45-213ea776.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Dave Gibson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-6f6bfb45-213ea776.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Dave Gibson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-6f6bfb45-213ea776.zip[Worker.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Dave Gibson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-6f6bfb45-213ea776.zip[Xeyond.class]
Virus:Trj/Downloader.CHD Disinfected C:\Documents and Settings\Dave Gibson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-6f6bfb45-213ea776.zip[web.exe]
Adware:Adware/AzeSearch No disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\86PEUG56\loadppc[1].exe
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Adware:Adware/CWS.Yexe No disinfected C:\sys39491099.exe
Adware:Adware/VirtualBouncer No disinfected C:\WINNT\Downloaded Program Files\BundleOuter2501031120.EXE
Adware:Adware/CWS.Aboutblank No disinfected C:\WINNT\n_vtnscb.dat
Adware:Adware/CWS.Yexe No disinfected C:\WINNT\stchost.exe
Adware:Adware/Smitfraud No disinfected C:\WINNT\system32\intel32.exe
Adware:Adware/Smitfraud No disinfected C:\WINNT\system32\oleadm.dll
Adware:Adware/CWS.Searchmeup No disinfected C:\WINNT\system32\systime.exe
Virus:W32/Smitfraud.B Disinfected C:\WINNT\system32\wininet.dll
Adware:Adware/AzeSearch No disinfected C:\WINNT\system32\ztoolbar.bmp
Adware:Adware/CWS.Searchmeup No disinfected C:\WINNT\toolbar.exe
I hope this is how I"m supposed to do this. I'm sorry if it isn't. Thanks for your time.

Dave
  • 0

Advertisements


#2
Perculator

Perculator

    Visiting Staff

  • Member
  • PipPipPip
  • 183 posts
Hello and welcome to Geeks To Go.

Lets start out with some general scans, and see if we can clean things up a little.

+++++ Step 1 +++++
Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display "Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates


Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.**
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")


+++++ Step 2 +++++

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

+++++ Step 3 +++++

Update HiJackThis
  • Open HiJackThis
  • Click Open the Misc Tools Section
  • Click Check for update online
+++++ Step 4 +++++

After that, I will need to see two different logs from HiJackThis. The first is the normal log like you posted here. To get the other one, follow these directions.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Post back with those logs and we can continue from there.

If you have received help elsewhere or no longer need our assistance, please let us know.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP