Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trojan-Spy.HTML.Smitfraud.c & Bloodhound.W32.EP [RESOLVED]

Started by Nate72 , Jul 17 2005 10:26 AM

This topic is locked

#1
Nate72

Posted 17 July 2005 - 10:26 AM

New Member

Member
6 posts

I tried everything from site "http://www.geekstogo...showtopic=2852" Here is my hijackthis log.

I still have Trojan-Spy.HTML.Smitfraud.c on my desktop and Norton AV detects Bloodhound.W32.EP D:\WINNTPA\system32\wininet.dll virus. Please help.

Logfile of HijackThis v1.99.1
Scan saved at 10:11:17 PM, on 7/4/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNTPA\System32\smss.exe
D:\WINNTPA\system32\winlogon.exe
D:\WINNTPA\system32\services.exe
D:\WINNTPA\system32\lsass.exe
D:\WINNTPA\system32\svchost.exe
D:\WINNTPA\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
D:\WINNTPA\System32\svchost.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\ewido\security suite\ewidoguard.exe
D:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
D:\WINNTPA\system32\regsvc.exe
D:\WINNTPA\system32\MSTask.exe
D:\Program Files\Common Files\Mercury Interactive\TDAPIServer\SendAllQualifiedApp.exe
D:\WINNTPA\system32\stisvc.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINNTPA\System32\WBEM\WinMgmt.exe
D:\WINNTPA\system32\svchost.exe
D:\WINNTPA\system32\inetsrv\inetinfo.exe
D:\WINNTPA\system32\MsgSys.EXE
D:\WINNTPA\Explorer.EXE
D:\WINNTPA\System32\svchost.exe
D:\WINNTPA\system32\wuauclt.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNTPA\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\Program Files\NavNT\rtvscan.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Send All Qualified App (Service1) - Unknown owner - D:\Program Files\Common Files\Mercury Interactive\TDAPIServer\SendAllQualifiedApp.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

#2
Scorpex

Posted 19 July 2005 - 12:11 PM

Visiting Staff

Member
266 posts

Nate72 - Welcome to Geeks to Go.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst. I will be back with a fix for your problem as soon as possible.

Please be patient with me during this time.

4SG

#3
Scorpex

Posted 19 July 2005 - 12:56 PM

Visiting Staff

Member
266 posts

Nate72,

Download smitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.
Note: You are only extracting the contents of the smitRem.zip at this point.

Place a shortcut to Panda ActiveScan on your desktop. Do NOT run a scan yet

I see you already have Ewido so just set it up as follows:
Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.

Now scan with HJT and place a checkmark next to each of the following items:

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Open Ad-aware and do a full scan. Remove all it finds.

Run Ewido:

Click on scanner
Click on Complete System Scan and the scan will begin.
NOTE: During some scans with ewido it is finding cases of false positives.
You will need to step through the process of cleaning files one-by-one.
If ewido detects a file you KNOW to be legitimate, select none as the action.
DO NOT select "Perform action on all infections"
If you are unsure of any entry found select none for now.
When the scan is finished, click the Save report button at the bottom of the screen.
Save the report to your desktop

Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.

Let us know if any problems persist.

4SG

#4
Nate72

Posted 23 July 2005 - 05:58 AM

New Member

Topic Starter
Member
6 posts

4SG,

Tried everyting step by step. Desktop error message is gone. Thanks for your help. Please let me know whether my system is clean. Here are the logs. I was not able to get Panda's log. Application closes after scanning i guess. I also notized it found 3 infections within 30 mins.

Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 6:46:44 AM, on 7/22/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNTPA\System32\smss.exe
D:\WINNTPA\system32\winlogon.exe
D:\WINNTPA\system32\services.exe
D:\WINNTPA\system32\lsass.exe
D:\WINNTPA\system32\svchost.exe
D:\WINNTPA\System32\WBEM\WinMgmt.exe
D:\WINNTPA\Explorer.EXE
D:\WINNTPA\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_6us.cab
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNTPA\System32\dmadmin.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - D:\WINNTPA\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\Program Files\NavNT\rtvscan.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Send All Qualified App (Service1) - Unknown owner - D:\Program Files\Common Files\Mercury Interactive\TDAPIServer\SendAllQualifiedApp.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Smitfiles:

Pre-run Files Present

~~~ Program Files ~~~

~~~ Shortcuts ~~~

PSGuard.com

~~~ Favorites ~~~

~~~ system32 folder ~~~

wp.bmp
logfiles

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post-run Files Present

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Wininet.dll ~~~

CLEAN!

Ad-Aware:

Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, July 22, 2005 7:00:02 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R51 21.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):21 total references
Tracking Cookie(TAC index:3):28 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R51 21.06.2005
Internal build : 59
File location : D:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 483435 Bytes
Total size : 1461660 Bytes
Signature data size : 1429955 Bytes
Reference data size : 31193 Bytes
Signatures total : 40756
CSI Fingerprints total : 906
CSI data size : 31253 Bytes
Target categories : 15
Target families : 694

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:76 %
Total physical memory:523760 kb
Available physical memory:395632 kb
Total page file size:1277844 kb
Available on page file:1200268 kb
Total virtual memory:2097024 kb
Available virtual memory:2044848 kb
OS:Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

7-22-2005 7:00:02 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : D:\Documents and Settings\Administrator\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office

MRU List Object Recognized!
Location: : D:\Documents and Settings\Administrator\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1078145449-1801674531-500\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1078145449-1801674531-500\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1078145449-1801674531-500\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1078145449-1801674531-500\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro

MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1078145449-1801674531-500\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1078145449-1801674531-500\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1078145449-1801674531-500\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word

MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1078145449-1801674531-500\software\microsoft\office\9.0\excel\recent files
Description : list of recent files used by microsoft excel

MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1078145449-1801674531-500\software\microsoft\terminal server client\default
Description : list of recent systems connected to using remote desktop / terminal services

MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1078145449-1801674531-500\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor

MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1078145449-1801674531-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1078145449-1801674531-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1078145449-1801674531-500\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1078145449-1801674531-500\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run

MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1078145449-1801674531-500\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives

MRU List Object Recognized!
Location: : S-1-5-21-1993962763-1078145449-1801674531-500\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 144
ThreadCreationTime : 7-22-2005 10:40:53 AM
BasePriority : Normal

#:2 [csrss.exe]
ModuleName : \??\D:\WINNTPA\system32\csrss.exe
Command Line : D:\WINNTPA\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 172
ThreadCreationTime : 7-22-2005 10:41:36 AM
BasePriority : Normal

#:3 [winlogon.exe]
ModuleName : \??\D:\WINNTPA\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 192
ThreadCreationTime : 7-22-2005 10:41:38 AM
BasePriority : High

#:4 [services.exe]
ModuleName : D:\WINNTPA\system32\services.exe
Command Line : D:\WINNTPA\system32\services.exe
ProcessID : 220
ThreadCreationTime : 7-22-2005 10:41:40 AM
BasePriority : Normal
FileVersion : 5.00.2195.7035
ProductVersion : 5.00.2195.7035
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : D:\WINNTPA\system32\lsass.exe
Command Line : D:\WINNTPA\system32\lsass.exe
ProcessID : 232
ThreadCreationTime : 7-22-2005 10:41:41 AM
BasePriority : Normal
FileVersion : 5.00.2195.7011
ProductVersion : 5.00.2195.7011
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
ModuleName : D:\WINNTPA\system32\svchost.exe
Command Line : D:\WINNTPA\system32\svchost -k rpcss
ProcessID : 380
ThreadCreationTime : 7-22-2005 10:41:46 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [winmgmt.exe]
ModuleName : D:\WINNTPA\System32\WBEM\WinMgmt.exe
Command Line : D:\WINNTPA\System32\WBEM\WinMgmt.exe
ProcessID : 408
ThreadCreationTime : 7-22-2005 10:41:47 AM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:8 [explorer.exe]
ModuleName : D:\WINNTPA\Explorer.EXE
Command Line : D:\WINNTPA\Explorer.EXE
ProcessID : 428
ThreadCreationTime : 7-22-2005 10:43:51 AM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:9 [notepad.exe]
ModuleName : D:\WINNTPA\system32\NOTEPAD.EXE
Command Line : D:\WINNTPA\system32\NOTEPAD.EXE D:\Documents and Settings\Administrator\Desktop\zxc.txt
ProcessID : 268
ThreadCreationTime : 7-22-2005 10:52:32 AM
BasePriority : Normal
FileVersion : 5.00.2140.1
ProductVersion : 5.00.2140.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : NOTEPAD.EXE

#:10 [ad-aware.exe]
ModuleName : D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 488
ThreadCreationTime : 7-22-2005 10:58:56 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@tickle[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:[email protected]/
Expires : 7-7-2007 6:59:04 AM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 12-31-2006 7:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@maxserving[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:[email protected]/
Expires : 7-9-2015 8:02:38 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@tradedoubler[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:14
Value : Cookie:[email protected]/
Expires : 7-21-2005 6:37:28 PM
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@bluestreak[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:38
Value : Cookie:[email protected]/
Expires : 7-16-2015 2:31:38 PM
LastSync : Hits:38
UseCount : 0
Hits : 38

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:105
Value : Cookie:[email protected]/
Expires : 7-21-2006 7:15:34 PM
LastSync : Hits:105
UseCount : 0
Hits : 105

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@bravenet[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:[email protected]/
Expires : 12-31-2010 7:12:40 PM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@centrport[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:[email protected]/
Expires : 12-31-2029 8:00:00 PM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 7-9-2006 4:59:04 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@adrevolver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:63
Value : Cookie:[email protected]/adrevolver/
Expires : 4-15-2008 10:40:42 PM
LastSync : Hits:63
UseCount : 0
Hits : 63

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:132
Value : Cookie:[email protected]/
Expires : 7-19-2010 6:28:12 AM
LastSync : Hits:132
UseCount : 0
Hits : 132

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:15
Value : Cookie:[email protected]/
Expires : 12-31-2037 8:00:00 PM
LastSync : Hits:15
UseCount : 0
Hits : 15

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:47
Value : Cookie:[email protected]/
Expires : 7-4-2006
LastSync : Hits:47
UseCount : 0
Hits : 47

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:71
Value : Cookie:[email protected]/
Expires : 7-20-2006 7:52:54 PM
LastSync : Hits:71
UseCount : 0
Hits : 71

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@adrevolver[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:51
Value : Cookie:[email protected]/
Expires : 7-21-2006 11:30:58 PM
LastSync : Hits:51
UseCount : 0
Hits : 51

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:15
Value : Cookie:[email protected]/
Expires : 7-16-2015 7:59:10 PM
LastSync : Hits:15
UseCount : 0
Hits : 15

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@cgi-bin[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:[email protected]/cgi-bin
Expires : 7-7-2015 8:22:44 AM
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:55
Value : Cookie:[email protected]/
Expires : 7-22-2005 7:38:34 AM
LastSync : Hits:55
UseCount : 0
Hits : 55

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@revenue[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 6-10-2022 1:05:42 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 9-10-2006 11:28:08 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@trafficmp[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1309
Value : Cookie:[email protected]/
Expires : 6-30-2006 7:19:08 AM
LastSync : Hits:1309
UseCount : 0
Hits : 1309

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@statcounter[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 7-9-2010 8:54:18 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 9-6-2014 7:50:08 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:304
Value : Cookie:[email protected]/
Expires : 7-19-2006 6:17:34 PM
LastSync : Hits:304
UseCount : 0
Hits : 304

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:117
Value : Cookie:[email protected]/
Expires : 12-31-2009 8:00:00 PM
LastSync : Hits:117
UseCount : 0
Hits : 117

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@zedo[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:34
Value : Cookie:[email protected]/
Expires : 6-29-2015 6:08:36 AM
LastSync : Hits:34
UseCount : 0
Hits : 34

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@realmedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:42
Value : Cookie:[email protected]/
Expires : 12-31-2020 8:00:00 PM
LastSync : Hits:42
UseCount : 0
Hits : 42

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@casalemedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:77
Value : Cookie:[email protected]/
Expires : 7-3-2006 3:10:48 PM
LastSync : Hits:77
UseCount : 0
Hits : 77

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 28
Objects found so far: 49

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 49

Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 49

Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 49

Scanning Hosts file......
Hosts file location:"D:\WINNTPA\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 49

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 49

7:12:48 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:45.610
Objects scanned:113302
Objects identified:28
Objects ignored:0
New critical objects:28

Ewido security suite - Scan report:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:08:36 PM, 7/22/2005
+ Report-Checksum: BC306036

+ Date of database: 7/4/2005
+ Version of scan engine: v3.0

+ Duration: 53 min
+ Scanned Files: 56555
+ Speed: 17.49 Files/Second
+ Infected files: 8
+ Removed files: 8
+ Files put in quarantine: 8
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: No

+ Scanned items:
D:\WINNTPA\system32\wininet.dll
C:\
D:\
E:\

+ Scan result:
D:\Documents and Settings\Administrator\Cookies\administrator@696219[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
D:\Documents and Settings\Administrator\Cookies\administrator@adknowledge[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
D:\Documents and Settings\Administrator\Cookies\administrator@burstnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
D:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
D:\Documents and Settings\Administrator\Cookies\administrator@network[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

::Report End

#5
Scorpex

Posted 23 July 2005 - 02:47 PM

Visiting Staff

Member
266 posts

Nate72,

Congratulations, your log is clean! :tazz:

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:

How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

Prevention Programs:

Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar <= Get the free google toolbar to help stop pop up windows.

Other necessary Programs:

AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.

And also see TonyKlein's good advice
So how did I get infected in the first place? and Spyware Aid's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.

4SG

#6
Nate72

Posted 23 July 2005 - 03:02 PM

New Member

Topic Starter
Member
6 posts

Thank You for your help. :tazz:

#7
therock247uk

Posted 28 July 2005 - 07:22 AM

Expert

Expert
14,672 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.