Help me!
Results from http://virusscan.jotti.org/
Service
Service load: 0% 100%
File: sgasmb.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 64af08f1fc45796c23b3fa6c7ebbb18a
Packers detected: PE_PATCH, UPX
Scanner results
AntiVir Found TR/Dldr.BetterIne.D
ArcaVir Found Trojan.Agent.Ay
Avast Found nothing
AVG Antivirus Found Downloader.Generic.AKR
BitDefender Found Trojan.Agent.AY
ClamAV Found nothing
Dr.Web Found Trojan.DownLoader.3256
F-Prot Antivirus Found W32/Agent.SJ
Fortinet Found W32/Agent.53CB-tr
Kaspersky Anti-Virus Found Trojan.Win32.Agent.ay
NOD32 Found Win32/Agent.AY
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found Trojan.Win32.Agent.ay
And...
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "{00000049-8F91-4D9C-9573-F016E7626484}" 22/07/05 17:41:07
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{00000049-8F91-4D9C-9573-F016E7626484}]
[HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{00000049-8F91-4D9C-9573-F016E7626484}]
[HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{00000049-8F91-4D9C-9573-F016E7626484}\ProgID]
[HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{00000049-8F91-4D9C-9573-F016E7626484}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{00000049-8F91-4D9C-9573-F016E7626484}\Programmable]
[HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{00000049-8F91-4D9C-9573-F016E7626484}\InprocServer32]
[HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{00000049-8F91-4D9C-9573-F016E7626484}\TypeLib]
[HKEY_LOCAL_MACHINE\Software\CLASSES\CeresDll.CeresDllObj.1\CLSID]
@="{00000049-8F91-4D9C-9573-F016E7626484}"
[HKEY_LOCAL_MACHINE\Software\CLASSES\CeresDll.CeresDllObj\CLSID]
@="{00000049-8F91-4D9C-9573-F016E7626484}"
I am moving this to the malware section.
Please Click here!, and follow the recommendations in the guide.
If you're still having trouble, We'll need you to use a free diagnostic tool, Hijack This. Follow the instructions in step five of this guide, and post your log as a new topic in the Hijack This forum. It will get a better response there from the people most qualified to analyze logs.
Most of what Hijack This lists lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
Please post the results in this thread.
Edited by coachwife6, 22 July 2005 - 02:54 PM.