[Jaccrock]

Ok, I followed all of those steps and when I run NOD32. It still finds files infected with the Kolweb.b trojan.

My logs:

Logfile of HijackThis v1.99.1
Scan saved at 2:51:07 AM, on 8/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ESET\nod32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

-------------------------------------------------------------------------------------------------
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:27:36 AM, 8/3/2005
+ Report-Checksum: EC30E593

+ Scan result:

HKLM\SOFTWARE\YourSiteBar -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historysearch -> Spyware.ISTBar : Error during cleaning
:mozilla.9:C:\Documents and Settings\lereba.LEREBA-P0OKJVMP\Application Data\Mozilla\Firefox\Profiles\sxe7f6v5.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.10:C:\Documents and Settings\lereba.LEREBA-P0OKJVMP\Application Data\Mozilla\Firefox\Profiles\sxe7f6v5.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.11:C:\Documents and Settings\lereba.LEREBA-P0OKJVMP\Application Data\Mozilla\Firefox\Profiles\sxe7f6v5.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup


::Report End


Please help,

Jac

[Advertisements]

Hello and welcome..

Please print these instructions out, or write them down, as you can't read them during the fix.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Download
CleanUp

Run the CleanUp! installer and get the program ready to be used but don't run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Launch Ad-aware and do a Full System Scan. Let it remove anything it finds.

Exit Ad-aware and launch Ewido Security Suite. Run a scan and let it fix anything it finds;

When the scan is finished, click the Save report button at the bottom of the screen.
Save the report to your desktop.
Close Ewido.

Launch CleanUp! and run it. Reboot when prompted.

Boot up into normal mode and run the following scan;
Panda Activescan

Let it fix anything it can and post the results along with a fresh Hijackthis log & the Ewido log.

- Rawe

[Rawe]

Hello and welcome..

Please print these instructions out, or write them down, as you can't read them during the fix.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Download
CleanUp

Run the CleanUp! installer and get the program ready to be used but don't run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Launch Ad-aware and do a Full System Scan. Let it remove anything it finds.

Exit Ad-aware and launch Ewido Security Suite. Run a scan and let it fix anything it finds;

When the scan is finished, click the Save report button at the bottom of the screen.
Save the report to your desktop.
Close Ewido.

Launch CleanUp! and run it. Reboot when prompted.

Boot up into normal mode and run the following scan;
Panda Activescan

Let it fix anything it can and post the results along with a fresh Hijackthis log & the Ewido log.

- Rawe

[Jaccrock]

Ok, I can't seem to run the Panda Active Scan. I usually use FireFox, but the Panda Activescan makes you use IE. My Internet Explorer won't open a new window to go to that web page. When I try to copy and paste the url in IE, I can't click on the Scan Now button.

Here are my logs:

Logfile of HijackThis v1.99.1
Scan saved at 11:39:12 PM, on 8/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

----------------------------------------------------------------------------------
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:21:37 PM, 8/3/2005
+ Report-Checksum: A0857D83

+ Scan result:

HKLM\SOFTWARE\YourSiteBar -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historysearch -> Spyware.ISTBar : Error during cleaning


::Report End

Please help!

[Rawe]

Ok, can you run this online scan for me;
Trend Micro

Let it fix anything it can.. And post the results here. It works on Firefox.

- Rawe

[Rawe]

Haven't heard from you in a while. Any changes.. Or do you need help anymore at-all?

[Jaccrock]

Hi, everything seems to be working alot better!

Thank you very much for your help!

[ScHwErV]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.