Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Search Engines Hijacked [RESOLVED]

Started by dambromr , Aug 09 2005 09:40 AM

  • This topic is locked This topic is locked

#16
dambromr
Posted 15 August 2005 - 02:55 PM

dambromr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Alright, here's what came up on Ewido:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:47:14 PM, 8/15/2005
+ Report-Checksum: 39905F90

+ Scan result:

C:\Documents and Settings\Mike\Cookies\mike@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\[email protected][2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\[email protected][2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\[email protected][1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\Hijack This\backups\backup-20050812-172027-484.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\Program Files\Thief - Deadly Shadows\System\t3.exe -> TrojanSpy.Comcast.a : Cleaned with backup
C:\WINDOWS\apife32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\CTDV10K1.CDF:jqyat -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\iepi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\INSTALL(2).INI:vwrumi -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\INSTALL(4).INI:vwrumi -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\INSTALL.INI:vwrumi -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB828741.log:oxkaot -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msmqinst.log:onpwx -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\msxi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\n_alhmay.log -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\n_ksydya.dat -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\n_vueyaz.dat -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\n_xliaku.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_zrocgj.log -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\SchedLgU.Txt:iiwfeb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkgz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\Sti_Trace.log:ddhwpt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sysnr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlxb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\wiaservc.log:joeldf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:acarhs -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:aixuv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:aluaoo -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:auohky -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:boxljt -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:cfogcf -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:cpwuza -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:dddtfu -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:dpplru -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:dyccyr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:ealgqf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:fihljr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:fjqflh -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:fjssxx -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:flxssy -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:fsuggh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:ieiipz -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:jqyzkh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:jycllx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:lxjpvh -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:mhpghp -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:msfdbh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:mzsawu -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:nhszyz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:nifftw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:npwxfp -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:nrcbmx -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:oktflr -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:prfpfp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:qbjbyh -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:qeilht -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:qhdxnw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:qlbyhu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:qpgtqf -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:rxsgrn -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:ryzdjq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:sqhloy -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:svgsmd -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:tpqylw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:trupze -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:tutxbd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:uqhhbc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:vdnzaw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:vgzlwp -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:viwsin -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:vjisjp -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:vpvazu -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:vqhjew -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:wqzrux -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:wuqnxb -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:xmpgmj -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:xqmklf -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:ygksku -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:ykjlfr -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:ykkfsa -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.BAK:zxgpog -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:acarhs -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:aixuv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:aluaoo -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:auohky -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:boxljt -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:cfogcf -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:cpwuza -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:dddtfu -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:dpplru -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:dyccyr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:ealgqf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:fihljr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:fjqflh -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:fjssxx -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:flxssy -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:fsuggh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:ieiipz -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:jqyzkh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:jycllx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:lxjpvh -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:mhpghp -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:msfdbh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:mzsawu -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:nhszyz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:nifftw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:npwxfp -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:nrcbmx -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:oktflr -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:prfpfp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:qbjbyh -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:qeilht -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:qhdxnw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:qlbyhu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:qpgtqf -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:rxsgrn -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:ryzdjq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:sqhloy -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:svgsmd -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:tpqylw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:trupze -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:tutxbd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:uqhhbc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:vdnzaw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:vgzlwp -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:viwsin -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:vjisjp -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:vpvazu -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:vqhjew -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:wqzrux -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:wuqnxb -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:xmpgmj -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:xqmklf -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:ygksku -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:ykjlfr -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:ykkfsa -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF:zxgpog -> Trojan.Agent.bi : Cleaned with backup


::Report End

Fun stuff...
  • 0

Advertisements

#17
Rawe
Posted 15 August 2005 - 11:17 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Ewido cleaned up nicely. Can you post another HijackThis log along with a fresh Panda log.

- Rawe :tazz:
  • 0

#18
dambromr
Posted 16 August 2005 - 08:01 AM

dambromr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Rawe,

You may eventually get to this, but will I want Windows Service Pack 2 on my computer at some point? And do you recommend Microsoft's 'Automatic updates'?

OK, here is the Panda log:


Incident Status Location

Possible Virus. No disinfected C:\Program Files\DIRECTV GameTracker\GameTracker.exe
Here is the HiJack This log:

Logfile of HijackThis v1.99.1
Scan saved at 8:58:45 AM, on 8/16/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gem.jsu.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: Class - {8DFA205E-18F5-B63D-E0A9-846F83DE2040} - C:\WINDOWS\apitk32.dll (file missing)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member....s/sbc/yinst.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123945209841
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123945663029
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


Thanks,
Mike D
  • 0

#19
Rawe
Posted 16 August 2005 - 08:06 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Looks VERY good at this point. And yes, I will get to the Microsoft updates.. Once we get your system clean, you will get Service Pack 2 ASAP.

Run a scan with HiJackThis and check the following objects for removal;

O2 - BHO: Class - {8DFA205E-18F5-B63D-E0A9-846F83DE2040} - C:\WINDOWS\apitk32.dll (file missing)
O4 - HKCU\..\Run: [Yahoo! Pager] 1

Then close any open windows you have except for HJT and hit Fix Checked.

Delete this file if present;

C:\WINDOWS\apitk32.dll (Delete it from the recycle bin as well.)

Now;
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan" box on the top of the page:
    • C:\Program Files\DIRECTV GameTracker\GameTracker.exe
  • Click on the submit button
  • Please post the results in your next reply.
- Rawe :tazz:
  • 0

#20
dambromr
Posted 16 August 2005 - 08:31 AM

dambromr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here it is:

File: GameTracker.exe_
Status: OK
MD5 dfc972507a91a857b92b1de291eb0511
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing

-Mike D
  • 0

#21
Rawe
Posted 16 August 2005 - 11:53 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Post a fresh log.
We might be done! :tazz:

Also let me know the details of the problems you're having (if any).
  • 0

#22
dambromr
Posted 16 August 2005 - 12:22 PM

dambromr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
OK, here goes:

Logfile of HijackThis v1.99.1
Scan saved at 1:21:43 PM, on 8/16/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\NavNT\vptray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gem.jsu.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member....s/sbc/yinst.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123945209841
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123945663029
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

-Mike D
  • 0

#23
Rawe
Posted 16 August 2005 - 12:40 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Good job it appears your logfile is clean!! :ph34r: :tazz:

**Re-hide hidden files option IF you modified earlier**

Let's clear out your restore points now.

Disable System Restore;

1. Click Start > Programs > Accessories > Windows Explorer
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Check the "Turn off System Restore"
5. Click Apply. An message shows up.
6. Click "Yes" to do this.
7. Confirm with "Ok".

Reboot.

Enable System Restore;

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck the "Turn off System Restore" check box.
5. Click Apply, and then click "OK".

System Restore will now be active again. :) Be sure to set a new restore point, and if you need additional help with that, here's a link; http://filext.com/in...thread.php?t=27

Here's some tips for future to prevent spyware;

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed. (My favourite)
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program <= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kaspersky, this is a must have.
  • Firewall <= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox.
And also see TonyKlein's good advice;
So how did I get infected in the first place? (My favourite)

Visit;
http://www.windowsupdate.com to get Service Pack 2 which is a critical update to get.. It'll increase your protection. Apply it - reboot. After that, apply ANY available critical updates. Reboot.

- Rawe :)

If you want to learn how to help people with malware problems like I helped you, feel free to take a look at this thread; http://www.geekstogo...here-t4817.html
  • 0

#24
dambromr
Posted 16 August 2005 - 04:06 PM

dambromr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Cool! Nice work, Rawe! Thanks so much. My computer is feeling pretty good about itself now - ready to take on the cruel cruel world. We're glad you're out there doing your thing, balancing the evil forces on the internet.

-Mike D
  • 0

#25
Metallica
Posted 17 August 2005 - 05:55 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP