Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus problem [RESOLVED]


  • This topic is locked This topic is locked

#1
KALI-ALI

KALI-ALI

    New Member

  • Member
  • Pip
  • 8 posts
According to my Anti-virus software I have the virus alemod.e.dll and the file that is infected is wininet.dll. It says it cannot be cleaned and says I should re-boot using a rescue disk. i do not have a rescue disk. Also, PSguard is hijacking my browser and I cannot get on websites very easily to even do anything. I have the black background with the red warning message on my desktop and I keep getting popups that tell me Windows cannot find my desktop. When I try sand go to webiste I get the Page cannot be displayed screen with links to Spysherif telling me I need to download it. My computer is a real mess right now. Please help!!!
I am writing this from another computer becaouse I cannot get to websites for help from mine.

Thanks
Kali-ali
  • 0

Advertisements


#2
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
Please Click here!, and follow the recommendations in the guide.

If you're still having trouble, We'll need you to use a free diagnostic tool, Hijack This. Follow the instructions in step five of this guide, and reply here with your log.

Most of what Hijack This lists lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#3
KALI-ALI

KALI-ALI

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I have performed all the scans listed and PSgurad black screen with red warning are gone. The spyware/malware appears to have been removed but I am still getting the popup from my virus scan program that I have the W32/Alemod.e.dll virus and it can cannot be cleaned. It advises me to use a rescue disk that I do not have. I performed an online scan and it was not detected by that program.
Here is my hijackthis log. Thanks.

Kali_Ali

Logfile of HijackThis v1.99.1
Scan saved at 11:36:50 AM, on 8/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VSdotNET\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Documents and Settings\Sue\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebsl...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebsl...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestwebsl...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestwebslinks.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

#4
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items, then click FIX CHECKED:
===================================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebsl...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebsl...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestwebsl...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestwebslinks.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
===================================================

Close HiJackThis.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Let us know if any problems persist.
  • 0

#5
KALI-ALI

KALI-ALI

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
It took me awhile to do all those scans but the virus was finally erased and my computer is doing much better now. I was able to download the windows updates which were failing earlier. I really appreciate all your help. Those spyware and virus removal programs are great! I never knew about them until I posted my problem on this site. I am going to check this site out often, you can really learn alot. Here are my scan results. Let me know if you see anything else in them that may be a problem. Thanks again.

Kali-ali

smitRem log file
version 2.3

by noahdfear

The current date is: Mon 08/15/2005
The current time is: 18:51:53.40

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ShudderLTD key present! Running LTDFix!
ShudderLTD key was NOT successfully removed!



Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

ole32vbs.exe
logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~

sites.ini


~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

wininet.dll INFECTED!! :tazz: Starting replacement procedure.


~~~~ Looking for C:\WINDOWS\system32\dllcache\wininet.dll ~~~~


~~~~ C:\WINDOWS\system32\dllcache\wininet.dll Present! ~~~~


~~~~ Checking dllcache\wininet.dll for infection ~~~~


~~~~ dllcache\wininet.dll Clean! ~~~~

~~~ Replaced wininet.dll from dllcache ~~~



Logfile of HijackThis v1.99.1
Scan saved at 11:50:29 PM, on 8/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VSdotNET\Binn\sqlservr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Dell Support\DSAgnt.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Sue\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptoda...pdatePortal.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


wido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:00:41 PM, 8/15/2005
+ Report-Checksum: D65A6914

+ Scan result:

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP317\A0032921.exe -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP317\A0032923.exe -> Trojan.Puper.w : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP317\A0032924.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP317\A0032925.exe -> Trojan.Puper.an : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP317\A0032926.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP320\A0032958.dll -> Trojan.Small.ev : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP335\A0037360.exe -> Trojan.Favadd.aj : Cleaned with backup


::Report End


Virus Scan 0 virus cleaned, 0 virus deleted


Results:
We have detected 0 infected file(s) with 0 virus(es) on your computer. Only 0 out of 0 infected files are displayed: - 0 virus(es) passed, 0 virus(es) no action available
- 0 virus(es) cleaned, 0 virus(es) uncleanable
- 0 virus(es) deleted, 0 virus(es) undeletable
- 0 virus(es) not found, 0 virus(es) unaccessible
Detected File Associated Virus Name Action Taken




Trojan/Worm Check 0 worm/Trojan horse deleted

What we checked:
Malicious activity by a Trojan horse program. Although a Trojan seems like a harmless program, it contains malicious code and once installed can cause damage to your computer.
Results:
We have detected 0 Trojan horse program(s) and worm(s) on your computer. Only 0 out of 0 Trojan horse programs and worms are displayed: - 0 worm(s)/Trojan(s) passed, 0 worm(s)/Trojan(s) no action available
- 0 Worm(s)/Trojan(s) deleted, 0 worm(s)/Trojan(s) undeletable
Trojan/Worm Name Trojan/Worm Type Action Taken




Spyware Check 5 spyware programs removed

What we checked:
Whether personal information was tracked and reported by spyware. Spyware is often installed secretly with legitimate programs downloaded from the Internet.
Results:
We have detected 5 spyware(s) on your computer. Only 0 out of 0 spywares are displayed: - 0 spyware(s) passed, 0 spyware(s) no action available
- 5 spyware(s) removed, 0 spyware(s) unremovable
Spyware Name Spyware Type Action Taken
DIAL_SCOM.A Dialer Removal successful
DIAL_XESLETOH.A Dialer Removal successful
SPYW_COMSOFT.A Spyware Removal successful
ADW_SIDESEARCH.A Adware Removal successful
SPYW_XOLOX.205 Spyware Removal successful




Microsoft Vulnerability Check 17 vulnerabilities detected

What we checked:
Microsoft known security vulnerabilities. These are issues Microsoft has identified and released Critical Updates to fix.
Results:
We have detected 17 vulnerability/vulnerabilities on your computer. Only 0 out of 0 vulnerabilities are displayed.
Risk Level Issue How to Fix
Moderate This vulnerability enables a remote attacker to cause a denial of service or execute arbitrary code by sending a database query that contains certain long arguments. This is caused by a buffer overflow in the extended stored procedures for Microsoft SQL Server 7.0 and 2000. MS02-020
Highly Critical This vulnerability allows a remote attacker to cause a denial of service by sending a keep-alive packet to the UDP port 1434 (Resolution Service). This is caused by the keep-alive mechanism of Microsoft SQL Server 2000, wherein two systems could enter an infinite exchange of keep-alive packets, which will lead to slow down of these systems.;This vulnerability allows a remote attacker to execute code in the security context of the SQL Server service. This is caused by multiple buffer overflows in SQL Server 2000 Resolution Service. MS02-039
Critical This vulnerability enables a remote attacker to embed a URL containing script in a redirection message.;This vulnerability enables an attacker to execute arbitrary code with system level privileges. This is caused by a buffer overflow in IIS 5.0.;This vulnerability enables a remote attacker to cause a denial of service attack to vulnerable IIS server(s) through an ASP page that will cause the server to use up large amount of memory.;This vulnerability enables a remote attacker to cause a denial of service attack when an overly long WebDAV request is sent to vulnerable IIS server. MS03-018
Critical This vulnerability could allow an attacker to access information from other Web sites, access files on a user's system, and run arbitrary code on a user's system, wherein this is executed under the security context of the currently logged on user.;This vulnerability could allow an attacker to save a file on the users system. This is due to dynamic HTML events related to the drag-and-drop of Internet Explorer.;This vulnerability, which is due to the incorrect parsing of URLs which contain special characters, could allow an attacker to trick a user by presenting one URL in the address bar, wherein it actually contains the content of another web site of the attackers choice. MS04-004
Critical The Navigation Method Cross-Domain Vulnerability is a remote execution vulnerability that exists in Internet Explorer because of the way that it handles navigation methods. An attacker could exploit this vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visits a malicious Web site.;The Malformed BMP File Buffer Overrun Vulnerability exists in the processing of BMP image file formats that could allow remote code execution on an affected system.;The Malformed GIF File Double Free Vulnerability is a buffer overrun vulnerability that exists in the processing of GIF image file formats that could allow remote code execution on an affected system. MS04-025
Critical This is a remote code execution vulnerability that exists in the Internet Explorer. It allows remote code execution on an affected system. An attacker could exploit this vulnerability by constructing a malicious Web Page. The said routine could allow remote code execution if a user visited a malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, significant user interaction is required to exploit this vulnerability. MS04-038
Critical This security update addresses and resolves a vulnerability in Internet Explorer that could allow remote code execution. A Web page can be crafted to exploit this vulnerability such that an arbitrary application can be executed on visiting systems with the same priviledge as the currently logged on user. MS04-040
Critical This update resolves known vulnerabilities affecting Internet Explorer. An attacker who successfully exploits these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. MS05-014
Critical This security bulletin resolves three newly-discovered, privately-reported vulnerabilities affecting Internet Explorer. If a user is logged on with administrative user rights, an attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. MS05-020
Critical This security bulletin resolves the following vulnerabilities affecting Internet Explorer.; The PNG Image Rendering Memory Corruption vulnerability could allow an attacker to execute arbitrary code on the system because of a vulnerability in the way Internet Explorer handles PNG images.; The XML Redirect Information Disclosure vulnerability could allow an attacker to read XML data from another Internet Explorer domain because of a vulnerability in the way Internet Explorer handles certain requests to display XML content. MS05-025
Critical A COM object, the JView Profiler (Javaprxy.dll), contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system by hosting a malicious Web site. MS05-037
Critical This security bulletin resolves the following vulnerabilities found in Internet Explorer: (1) JPEG Image Rendering Memory Corruption vulnerability, which allows remote code execution when exploited by a remote malicious user, (2) Web Folder Behaviors Cross-Domain vulnerability, allows information disclosure or remote code execution on an affected system, and (3) COM Object Instantiation Memory Corruption vulnerability, which exists in the way Internet Explorer lists the instances of COM Objects that are not intended to be used in Internet Explorer. MS05-038
Critical An unchecked buffer in the Plug and Play service results in this vulnerability. Once successfully exploited, this vulnerability permits an attacker to have complete virtual control of an affected system. This vulnerability involves a remote code execution and local elevation of privilege. It can be exploited over the Internet. MS05-039
Important This security advisory explains a vulnerability in the Telephony Application Programming Interface (TAPI) service that could allow remote code execution. Attackers who successfully exploits the said vulnerability can take complete control of an affected system. They could then install programs, view, change, or delete data, and create new accounts with full user rights. MS05-040
Moderate A remote malicious user can use the process employed by the Remote Desktop Protocol (RDP) to validate data to cause a denial of service (DoS) attack, which stops an affected machine from responding and causing it to automatically restart. MS05-041
Moderate This security bulletin resolves the following vulnerabilities found in Microsoft Windows: (1) the Kerberos vulnerability, which is a denial of service vulnerability that allows an attacker to send a specially crafted message to a Windows domain controller, making the service that is responsible for authenticating users in an Active Directory domain to stop responding, and (2)the PKINIT vulnerability, which is an information disclosure and spoofing vulnerability that allows an attacker to manipulate certain information that is sent from a domain controller and potentially access sensitive client network communication. MS05-042
Critical A remote code execution vulnerability in the Printer Spooler service allows an attacker who successfully exploits this vulnerability to take complete control of the affected system. MS05-043
  • 0

#6
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
Congrats, your Log is clean! :tazz:

An update that I recommend is: Windows XP Service Pack 2. Since you're junkware free, the time to get it is NOW. Service Pack 2 is a MAJOR upgrade for XP. It adds numerous security and software patches, as well as new features and functionality. You will also be adding another layer of protection against future threats.

In the future, here are some suggestions to keep your computer more secure.
Use a firewall - If you’re on a broadband connection, this shouldn’t even be an option. You can get a good, FREE firewall from ZoneLabs called ZoneAlarm here.

Make sure that you keep Windows up to date - Microsoft is constantly releasing updates to plug holes in their OS. It’s a good idea to take advantage of these as frequently as possible. As a matter of fact, if you’re lazy like me you can set Automatic Updates by right clicking on My Computer and selecting Properties . Then click the Automatic Updates tab, then click the Automatic radio button then click OK.

Make sure you have an up-to-date virus scanner – This is super important. Heck, it typically doesn’t even matter which one that you use… just pick one and keep it updated. A free virus scanner can be had from Grisoft, called AVG. Get it here.

You can also get a more secure browser – Not a necessity at all, but most exploits are manufactured to attack Internet Explorer. For the time being, browsers such as Opera and Firefox aren’t nearly as exploitable… yet.

Practice safe browsing – Just some run of the mill things to keep you safer. Don’t open email attachments even from people you know unless you know the attachment is coming. Try to stay to larger websites… it’s the smaller… less public ones that typically give you trouble (*this isn’t to say NEVER go there, just minimize it*). Also, try to stay legal: warez (stolen software) and file sharing apps (Kazaa, Torrents) tend to have grotesque amounts of spyware associated.

These are just some helpful tips. Enjoy malware-free computing!
  • 0

#7
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP