Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

highjacked [RESOLVED]

Started by hopeful860 , Aug 16 2005 09:53 PM

  • This topic is locked This topic is locked

#1
hopeful860
Posted 16 August 2005 - 09:53 PM

hopeful860

    New Member

  • Member
  • Pip
  • 6 posts
Logfile of HijackThis v1.99.1
Scan saved at 11:47:04 PM, on 8/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\windows\system32\winserver.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Kathryn\LOCALS~1\Temp\Rar$EX00.830\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\RunServices: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements

#2
Trevuren
Posted 16 August 2005 - 09:58 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi hopeful860 and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

1. If you haven't logged in go to Geeks to Go and do so. Then proceed to item a.

If you already have logged in, go directly to item a.

a. Click on My Controls at the top right hand corner of the window.
b. In the left hand column, click "View Topics"
c. If you click on the title of your post, you will be taken there

2. Also, while at the My Controls page, check the box to the right of your post and then scroll down.
.Where it says "unsubscribe" click the pull-down menu and select "immediate email notification"

3. Please DELETE your current HJT program from its present location.

4. Download and run the following HijackThis autoinstall program from Here HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!

A. Close ALL windows except HJT

B. SCAN with HJT and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')

C. POST the log in this thread using 'Add Reply' (Ctrl-V to 'paste')


DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER


Regards,

Trevuren
  • 0

#3
hopeful860
Posted 17 August 2005 - 06:12 PM

hopeful860

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Trevuren
Thanks. When I boot up, ewido finds windows\system32\winserv.dll Trojanspy.agent.dt infection 9 times
also the default broswer is charged to explorer from firefox

Logfile of HijackThis v1.99.1
Scan saved at 8:05:46 PM, on 8/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\windows\system32\winserver.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\RunServices: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#4
Trevuren
Posted 17 August 2005 - 06:59 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
I need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes.
  • Open Microsoft AntiSpyware.
  • Click on Options, Settings.
  • In the left pane, click on Real-time Protection.
  • Under Startup Options uncheck: Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
  • Under Real-time spyware threat protection uncheck: Enable real-time spyware threat protection (recommended).
  • After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
  • Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware
=================================================

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
  • First we need to make all files and folders VISIBLE:
    • Go to start>control panel>folder options>view (tab)
    • Choose to "show hidden files and folders,"
    • Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
    • Close the window with ok
  • Please RUN HijackThis.
    . Click the SCAN button to produce a log.

  • Place a check mark beside each one of the following items:

    O4 - HKLM\..\Run: [win32 system server] c:\windows\system32\winserver.exe
    O4 - HKLM\..\RunServices: [win32 system server] c:\windows\system32\winserver.exe
    O4 - HKCU\..\Run: [win32 system server] c:\windows\system32\winserver.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

  • Reboot Your System in Safe Mode

    How to use the F8 method to Start Your Computer in Safe Mode

    • Restart the computer.
    • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
    • Use the arrow keys to select the Safe mode menu item
    • Press Enter.
  • Using Windows Explorer, locate the following files/folders, and DELETE them (if they are present):

    C:\windows\system32\winserver.exe

  • Exit Explorer, and REBOOT BACK INTO NORMAL MODE

  • Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now.

Just reset Firefox as your default browser in the Tools/Options Menu of Firefox

Regards,

Trevuren
  • 0

#5
hopeful860
Posted 17 August 2005 - 08:45 PM

hopeful860

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Trevuren

thanks, here is latest log

Logfile of HijackThis v1.99.1
Scan saved at 10:43:33 PM, on 8/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#6
Trevuren
Posted 17 August 2005 - 08:54 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Your log looks good. If you have no more malware-related problems that you are aware of, just give me the OK and we can start the final but essential cleanup procedures.

Trevuren
  • 0

#7
hopeful860
Posted 18 August 2005 - 10:06 AM

hopeful860

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Treuren

Thanks for the help.

this morning after I booted up, Norton found the virus listed below.

I just went to AOL web mail ( I now can get to it, I could not before the virus cleaning was done)

Does this mean there are more issues?

hopeful860

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan Horse
File: C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP759\A0105325.dll
Location: Quarantine
Computer: KITKAT
User: SYSTEM
Action taken: Clean failed : Quarantine succeeded : Access denied
Date found: Thu Aug 18 07:39:41 2005




Also on Norton screen --- A0105325.dll
  • 0

#8
Trevuren
Posted 18 August 2005 - 10:17 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP759\A0105325.dll



If you look closely, you will see that it is in your system restore. It is afe there as long as you don't try a system Restore.

For your own p2ace of mind, run the following scan and please post the results.

Please do an online scan with Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Standard
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Regards,

Trevuren
  • 0

#9
hopeful860
Posted 20 August 2005 - 09:43 AM

hopeful860

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Tevuren

Thanks again for the help. The kaspersky did find some issues. Here they are;

KASPERSKY ON-LINE SCANNER REPORT
Saturday, August 20, 2005 11:36:31
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 20/08/2005
Kaspersky Anti-Virus database records: 136172
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 53807
Number of viruses found: 7
Number of infected objects: 130
Number of suspicious objects: 1
Duration of the scan process: 4436 sec

Infected Object Name - Virus Name
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00840000.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00840001.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00840002.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00840003.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00840004.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00840005.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00840006.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00840007.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00840008.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00840009.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0084000A.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0084000B.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0084000C.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0084000D.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0084000E.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04EC0000.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05400000.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05580000.VBN Infected: Exploit.HTML.IframeBof
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05580002.VBN Infected: Trojan-Downloader.Win32.Small.aaq
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05EC0000.VBN Suspicious: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05EC0001.VBN Infected: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E00000.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E00001.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E00002.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E00003.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E00004.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E00005.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E00006.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E40000.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E80000.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07EC0000.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07EC0001.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07EC0002.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07EC0003.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07EC0004.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07EC0005.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07EC0006.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07EC0007.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07EC0008.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07EC0009.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07EC000A.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07EC000B.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07EC000C.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07EC000D.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07EC000E.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07EC000F.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07EC0010.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F00000.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F00001.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F00002.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F00003.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F00004.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F00005.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F00006.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F00007.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F00008.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F00009.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F0000A.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F0000B.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F0000C.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F0000D.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F0000E.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F40000.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F80000.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08180000.VBN Infected: Trojan-Downloader.Win32.Small.aaq
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\085C0000.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\085C0001.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08D40000.VBN Infected: Trojan-Downloader.Win32.Small.aaq
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08D40001.VBN Infected: Trojan-Downloader.Win32.Small.aaq
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A080000.VBN Infected: Trojan-Proxy.Win32.Agent.dt
C:\RECYCLER\S-1-5-21-220523388-113007714-854245398-1003\Dc5.exe Infected: Trojan-Dropper.Win32.Agent.lo
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP719\A0094620.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP721\A0094690.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP721\A0094714.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP721\A0095045.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP721\A0095081.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP721\A0095420.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP722\A0095505.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP724\A0095571.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP725\A0095717.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP725\A0095760.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP725\A0095773.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP725\A0095794.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP726\A0095868.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP726\A0095881.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP727\A0095897.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP728\A0095918.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP728\A0095955.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP728\A0095993.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP728\A0096008.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP730\A0096148.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP731\A0096165.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP731\A0097165.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP731\A0098165.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP732\A0098186.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP732\A0098203.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP732\A0098226.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP733\A0098287.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP733\A0098301.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP734\A0098309.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP734\A0098334.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP734\A0098375.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP734\A0098398.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP734\A0098410.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP735\A0098443.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP736\A0098528.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP736\A0098542.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP737\A0098637.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP740\A0098666.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP740\A0098685.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP740\A0098700.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP741\A0098748.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP741\A0098761.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP742\A0098808.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP742\A0098820.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP743\A0098837.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP743\A0098851.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP744\A0098882.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP745\A0098905.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP748\A0102760.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP749\A0102836.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP749\A0102864.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP749\A0102888.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP751\A0102970.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP751\A0103977.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP756\A0104210.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP758\A0105197.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP759\A0105266.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP759\A0105321.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\System Volume Information\_restore{99C216DB-15F9-4553-907B-5D23FECFC367}\RP759\A0105334.dll Infected: Trojan-Spy.Win32.Agent.dt
C:\WINDOWS\system32\msss.exe Infected: Trojan-Downloader.Win32.Lookme.f

Scan process completed.
  • 0

#10
Trevuren
Posted 20 August 2005 - 12:03 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
All the files picked up by Kaspersky are either in the System Restore cache or have been Quarantined by Norton except for one.

1. Please update your Ewido definitions

2. REBOOT into Safe Mode

3. Run Ewido in Safe Mode and keep the log

4. Reboot back into Normal Mode and please post the Ewido log into this thread.


Regards,

Trevuren
  • 0

#11
hopeful860
Posted 21 August 2005 - 07:14 PM

hopeful860

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Trevuren

Thanks for all the help. I'm pen paling you a donation to help you keep up the great work

hopeful860

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:40:46 PM, 8/21/2005
+ Report-Checksum: 1B8A6ACA

+ Scan result:

No infected objects found.


::Report End
  • 0

#12
Trevuren
Posted 21 August 2005 - 07:23 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Congratulations, your log shows that your SYSTEM IS CLEAN

There are a few things you must do once you are completely clean:

1. Re-hide your System Files and Folders to prevent any future accidents.

2. Reset and Re-enable your System Restore to remove bad files from the backup that Windows makes as no program is able to clean those files:

TO DISABLE SYSTEM RESTORE
  • Right-click "My Computer", and then left click "Properties".
  • Left click on "System Restore Tab"
  • Check box beside "Turn Off System Restore"
  • Left click on "Apply"
TO ENABLE SYSTEM RESTORE
  • Remove check mark from "Turn Off System Restore"
  • Click on "Apply"
Here are some tips to reduce the potential for spyware infection in the future:

Make sure you keep your Windows OS current by visiting Windows update
regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
And also see TonyKlein's good advice
So how did I get infected in the first place? (My Favorite)

Regards,

Trevuren
  • 0

#13
Trevuren
Posted 23 August 2005 - 10:34 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP