Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Removal of CoolWWWsearch & Trek Blue Error Nuker [CLOSED]

Started by Esca , Sep 11 2005 11:06 AM

  • This topic is locked This topic is locked

#16
Rawe
Posted 18 September 2005 - 05:29 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Did you run HsFix?

Ok, now can you do this:

1. Click Start > Control Panel.

2. Double-click the Java icon (coffee cup) in the control panel. It will say "Java Plug-in" under the icon - please find the update button or tab in that Java control panel. Update your Java, and reboot.

After reboot, go back into the Control Panel and double-click the Java icon.

3. Under Temporary Internet Files, click the Delete Files button.

There are three options on this window to clear the cache - leave ALL 3 checked.
1. Downloaded Applets
2. Downloaded Applications
3. Other Files

4. Click OK on Delete Temporary Files window.
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

5. Click OK to leave the Java Control Panel.

Next:

Please do an online scan with Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Standard
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start to scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

Advertisements

#17
Esca
Posted 18 September 2005 - 01:30 PM

Esca

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, September 18, 2005 13:23:49
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 18/09/2005
Kaspersky Anti-Virus database records: 140870
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
H:\
I:\
K:\

Scan Statistics:
Total number of scanned objects: 63409
Number of viruses found: 34
Number of infected objects: 243
Number of suspicious objects: 1
Duration of the scan process: 6403 sec

Infected Object Name - Virus Name
C:\!Submit\apize.exe Infected: Trojan.Win32.Agent.iu
C:\!Submit\iekg32.exe Infected: Trojan.Win32.Agent.iu
C:\!Submit\javavl32.exe Infected: Trojan.Win32.Agent.iu
C:\!Submit\sdkmp32.exe Infected: Trojan.Win32.Agent.iu
C:\Documents and Settings\Kevin\Desktop\Clean up\Windows_XP_Activation_Crack_by_Evil-Dude (www[1].crack.cd).zip/fzk.exe Infected: Trojan-Downloader.Win32.INService.gen
C:\Documents and Settings\Kevin\Desktop\Clean up\Windows_XP_Activation_Crack_by_Evil-Dude (www[1].crack.cd).zip Infected: Trojan-Downloader.Win32.INService.gen
C:\Documents and Settings\Kevin\Desktop\Clutter\Ad-Aware v6 Pro build 183 with serials.rar/Ad-Aware v6 Pro build 183 with serials/Lavasoft Ad-Aware 6 Pro Key Generator.exe Infected: Trojan-Dropper.Win32.Delf.dh
C:\Documents and Settings\Kevin\Desktop\Clutter\Ad-Aware v6 Pro build 183 with serials.rar Infected: Trojan-Dropper.Win32.Delf.dh
C:\Documents and Settings\Kevin\Local Settings\Application Data\Identities\{37D45D27-8B6C-41B5-9D63-3662D1F63EBC}\Microsoft\Outlook Express\Deleted Items.dbx/[From Inc <[email protected]>][Date Mon, 28 Feb 2005 07:00:02 +0100]/UNNAMED/html Infected: Trojan-Spy.HTML.Wamufraud.bo
C:\Documents and Settings\Kevin\Local Settings\Application Data\Identities\{37D45D27-8B6C-41B5-9D63-3662D1F63EBC}\Microsoft\Outlook Express\Deleted Items.dbx/[From Inc <[email protected]>][Date Mon, 28 Feb 2005 07:00:02 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Wamufraud.bo
C:\Documents and Settings\Kevin\Local Settings\Application Data\Identities\{37D45D27-8B6C-41B5-9D63-3662D1F63EBC}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Trojan-Spy.HTML.Wamufraud.bo
C:\Program Files\Norton AntiVirus\Quarantine\00307655.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\00950BE5.zip/Bubble.class Infected: Trojan.Java.ClassLoader.Dummy.e
C:\Program Files\Norton AntiVirus\Quarantine\00950BE5.zip/VerifierBug.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\00950BE5.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.c
C:\Program Files\Norton AntiVirus\Quarantine\00950BE5.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.h
C:\Program Files\Norton AntiVirus\Quarantine\00950BE5.zip Infected: Trojan-Downloader.Java.OpenStream.h
C:\Program Files\Norton AntiVirus\Quarantine\070641DA.exe Infected: Trojan-Downloader.Win32.Small.ahf
C:\Program Files\Norton AntiVirus\Quarantine\07567116.hta Infected: Trojan-Downloader.VBS.Psyme.at
C:\Program Files\Norton AntiVirus\Quarantine\07DF57F9.zip/MyFunction.class Infected: Trojan-Dropper.Java.Small.c
C:\Program Files\Norton AntiVirus\Quarantine\07DF57F9.zip Infected: Trojan-Dropper.Java.Small.c
C:\Program Files\Norton AntiVirus\Quarantine\0B9F3C1F.cla Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\0D115700.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\0D115700.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\0D115700.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\0D115700.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\0D115700.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\0D115700.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\0D115700.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\0D7850FA.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\0D7850FA.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\0D7850FA.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\0D7850FA.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\0D7850FA.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\0D7850FA.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\10E5138F.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\1106376B.cla Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\111D5D52.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\111D5D52.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\111D5D52.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\111D5D52.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\111D5D52.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\133659DB.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\177159A2.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\177159A2.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\177159A2.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\177159A2.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\177159A2.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\1848096E.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\1A0818E5.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\1A0B42E1.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\1A600684.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\1A600684.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\1A600684.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\1A600684.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\1A600684.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\1A674B86.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\1A674B86.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\1A674B86.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\1A674B86.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\1A674B86.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\1A675A7D.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\1A6D2E75.cla Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\1A705872.cla Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\208223DC.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\208223DC.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\208223DC.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\208223DC.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\208223DC.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\208223DC.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\208223DC.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\223F72AC.cla Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\228329BA.cla Infected: Trojan.Java.ClassLoader.b
C:\Program Files\Norton AntiVirus\Quarantine\228329BA.zip/a.class Infected: Trojan.Java.ClassLoader.b
C:\Program Files\Norton AntiVirus\Quarantine\228329BA.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\228329BA.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.u
C:\Program Files\Norton AntiVirus\Quarantine\228329BA.zip Infected: Trojan.Java.ClassLoader.u
C:\Program Files\Norton AntiVirus\Quarantine\25145D74.exe Infected: VirTool.Win32.Patcher.a
C:\Program Files\Norton AntiVirus\Quarantine\256F6634.cla Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\26E14EF1.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\26E14EF1.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\26E14EF1.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\26E14EF1.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\26E14EF1.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\27D8479C.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\28CB068A.exe Infected: Trojan.Win32.Dialer.ht
C:\Program Files\Norton AntiVirus\Quarantine\28CF3087.exe Infected: Trojan.Win32.Dialer.ht
C:\Program Files\Norton AntiVirus\Quarantine\29362AEB.dll Infected: Virus.Win32.Nsag.b
C:\Program Files\Norton AntiVirus\Quarantine\2E4A7155.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\2E571947.cla Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\2E7E111C.cla Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\2F6853F6.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\2F6853F6.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\2F6853F6.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\2F6853F6.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\343C06CE.cla Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\343C06CE.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\35707793.cla Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\35ED2E59.exe Infected: Trojan-Downloader.Win32.VB.ep
C:\Program Files\Norton AntiVirus\Quarantine\36E625DB.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\3774391F.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\37E3394A.cla Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\38AC71E8.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\39387F4D.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\39AE1DAF.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\39D205B3.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\39D205B3.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\39D205B3.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\39D205B3.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\39D205B3.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\3BC9310F.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\3CB16C8A.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\41F952BA.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\428C0276.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\442136B7.cla Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\4516574E.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\4516574E.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\4516574E.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\4516574E.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\4516574E.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\4ED9180F.cla Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\554436AF.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\554436AF.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\554436AF.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\554436AF.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\554436AF.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\592B7417.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\592B7417.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\592B7417.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\592B7417.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\592B7417.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\599D67FE.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\599D67FE.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\599D67FE.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\599D67FE.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\599D67FE.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\5AA750BB.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\5AA750BB.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\5AA750BB.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\5AA750BB.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\5AA750BB.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\60D04DD2.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\60D04DD2.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\60D04DD2.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\60D04DD2.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\60D04DD2.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\60D04DD2.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\60D04DD2.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\63BF2FBC.cla Infected: Trojan.Java.ClassLoader.u
C:\Program Files\Norton AntiVirus\Quarantine\651439F7.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\651439F7.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\651439F7.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\651439F7.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\651439F7.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\66E2026E.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\66E52C6B.cla Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\66E52C6B.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\66E52C6B.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\66E52C6B.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\66E52C6B.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\66E52C6B.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\66E52C6B.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\69356F25.htm Infected: Exploit.HTML.ObjData
C:\Program Files\Norton AntiVirus\Quarantine\6A9852FD.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\6AA250F2.cla Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\6AC61ECA.cla Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\6AF0409C.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\6AF0409C.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\6AF0409C.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\6AF0409C.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\6AF0409C.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\6AF46A98.zip/Counter.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\6AF46A98.zip/VerifierBug.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\6AF46A98.zip/web.exe Infected: Trojan-Proxy.Win32.Mitglieder.cy
C:\Program Files\Norton AntiVirus\Quarantine\6AF46A98.zip/Worker.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\6AF46A98.zip/Xeyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\6AF46A98.zip Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\6B0B107F.zip/Jvb.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\6B0B107F.zip/MyFunction.class Infected: Trojan-Dropper.Java.Small.c
C:\Program Files\Norton AntiVirus\Quarantine\6B0B107F.zip/MainApp.class Infected: Trojan.Java.ClassLoader.f
C:\Program Files\Norton AntiVirus\Quarantine\6B0B107F.zip Infected: Trojan.Java.ClassLoader.f
C:\Program Files\Norton AntiVirus\Quarantine\6F021221.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\6F175357.cla Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\6F200C01.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\72460E89.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\732C29B5.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\7363281D.cla Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\740D1BEC.cla Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\79917FD3.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\79917FD3.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\79917FD3.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\79917FD3.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\79917FD3.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\7A586DC7.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\7A586DC7.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\7A586DC7.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\7A586DC7.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\7A586DC7.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\WINDOWS\addsb.exe Infected: Trojan.Win32.Agent.iu
C:\WINDOWS\apikv32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\aping32.exe Infected: Trojan.Win32.Agent.iu
C:\WINDOWS\apper.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\appjk.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\appws.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\atlvb.exe Infected: Trojan.Win32.Agent.iu
C:\WINDOWS\d3mu.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\d3ni.exe Infected: Trojan.Win32.Agent.iu
C:\WINDOWS\d3su32.exe Infected: Trojan.Win32.Agent.if
C:\WINDOWS\iedk.exe Infected: Trojan.Win32.Agent.iu
C:\WINDOWS\ieno.exe Infected: Trojan.Win32.Agent.iu
C:\WINDOWS\ieuj32.exe Infected: Trojan.Win32.Agent.iu
C:\WINDOWS\iplf32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\javaxp32.exe Infected: Trojan.Win32.Agent.iu
C:\WINDOWS\KB828028.log:aegbmd:$DATA Infected: Trojan.Win32.Agent.iu
C:\WINDOWS\MedCtrOC.log:irkrqu:$DATA Infected: Trojan.Win32.Agent.iu
C:\WINDOWS\mfcjy32.exe Infected: Trojan.Win32.Agent.iu
C:\WINDOWS\netsu32.exe Infected: Trojan.Win32.Agent.iu
C:\WINDOWS\Q316397.log:obbtja:$DATA Infected: Trojan.Win32.Agent.iu
C:\WINDOWS\River Sumida.bmp:polyfr:$DATA Infected: Trojan.Win32.Agent.iu
C:\WINDOWS\sdkbt32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\sdkog.exe Infected: Trojan.Win32.Agent.if
C:\WINDOWS\system32\adddq32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\apiep.exe Infected: Trojan.Win32.Agent.if
C:\WINDOWS\system32\crhm.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\d3ee.exe Infected: Trojan.Win32.Agent.iu
C:\WINDOWS\system32\iehp.exe Infected: Trojan.Win32.Agent.iu
C:\WINDOWS\system32\ieoz.exe Infected: Trojan.Win32.Agent.iu
C:\WINDOWS\system32\ieyt32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\javasr32.exe Infected: Trojan.Win32.Agent.if
C:\WINDOWS\system32\mfcao.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\mfcis.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\mfcpc32.exe Infected: Trojan.Win32.Agent.iu
C:\WINDOWS\system32\syszz.exe Infected: Trojan.Win32.Agent.if
C:\WINDOWS\system32\winjg.exe Infected: Trojan.Win32.Agent.iu
C:\WINDOWS\system32\winuh32.exe Infected: Trojan.Win32.Agent.if
C:\WINDOWS\sysyv32.exe Infected: Trojan.Win32.Agent.if
C:\WINDOWS\VPC32.INI:jcdfw:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\wingx.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\winsy32.exe Infected: Trojan.Win32.Agent.iu
C:\WINDOWS\_default.pif:fgyaif:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\_default.pif:kvxxtn:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\_default.pif:mxcqym:$DATA Infected: Trojan.Win32.Agent.iu
C:\WINDOWS\_default.pif:nfgufu:$DATA Infected: Trojan.Win32.Agent.iu
C:\WINDOWS\_default.pif:sveszc:$DATA Infected: Trojan.Win32.Agent.iu

Scan process completed.
  • 0

#18
Rawe
Posted 18 September 2005 - 01:47 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.

Save all of these files somewhere you will remember like to the Desktop.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Please run about:buster by RubbeRDuckY:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end
  • Clean out temporary files:
  • Click Start -> Run and type in: cleanmgr
  • Click "Ok".
  • Let it scan your system.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only ones checked.
  • Click "OK" to remove them.
  • Click "Yes" to confirm the deletion.
Reboot back into normal mode and post the About:Buster log here.. :tazz:
  • 0

#19
Esca
Posted 18 September 2005 - 02:22 PM

Esca

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I recieve a critial error when trying to update aboutbuster
  • 0

#20
Rawe
Posted 19 September 2005 - 12:10 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
What does the error say?
  • 0

#21
Esca
Posted 19 September 2005 - 07:25 AM

Esca

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Just says
Critical Error
An error has occurred while updating
  • 0

#22
Rawe
Posted 19 September 2005 - 08:35 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Ok, can you run About:Buster without updating it. We'll see if it's any of use.
  • 0

#23
Esca
Posted 20 September 2005 - 08:41 PM

Esca

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I now get an actual error from aboutbuster

Run-time error "5":
Invald procedure call or arguement

I disabled the two adware "class" add ons by going to internet options --> programs --> manage add ons. It appears if I disable them, my internet explorer homepage is fixed but on restart, the files do reappear

I scanned using aboutbuster and cw. Aboutbuster on the 2nd run found nothing.


Logfile of HijackThis v1.99.1
Scan saved at 8:41:26 PM, on 20/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\aping32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ieyt32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Documents and Settings\Kevin\Desktop\HijackThis1991.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\enynz.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\enynz.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\enynz.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\enynz.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\enynz.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\enynz.dll/sp.html#17702
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\enynz.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Class - {79FED68F-557B-E50C-4282-87434007B6F9} - C:\WINDOWS\atllu32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: YBIOCtrl Class - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Class - {F1EC0573-E057-961B-FD45-78388DF47CE4} - C:\WINDOWS\appto.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RecoverFromReboo] C:\WINDOWS\Temp\RECOVE~1.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRT] C:\Program Files\NVRefreshTool\nvrt.exe /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ieyt32.exe] C:\WINDOWS\system32\ieyt32.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\RunOnce: [aping32.exe] C:\WINDOWS\aping32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120189845168
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://a320.g.akamai...layer5AxWin.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...kII/install.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (YBIOCtrl Class) - http://us.dl1.yimg.c...bio4_0_2_10.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipqq32.exe (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#24
Rawe
Posted 21 September 2005 - 04:27 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Let's see..

Launch HiJackThis and go to "Misc tools" section. Choose to "Launch ADS Spy".

Click to do the scan, save the results and paste them here from the notepad. DON'T remove anything yet. :tazz:
  • 0

#25
Esca
Posted 21 September 2005 - 07:30 PM

Esca

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
C:\WINDOWS\FeatherTexture.bmp : yjbxw (84545 bytes)
C:\WINDOWS\KB824141.log : hdvwkt (84545 bytes)
C:\WINDOWS\KB828028.log : aegbmd (12604 bytes)
C:\WINDOWS\KB893803v2.log : przmok (84545 bytes)
C:\WINDOWS\MedCtrOC.log : irkrqu (12604 bytes)
C:\WINDOWS\ntbtlog.txt : lwetvv (197756 bytes)
C:\WINDOWS\ocmsn.log : xwrsa (84545 bytes)
C:\WINDOWS\Q311889.log : eaybnn (84545 bytes)
C:\WINDOWS\Q315000.log : twphp (84545 bytes)
C:\WINDOWS\Q316397.log : obbtja (12604 bytes)
C:\WINDOWS\Q320552.log : htujn (84545 bytes)
C:\WINDOWS\Q329115.log : fnacga (13581 bytes)
C:\WINDOWS\Q810577.log : qpendv (197756 bytes)
C:\WINDOWS\River Sumida.bmp : polyfr (12604 bytes)
C:\WINDOWS\sessmgr.setup.log : hnnkm (84545 bytes)
C:\WINDOWS\sfyog.log : ttgbi (84545 bytes)
C:\WINDOWS\tabletoc.log : jruhus (13581 bytes)
C:\WINDOWS\udxri.log : brnmoc (197756 bytes)
C:\WINDOWS\vb.ini : usxrrn (3567 bytes)
C:\WINDOWS\VPC32.INI : jcdfw (35353 bytes)
C:\WINDOWS\winnt256.bmp : erldg (84545 bytes)
C:\WINDOWS\_default.pif : ddeojk (35353 bytes)
C:\WINDOWS\_default.pif : fgyaif (35353 bytes)
C:\WINDOWS\_default.pif : hjqlyc (35353 bytes)
C:\WINDOWS\_default.pif : kdujpz (12604 bytes)
C:\WINDOWS\_default.pif : kvxxtn (35353 bytes)
C:\WINDOWS\_default.pif : lcpid (84545 bytes)
C:\WINDOWS\_default.pif : mbdhd (84545 bytes)
C:\WINDOWS\_default.pif : mxcqym (12604 bytes)
C:\WINDOWS\_default.pif : nfgufu (12604 bytes)
C:\WINDOWS\_default.pif : pigfwa (12604 bytes)
C:\WINDOWS\_default.pif : pxxpj (84545 bytes)
C:\WINDOWS\_default.pif : sveszc (12604 bytes)
C:\WINDOWS\_default.pif : twjlvc (84545 bytes)
C:\WINDOWS\_default.pif : wewpy (84545 bytes)
C:\WINDOWS\_default.pif : xnttdh (84545 bytes)
  • 0

Advertisements

#26
Rawe
Posted 22 September 2005 - 07:14 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it;
  • Please download LSPFix from here.
  • Run the LSPFix.exe that you have just finished downloading.
  • Check the I know what I'm doing box.
  • In the Keep box you should see one or more instances of mdnsnsp.dll
  • Select every instance of mdnsnsp.dll and move each one to the Remove box by clicking the >> button.
  • When you are done click Finish>>.
When finished..

Go to -> Start -> Control Panel -> Add/Remove programs and uninstall:

Red Swoosh EDN Client (Anything what says Red Swoosh, unless you use the software)

Next, delete this folder: C:\Program Files\RSNet\

Empty recycle bin.

Since you already have Ewido installed, can you update it.

Next..

Download the latest version of Ad-Aware from HERE (if you already have Ad-Aware installed, make sure that it is the latest version 1.0.6 and always go online and update it before you run it).

If it's NOT the version 1.0.6, can you then uninstall your current version/delete folder: C:\Program Files\Lavasoft & empty recycle bin. Finally install the latest version.

Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon, Click "connect", Click "OK", Click "Finish".)

IF you are having problems with the updating, get the manual updates here; http://download.lava...public/defs.zip

Close the program, we'll run it later.

Please download cureit;
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Don't run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Launch HiJackThis and run a scan with it.. Check the following objects for removal and close ALL open windows except for HiJackThis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\enynz.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\enynz.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\enynz.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\enynz.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\enynz.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\enynz.dll/sp.html#17702
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\enynz.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {79FED68F-557B-E50C-4282-87434007B6F9} - C:\WINDOWS\atllu32.dll
O2 - BHO: YBIOCtrl Class - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Class - {F1EC0573-E057-961B-FD45-78388DF47CE4} - C:\WINDOWS\appto.dll
O4 - HKLM\..\Run: [ieyt32.exe] C:\WINDOWS\system32\ieyt32.exe
O4 - HKLM\..\RunOnce: [aping32.exe] C:\WINDOWS\aping32.exe
O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Hit FIX CHECKED. Close the program..

Launch Ad-aware..

1) Set up the Configurations as follows:
  • Click the Gear wheel at the top of the Ad-Aware window
  • Click General > Safety & Settings: Check (Green) all three.
  • Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
2) Click on "Proceed"
3) Click on "Scan Now"
4) Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
5) Select "Search for low-risk threats"
6) Run the scanner using the Full Scan (Perform full system scan) mode.
7) When the scan has completed, select Next.
8) In the Scanning Results window, select the "Scan Summary" tab.
9) Check the box next to every "target family" for removal.
10) Click "Next", Click "OK".

Exit Ad-aware..

Run drweb - cureit
Double-click the "drweb-cureit.exe" and click "ok" in the prompt window that will open, asking "start the express scan now".
It will first make a quick scan of your system, let it clean what it finds, and when it says "done" in the lower left corner click on all your drive's.
A red dot will mark the selected drive(s) . Then hit the pedestrian who now has turned green.
Click on the green man in the right corner, it will scan ALL your drive's, hit yes to all.

Once finished..

Open Ewido and do a scan of your system.
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • Clean anything it finds.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close Ewido.

Next, navigate to and delete the following files IF present:

C:\WINDOWS\atllu32.dll
C:\WINDOWS\appto.dll
C:\WINDOWS\system32\ieyt32.exe
C:\WINDOWS\aping32.exe

Empty recycle bin.

Finally, reboot into normal mode and post the Ewido log here along with a fresh HiJackThis log. :tazz:
  • 0

#27
Rawe
Posted 11 October 2005 - 06:17 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP