Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Attacked by Trojan-Alemod virus! [RESOLVED]


  • This topic is locked This topic is locked

#1
Pedda

Pedda

    New Member

  • Member
  • Pip
  • 2 posts
Hi frendz,

my system is attacked by trojan alemod virus, P S Gaurd has automatically installed. :tazz:
Desktop went black with some warnings!!!
I followed all the steps posted in this forum and have the log file of hijack this.
Can any plz help out in resolving this!

thankx in advance.

Here are the log files

1) This is the report when i followed step 2 and used "Ewido Security Suite"
2) Hijack this report i have attached with this post.
****************************************************************************************
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:37:08 AM, 11/16/2005
+ Report-Checksum: 3A0422B

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
HKLM\SOFTWARE\PSGuard.com -> Spyware.PSGuard : Error during cleaning
HKLM\SOFTWARE\PSGuard.com\PSGuard -> Spyware.PSGuard : Error during cleaning
HKLM\SOFTWARE\PSGuard.com\PSGuard\P.S.Guard -> Spyware.PSGuard : Error during cleaning
HKLM\SOFTWARE\PSGuard.com\PSGuard\P.S.Guard\License -> Spyware.PSGuard : Cleaned with backup
[1780] C:\WINDOWS\System32\igfgbl.dll -> TrojanProxy.Agent.df : Error during cleaning
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Chai\Application Data\PSGuard.com -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Chai\Application Data\PSGuard.com\P.S.Guard -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Chai\Application Data\PSGuard.com\P.S.Guard\Autorun -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Chai\Application Data\PSGuard.com\P.S.Guard\Autorun\HKCURun -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Chai\Application Data\PSGuard.com\P.S.Guard\Autorun\HKCURun\RunOnce -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Chai\Application Data\PSGuard.com\P.S.Guard\Autorun\HKCURun\RunOnceEx -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Chai\Application Data\PSGuard.com\P.S.Guard\Autorun\HKLMRun -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Chai\Application Data\PSGuard.com\P.S.Guard\Autorun\HKLMRun\RunOnce -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Chai\Application Data\PSGuard.com\P.S.Guard\Autorun\HKLMRun\RunOnceEx -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Chai\Application Data\PSGuard.com\P.S.Guard\Autorun\StartMenuAllUsers -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Chai\Application Data\PSGuard.com\P.S.Guard\Autorun\StartMenuCurrentUser -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Chai\Application Data\PSGuard.com\P.S.Guard\BrowserObjects -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Chai\Cookies\chai@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Chai\Cookies\chai@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Chai\Cookies\chai@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Chai\Local Settings\Temp\flgn.exe -> TrojanDownloader.Small.bwk : Cleaned with backup
C:\Documents and Settings\Chai\Local Settings\Temp\temp.frD270 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Chai\Local Settings\Temporary Internet Files\Content.IE5\LWMRAFPY\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Program Files\P.S.Guard\Core.dll -> Adware.PSGuard : Cleaned with backup
C:\Program Files\P.S.Guard\PSGuard.exe -> Adware.PSGuard : Cleaned with backup
C:\Program Files\P.S.Guard\WndSystem.dll -> Adware.PSGuard : Cleaned with backup
C:\WINDOWS\system32\igfgbl.dll -> TrojanProxy.Agent.df : Error during cleaning
G:\Documents and Settings\Administrator\Cookies\administrator@ad1.clickhype[1].txt -> Spyware.Cookie.Clickhype : Cleaned with backup
G:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
G:\Documents and Settings\Administrator\Cookies\administrator@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
G:\Documents and Settings\Administrator\Cookies\administrator@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
G:\Documents and Settings\Administrator\Cookies\administrator@nasdaq.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup


::Report End
***************************************************************************************

Attached Files


Edited by Pedda, 16 November 2005 - 02:13 AM.

  • 0

Advertisements


#2
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, Pedda.

Please DELETE your current HJT program from its present location.

Download and run the following HijackThis autoinstall program from Here . Please choose the default location of C:\Program Files\ as the destination. HJT needs to be in its own folder so that the program itself isn't deleted by accident

Run HijackThis

Click SCAN and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')

POST the log into this thread using 'Add Reply' (Ctrl-V to 'paste')
  • 0

#3
Pedda

Pedda

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi OwNt

Thanks for your help.
As the malware was installed in a new hard disk, which i had purchased, i had not data in it. I could format it, as it was quite urgent.

But i learnt a lesson, thanks for your reply.

cheers!
pedda :tazz:
  • 0

#4
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP