Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

analysis for winfixer affection


  • Please log in to reply

#1
harp2800

harp2800

    New Member

  • Member
  • Pip
  • 3 posts
Hi,

My computer was affected by winfixer and serveral other spyware. The biggest problem was that the hibernation and standing off features could not work.

I used many other anti-spyware program to fix the problem, but to no avail.

Then I used Spysweeper. According to the instruction posted here before, people need to follow several steps to complete the process of sweeping away the virus.

But i found that only after using the Spysweeper to scan the whole system, the problem was fixed. My computer can hiberate and stand off function is back again and work stably now.

So I wonder whether I have actually fixed the problem and sweepted the virus away from my system?


Here is the result after the scanning and cleaning:

12:23: | Start of Session, 24 November 2005 |
12:23: Spy Sweeper started
12:23: Sweep initiated using definitions version 575
12:23: Starting Memory Sweep
12:26: Memory Sweep Complete, Elapsed Time: 00:02:21
12:26: Starting Registry Sweep
12:26: Found Adware: virtumonde
12:26: HKCR\msevents.msevents\ (5 subtraces) (ID = 749130)
12:26: HKCR\msevents.msevents.1\ (3 subtraces) (ID = 749136)
12:26: HKLM\software\classes\msevents.msevents\ (5 subtraces) (ID = 749153)
12:26: HKLM\software\classes\msevents.msevents.1\ (3 subtraces) (ID = 749157)
12:26: Registry Sweep Complete, Elapsed Time:00:00:13
12:26: Starting Cookie Sweep
12:26: Found Spy Cookie: yieldmanager cookie
12:26: steven sun@ad.yieldmanager[1].txt (ID = 3751)
12:26: Found Spy Cookie: adknowledge cookie
12:26: steven sun@adknowledge[2].txt (ID = 2072)
12:26: Found Spy Cookie: specificclick.com cookie
12:26: steven sun@adopt.specificclick[1].txt (ID = 3400)
12:26: Found Spy Cookie: adprofile cookie
12:26: steven sun@adprofile[1].txt (ID = 2084)
12:26: Found Spy Cookie: adultfriendfinder cookie
12:26: steven sun@adultfriendfinder[2].txt (ID = 2165)
12:26: Found Spy Cookie: belnk cookie
12:26: steven sun@belnk[1].txt (ID = 2292)
12:26: Found Spy Cookie: burstnet cookie
12:26: steven sun@burstnet[2].txt (ID = 2336)
12:26: Found Spy Cookie: gostats cookie
12:26: steven sun@c2.gostats[2].txt (ID = 2748)
12:26: Found Spy Cookie: overture cookie
12:26: steven sun@data4.perf.overture[1].txt (ID = 3106)
12:26: Found Spy Cookie: dealtime cookie
12:26: steven sun@dealtime[2].txt (ID = 2505)
12:26: Found Spy Cookie: did-it cookie
12:26: steven sun@did-it[1].txt (ID = 2523)
12:26: Found Spy Cookie: go.com cookie
12:26: steven sun@disney.go[1].txt (ID = 2729)
12:26: steven sun@dist.belnk[2].txt (ID = 2293)
12:26: steven sun@go[1].txt (ID = 2728)
12:26: Found Spy Cookie: 2o7.net cookie
12:26: steven sun@highbeam.122.2o7[1].txt (ID = 1958)
12:26: steven sun@microsofteup.112.2o7[1].txt (ID = 1958)
12:26: steven sun@microsoftwga.112.2o7[1].txt (ID = 1958)
12:26: Found Spy Cookie: nextag cookie
12:26: steven sun@nextag[2].txt (ID = 5014)
12:26: Found Spy Cookie: outster cookie
12:26: steven sun@outster[1].txt (ID = 3103)
12:26: Found Spy Cookie: partypoker cookie
12:26: steven sun@partypoker[2].txt (ID = 3111)
12:26: Found Spy Cookie: rc cookie
12:26: steven sun@rc[1].txt (ID = 3231)
12:26: steven sun@stat.dealtime[2].txt (ID = 2506)
12:26: Found Spy Cookie: reliablestats cookie
12:26: steven sun@stats1.reliablestats[2].txt (ID = 3254)
12:26: Found Spy Cookie: yadro cookie
12:26: steven sun@yadro[2].txt (ID = 3743)
12:26: Found Spy Cookie: zedo cookie
12:26: steven sun@zedo[1].txt (ID = 3762)
12:26: Cookie Sweep Complete, Elapsed Time: 00:00:02
12:26: Starting File Sweep
12:28: Warning: Failed to open file "c:\windows\winsxs\\msvcirt.dll". The system cannot find the file specified
12:28: Warning: Failed to open file "c:\windows\winsxs\\msvcrt.dll". The system cannot find the file specified
12:28: Warning: Failed to open file "c:\windows\winsxs\\msvcirt.dll". The system cannot find the file specified
12:28: Warning: Failed to open file "c:\windows\winsxs\\msvcrt.dll". The system cannot find the file specified
12:35: Found System Monitor: potentially rootkit-masked files
12:35: system.dat (ID = 0)
12:35: hints.dat (ID = 0)
12:35: sam (ID = 0)
12:35: system (ID = 0)
12:35: 258c5ea8-b6a6-4300-bd73-453a177dba66 (ID = 0)
12:35: businessart;abr=!webtv;sect=business;sect=p_top;sect=d_top;sect=business_p_top;sect=business_d_top;pos=v5_topbanner;sz=468x60;tile=2;dcopt=ist;ord=10663 (ID = 0)
12:35: credhist (ID = 0)
12:35: preferred (ID = 0)
12:35: credhist (ID = 0)
12:35: 258c5ea8-b6a6-4300-bd73-453a177dba66 (ID = 0)
12:35: preferred (ID = 0)
12:35: pu.dat (ID = 0)
12:35: credhist (ID = 0)
12:35: 258c5ea8-b6a6-4300-bd73-453a177dba66 (ID = 0)
12:35: preferred (ID = 0)
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:38: Warning: File not found
12:39: File Sweep Complete, Elapsed Time: 00:12:42
12:39: Full Sweep has completed. Elapsed time 00:15:20
12:39: Traces Found: 60
12:41: Removal process initiated
12:41: Quarantining All Traces: virtumonde
12:41: Quarantining All Traces: 2o7.net cookie
12:41: Quarantining All Traces: adknowledge cookie
12:41: Quarantining All Traces: adprofile cookie
12:41: Quarantining All Traces: adultfriendfinder cookie
12:41: Quarantining All Traces: belnk cookie
12:41: Quarantining All Traces: burstnet cookie
12:41: Quarantining All Traces: dealtime cookie
12:41: Quarantining All Traces: did-it cookie
12:41: Quarantining All Traces: go.com cookie
12:41: Quarantining All Traces: gostats cookie
12:41: Quarantining All Traces: nextag cookie
12:41: Quarantining All Traces: outster cookie
12:41: Quarantining All Traces: overture cookie
12:41: Quarantining All Traces: partypoker cookie
12:41: Quarantining All Traces: rc cookie
12:41: Quarantining All Traces: reliablestats cookie
12:41: Quarantining All Traces: specificclick.com cookie
12:41: Quarantining All Traces: yadro cookie
12:41: Quarantining All Traces: yieldmanager cookie
12:41: Quarantining All Traces: zedo cookie
12:41: Removal process completed. Elapsed time 00:00:05
********
12:17: | Start of Session, 24 November 2005 |
12:17: Spy Sweeper started
12:17: Sweep initiated using definitions version 575
12:17: Starting Memory Sweep
12:19: Memory Sweep Complete, Elapsed Time: 00:02:26
12:19: Starting Registry Sweep
12:19: Found Adware: virtumonde
12:19: HKCR\msevents.msevents\ (5 subtraces) (ID = 749130)
12:19: HKCR\msevents.msevents.1\ (3 subtraces) (ID = 749136)
12:19: HKLM\software\classes\msevents.msevents\ (5 subtraces) (ID = 749153)
12:19: HKLM\software\classes\msevents.msevents.1\ (3 subtraces) (ID = 749157)
12:19: Registry Sweep Complete, Elapsed Time:00:00:15
12:19: Starting Cookie Sweep
12:19: Found Spy Cookie: yieldmanager cookie
12:19: steven sun@ad.yieldmanager[1].txt (ID = 3751)
12:19: Found Spy Cookie: adknowledge cookie
12:19: steven sun@adknowledge[2].txt (ID = 2072)
12:19: Found Spy Cookie: specificclick.com cookie
12:19: steven sun@adopt.specificclick[1].txt (ID = 3400)
12:19: Found Spy Cookie: adprofile cookie
12:19: steven sun@adprofile[1].txt (ID = 2084)
12:19: Found Spy Cookie: adultfriendfinder cookie
12:19: steven sun@adultfriendfinder[2].txt (ID = 2165)
12:19: Found Spy Cookie: belnk cookie
12:19: steven sun@belnk[1].txt (ID = 2292)
12:19: Found Spy Cookie: burstnet cookie
12:19: steven sun@burstnet[2].txt (ID = 2336)
12:19: Found Spy Cookie: gostats cookie
12:19: steven sun@c2.gostats[2].txt (ID = 2748)
12:19: Found Spy Cookie: overture cookie
12:19: steven sun@data4.perf.overture[1].txt (ID = 3106)
12:19: Found Spy Cookie: dealtime cookie
12:19: steven sun@dealtime[2].txt (ID = 2505)
12:19: Found Spy Cookie: did-it cookie
12:19: steven sun@did-it[1].txt (ID = 2523)
12:19: Found Spy Cookie: go.com cookie
12:19: steven sun@disney.go[1].txt (ID = 2729)
12:19: steven sun@dist.belnk[2].txt (ID = 2293)
12:19: steven sun@go[1].txt (ID = 2728)
12:19: Found Spy Cookie: 2o7.net cookie
12:19: steven sun@highbeam.122.2o7[1].txt (ID = 1958)
12:19: steven sun@microsofteup.112.2o7[1].txt (ID = 1958)
12:19: steven sun@microsoftwga.112.2o7[1].txt (ID = 1958)
12:19: Found Spy Cookie: nextag cookie
12:19: steven sun@nextag[2].txt (ID = 5014)
12:19: Found Spy Cookie: outster cookie
12:19: steven sun@outster[1].txt (ID = 3103)
12:20: Found Spy Cookie: partypoker cookie
12:20: steven sun@partypoker[2].txt (ID = 3111)
12:20: Found Spy Cookie: rc cookie
12:20: steven sun@rc[1].txt (ID = 3231)
12:20: steven sun@stat.dealtime[2].txt (ID = 2506)
12:20: Found Spy Cookie: reliablestats cookie
12:20: steven sun@stats1.reliablestats[2].txt (ID = 3254)
12:20: Found Spy Cookie: yadro cookie
12:20: steven sun@yadro[2].txt (ID = 3743)
12:20: Found Spy Cookie: zedo cookie
12:20: steven sun@zedo[1].txt (ID = 3762)
12:20: Cookie Sweep Complete, Elapsed Time: 00:00:04
12:20: Starting File Sweep
12:22: Warning: Failed to open file "c:\windows\winsxs\\msvcirt.dll". The system cannot find the file specified
12:22: Warning: Failed to open file "c:\windows\winsxs\\msvcrt.dll". The system cannot find the file specified
12:22: Warning: Failed to open file "c:\windows\winsxs\\msvcirt.dll". The system cannot find the file specified
12:22: Warning: Failed to open file "c:\windows\winsxs\\msvcrt.dll". The system cannot find the file specified
12:22: Sweep Canceled
12:22: File Sweep Complete, Elapsed Time: 00:02:35
12:22: Traces Found: 45
12:23: | End of Session, 24 November 2005 |
********
12:12: | Start of Session, 24 November 2005 |
12:12: Spy Sweeper started
12:12: Sweep initiated using definitions version 575
12:12: Starting Memory Sweep
12:13: Found Adware: virtumonde
12:13: Detected running threat: C:\WINDOWS\system32\jkhhg.dll (ID = 77)
12:13: Sweep Canceled
12:13: Memory Sweep Complete, Elapsed Time: 00:00:56
12:13: Traces Found: 1
12:13: Removal process initiated
12:14: Quarantining All Traces: virtumonde
12:14: virtumonde is in use. It will be removed on reboot.
12:14: C:\WINDOWS\system32\jkhhg.dll is in use. It will be removed on reboot.
12:14: Warning: Launched explorer.exe
12:14: Warning: Quarantine process could not restart Explorer.
12:14: Preparing to restart your computer. Please wait...
12:14: Removal process completed. Elapsed time 00:00:43
********
12:11: | Start of Session, 24 November 2005 |
12:11: Spy Sweeper started
12:11: Your spyware definitions have been updated.
12:12: | End of Session, 24 November 2005
  • 0

Advertisements


#2
harp2800

harp2800

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Just want to have a check whether I have killed the winfixer completely!
  • 0

#3
harp2800

harp2800

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Does anybody have any idea about my question?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP