Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

paytime.exe, tool2.exe, virus within SUN java


  • Please log in to reply

#1
pand0ra37

pand0ra37

    New Member

  • Member
  • Pip
  • 1 posts
I was on the internet searching when I kept getting notices popping up (from AVG) that I was infected with a trojan horse virus. I tried to heal all files and placed them in the virus vault. Then "pop under" ads started opening so I closed internet explorer. When I did this, my desktop wallpaper disappeared, leaving a bright blue screen with a black box in the middle, talking about spyware and needing to remove it. There were two red circles down by the clock that had gray x's in them that continually popped up a bubble talking about spyware and asking me to click on them to get the latest program to remove it. I immediately rebooted, found no progress, and ran AVG, AD-Aware, and Spybot, with reboots in between. Several items were found, cleaned or removed. I then rebooted and started in Safemode, and did the same process again. My desktop is still locked with the blue screen / black box. I have found my computer runs much slower than normal. I have run AVG, AD-Aware, and Spy bot until they have found nothing. I then ran several of the programs listed on the general help for malware removal such as the spyware doctor, trojan hunter, etc. They also removed/cleaned files. Now my wallpaper is locked a silver color unable to be changed and my computer is still running slowly. I went into the display options and turned off the active desktop and unclicked the "current webpage" as the desktop which removed the black box from the middle of the screen. The only "viruses" found by AVG were contained in Java Sun folder, and they were removed by AVG. To be on the cautious side, I removed the Java Sun program that was for internet explorer and reinstalled, then ran a scan again, everything came out clean.


I am all out of ideas and quite computer illiterate so anything you can do to help me at this point would be greatly appreciated.
________________________________________________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 1:58:10 PM, on 12/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
F:\Program Files\dnetc\dnetc.exe
F:\Program Files\ewido\security suite\ewidoctrl.exe
F:\WINDOWS\SYSTEM32\GEARSEC.EXE
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\wdfmgr.exe
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\PowerDVD\PDVDServ.exe
F:\Program Files\HP DVD\Umbrella\DVDTray.exe
F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
F:\Program Files\Winamp\winampa.exe
G:\program files\HP Share-to-Web\hpgs2wnd.exe
G:\program files\Photo Imaging\Hpi_Monitor.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
F:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
F:\Program Files\AIM\aim.exe
F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
g:\PROGRA~1\HPSHAR~1\hpgs2wnf.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\Melissa J\Local Settings\Temporary Internet Files\Content.IE5\JACJR90X\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DVDTray] "F:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "F:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] F:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] g:\program files\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CXMon] "g:\program files\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [bxproxy] F:\WINDOWS\bxproxy.exe
O4 - HKLM\..\Run: [PayTime] F:\WINDOWS\system32\paytime.exe
O4 - HKLM\..\Run: [THGuard] "F:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [DW4] "F:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [AIM] F:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [bxproxy] F:\WINDOWS\bxproxy.exe
O4 - HKCU\..\Run: [PayTime] F:\WINDOWS\system32\paytime.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://f:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://f:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - F:\WINDOWS\system32\panmbmpb.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - F:\Program Files\dnetc\dnetc.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - F:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32
\nvsvc32.exe
___________________________________________________________________________

I also ran Spyware Doctor and got the following results. I would not let me remove any of the files without purchasing the program. I did not purchase the program at this time. Results are below.

Spyware Doctor Activity Report
Generated on 12/1/2005 2:16:03 PM Spyware Doctor Homepage PC Tools Homepage Technical Support


Scans (basic information only):

Scan Results:
scan start: 12/1/2005 2:17:01 PM
scan stop: 12/1/2005 3:06:02 PM
scanned items: 139496
found items: 100
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner



Infection Name Location Risk
DropSpam ToolBar HKCR\Interface\{1E98666F-6260-42C9-B846-32B20FDEFE7B} Medium
DropSpam ToolBar HKCR\Interface\{1E98666F-6260-42C9-B846-32B20FDEFE7B}## Medium
DropSpam ToolBar HKCR\Interface\{1E98666F-6260-42C9-B846-32B20FDEFE7B}\ProxyStubClsid Medium
DropSpam ToolBar HKCR\Interface\{1E98666F-6260-42C9-B846-32B20FDEFE7B}\ProxyStubClsid## Medium
DropSpam ToolBar HKCR\Interface\{1E98666F-6260-42C9-B846-32B20FDEFE7B}\ProxyStubClsid32 Medium
DropSpam ToolBar HKCR\Interface\{1E98666F-6260-42C9-B846-32B20FDEFE7B}\ProxyStubClsid32## Medium
DropSpam ToolBar HKCR\Interface\{1E98666F-6260-42C9-B846-32B20FDEFE7B}\TypeLib Medium
DropSpam ToolBar HKCR\Interface\{1E98666F-6260-42C9-B846-32B20FDEFE7B}\TypeLib## Medium
DropSpam ToolBar HKCR\Interface\{1E98666F-6260-42C9-B846-32B20FDEFE7B}\TypeLib##Version Medium
DropSpam ToolBar HKCR\Interface\{68B8DCDB-EFA4-420A-BB8A-71B9892A2063} Medium
DropSpam ToolBar HKCR\Interface\{68B8DCDB-EFA4-420A-BB8A-71B9892A2063}## Medium
DropSpam ToolBar HKCR\Interface\{68B8DCDB-EFA4-420A-BB8A-71B9892A2063}\ProxyStubClsid Medium
DropSpam ToolBar HKCR\Interface\{68B8DCDB-EFA4-420A-BB8A-71B9892A2063}\ProxyStubClsid## Medium
DropSpam ToolBar HKCR\Interface\{68B8DCDB-EFA4-420A-BB8A-71B9892A2063}\ProxyStubClsid32 Medium
DropSpam ToolBar HKCR\Interface\{68B8DCDB-EFA4-420A-BB8A-71B9892A2063}\ProxyStubClsid32## Medium
DropSpam ToolBar HKCR\Interface\{68B8DCDB-EFA4-420A-BB8A-71B9892A2063}\TypeLib Medium
DropSpam ToolBar HKCR\Interface\{68B8DCDB-EFA4-420A-BB8A-71B9892A2063}\TypeLib## Medium
DropSpam ToolBar HKCR\Interface\{68B8DCDB-EFA4-420A-BB8A-71B9892A2063}\TypeLib##Version Medium
DropSpam ToolBar HKCR\Interface\{B13281CF-8778-4C98-AE23-ABBA4637A33D} Medium
DropSpam ToolBar HKCR\Interface\{B13281CF-8778-4C98-AE23-ABBA4637A33D}## Medium
DropSpam ToolBar HKCR\Interface\{B13281CF-8778-4C98-AE23-ABBA4637A33D}\ProxyStubClsid Medium
DropSpam ToolBar HKCR\Interface\{B13281CF-8778-4C98-AE23-ABBA4637A33D}\ProxyStubClsid## Medium
DropSpam ToolBar HKCR\Interface\{B13281CF-8778-4C98-AE23-ABBA4637A33D}\ProxyStubClsid32 Medium
DropSpam ToolBar HKCR\Interface\{B13281CF-8778-4C98-AE23-ABBA4637A33D}\ProxyStubClsid32## Medium
DropSpam ToolBar HKCR\Interface\{B13281CF-8778-4C98-AE23-ABBA4637A33D}\TypeLib Medium
DropSpam ToolBar HKCR\Interface\{B13281CF-8778-4C98-AE23-ABBA4637A33D}\TypeLib## Medium
DropSpam ToolBar HKCR\Interface\{B13281CF-8778-4C98-AE23-ABBA4637A33D}\TypeLib##Version Medium
DropSpam ToolBar HKCR\Interface\{A5F6C90C-ABE4-4C57-A421-8C5A202AA9F8} Medium
DropSpam ToolBar HKCR\Interface\{A5F6C90C-ABE4-4C57-A421-8C5A202AA9F8}## Medium
DropSpam ToolBar HKCR\Interface\{A5F6C90C-ABE4-4C57-A421-8C5A202AA9F8}\ProxyStubClsid Medium
DropSpam ToolBar HKCR\Interface\{A5F6C90C-ABE4-4C57-A421-8C5A202AA9F8}\ProxyStubClsid## Medium
DropSpam ToolBar HKCR\Interface\{A5F6C90C-ABE4-4C57-A421-8C5A202AA9F8}\ProxyStubClsid32 Medium
DropSpam ToolBar HKCR\Interface\{A5F6C90C-ABE4-4C57-A421-8C5A202AA9F8}\ProxyStubClsid32## Medium
DropSpam ToolBar HKCR\Interface\{A5F6C90C-ABE4-4C57-A421-8C5A202AA9F8}\TypeLib Medium
DropSpam ToolBar HKCR\Interface\{A5F6C90C-ABE4-4C57-A421-8C5A202AA9F8}\TypeLib## Medium
DropSpam ToolBar HKCR\Interface\{A5F6C90C-ABE4-4C57-A421-8C5A202AA9F8}\TypeLib##Version Medium
DropSpam ToolBar HKCR\TypeLib\{DE6317F7-6EF0-45C2-88D1-8E09415817F1} Medium
DropSpam ToolBar HKCR\TypeLib\{DE6317F7-6EF0-45C2-88D1-8E09415817F1}## Medium
DropSpam ToolBar HKCR\TypeLib\{DE6317F7-6EF0-45C2-88D1-8E09415817F1}\1.0 Medium
DropSpam ToolBar HKCR\TypeLib\{DE6317F7-6EF0-45C2-88D1-8E09415817F1}\1.0## Medium
DropSpam ToolBar HKCR\TypeLib\{DE6317F7-6EF0-45C2-88D1-8E09415817F1}\1.0\0 Medium
DropSpam ToolBar HKCR\TypeLib\{DE6317F7-6EF0-45C2-88D1-8E09415817F1}\1.0\0## Medium
DropSpam ToolBar HKCR\TypeLib\{DE6317F7-6EF0-45C2-88D1-8E09415817F1}\1.0\0\win32 Medium
DropSpam ToolBar HKCR\TypeLib\{DE6317F7-6EF0-45C2-88D1-8E09415817F1}\1.0\0\win32## Medium
DropSpam ToolBar HKCR\TypeLib\{DE6317F7-6EF0-45C2-88D1-8E09415817F1}\1.0\FLAGS Medium
DropSpam ToolBar HKCR\TypeLib\{DE6317F7-6EF0-45C2-88D1-8E09415817F1}\1.0\FLAGS## Medium
DropSpam ToolBar HKCR\TypeLib\{DE6317F7-6EF0-45C2-88D1-8E09415817F1}\1.0\HELPDIR Medium
DropSpam ToolBar HKCR\TypeLib\{DE6317F7-6EF0-45C2-88D1-8E09415817F1}\1.0\HELPDIR## Medium
Grokster HKCU\Software\Softwrap\Adtracker________ Medium
Grokster HKCU\Software\Softwrap\Adtracker________## Medium
Grokster HKCU\Software\Softwrap\Adtracker________\mp3wav Medium
Grokster HKCU\Software\Softwrap\Adtracker________\mp3wav## Medium
Grokster HKCU\Software\Softwrap\Adtracker________\mp3wav##cookie Medium
Trojan.Downloader.Small.BWS HKCU\Software\Microsoft\Windows\CurrentVersion##adv698 High
Trojan.FakeAlert HKCU\Software\Microsoft\Windows\CurrentVersion\Run##Windows Installer High
Trojan.SpamBot HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_I386P High
Trojan.SpamBot HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_I386P## High
Trojan.SpamBot HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_I386P##NextInstance High
Trojan.SpamBot HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_I386P\0000 High
Trojan.SpamBot HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_I386P\0000## High
Trojan.SpamBot HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_I386P\0000##Service High
Trojan.SpamBot HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_I386P\0000##Legacy High
Trojan.SpamBot HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_I386P\0000##ConfigFlags High
Trojan.SpamBot HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_I386P\0000##Class High
Trojan.SpamBot HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_I386P\0000##ClassGUID High
Trojan.SpamBot HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_I386P\0000##DeviceDesc High
Trojan.SpamBot HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_I386P\0000##Capabilities High
Trojan.SpamBot HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_I386P\0000\Control High
Trojan.SpamBot HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_I386P\0000\Control## High
Trojan.SpamBot HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_I386P\0000\Control##ActiveService High
Trojan.Win32.StartPage.pu HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run##PayTime High
Trojan.Win32.StartPage.pu HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run##PayTime High
YourSiteBar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs##F:\WINDOWS\Downloaded Program Files\YSBactivex.dll High
YourSiteBar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\F:/WINDOWS/Downloaded Program Files/YSBactivex.dll High
YourSiteBar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\F:/WINDOWS/Downloaded Program Files/YSBactivex.dll## High
YourSiteBar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\F:/WINDOWS/Downloaded Program Files/YSBactivex.dll##.Owner High
YourSiteBar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\F:/WINDOWS/Downloaded Program Files/YSBactivex.dll##{42F2C9BA-614F-47C0-B3E3-ECFD34EED658} High
DropSpam ToolBar HKCR\CLSID\{887A577B-406B-48FF-80CB-70752BFCD7B4} Medium
DropSpam ToolBar HKCR\CLSID\{887A577B-406B-48FF-80CB-70752BFCD7B4}\InprocServer32 Medium
DropSpam ToolBar HKCR\CLSID\{887A577B-406B-48FF-80CB-70752BFCD7B4}\ProgID Medium
DropSpam ToolBar HKCR\CLSID\{887A577B-406B-48FF-80CB-70752BFCD7B4}\Programmable Medium
DropSpam ToolBar HKCR\CLSID\{887A577B-406B-48FF-80CB-70752BFCD7B4}\TypeLib Medium
DropSpam ToolBar HKCR\CLSID\{887A577B-406B-48FF-80CB-70752BFCD7B4}\VersionIndependentProgID Medium
DropSpam ToolBar HKLM\Software\Classes\CLSID\{887A577B-406B-48FF-80CB-70752BFCD7B4} Medium
DropSpam ToolBar HKLM\Software\Classes\CLSID\{887A577B-406B-48FF-80CB-70752BFCD7B4}\InprocServer32 Medium
DropSpam ToolBar HKLM\Software\Classes\CLSID\{887A577B-406B-48FF-80CB-70752BFCD7B4}\ProgID Medium
DropSpam ToolBar HKLM\Software\Classes\CLSID\{887A577B-406B-48FF-80CB-70752BFCD7B4}\Programmable Medium
DropSpam ToolBar HKLM\Software\Classes\CLSID\{887A577B-406B-48FF-80CB-70752BFCD7B4}\TypeLib Medium
DropSpam ToolBar HKLM\Software\Classes\CLSID\{887A577B-406B-48FF-80CB-70752BFCD7B4}\VersionIndependentProgID Medium
Tracking Cookie(s) F:\Documents and Settings\Melissa J\Cookies\melissa j@microsofteup.112.2o7[1].txt Medium
Tracking Cookie(s) F:\Documents and Settings\Melissa J\Cookies\melissa j@atwola[1].txt Medium
Tracking Cookie(s) F:\Documents and Settings\Melissa J\Cookies\melissa j@geekstogo[2].txt Medium
Tracking Cookie(s) F:\Documents and Settings\Melissa J\Cookies\melissa j@questionmarket[1].txt Medium
Trojan.FakeAlert F:\Documents and Settings\Melissa J\Application Data\Install.dat High
Trojan.Dropper.Small.AEK F:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll High
Trojan.Dropper.Small.AEK F:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll High
Joltid P2P Networking F:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll.tcf Elevated
SahAgent F:\WINDOWS\system32\08pm0jpl.ini Elevated
SahAgent F:\WINDOWS\system32\ejn6nsft.ini Elevated
SahAgent F:\WINDOWS\system32\sgo49do5.dat Elevated


Other Sections:

Edited by pand0ra37, 01 December 2005 - 02:10 PM.

  • 0

Advertisements


#2
John McKenna

John McKenna

    Visiting Staff

  • Member
  • PipPipPip
  • 230 posts
Hi and welcome to Geeks! :tazz:

There won't be any need to purchase a program to remove the Smitfraud trojan.

All the tools we need are readily available at our disposal free of charge. :)

Since it's been a week since your original post, can I ask you to post a fresh log in this thread please and we'll take it from there.


Keeping Track of Your Topic
  • Please subscribe to this thread by clicking 'Track this topic' at the top of the thread.
  • Enable email notification to subscribed threads via the My Controls link above.
  • Keep ALL future replies in this thread please.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP