Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer infection [RESOLVED]

Started by jsmith , Mar 02 2006 06:34 PM

  • This topic is locked This topic is locked

#16
Flrman1
Posted 05 March 2006 - 05:54 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Click here to download FixSF.zip and save it to your desktop.
Unzip it to extract the FixSF.reg file it contains.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Go to Add/Remove programs and uninstall SpyFalcon if it is there. Do not restart your computer if it asks you to do so.


* Doublclick on the FixSF.reg file to add it to the registry.
Answer yes to confirm the merge.


* Double-click on Killbox.exe to run it.
  • Put a tick by Standard File Kill.
  • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

    C:\Documents and Settings\Alexia\My Documents\eCodec-v4.286.exe

    C:\Windows\System32\dxmpp.dll

    C:\Windows\System32\ginuerep.dll

    C:\Program Files\SpyFalcon

  • Click on the button that has the red circle with the X in the middle after you enter each file.
  • It will ask for confimation to delete the file.
  • Click Yes.
  • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
  • Killbox may tell you that one or more files do not exist.
  • If that happens, just continue on with all the files. Be sure you don't miss any.
  • Exit the Killbox.

* Restart back into Windows normally now.


* Your Norton Antivirus Quarantine folder is overflowing. You need to empty it.


* Go here and do the BitDefender online virus scan.
  • Click "I Agree" to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click "Click here to scan" to begin the scan.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on "Click here to export the scan results"
  • Save the report to your desktop then come back here and attach it to your next reply.

  • 0

Advertisements

#17
jsmith
Posted 06 March 2006 - 01:08 AM

jsmith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi,

Here is what did and did not work:

When I went to uninstall spyfalcon I got an error saying that it had already been removed asking me if I wanted to erase it from the Program list. I said yes.

File: ECoded-v4.286.ese was deleted just fine by killbox.

Files: dxmpp.dll, and spyfalclon were not found by kill box.

File: ginuerep.dll could not be deleted by Killbox.

I emptied my Norton Quarantine.


Here is the bit defender report:

BitDefender Online Scanner



Scan report generated at: Mon, Mar 06, 2006 - 02:00:17





Scan path: A:\;C:\;D:\;E:\;







Statistics

Time
01:43:00

Files
432110

Folders
6007

Boot Sectors
2

Archives
1509

Packed Files
57748




Results

Identified Viruses
5

Infected Files
15

Suspect Files
1

Warnings
0

Disinfected
0

Deleted Files
25




Engines Info

Virus Definitions
297466

Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins
13

Archive plugins
39

Unpack plugins
4

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\!KillBox\ginuerep.dll
Infected with: Trojan.Spyfal.A

C:\!KillBox\ginuerep.dll
Disinfection failed

C:\!KillBox\ginuerep.dll
Deleted

C:\!KillBox\ginuerep.dll ( 1)
Infected with: Trojan.Spyfal.A

C:\!KillBox\ginuerep.dll ( 1)
Disinfection failed

C:\!KillBox\ginuerep.dll ( 1)
Deleted

C:\Documents and Settings\Alexia\.housecall\Quarantine\archive1213.jar-679b0823-6bd98cfb.zip.bac_a02824=>(Quarantine-4)=>Dummy.class
Infected with: Trojan.Java.Byteverify.B

C:\Documents and Settings\Alexia\.housecall\Quarantine\archive1213.jar-679b0823-6bd98cfb.zip.bac_a02824=>(Quarantine-4)=>Dummy.class
Disinfection failed

C:\Documents and Settings\Alexia\.housecall\Quarantine\archive1213.jar-679b0823-6bd98cfb.zip.bac_a02824=>(Quarantine-4)=>Dummy.class
Deleted

C:\Documents and Settings\Alexia\.housecall\Quarantine\archive1213.jar-679b0823-6bd98cfb.zip.bac_a02824=>(Quarantine-4)
Updated

C:\Documents and Settings\Alexia\.housecall\Quarantine\archive1213.jar-679b0823-6bd98cfb.zip.bac_a02824
Update failed

C:\Program Files\ESET\infected\DYPYFYCA.NQF=>(Quarantine-PE)
Suspected of: Generic.Malware.Ssp.2A8FFE59

C:\Program Files\ESET\infected\DYPYFYCA.NQF=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\infected\DYPYFYCA.NQF=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\infected\OOHAVVCA.NQF=>(Quarantine-PE)
Infected with: BehavesLike:Win32.ExplorerHijack

C:\Program Files\ESET\infected\OOHAVVCA.NQF=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\infected\OOHAVVCA.NQF=>(Quarantine-PE)
Deleted

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP643\A0046687.dll
Infected with: Trojan.FakeAlert.AG

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP643\A0046687.dll
Disinfection failed

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP643\A0046687.dll
Deleted

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP643\A0047071.exe
Infected with: BehavesLike:Win32.ExplorerHijack

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP643\A0047071.exe
Disinfection failed

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP643\A0047071.exe
Deleted

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP646\A0047250.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Delf.QY

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP646\A0047250.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP646\A0047250.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP646\A0047252.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Delf.QY

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP646\A0047252.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP646\A0047252.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP646\A0047253.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Delf.QY

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP646\A0047253.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP646\A0047253.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP646\A0047254.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Delf.QY

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP646\A0047254.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP646\A0047254.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP646\A0047255.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Delf.QY

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP646\A0047255.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP646\A0047255.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP646\A0047256.exe=>(Quarantine-2)
Infected with: BehavesLike:Win32.ExplorerHijack

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP646\A0047256.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP646\A0047256.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP646\A0047257.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Delf.QY

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP646\A0047257.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP646\A0047257.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP646\A0047259.dll
Infected with: Trojan.Spyfal.A

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP646\A0047259.dll
Disinfection failed

C:\System Volume Information\_restore{0069D427-A36B-4348-AAE1-A67A0C65CCD7}\RP646\A0047259.dll
Deleted

C:\WINDOWS\system32\ginuerep.dll
Infected with: Trojan.Spyfal.A

C:\WINDOWS\system32\ginuerep.dll
Disinfection failed

C:\WINDOWS\system32\ginuerep.dll
Deleted


I also attached the HTML file, cause it looks better. I am also attaching a HJT log file. You didn't ask for one, but have everyother time.


Logfile of HijackThis v1.99.1
Scan saved at 2:08:01 AM, on 3/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\Documents and Settings\Alexia\My Documents\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.ne1.attbb.net:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = sas.ne1.attbb.net
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {2650CC9A-3DB7-45E3-91B6-C7CF03F236AE} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2650CC9A-3DB7-45E3-91B6-C7CF03F236AE} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D6FF996E-816E-49EA-ACB9-591F3316D35D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D6FF996E-816E-49EA-ACB9-591F3316D35D} - (no file) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {134F7664-943D-3BB9-65F5-70B91DF46C86} - http://www.emcodec.c...odec-v4.286.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1141308702203
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe




Thanks.

Jesse

Attached Files


  • 0

#18
Flrman1
Posted 06 March 2006 - 07:26 AM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Bitdefender took care of the ginuerep.dll file.

Go ahead and delete the c:\!killbox folder.

How is everything now?

Open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here.
  • 0

#19
jsmith
Posted 06 March 2006 - 08:39 AM

jsmith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
HI,

Actually things seem to be ok, at least my computer has stopped telling me that I am infected. The only reason I don't feel confident is that when I turned on my computer NOD32 had quarantined the following files:

Time Module Object Name Threat Action User Information
3/6/2006 9:31:12 AM AMON file C:\WINDOWS\TEMP\tmp875.tmp a variant of Win32/TrojanDownloader.Zlob trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Norton AntiVirus\navapsvc.exe. The file was moved to quarantine. You may close this window.
3/6/2006 9:31:11 AM AMON file C:\WINDOWS\TEMP\tmpDD12.tmp a variant of Win32/TrojanDownloader.Zlob trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Norton AntiVirus\navapsvc.exe. The file was moved to quarantine. You may close this window.
3/6/2006 9:31:11 AM AMON file C:\WINDOWS\TEMP\tmp85E0.tmp a variant of Win32/TrojanDownloader.Zlob trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Norton AntiVirus\navapsvc.exe. The file was moved to quarantine. You may close this window.
3/6/2006 9:31:10 AM AMON file C:\WINDOWS\TEMP\tmp5A7E.tmp a variant of Win32/TrojanDownloader.Zlob trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Norton AntiVirus\navapsvc.exe. The file was moved to quarantine. You may close this window.
3/6/2006 9:30:53 AM AMON file C:\WINDOWS\TEMP\tmpD7ED.tmp a variant of Win32/TrojanDownloader.Zlob trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Norton AntiVirus\navapsvc.exe. The file was moved to quarantine. You may close this window.
3/6/2006 9:30:50 AM AMON file C:\WINDOWS\TEMP\tmp555A.tmp a variant of Win32/TrojanDownloader.Zlob trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Norton AntiVirus\navapsvc.exe. The file was moved to quarantine. You may close this window.
3/6/2006 9:30:49 AM AMON file C:\WINDOWS\TEMP\tmpD2C9.tmp a variant of Win32/TrojanDownloader.Zlob trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Norton AntiVirus\navapsvc.exe. The file was moved to quarantine. You may close this window.
3/6/2006 9:30:48 AM AMON file C:\WINDOWS\TEMP\tmp5036.tmp a variant of Win32/TrojanDownloader.Zlob trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Norton AntiVirus\navapsvc.exe. The file was moved to quarantine. You may close this window.
3/6/2006 9:30:47 AM AMON file C:\WINDOWS\TEMP\tmpCDA5.tmp a variant of Win32/TrojanDownloader.Zlob trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Norton AntiVirus\navapsvc.exe. The file was moved to quarantine. You may close this window.


Here is the HJT Uninstall List:

Active Disk
Ad-Aware SE Personal
Adobe Reader 7.0
Agere Systems PCI Soft Modem
AutoCAD 2004
Autodesk Express Viewer
CC_ccStart
ccCommon
Civilization III
CleanUp!
ewido anti-malware
Feeding Frenzy
Google Gmail Notifier
HexDump plug-in for Ad-Aware SE
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
HP Color Inkjet CP1700 Uninstaller
Internet Explorer Q903235
IomegaWare 4.0.3
iPod for Windows 2005-10-12
iTunes
J2SE Runtime Environment 5.0 Update 4
Kaspersky On-line Scanner
Lernout & Hauspie TruVoice for Microsoft Agent
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
MacPower USB Driver installer
Macromedia Shockwave Player
Microsoft AntiSpyware
Microsoft Office Basic Edition 2003
Microsoft XML Parser and SDK
MSRedist
Nero - Burning Rom
NOD32 antivirus system
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
NVIDIA Display Driver
Panda ActiveScan
QuickTime
SafeCast Shared Components
Scanlogic USB2IDE F/W2.61 & HDD ICON
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Sid Meier's Civilization 4
SolidWorks Student Design Kit
SoundMAX
Spybot - Search & Destroy 1.4
Spyware Doctor 3.1
Symantec Script Blocking Installer
SymNet
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2

Other then my wanings from NOD32 I'd say the computer was clean. What next?

Jesse Smith
  • 0

#20
Flrman1
Posted 06 March 2006 - 06:47 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Go to Add/Remove programs and uninstall J2SE Runtime Environment 5.0 Update 4


* Now go here and install the latest version of Java.


* Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.


* Go to Windows update and install all "High Priority Updates".


* Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.
  • 0

#21
jsmith
Posted 06 March 2006 - 11:11 PM

jsmith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thanks so much for your help. I would love just a little advice before you are finished with me if you have some time. I am wondering just which security programs I should run on my computer.

Right now I have the following seemingly active:

Spybot, Ewido, NOD32, Norton, and Microsoft Antispyware

This seems a little excessive to me. Then the page you reccomended to me suggests using the following:

Spyware Blaster, Spyware Guard, and IEspyad (and some programs I already have).

However all of GTGs securty advice mentions that running too many programs is detrimental to the computers system and possibly security. Here is what I would like to do, and you can tell me if it is crazy:

Uninstall the following:
Ewido and Nod32

Then Install:
IE-SPYAD

Then for an anti-virus program I figure I will stay with Norton, because I have it. If you think that others would be better, I could swap.

does that plan make sense?

Thanks, you have been a terrific help and a god send.

Jesse
  • 0

#22
Flrman1
Posted 07 March 2006 - 05:15 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
You should keep Nod32. In my opinion it is the best antivirus you can get. Get rid of Norton.
  • 0

#23
Flrman1
Posted 20 March 2006 - 06:43 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP