[rhinojonson]

Taher, here's the scan from the Panda program.


Incident Status Location

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6yfsr7kf.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6yfsr7kf.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6yfsr7kf.default\cookies.txt[]
Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
Potentially unwanted tool:Application/Pskill.K Not disinfected C:\Program Files\pgcedit\pgcedit.exe[pskill.exe]
Spyware:Cookie/Apmebf Not disinfected C:\RECYCLER\S-1-5-21-2703208185-2070721053-3021757973-1003\Dc1.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\S-1-5-21-2703208185-2070721053-3021757973-1003\Dc1.txt[74126313]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\S-1-5-21-2703208185-2070721053-3021757973-1003\Dc1.txt[]


Thanks again

[Advertisements]

Hi rhinojonson,

Nope, nothing there either.

Just to remove some trackng cookies:

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



Let's run one last scan. This one will take a while but it's one of the most comprehensive scans out there.
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Thanks.

[taher]

Hi rhinojonson,

Nope, nothing there either.

Just to remove some trackng cookies:

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



Let's run one last scan. This one will take a while but it's one of the most comprehensive scans out there.
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Thanks.

[rhinojonson]

disregard this post -I didn't realize it had gone on to a second page. Kaspersky scan is in the works.

Taher, I posted the log from the Panda program last night, but it looks like it didn't show up. Here it is again.


Incident Status Location

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6yfsr7kf.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6yfsr7kf.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6yfsr7kf.default\cookies.txt[]
Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
Potentially unwanted tool:Application/Pskill.K Not disinfected C:\Program Files\pgcedit\pgcedit.exe[pskill.exe]
Spyware:Cookie/Apmebf Not disinfected C:\RECYCLER\S-1-5-21-2703208185-2070721053-3021757973-1003\Dc1.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\S-1-5-21-2703208185-2070721053-3021757973-1003\Dc1.txt[74126313]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\S-1-5-21-2703208185-2070721053-3021757973-1003\Dc1.txt[]

Edited by rhinojonson, 28 March 2006 - 03:26 PM.

[taher]

edited

ok thanks

Edited by taher, 28 March 2006 - 03:28 PM.

[rhinojonson]

Taher, here's the Kaspersky scan

KASPERSKY ON-LINE SCANNER REPORT
Tuesday, March 28, 2006 2:30:48 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 28/03/2006
Kaspersky Anti-Virus database records: 184617
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan Statistics
Total number of scanned objects 97483
Number of viruses found 4
Number of infected objects 13
Number of suspicious objects 0
Duration of the scan process 01:05:13

Infected Object Name Virus Name Last Action
C:\Program Files\Norton AntiVirus\Quarantine\07D51858 Infected: Trojan-Downloader.Win32.Agent.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\1A76104D Infected: Trojan-Downloader.Win32.Agent.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\20376A27 Infected: Trojan-Downloader.Win32.Agent.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\415104E1 Infected: Trojan-Downloader.Win32.Agent.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\534868FB Infected: Trojan-Downloader.Win32.Agent.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\55D02B2D Infected: Trojan-Downloader.Win32.Agent.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\5BBE1BB3 Infected: Trojan-Downloader.Win32.Agent.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\6D6217C4 Infected: not-a-virus:AdWare.Win32.BetterInternet skipped
C:\Program Files\pgcedit\pgcedit.exe/Tcl/work/PGCEDIT/bin/pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped
C:\Program Files\pgcedit\pgcedit.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP554\A0080320.exe Infected: not-a-virus:Downloader.Win32.DigStream.a skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP556\A0082675.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP556\A0082676.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped
Scan process completed.

[taher]

Hi rhinojonson,

Let's try this last step. We need to reset your restore points. To do this, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.



Also, please open your norton antivirus and clear out the quarantine. Select everything in the quarantine and press "delete" or "purge". Make sure you do NOT press anything like "restore". I am unfortunately not familiar with your specific antivirus, but the quarantine should be accessible from the main page of norton or maybe under a "tools" or "view" tab in the menu bar.


After doing this please let me know if your problems with the .exe window continue. If they do, your problem is not malware-related and I advise checking with one of our other forums (maybe windows xp forum here) to help solve your problem.

Please let me know in any case so I can give you some prevention tips for the future.

[rhinojonson]

Taher, I am very grateful for your help. The exe window is still popping up, so I will check the xp forum. If you have any tips for my future prevention of these nusances let me know. I have made a donation to your fund. I hope it helps. You have answered questions for me that nobody else could and saved me hours of fustration. Thank you very much -RK

[taher]

Hi rhinojonson,

First let me thank you for your patience and for following all of my instructions fully and completely at each step.

Next, it appears as if you don't have a firewall running on your system, so from the following tools the most urgent for your case is the installation and use of a firewall (under "other necessary programs" at the bottom).


The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

• Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  
• AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  
• SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  
• SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  
• IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  
• ATF Cleaner by Atribune. - Cleans temporary files from IE, alternate browsers and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  
• Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
  Other necessary Programs:
• Firewall<= A firewall is definitely a must have. I wish I could offer you a choice on this but Sygate is no longer free, and the Tinypersonalfirewall that some of the staff recommend is having problems with its download site. So I recommend Zone Alarm by ZoneLabs.
• More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein


Thank you.

[rhinojonson]

Taher, I installed the programs listed that I didn't already have. I do have my Windows firewall enabled, but I installed the Zone Alarm basic firewall as well. Once again, your help is most appreciated. Let's consider this a closed case unless you notice anything else. -RK

[taher]

hi rhinojonson,

it's fine, keep the zone alarm firewall too. make sure you update definitions for the other programs regularly (spybot, adaware, spyware blaster, etc.) and best of luck in the future.

Taher

[therock247uk]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.