Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Bad Adware/Spyware Problem

Started by Fosh92 , Apr 11 2008 03:56 PM

  • Please log in to reply

#16
Fosh92
Posted 30 April 2008 - 02:59 PM

Fosh92

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thank you very much for your help. I have one question though. What can I do about my AIM? It freezes every time it gets to the point where it says "Starting" and will not load. I have tried uninstalling and reinstalling it but it hasn't worked. Anyways, here is the log:

Malwarebytes' Anti-Malware 1.11
Database version: 703

Scan type: Quick Scan
Objects scanned: 51148
Time elapsed: 12 minute(s), 43 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 3
Registry Keys Infected: 25
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 8
Files Infected: 26

Memory Processes Infected:
c:\program files\webhancer\Programs\whagent.exe (Adware.WebHancer) -> Unloaded process successfully.
c:\program files\Bat\X_Bat.exe (Adware.Batco) -> Unloaded process successfully.
c:\WINDOWS\winself.exe (Rootkit.Agent) -> Unloaded process successfully.
C:\WINDOWS\srsnwtyf.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
c:\program files\webhancer\Programs\webhdll.dll (Adware.WebHancer) -> Unloaded module successfully.
c:\program files\webhancer\Programs\whiehlpr.dll (Adware.WebHancer) -> Unloaded module successfully.
c:\program files\Bat\Bat.dll (Adware.Batco) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63f7460b-c831-4142-a4aa-5ec303ec4343} (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63f7460b-c831-4142-a4aa-5ec303ec4343} (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{f663b917-591f-4172-8d87-3d7d729007ca} (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bat.batbho (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bat.batbho.1 (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d279bc2b-a85b-4559-8fd9-ddc55f5d402d} (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{b80a3586-caa5-41c8-89bf-e617f0b6cfbf} (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{231f6fab-eced-4975-9ef2-c0c7bc81927b} (Adware.AdSponsor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecurity1.209.4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\QdrDrive (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\BATCO (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Batco (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\bat.DLL (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bat (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bat (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\webHancer Agent (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\FUR321wDW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\webHancer (Adware.Webhancer) -> Delete on reboot.
C:\Program Files\webHancer\Programs (Adware.Webhancer) -> Delete on reboot.
C:\Program Files\Bat (Adware.Batco) -> Delete on reboot.
C:\Documents and Settings\Owner.YOUR-68B8D1092F\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-68B8D1092F\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-68B8D1092F\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Rabio\Search Enhancer (Adware.SearchEnhancer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Rabio (Adware.Rabio) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\webhancer\Programs\webhdll.dll (Adware.WebHancer) -> Delete on reboot.
c:\program files\webhancer\Programs\whiehlpr.dll (Adware.WebHancer) -> Delete on reboot.
c:\program files\webhancer\Programs\whagent.exe (Adware.WebHancer) -> Quarantined and deleted successfully.
c:\program files\Bat\X_Bat.exe (Adware.Batco) -> Quarantined and deleted successfully.
c:\WINDOWS\winself.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\program files\Bat\Bat.dll (Adware.Batco) -> Delete on reboot.
C:\WINDOWS\srsnwtyf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\81D.tmp (Adware.Purityscan) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\license.txt (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\readme.txt (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\sporder.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\whagent.ini (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\whinstaller.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\Bat\Bat.dll.intermediate.manifest (Adware.Batco) -> Quarantined and deleted successfully.
C:\Program Files\Bat\Bat.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\Program Files\Bat\Bat.original (Adware.Batco) -> Quarantined and deleted successfully.
C:\Program Files\Bat\Info.dll (Adware.Batco) -> Quarantined and deleted successfully.
C:\Program Files\Bat\un_BatSetup_15041.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\Program Files\Bat\un_BatSetup_15041.txt (Adware.Batco) -> Quarantined and deleted successfully.
C:\Program Files\Bat\X_Bat.log (Adware.Batco) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-68B8D1092F\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-68B8D1092F\Application Data\AdwareAlert\Log\2008 Apr 06 - 07_59_11 PM_453.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-68B8D1092F\Application Data\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\000060.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\31F.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-68B8D1092F\Start Menu\Programs\Startup\Bat - Auto Update.lnk (Adware.Batco) -> Quarantined and deleted successfully.

Edited by Fosh92, 30 April 2008 - 03:25 PM.

  • 0

Advertisements

#17
RenatoMejias
Posted 02 May 2008 - 05:47 AM

RenatoMejias

    Visiting Staff

  • Visiting Consultant
  • 293 posts
Hi Fosh92 :)

Please post a fresh DSS log.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP