Help Trojan-Spy.win32@mx problem

[mdcnmn7]

I am not an experienced PC operator and I can not get rid of the Trojan-Spy.win32@mx Everything I have looked at says to download the hijackthis program. Here is the log from hijackthis. What do I do next?

Logfile of HijackThis v1.99.1
Scan saved at 8:01:09 PM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Video ActiveX Access\iesmn.exe
C:\Program Files\Video ActiveX Access\imsmain.exe
C:\Program Files\Video ActiveX Access\imsmn.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DefenderPro AntiSpy\DPASNT.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\DefenderPro AntiSpy\AntiSpy\TSAntiSpy.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\My Downloads\HijackThis.exe

 

[pechenegs]

hi, welcome to TSG.


you've only posted the top part of the log, you need to post the whole log!



Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.



Download AVG Anti-Spyware

http://www.ewido.net/en/

* Once you have downloaded AVG Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
* Once the setup is complete you will need run AVG and update the definition files.
* On the main screen select the icon "Update" then select the "Update now" link.
* Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
* Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
* Once in the Settings screen click on "Recommended actions" and then select "Delete"
* Under "Reports"
* Select "Automatically generate report after every scan"
* Un-Select "Only if threats were found"


Close AVG Anti-Spyware. Anti-spyware, Do NOT run a scan yet. We will do that later in safe mode.






* Click here to download ATF Cleaner by Atribune and save it to your desktop.

http://majorgeeks.com/ATF_Cleaner_d4949.html

* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.
o If you use Firefox:
+ Click Firefox at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords, please click No at the prompt.
o If you use Opera:
+ Click Opera at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords, please click No at the prompt.
* Click Exit on the Main menu to close the program.


* Click here for info on how to boot to safe mode if you don't already know
how.

http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam

* Now copy these instructions to notepad and save them to your desktop. You
will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in
safe mode:




Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.





Run AVG Anti-Spyware!

# IMPORTANT: Do not open any other windows or programs while AVG is scanning as it may interfere with the scanning process:
# Launch AVG Anti-spyware by double-clicking the icon on your desktop.
# Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
# AVG will now begin the scanning process. Be patient this may take a little time.
Once the scan is complete do the following:
# If you have any infections you will prompted, then select "Apply all actions"
# Next select the "Reports" icon at the top.
# Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
# Close AVG and reboot your system back into Normal Mode.


Note: this is a stand alone, it doesn't install to start/programmes.

Download Mwav,

http://www.spywareinfo.dk/download/mwav.exe

double click on it and it will extract to C:\kaspersky. Click
on the kaspersky folder and click on Kavupd, a black dos window will open
and it will update the programme for you, be patient it will take 5-10
minutes to download the new definitions. Once it's updated, click on mwavscan
to launch the programme.

Use the defaults of:

Memory
startup folders
Registry
system folders
services

Choose drive , all drives and, click scan all files
and then click scan/clean. After it finishes scanning and cleaning post
the log here with a new hijack this log.

Note: this is a very thorough scanner, it might take anything up to an hour
or more, depending on how many drives you have and how badly infected your
pc is.



Highlight the portion of the scan that lists infected items and hold
CTRL + C to Copy then paste it here. The whole log with be extremely
big so there is no way to copy the whole thing. I just need the
infected items list.



Post a new hijack this, the smitfraud, the Mwav scan log and the AVg antispware log!



Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

 

[mdcnmn7]

Logfile of HijackThis v1.99.1
Scan saved at 9:41:21 AM, on 5/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DefenderPro AntiSpy\DPASNT.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\DefenderPro AntiSpy\AntiSpy\TSAntiSpy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\My Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [DPAS] "C:\Program Files\DefenderPro AntiSpy\DPASNT.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} -

http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -

http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -

http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:50:28 PM 5/30/2007

+ Scan result:



C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP289\A0902291.dll -> Adware.Agent : Cleaned.
C:\Documents and Settings\Roberts\My Documents\sinstaller2.exe -> Adware.Comet : Cleaned.
HKU\S-1-5-21-117609710-879983540-839522115-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{84938242-5C5B-4A55-B6B9-A1507543B418} -> Adware.Generic : Cleaned.
HKU\S-1-5-21-117609710-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{84938242-5C5B-4A55-B6B9-A1507543B418} -> Adware.Generic : Cleaned.
HKU\S-1-5-21-117609710-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31615D5C-5126-448A-818A-A7CDFEE85A9B} -> Adware.Generic : Cleaned.
HKU\S-1-5-21-117609710-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Cleaned.
HKU\S-1-5-21-117609710-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84938242-5C5B-4A55-B6B9-A1507543B418} -> Adware.Generic : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP286\A0898564.ini -> Adware.Qworke : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP289\A0902281.dll -> Downloader.Agent.bkd : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP289\A0902296.exe -> Downloader.Zlob.azc : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP289\A0902299.exe -> Downloader.Zlob.azc : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP286\A0896067.exe -> Downloader.Zlob.btj : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP286\A0896092.exe -> Downloader.Zlob.btj : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP286\A0898579.exe -> Downloader.Zlob.btj : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP286\A0899579.exe -> Downloader.Zlob.btj : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP286\A0899598.exe -> Downloader.Zlob.btj : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP286\A0902082.exe -> Downloader.Zlob.btj : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP287\A0902105.exe -> Downloader.Zlob.btj : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP287\A0902125.exe -> Downloader.Zlob.btj : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP287\A0902160.exe -> Downloader.Zlob.btj : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP287\A0902178.exe -> Downloader.Zlob.btj : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP287\A0902195.exe -> Downloader.Zlob.btj : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP287\A0902213.exe -> Downloader.Zlob.btj : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP288\A0902233.exe -> Downloader.Zlob.btj : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP288\A0902251.exe -> Downloader.Zlob.btj : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP288\A0902268.exe -> Downloader.Zlob.btj : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP289\A0902292.exe -> Downloader.Zlob.btj : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP289\A0902293.exe -> Downloader.Zlob.btj : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP286\A0896068.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP286\A0896091.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP286\A0898580.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP286\A0899580.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP286\A0899597.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP286\A0902081.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP287\A0902104.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP287\A0902124.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP287\A0902161.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP287\A0902177.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP287\A0902196.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP287\A0902212.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP288\A0902232.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP288\A0902250.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP288\A0902269.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP289\A0902294.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP289\A0902297.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP289\A0902298.exe -> Downloader.Zlob.btq : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP286\A0896066.dll -> Downloader.Zlob.yt : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP286\A0896090.dll -> Downloader.Zlob.yt : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP286\A0898578.dll -> Downloader.Zlob.yt : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP286\A0899578.dll -> Downloader.Zlob.yt : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP286\A0899596.dll -> Downloader.Zlob.yt : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP286\A0902080.dll -> Downloader.Zlob.yt : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP287\A0902103.dll -> Downloader.Zlob.yt : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP287\A0902123.dll -> Downloader.Zlob.yt : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP287\A0902159.dll -> Downloader.Zlob.yt : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP287\A0902176.dll -> Downloader.Zlob.yt : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP287\A0902194.dll -> Downloader.Zlob.yt : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP287\A0902211.dll -> Downloader.Zlob.yt : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP288\A0902231.dll -> Downloader.Zlob.yt : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP288\A0902249.dll -> Downloader.Zlob.yt : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP288\A0902267.dll -> Downloader.Zlob.yt : Cleaned.
C:\System Volume Information\_restore{DE249888-DE5C-4CD1-B3ED-0F9606C489DF}\RP289\A0902295.dll -> Downloader.Zlob.yt : Cleaned.


::Report end

Unable to find an infected items lists.

 

[pechenegs]

can you post the smitfraud and the Mwav logs?



go to this site and download these tools and once you get both
adaware Se 1.6 and spybot, update both of them.

Set adaware to do a full system scan and deselect, "search for neglible risk
entries". Click next to start the scan. Delete everything adaware finds.

reboot and now run spybot

Spybot: Search and destroy.

Delete what spybot finds marked in red. After updating spybot hit the
immunize button.




Download Superantispyware Pro (SAS):

http://www.superantispyware.com/supe....html?rid=3132

Once downloaded and installed update the defintions
and then run a full system scan quarantine what it finds!


* Double-click SUPERAntiSypware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)

http://www.superantispyware.com/definitions.html

* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.


All tools can be downloaded at the link below and found on that page!

. SUPERAntiSpyware
. SpyBot search and destroy
. AdAware SE personal

http://www.majorgeeks.com/downloads31.html

Make sure your ActiveX controls are set as follows:

Go to Internet Options - Security - Internet, press 'default level', then OK.
Now press "Custom Level."

In the ActiveX section, set the first two options (Download signed and
unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX
controls not marked as safe" to 'disable'.


Active X settings

http://www.compu-docs.com/activex.htm

Run ActiveScan online virus scan here

http://www.pandasoftware.com/products/activescan.htm

When the scan is finished, anything that it cannot clean have it delete it.
Make a note of the file location of anything that cannot be deleted so you
can delete it yourself.
- Save the results from the scan!



make sure autoclean is enabled on the scans



post another log, the super and the panda scan logs!



Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

 

[GrahamBennett]

Following a trojan attack I turned to smitfraudfix to repair my home pc, which it did. However, the insructions for the fix have now highjacked the normally plain doc1 whenever I open Word2000. While this does not stop me from using Word, it is a pain as I have to delete two pages of instructions. How can I get back to the default plain doc1?

I hope I've explained things clearly.

Graham.

 

[jdeane]

@GrahamBennett

search for and delete the normal.dot file, or google normal.dot for info

Jon