Solved Virus taken over

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, August 9, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, August 09, 2008 11:06:44
Records in database: 1073798
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 113840
Threat name: 6
Infected objects: 10
Suspicious objects: 0
Duration of the scan: 03:19:44


File name / Threat name / Threats count
C:\Documents and Settings\HP_Administrator\My Documents\LimeWire\Saved\some kind of friend barry.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Program Files\Trend Micro\Antivirus\QUARANTINE\13.tmp Infected: Trojan-Downloader.Java.OpenConnection.ao 2
C:\Program Files\Trend Micro\Antivirus\QUARANTINE\13.tmp Infected: Trojan.Java.ClassLoader.au 1
C:\Program Files\Trend Micro\Antivirus\QUARANTINE\88.tmp Infected: Email-Flooder.Win32.VB.an 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ibrbnmicfrrwzz.dll.vir Infected: Trojan-Clicker.Win32.Agent.bqy 1
D:\I386\APPS\APP19117\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2
D:\I386\APPS\APP19117\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2

The selected area was scanned.

 

Hi Dereksky
OK, you did not delete this song as asked before.
C:\Documents and Settings\HP_Administrator\My Documents\LimeWire\Saved\some kind of friend barry.mp3

It needs to be deleted, it's infected.

Empty Trend Micro Antivirus QUARANTINE folder.

Now do this.

Click Start>Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created. This action will also reset the System Restore points, removing the infected files there as well.

Please run Kaspersky again and post the log.

Thanks
Geri

 

yeah, i couldn't seem to find that song i will keep looking

 

Okay i found the song and deleted it, and i did the other stuff i am about to run the scan

 

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, August 9, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, August 09, 2008 20:21:17
Records in database: 1075982
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 114141
Threat name: 5
Infected objects: 9
Suspicious objects: 0
Duration of the scan: 03:21:43


File name / Threat name / Threats count
C:\RECYCLER\S-1-5-21-2652174006-1771952321-1238610712-1007\Dc11.tmp Infected: Email-Flooder.Win32.VB.an 1
C:\RECYCLER\S-1-5-21-2652174006-1771952321-1238610712-1007\Dc12.tmp Infected: Trojan-Downloader.Java.OpenConnection.ao 2
C:\RECYCLER\S-1-5-21-2652174006-1771952321-1238610712-1007\Dc12.tmp Infected: Trojan.Java.ClassLoader.au 1
C:\RECYCLER\S-1-5-21-2652174006-1771952321-1238610712-1007\Dc9.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
D:\I386\APPS\APP19117\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2
D:\I386\APPS\APP19117\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2

The selected area was scanned.

 

Hi
Ok Those are in your recycle bin.

Run ATF Cleaner or empty your recycle bin.

Run Kaspersky again and make sure only these show up.

D:\I386\APPS\APP19117\src\CompaqPresario_Spring06.exe
D:\I386\APPS\APP19117\src\HPPavillion_Spring06.exe

They are part of HP's stuff and not a threat. If there is anything else then post the Kaspersky log.

How are things running?

Geri

 

Things seem to be running smooth and back to normal, thanks alot for the help. I am about to run the kaspersky scan right now.

These programs you had me download, will they help for further infections or are they just for cleaning a virus up?

What are some good spyware programs/virus scanner i can scan with weekly to stay safe?

 

okay i ran the scan and only found those two things.

 

Hi Dereksky
You're welcome, glad I could help out.
OK Great that's what we wanted.

Deckards System Scanner and Combofix are tools for cleaning and should be only used under supervision.

They are updated almost daily so it does no good to keep them for they would be out of date in no time.
Combofix should have been deleted already you can delete dss.exe and this folder, C:\Deckard if they weren't deleted.

ATF Cleaner you can keep, it is good for cleaning all the temp garbage you pick up while surfing the net.

MBAM you can keep and is also very goood, make sure you always update before you run a scan.

Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Spyware and Virus Removal Forums.
http://www.windowsbbs.com/showthread.php?t=67958

I'll mark this one resolved.

Surf Safely
Geri