Solved attention user!

Hi
What is your D drive?
Is it a external drive or is it a recovery partition?

Geri

 

hm...

it's not an external drive... I assume that the thing you call a recovery partition (since English isn't my native) is my D. Anyway a would explain it like this... D drive is my partition in which I store everything that i would need to keep in case I have to format my C drive's system files... so I guess when you say recovery partition you mean that...

i was thinking... is it possible that I have a virus stored on D partition somewhere among files and it somehow makes a backup of himself whenever i delete it's offsprings.. kinda like mothership... and could it be undetectable by panda....? and avast..?

again.. sorry to bother you so much... it's just that I would really like to clean my computer before I need it for some serious stuff in the future...

thanks

 

Hi bluesblues
Please do this,

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  Code:

  D:\System Volume Information\_restore{AC9CB5EA-4EA3-416F-B595-D0DC699D54B3}\RP63\A0017540.exe
  

• Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move " window (under the light blue bar) and choose Paste.
  
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please post another Panda Scan.

Thanks
Geri

 

moveit

hi,

here's move it log

D:\System Volume Information\_restore{AC9CB5EA-4EA3-416F-B595-D0DC699D54B3}\RP63\A0017540.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07192008_194013

 

Hi
OK, Can I see another Panda scan.

Thanks
Geri

 

here is panda scan.... it was suppose to follow the "move it" log but I had some business to attend so here is the panda scan log now.... sorry if I kept you waiting....

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-07-20 01:41:01
PROTECTIONS: 1
MALWARE: 15
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1201 [VPS 080719-0] 4.8.1201 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Cookies\kazekage@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.doubleclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.tribalfusion.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.statcounter.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Cookies\kazekage@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.burstnet.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.advertising.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.zedo.com/]
00366244 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP4\A0000073.exe[nircmd.exe]
02137870 Spyware/Virtumonde Spyware No 1 No No C:\_OTMoveIt\MovedFiles\07192008_194013\System Volume Information\_restore{AC9CB5EA-4EA3-416F-B595-D0DC699D54B3}\RP63\A0017540.exe[crack.exe]
02656816 Trj/Multidropper.RJL Virus/Trojan No 0 Yes No C:\_OTMoveIt\MovedFiles\07192008_194013\System Volume Information\_restore{AC9CB5EA-4EA3-416F-B595-D0DC699D54B3}\RP63\A0017540.exe
02656819 Dialer.KTG Dialers No 0 No No C:\_OTMoveIt\MovedFiles\07192008_194013\System Volume Information\_restore{AC9CB5EA-4EA3-416F-B595-D0DC699D54B3}\RP63\A0017540.exe[serial.exe]
02656821 Trj/Downloader.QXC Virus/Trojan No 1 No No C:\_OTMoveIt\MovedFiles\07192008_194013\System Volume Information\_restore{AC9CB5EA-4EA3-416F-B595-D0DC699D54B3}\RP63\A0017540.exe[keygen.exe]
02677471 W32/Virutas.AD Virus No 0 No No C:\_OTMoveIt\MovedFiles\07192008_194013\System Volume Information\_restore{AC9CB5EA-4EA3-416F-B595-D0DC699D54B3}\RP63\A0017540.exe[install.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location Ԯ
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description Ԯ
;===================================================================================================================================================================================
184380 MEDIUM MS08-002 Ԯ
184379 MEDIUM MS08-001 Ԯ
182048 HIGH MS07-069 Ԯ
182046 HIGH MS07-067 Ԯ
182043 HIGH MS07-064 Ԯ
179553 HIGH MS07-061 Ԯ
157262 HIGH MS07-022 Ԯ
133385 MEDIUM MS06-063 Ԯ
123420 HIGH MS06-035 Ԯ
;===================================================================================================================================================================================

 

Hi bluesblues
OK That's great.

• Please double-click OTMoveIt.exe to run it.
• Click on the CleanUp! button. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
• This step removes the files, folders, and shortcuts created by the tools I had you download and run.

Let me know if everything is running OK.

Geri

 

:d

your magic strong....

I'm extremely satisfied with the results of our collaboration. It looks like I'm totally clean now... I'll keep ATF-cleaner
cause I think it's useful. Rest was deleted by MoveIt. Just to make sure I will probably perform one more online scan maybe you could recommend some other online scanner to me?

If you have any advice on how to better protect myself in future please post it

Geri, thanks for everything

PS most problems exist between keyboard and chair

 

Hi bluesblues
Glad I could help out.

Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Spyware and Virus Removal Forums.
An ounce of prevention is worth a pound of cure

I'll mark this one resolved.

Surf Safely
Geri