1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive [InActive]Anti Virus programs wont update and Anti Virus Sites blocked?

Discussion in 'Malware and Virus Removal Archive' started by LoboTheWolf, 2009/01/14.

  1. 2009/01/14
    LoboTheWolf

    LoboTheWolf Inactive Thread Starter

    Joined:
    2009/01/12
    Messages:
    4
    Likes Received:
    0
    This seems to be a common new problem. Mine started after falling asleep one night with the computer on. When I woke up the next morning I had the blue screen of death and everything was unresponsive so I did a hard shut down. When I rebooted the computer seemed to take around 20 minutes to finish booting and I noticed my windows task bar color changed to a default I'm assuming. Now I am not able to update any antivirus or access and antivirus websites. I was able to download Hijack this and a couple of other programs but after they installed they would not open, so they were rendered useless. The one program the does anything is Ewido but all it does is delete a few cookies. Currently the only way I can do anything is to boot in safe mode. This has been the most frustrating thing I've ever had happen to any of my computers. Please help before I go bald.
     
  2. 2009/01/16
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi LoboTheWolf
    Welcome to WindowsBBS.

    Do you have a computer that you can download a tool and transfer it to the infected machine?

    Thanks
    Geri
     
    Geri,
    #2

  3. to hide this advert.

  4. 2009/01/16
    LoboTheWolf

    LoboTheWolf Inactive Thread Starter

    Joined:
    2009/01/12
    Messages:
    4
    Likes Received:
    0
    Yes I do. I downloaded the combofix program already but when I try to run it nothing happens.
     
  5. 2009/01/17
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK please delete it from the infected machine.

    Redownload it and rename it Mocbotix.exe or anything of your choosing before you save it.
    Then transfer it to the infected machine and run it.

    Post the log here.

    Thanks
    Geri
     
    Geri,
    #4
  6. 2009/01/19
    LoboTheWolf

    LoboTheWolf Inactive Thread Starter

    Joined:
    2009/01/12
    Messages:
    4
    Likes Received:
    0
    ComboFix 09-01-19.01 - Arturo 2009-01-19 12:57:29.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.448 [GMT -7:00]
    Running from: c:\documents and settings\Arturo\Desktop\mondofx.exe
    AV: Norton Internet Security *On-access scanning enabled* (Outdated)
    FW: Norton Internet Security *disabled*
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Arturo\Application Data\gadcom
    c:\documents and settings\Arturo\Application Data\gadcom\gadcom.exe
    c:\program files\VideoAccessCodec
    c:\program files\VideoAccessCodec\install.ico
    c:\program files\VideoAccessCodec\Thumbs.db
    c:\windows\Downloaded Program Files\setup.inf
    c:\windows\system32\bbxcyhay.ini
    c:\windows\system32\bszip.dll
    c:\windows\system32\drivers\TDSSiyvv.sys
    c:\windows\system32\mcrh.tmp
    c:\windows\system32\mljJASjH.dll
    c:\windows\system32\prunnet.exe
    c:\windows\system32\TDSSaqhc.dll
    c:\windows\system32\TDSSeckv.log
    c:\windows\system32\TDSSgxum.dll
    c:\windows\system32\TDSShrpe.dll
    c:\windows\system32\TDSSicen.dll
    c:\windows\system32\TDSSiykj.dll
    c:\windows\system32\TDSSlavt.dat
    c:\windows\system32\TDSSllgr.dll
    c:\windows\system32\TDSSmhju.log
    c:\windows\system32\TDSSnmxh.log
    c:\windows\system32\yyIkkRCf.ini
    c:\windows\system32\yyIkkRCf.ini2

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_TDSSserv.sys
    -------\Legacy_TDSSserv.sys
    -------\Legacy_FAD


    ((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))))
    .

    2009-01-10 17:33 . 2009-01-10 17:33 244 --ah----- C:\sqmnoopt08.sqm
    2009-01-10 17:33 . 2009-01-10 17:33 232 --ah----- C:\sqmdata08.sqm
    2009-01-10 10:44 . 2009-01-10 10:44 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-01-10 10:44 . 2009-01-10 10:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-10 10:44 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-10 10:44 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-01-10 09:52 . 2009-01-10 09:52 <DIR> d-------- c:\program files\Panda Security
    2009-01-10 09:52 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
    2008-12-23 12:58 . 2008-12-23 12:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
    2008-12-23 12:56 . 2008-12-23 13:01 <DIR> d-------- c:\documents and settings\Arturo\Application Data\Software Informer
    2008-12-23 10:40 . 2008-12-23 10:40 <DIR> d-------- c:\program files\IObit
    2008-12-23 10:40 . 2008-12-23 10:40 <DIR> d-------- c:\documents and settings\Arturo\Application Data\IObit
    2008-12-22 22:03 . 2008-12-22 22:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Grisoft
    2008-12-22 21:46 . 2008-12-22 21:46 <DIR> d-------- C:\savwsa
    2008-12-21 23:12 . 2008-12-22 23:21 15,360 --ahs---- c:\windows\system32\Thumbs.db

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-22 16:50 --------- d-----w c:\program files\MySpace
    2008-12-22 16:49 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-12-22 16:49 --------- d-----w c:\program files\mIRC
    2008-12-19 03:36 --------- d-----w c:\program files\Common Files\Symantec Shared
    2008-12-17 12:48 --------- d-----w c:\documents and settings\Arturo\Application Data\SharePod
    2008-12-07 17:52 --------- d-----w c:\program files\Camfrog
    2008-12-06 21:09 --------- d-----w c:\documents and settings\Arturo\Application Data\BitTorrent
    2005-10-30 01:33 251 ----a-w c:\program files\wt3d.ini
    2008-07-03 02:35 56 --sh--r c:\windows\system32\AAB12E05BA.sys
    2008-07-03 02:35 1,890 --sha-w c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSConfig "= "c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-09-26 169984]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    2004-09-07 14:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msvideo7 "= STV680tg.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
    backup=c:\windows\pss\Extender Resource Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Arturo^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
    path=c:\documents and settings\Arturo\Start Menu\Programs\Startup\WinMySQLadmin.lnk
    backup=c:\windows\pss\WinMySQLadmin.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    --a------ 2004-09-13 14:33 155648 c:\program files\Apoint\Apoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    --a------ 2005-05-12 21:00 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
    --a------ 2003-01-21 15:19 40960 c:\windows\VM_STI.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    --a------ 2005-10-05 18:06 48752 c:\program files\Common Files\Symantec Shared\CCAPP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
    --------- 2004-12-02 18:23 102400 c:\program files\Creative\MediaSource\Detector\CTDetect.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2004-08-10 03:00 15360 c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    --a------ 2005-12-10 07:57 133016 c:\program files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
    --a------ 2005-03-04 09:26 606208 c:\program files\Dell\QuickSet\quickset.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    --------- 2005-02-23 14:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
    --a------ 2004-10-30 12:59 385024 c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    --a------ 2004-07-27 14:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-01-15 03:22 267048 c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    --a------ 2004-09-14 06:50 53248 c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-01-10 15:27 385024 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
    --a------ 2005-10-27 11:40 100056 c:\progra~1\SYMNET~1\SNDMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2005-11-24 01:52 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    --a------ 2006-11-03 18:20 866584 c:\program files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
    --------- 2007-10-26 09:06 292152 c:\program files\BillP Studios\WinPatrol\WinPatrol.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe "=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe "=
    "c:\\Program Files\\LimeWire\\LimeWire.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3776:UDP "= 3776:UDP:Media Center Extender Service
    "3390:TCP "= 3390:TCP:Remote Media Center Experience

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-10 28544]
    R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [2006-05-08 1694592]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    QWAVE REG_MULTI_SZ QWAVE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86af7743-1da6-11db-9998-00123fe80e91}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL c:\dustin\PSP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-01-19 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

    2008-12-20 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Arturo.job
    - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-05-05 22:15]

    2009-01-19 c:\windows\Tasks\Symantec NetDetect.job
    - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 10:24]
    .
    - - - - ORPHANS REMOVED - - - -

    SharedTaskScheduler-{D5BF49A2-94F1-42BD-F434-3604812C807D} - (no file)
    ShellExecuteHooks-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
    Notify-fccApQjI - fccApQjI.dll
    MSConfigStartUp-Transcode360 - c:\program files\Transcode360\Transcode360Tray.exe


    .
    ------- Supplementary Scan -------
    .
    TCP: {40F231C9-58B6-4FD8-AC30-616AAEF090E7} = 208.67.222.222,208.67.220.220
    DPF: {69DFF81F-2214-11D6-9BE1-0050DAC94467} - hxxp://www.mysodexhoapps.com/CypherCheck.CAB
    DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - hxxp://static.zangocash.com/cab/Zango/ie/bridge-c297.cab?2510c618bd5cacc0d79521befb07b5dfe1dd9584655fd95ce28af606df1309ae730df5d839a73fe26b29c9e2c8bc4918d975918c05bd71295494478aab1d5a203e70228d5649:5ca277272515bb269b863866ff9584c8
    FF - ProfilePath - c:\documents and settings\Arturo\Application Data\Mozilla\Firefox\Profiles\z5g28leb.default\
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-19 13:06:23
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
    "ImagePath "= "C:/mysql/bin/mysqld-nt.exe "

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
    "ImagePath "= "C:/mysql/bin/mysqld-nt.exe "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1116)
    c:\windows\system32\Ati2evxx.dll
    c:\program files\Intel\Wireless\Bin\LgNotify.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
    c:\program files\Common Files\Symantec Shared\CCPROXY.EXE
    c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
    c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\windows\system32\CTSVCCDA.EXE
    c:\windows\ehome\ehrecvr.exe
    c:\windows\ehome\ehSched.exe
    c:\program files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
    c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\windows\ehome\RMSvc.exe
    c:\program files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe
    c:\windows\ehome\McrdSvc.exe
    c:\program files\Common Files\Symantec Shared\Security Center\symwsc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2009-01-19 13:14:36 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-01-19 20:14:20

    Pre-Run: 8,844,800,000 bytes free
    Post-Run: 8,783,986,688 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Windows XP Media Center Edition" /noexecute=optin /fastdetect
     
  7. 2009/01/19
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK looks good.

    Now do this.

    Download ATF Cleaner by Atribune and save it to your Desktop.
    This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
    Double click ATF-Cleaner.exe to run the program.
    Check the boxes to the left of:

    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache
    Recycle bin


    The rest are optional - if you want it to remove everything check "Select All ".
    Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.


    Now a on line scan.

    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

    I see you have P2P software ( Limewire, BitTorrent uTorrent etc… ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here, and here.

    I would strongly recommend that you uninstall them,

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

    Please post the Panda results.

    Thanks
    Geri
     
    Geri,
    #6
  8. 2009/01/20
    LoboTheWolf

    LoboTheWolf Inactive Thread Starter

    Joined:
    2009/01/12
    Messages:
    4
    Likes Received:
    0
    Panda results

    I am removing the p2p software, kids...I also ran trend micro housecall and it took off some malware. Here are the panda results:

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2009-01-20 15:58:57
    PROTECTIONS: 2
    MALWARE: 14
    SUSPECTS: 0
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    Norton Antivirus 2005 11.5.6 No No
    Windows Defender 1.1.4205.0 No No
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Arturo\Cookies\arturo@doubleclick[2].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Arturo\Cookies\arturo@atdmt[2].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Arturo\Cookies\arturo@ad.yieldmanager[1].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Arturo\Cookies\arturo@advertising[2].txt
    00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Arturo\Cookies\arturo@adrevolver[1].txt
    00449733 Bck/Tdss.C Virus/Trojan No 0 Yes Yes C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP592\A0044670.dll
    00492014 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP592\A0044692.dll
    00497685 Trj/Agent.LFV Virus/Trojan No 0 Yes Yes C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP590\A0041703.exe
    00497685 Trj/Agent.LFV Virus/Trojan No 0 Yes Yes C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP592\A0044690.exe
    01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP592\A0044710.EXE
    02885963 Rootkit/Booto.C Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP592\A0044698.sys
    02885963 Rootkit/Booto.C Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP592\A0044675.sys
    03939308 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP592\A0044671.dll
    03939310 Adware/UltimateDefender Adware No 0 Yes No C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP592\A0044672.dll
    04555947 Generic Trojan Virus/Trojan No 0 Yes Yes C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP592\A0044673.dll
    04560118 Trj/Downloader.MDW Virus/Trojan No 1 Yes Yes C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP592\A0044689.exe
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location ݁
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description ݁
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
     
  9. 2009/01/20
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK looks good.

    Please do this.

    Click Start > Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created. This action will also reset the System Restore points, removing any infected files there as well.
    Please check and verify that C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file. If they weren't please delete them manually.

    Let me know how things are running.

    Geri
     
    Geri,
    #8

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.