Solved trojan dropper gen infection

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, April 9, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, April 08, 2010 17:27:19
Records in database: 3923499
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 119666
Threats found: 2
Infected objects found: 1
Suspicious objects found: 1
Scan duration: 05:49:33


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_qowdk_.sys.zip Infected: Rootkit.Win32.Agent.bert 1
C:\_OTL\MovedFiles\04052010_092218\C_Documents and Settings\Deb\Local Settings\Application Data\Identities\{6014D3D0-EF9B-4CC9-831A-CD589A809834}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1

Selected area has been scanned.

 

Both of those found are quarantined and will be removed when we get rid of OTL.
If the computer seems fine, let me know and we will go through the next procedure.

 

Things seem good with the comp right now - rescanned with mbam and all clear at last :O) - could you also advise should i wait until we have removed otl before turning restore points back on?

 

Will sort the restore points now .

Run OTL

• Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
  
  
  Code:

  
  :Commands
  [emptytemp]
  [CLEARALLRESTOREPOINTS]
  [Reboot]

• Then click the [color= "#FF0000"]Run Fix[/color] button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• Post log from this run.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

 

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.DEBBIE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.DEBBIE.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Deb
->Temp folder emptied: 145760917 bytes
->Temporary Internet Files folder emptied: 250414352 bytes
->Java cache emptied: 128094 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 4908 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 587 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 104 bytes

Total Files Cleaned = 378.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.1.0 log created on 04092010_115423

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Deb\Local Settings\Temp\hsperfdata_Deb\196 not found!
File\Folder C:\Documents and Settings\Deb\Local Settings\Temp\hsperfdata_Deb\2904 not found!
File\Folder C:\Documents and Settings\Deb\Local Settings\Temp\fla12C.tmp not found!
File\Folder C:\Documents and Settings\Deb\Local Settings\Temp\fla12F.tmp not found!
File\Folder C:\Documents and Settings\Deb\Local Settings\Temp\fla130.tmp not found!
File\Folder C:\Documents and Settings\Deb\Local Settings\Temp\fla132.tmp not found!
C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\Content.IE5\SC03NKMO\sh15[1].html moved successfully.
C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\Content.IE5\PNLRVU3E\the-body-shop[1].htm moved successfully.
C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\Content.IE5\HJZKJMP1\eBayISAPI[1].htm moved successfully.
C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\Content.IE5\HJZKJMP1\new[2].htm moved successfully.
C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\Content.IE5\3LQA9TVT\92260-active-trojan-dropper-gen-infection-5[1].html moved successfully.
C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\Content.IE5\3LQA9TVT\cSell_Mar05;seg=GL_ActSucBid30D_Mar05;seg=GL_Sellers_Listed_within12mont;sz=728x90;ord=1270804228104;dcopt=ist;tile=1;um=6;us=12;eb_trk=145806;pr=22;xp=29;np=22[1].htm moved successfully.
C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\Content.IE5\3DLG15QB\728x90%3Bord%3D1270804228104%3Bdcopt%3Dist%3Btile%3D1%3Bum%3D6%3Bus%3D12%3Beb_trk%3D145806%3Bpr%3D22%3Bxp%3D29%3Bnp%3D22,;mtfIFrameRequest=false;ord=1270804235[1].htm moved successfully.
C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\Content.IE5\3DLG15QB\iframe3[1].htm moved successfully.
C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\Content.IE5\3DLG15QB\myebaysummary;sz=160x600;ord=1270804228104;tile=2;um=6;us=12;eb_trk=138772;pr=22;xp=29;np=22[1].htm moved successfully.
C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

 

Last thing to do as follows;

Launch OTL and click on the Cleanup button. Follow the prompts.

This should cleanup OTL and the folders it created, along with Combofix etc.

Hopefully that should sort you out. If this returns, try and remember exactly what you were doing and where you doing it .

 

Thanks so much Crunchie its been a steep learning curve - your a star! :O)

 

No worries . Stay clean.

 

I hope so - makes me feel like the great unwashed!! I actually think this was from facebook on one of the apps!!

 

That would not surprise me.