1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Trouble removing Trojan.Downloader.Ruins

Discussion in 'Malware and Virus Removal Archive' started by chiefyj, 2007/09/19.

Page 2 of 2
  1. 2007/10/03
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    I'll pass along the fixwareout results and let you know what I find out.

    Sounds encouraging that you got a clean scan though. Lets do an online malware scan just to be sure there's not something else lurking around.

    Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner

    You will be promted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.

    Post the Kaspersky log
     
    noahdfear,
    #21
  2. 2007/10/08
    chiefyj

    chiefyj Inactive Thread Starter

    Joined:
    2007/09/06
    Messages:
    15
    Likes Received:
    0
    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Monday, October 08, 2007 1:34:03 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.93.1
    Kaspersky Anti-Virus database last update: 8/10/2007
    Kaspersky Anti-Virus database records: 429248
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 64626
    Number of viruses found: 3
    Number of infected objects: 8
    Number of suspicious objects: 0
    Duration of the scan process: 01:45:05

    Infected Object Name / Virus Name / Last Action
    C:\Deckard\System Scanner\20070923205857\backup\WINDOWS\temp\4678.tmp Infected: Trojan-Proxy.Win32.Agent.ls skipped
    C:\Deckard\System Scanner\20070923205857\backup\WINDOWS\temp\8780.tmp Infected: Trojan-Proxy.Win32.Agent.ls skipped
    C:\Deckard\System Scanner\20070923205857\backup\WINDOWS\temp\ABFD.tmp Infected: Trojan-Proxy.Win32.Agent.ls skipped
    C:\Deckard\System Scanner\20070923205857\backup\WINDOWS\temp\B371.tmp Infected: Trojan-Proxy.Win32.Agent.ls skipped
    C:\Documents and Settings\All Users\Application Data\KeyAccess Audit Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-01292007-201819.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-10-08_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\AFD2B35C.TMP Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\D46275BF.TMP Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
    C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\2v7hmn5h.default\cert8.db Object is locked skipped
    C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\2v7hmn5h.default\formhistory.dat Object is locked skipped
    C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\2v7hmn5h.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
    C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\2v7hmn5h.default\history.dat Object is locked skipped
    C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\2v7hmn5h.default\key3.db Object is locked skipped
    C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\2v7hmn5h.default\parent.lock Object is locked skipped
    C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\2v7hmn5h.default\search.sqlite Object is locked skipped
    C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\2v7hmn5h.default\urlclassifier2.sqlite Object is locked skipped
    C:\Documents and Settings\Jeff\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{683487E8-BF50-46BE-9E88-1A63620EA8F3} Object is locked skipped
    C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\2v7hmn5h.default\Cache\_CACHE_001_ Object is locked skipped
    C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\2v7hmn5h.default\Cache\_CACHE_002_ Object is locked skipped
    C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\2v7hmn5h.default\Cache\_CACHE_003_ Object is locked skipped
    C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\2v7hmn5h.default\Cache\_CACHE_MAP_ Object is locked skipped
    C:\Documents and Settings\Jeff\Local Settings\Application Data\portable.dir\shadow.cky Object is locked skipped
    C:\Documents and Settings\Jeff\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Jeff\Local Settings\History\History.IE5\MSHist012007100820071009\index.dat Object is locked skipped
    C:\Documents and Settings\Jeff\Local Settings\Temp\Acr7340.tmp Object is locked skipped
    C:\Documents and Settings\Jeff\Local Settings\Temp\Perflib_Perfdata_85c.dat Object is locked skipped
    C:\Documents and Settings\Jeff\Local Settings\Temp\~DF1F72.tmp Object is locked skipped
    C:\Documents and Settings\Jeff\Local Settings\Temp\~DF1F9E.tmp Object is locked skipped
    C:\Documents and Settings\Jeff\Local Settings\Temp\~DF4FCC.tmp Object is locked skipped
    C:\Documents and Settings\Jeff\Local Settings\Temp\~DFA46B.tmp Object is locked skipped
    C:\Documents and Settings\Jeff\Local Settings\Temp\~WRF0002.tmp Object is locked skipped
    C:\Documents and Settings\Jeff\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Jeff\My Documents\downloads\FAHlog.txt Object is locked skipped
    C:\Documents and Settings\Jeff\My Documents\downloads\ophcrack-win32-installer-2.3.3.exe/file36 Infected: not-a-virus:pSWTool.Win32.PWDump.2 skipped
    C:\Documents and Settings\Jeff\My Documents\downloads\ophcrack-win32-installer-2.3.3.exe/file64 Infected: not-a-virus:pSWTool.Win32.PWDump.d skipped
    C:\Documents and Settings\Jeff\My Documents\downloads\ophcrack-win32-installer-2.3.3.exe/file65 Infected: not-a-virus:pSWTool.Win32.PWDump.d skipped
    C:\Documents and Settings\Jeff\My Documents\downloads\ophcrack-win32-installer-2.3.3.exe Inno: infected - 3 skipped
    C:\Documents and Settings\Jeff\My Documents\downloads\work\logfile_09.txt Object is locked skipped
    C:\Documents and Settings\Jeff\My Documents\downloads\work\wudata_09.arc Object is locked skipped
    C:\Documents and Settings\Jeff\My Documents\downloads\work\wudata_09.bed Object is locked skipped
    C:\Documents and Settings\Jeff\My Documents\downloads\work\wudata_09.goe Object is locked skipped
    C:\Documents and Settings\Jeff\My Documents\downloads\work\wudata_09.log Object is locked skipped
    C:\Documents and Settings\Jeff\My Documents\downloads\work\wudata_09.sas Object is locked skipped
    C:\Documents and Settings\Jeff\My Documents\downloads\work\wudata_09.xtc Object is locked skipped
    C:\Documents and Settings\Jeff\My Documents\My Documents\Writing Work\Sages Research Paper.doc Object is locked skipped
    C:\Documents and Settings\Jeff\My Documents\My Documents\Writing Work\~WRL1999.tmp Object is locked skipped
    C:\Documents and Settings\Jeff\My Documents\My Documents\Writing Work\~WRL2468.tmp Object is locked skipped
    C:\Documents and Settings\Jeff\My Documents\My Documents\Writing Work\~WRL3395.tmp Object is locked skipped
    C:\Documents and Settings\Jeff\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Jeff\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\caaaaaaa.cdx Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\caaaaaaa.dbf Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\caaaaaaa.fpt Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\cbaaaaaa.cdx Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\cbaaaaaa.dbf Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\cbaaaaaa.fpt Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\ccaaaaaa.cdx Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\ccaaaaaa.dbf Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\ccaaaaaa.fpt Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\cdaaaaaa.cdx Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\cdaaaaaa.dbf Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\cdaaaaaa.fpt Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\paaaaaaa.cdx Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\paaaaaaa.dbf Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\paaaaaaa.fpt Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\pbaaaaaa.cdx Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\pbaaaaaa.dbf Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\pbaaaaaa.fpt Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\pcaaaaaa.cdx Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\pcaaaaaa.dbf Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\pcaaaaaa.fpt Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\pdaaaaaa.cdx Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\pdaaaaaa.dbf Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\pdaaaaaa.fpt Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\raaaaaaa.cdx Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\raaaaaaa.dbf Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\raaaaaaa.fpt Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\rbaaaaaa.cdx Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\rbaaaaaa.dbf Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\rbaaaaaa.fpt Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\rcaaaaaa.cdx Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\rcaaaaaa.dbf Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\rcaaaaaa.fpt Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\rdaaaaaa.cdx Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\rdaaaaaa.dbf Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\rdaaaaaa.fpt Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\rsadb.cdx Object is locked skipped
    C:\Program Files\Cisco Systems\VPN Client\Certificates\rsadb.dbf Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{A475BF7B-00AF-4E61-A1CD-EF1F03198D79}\RP300\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{E6E1C07B-29BE-47E9-84CB-F62E90D34251}.bin Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.
     
    chiefyj,
    #22


  3. to hide this advert.

  4. 2007/10/08
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    That scan looks good too. I'd say you're infection free. Delete the following tools we used and the folders they created.

    Fixwareout.exe
    SafeBootKeyRepair.exe
    test.bat
    C:\fixwareout

    Are you still having shutdown problems?
     
    noahdfear,
    #23
  5. 2007/10/09
    chiefyj

    chiefyj Inactive Thread Starter

    Joined:
    2007/09/06
    Messages:
    15
    Likes Received:
    0
    Alright awesome. As for shutting down, i shut down all of yesterday with no problem, so i think i'm all good now. Thanks for all your help! I really do appreciate it.
     
    chiefyj,
    #24
  6. 2007/10/10
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    That's good to hear!

    Delete dss.exe and C:\Deckard then empty the recycle bin.

    Geri has posted some very helpful information and recommendations regarding future protection in the following link.

    http://www.windowsbbs.com/showthread.php?t=67958

    Surf safe!
     
    noahdfear,
    #25
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...