1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive video shutting down

Discussion in 'Malware and Virus Removal Archive' started by keith 1000, 2009/01/22.

  1. 2009/01/22
    keith 1000

    keith 1000 Inactive Thread Starter

    Joined:
    2006/10/23
    Messages:
    72
    Likes Received:
    0
    [Inactive] video shutting down

    hi guys,
    this is in responce to my other thread in the xp section (same title)
    i have been asked to post my (daughters) superantispyware and malware scan here, well here they are, there were multiple things found and i selected to delete all in both scans. what surprises me is the number of things the malware scan found after the SAS scan
    thanks


    (i set this to scan when i left for work this morning)
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 01/22/2009 at 09:06 AM

    Application Version : 4.25.1012

    Core Rules Database Version : 3721
    Trace Rules Database Version: 1695

    Scan type : Complete Scan
    Total Scan Time : 00:25:47

    Memory items scanned : 431
    Memory threats detected : 0
    Registry items scanned : 5444
    Registry threats detected : 0
    File items scanned : 24104
    File threats detected : 26

    Adware.Tracking Cookie
    C:\Documents and Settings\Sheala\Cookies\sheala@www.burstnet[1].txt
    C:\Documents and Settings\Sheala\Cookies\sheala@kontera[1].txt
    C:\Documents and Settings\Sheala\Cookies\sheala@media6degrees[2].txt
    C:\Documents and Settings\Sheala\Cookies\sheala@mediaplex[2].txt
    C:\Documents and Settings\Sheala\Cookies\sheala@tribalfusion[1].txt
    C:\Documents and Settings\Sheala\Cookies\sheala@atdmt[2].txt
    C:\Documents and Settings\Sheala\Cookies\sheala@casalemedia[2].txt
    C:\Documents and Settings\Sheala\Cookies\sheala@advertising[1].txt
    C:\Documents and Settings\Sheala\Cookies\sheala@doubleclick[1].txt
    C:\Documents and Settings\Sheala\Cookies\sheala@content.yieldmanager[1].txt
    C:\Documents and Settings\Sheala\Cookies\sheala@ehg-zoomerang.hitbox[1].txt
    C:\Documents and Settings\Sheala\Cookies\sheala@hitbox[2].txt
    C:\Documents and Settings\Sheala\Cookies\sheala@content.yieldmanager.edgesuite[1].txt
    C:\Documents and Settings\Sheala\Cookies\sheala@ad.yieldmanager[2].txt
    C:\Documents and Settings\Sheala\Cookies\sheala@chitika[2].txt
    C:\Documents and Settings\Sheala\Cookies\sheala@azjmp[1].txt
    C:\Documents and Settings\Sheala\Cookies\sheala@ehg-cineplex.hitbox[1].txt
    C:\Documents and Settings\Sheala\Cookies\sheala@zedo[1].txt
    C:\Documents and Settings\Sheala\Cookies\sheala@socialmedia[1].txt
    C:\Documents and Settings\Sheala\Cookies\sheala@content.yieldmanager[3].txt
    C:\Documents and Settings\Sheala\Cookies\sheala@revsci[1].txt
    C:\Documents and Settings\Sheala\Cookies\sheala@ad3.clickhype[2].txt
    C:\Documents and Settings\Sheala\Cookies\sheala@statse.webtrendslive[2].txt

    Adware.180solutions/Seekmo/Zango
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{4AABE7AE-B45A-4702-8B89-C409AF97E36A}\RP295\A0068699.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{4AABE7AE-B45A-4702-8B89-C409AF97E36A}\RP295\A0068700.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{4AABE7AE-B45A-4702-8B89-C409AF97E36A}\RP295\A0068705.EXE


    Malwarebytes' Anti-Malware 1.33
    Database version: 1682
    Windows 5.1.2600 Service Pack 3

    22/01/2009 7:25:59 PM
    mbam-log-2009-01-22 (19-25-59).txt

    Scan type: Full Scan (C:\|E:\|)
    Objects scanned: 129946
    Time elapsed: 40 minute(s), 34 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 6
    Registry Values Infected: 2
    Registry Data Items Infected: 1
    Folders Infected: 4
    Files Infected: 12

    Memory Processes Infected:
    C:\WINDOWS\system\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.3.75.0 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows service control (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www.iesearch.com/) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sheala\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

    Files Infected:
    C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sheala\Local Settings\Temp\tem7C6.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Adware.PlayMp3z) -> Quarantined and deleted successfully.
    C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PlayMp3z) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sheala\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    C:\WINDOWS\system\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


    :eek:
     
  2. 2009/01/25
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Hi Keith,

    Lets get an online scan too. Please do an online scan with Kaspersky Online Scanner

    Click Accept, when prompted to download and install the program files and database of malware definitions.
    • Click Run at the Security prompt.
    • The program will then begin downloading and installing and will also update the database.
    • Please be patient as this can take several minutes.
    • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Click View scan report at the bottom.
    • Click the Save Report As... button.
    • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
    **Note**

    To optimize scanning time and produce a more sensible report for review:
    • Close any open programs.
    • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.


    Post the Kaspersky log here.
     

  3. to hide this advert.

  4. 2009/01/25
    keith 1000

    keith 1000 Inactive Thread Starter

    Joined:
    2006/10/23
    Messages:
    72
    Likes Received:
    0
    thank you for replying. its a little to late to do a scan now my daughter is sleeping and its in her room, i am leaving on the road for work (Monday) morning and wont be back till Thursday or Friday so i will get this done and post back next weekend, figured I'd let you know instead of ignoring this message till next week,
    thanks again and talk to ya next week
    Keith
     
  5. 2009/01/25
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Thanks for letting me know. Travel safely. :)
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.