|
Malware & Critical System Alert - Niobis, I Require Help Please
|
|
Member
|
1. December 2006 @ 17:55 |
Link to this message
|
|
Am getting pop-ups showing "Critical System Alert", "Malware Alert." etc and also Indecent Pop-ups showing up intermittently when on the net. Can someone help me please. I cannot let my kids use the system for the time being.
Is there a way out of this?
|
|
Advertisement
|
 |
|
|
Senior Member
|
1. December 2006 @ 18:13 |
Link to this message
|
Please do not double post. You were receiving help here. Since you can't wait, ;) do the following:
Read and follow instructions here.
Then, please turn off TeaTimer because it may interfere with these fixes.
* Right-click Spybot in the System Tray.
* Choose Exit Spybot S&D Resident.
* Open Spybot S&D.
* Click Mode, check Advanced Mode.
* Go to left panel, click Tools then, click Resident.
* If your firewall raises a question, say OK.
* Uncheck the box labeled Resident Tea-Timer and OK any prompts.
* Use File > Exit to terminate Spybot
* Restart your computer for the changes to take effect.
Run a scan only with HijackThis and check these(if there):
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06647158-359E-4D10-A8DE-E6145DA90BE9} - (no file)
O2 - BHO: (no name) - {3FDE0CB5-619F-4227-8961-F2D7ED15B88E} - (no file)
O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - C:\Program Files\Brain Codec\isaddon.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O15 - Trusted Zone: http://linktrader.cyberspacehq.com
O15 - Trusted Zone: http://*.symantec.com
Close all windows except HijackThis, then click "Fix checked".
Re-enable Tea Timer.
Java is out of date.
Go here and download Java Runtime Environment 5.0 Update 10.
Uninstall all previous version and updates of JRE via Add/Remove Programs.
Restart and install Update 10.
Any more problems?
|
Member
|
1. December 2006 @ 18:28 |
Link to this message
|
|
So sorry for the double post. What is Tea Timer & how do I turn it off?
|
Senior Member
|
1. December 2006 @ 18:32 |
Link to this message
|
TeaTimer is a resident shield for IE that came with Spybot Search and Destroy. Turn it off by following the instructions I posted.
Edit: by the way, I was just joking when I said "Since you can't wait". Sorry if that sounded smart... :)
This message has been edited since posting. Last time this message was edited on 1. December 2006 @ 18:43
|
Member
|
1. December 2006 @ 18:51 |
Link to this message
|
|
Its ok, I understand. I do appreciate all you are doing for us with little knowledge in these matters. I have downloded all the s/w & now I need to follow your instructioncs to clean out my system. I truly hope this works.
Thanks
|
Member
|
2. December 2006 @ 05:51 |
Link to this message
|
During my online scan using Activescan, there was stuff found. What happens in that instance. By the way I continued despite that and completed the rest of the instrustions. I am now in the processing of downloading JAVA for the windows platform.
Any other advice to get rid of the stuff from the Activescan?
Please recommend me the most effecient firewall, antivirus and spam s/w please?
God Bless you and thank you.
|
Senior Member
|
2. December 2006 @ 14:21 |
Link to this message
|
Post the ActiveScan log here along with a new HijackThis log and I will help you remove what was found.
I will recommend some firewalls and some AVs when you're clean. :)
|
Member
|
2. December 2006 @ 15:05 |
Link to this message
|
Where will I find the ActiveScan log? Here is the HijackThis log. I did run AVG Scan after and found & deleted some more. Reran AVG a second time and it was clean. But how can I be sure?
Logfile of HijackThis v1.99.1
Scan saved at 8:04:37 PM, on 12/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\fswsclds.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\BackWeb-4476822.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Special Utilities\HijackThis\HijackThis_v1.99.1.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:9095
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {06647158-359E-4D10-A8DE-E6145DA90BE9} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} - C:\PROGRA~1\Cosmi\SPYWAR~1\pop\ABG_PL~1.DLL
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB002" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /M "Stylus Photo R220" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Share...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Share...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1131015494414
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Internet Security 2004 (BackWeb Client - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\fswsclds.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
|
Senior Member
|
2. December 2006 @ 15:12 |
Link to this message
|
Disable TeaTimer, instructions above ^^. If you don't disable TeaTimer, it will not allow HijackThis to fix entires.
Then, run a scan only with HijackThis and check these:
O2 - BHO: (no name) - {06647158-359E-4D10-A8DE-E6145DA90BE9} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} -
Close all windows except HijackThis before clicking "Fix checked".
Then, you'll need to run ActiveScan again since you didn't save the log.
Go here to run ActiveScan.
Click "Panda ActiveScan.
Fill in the form with your information.
After downloading, click My Computer to scan.
When it finishes, click "See Report".
Click "Save report" and save it to the desktop.
Post back with the ActiveScan log and a new HijackThis log.
|
Member
|
2. December 2006 @ 20:53 |
Link to this message
|
Here goes, I hope you can help me clear my system please.
HijacThis log report:
Logfile of HijackThis v1.99.1
Scan saved at 1:51:37 AM, on 12/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\fswsclds.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\BackWeb-4476822.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Special Utilities\HijackThis\HijackThis_v1.99.1.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:9095
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} - C:\PROGRA~1\Cosmi\SPYWAR~1\pop\ABG_PL~1.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB002" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /M "Stylus Photo R220" /EF "HKCU"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Share...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Share...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1131015494414
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Internet Security 2004 (BackWeb Client - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\fswsclds.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
ActiveScan Report:
Incident Status Location
Adware:adware/webattaker Not disinfected c:\windows\uniq
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Jessa\Application Data\Mozilla\Firefox\Profiles\dvcnrmjk.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jessa\Application Data\Mozilla\Firefox\Profiles\dvcnrmjk.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Virusbursters Not disinfected C:\Documents and Settings\Jessa\Application Data\Mozilla\Firefox\Profiles\dvcnrmjk.default\cookies.txt[www.virusbursters.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jessa\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jessa\Local Settings\Application Data\Mozilla\Firefox\Profiles\dvcnrmjk.default\Cache\633285D9d01[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jessa\My Documents\Downloaded Files\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Possible Virus. Not disinfected C:\Documents and Settings\Jessa\My Documents\Downloaded Files\ssmda4aj.exe[run.exe][²ÜÇ\isecur.dll]
Possible Virus. Not disinfected C:\Documents and Settings\Jessa\My Documents\Downloaded Files\ssvg7b06.exe[run.exe][²ÜÇ\isecur.dll]
Spyware:Cookie/Qsrch Not disinfected C:\RECYCLER\NPROTECT\00000072.MOZ[.qsrch.com/]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00000474.MOZ[.maxserving.com/]
Spyware:Cookie/Peel Not disinfected C:\RECYCLER\NPROTECT\00000474.MOZ[.peel.com/]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00000474.MOZ[.toplist.cz/]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00000477.MOZ[.maxserving.com/]
Spyware:Cookie/Peel Not disinfected C:\RECYCLER\NPROTECT\00000477.MOZ[.peel.com/]
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\00000477.MOZ[.toplist.cz/]
Spyware:Cookie/Belnk Not disinfected C:\RECYCLER\NPROTECT\00000478.MOZ[.belnk.com/]
Spyware:Cookie/did-it Not disinfected C:\RECYCLER\NPROTECT\00000512.MOZ[.did-it.com/]
Spyware:Cookie/did-it Not disinfected C:\RECYCLER\NPROTECT\00000513.MOZ[.did-it.com/]
Spyware:Cookie/did-it Not disinfected C:\RECYCLER\NPROTECT\00000514.MOZ[.did-it.com/]
Spyware:Cookie/did-it Not disinfected C:\RECYCLER\NPROTECT\00000515.MOZ[.did-it.com/]
Spyware:Cookie/did-it Not disinfected C:\RECYCLER\NPROTECT\00000523.MOZ[.did-it.com/]
Spyware:Cookie/did-it Not disinfected C:\RECYCLER\NPROTECT\00000524.MOZ[.did-it.com/]
Spyware:Cookie/did-it Not disinfected C:\RECYCLER\NPROTECT\00000525.MOZ[.did-it.com/]
Spyware:Cookie/did-it Not disinfected C:\RECYCLER\NPROTECT\00000526.MOZ[.did-it.com/]
Spyware:Cookie/did-it Not disinfected C:\RECYCLER\NPROTECT\00000527.MOZ[.did-it.com/]
Spyware:Cookie/did-it Not disinfected C:\RECYCLER\NPROTECT\00000528.MOZ[.did-it.com/]
What next? Can you help??
Thanks
|
Senior Member
|
2. December 2006 @ 21:05 |
Link to this message
|
Go here and download CCleaner.
Note: If you do not want Yahoo! Toolbar uncheck the option when installing.
Open CCleaner.
Click Options > Advance > uncheck "Only delete files in Windows Temp folders older than 48 hours".
Close all windows.
Click Cleaner > Run Cleaner.
Exit CCleaner.
Delete these(if access is denied, delete them in safe mode):
C:\WINDOWS\uniq <--folder
C:\Documents and Settings\Jessa\My Documents\Downloaded Files\ssmda4aj.exe[run.exe][²ÜÇ\isecur.dll] <--file
C:\Documents and Settings\Jessa\My Documents\Downloaded Files\ssvg7b06.exe[run.exe][²ÜÇ\isecur.dll] <--file
Empty the Recycle Bin.
Turn off System Restore.
Right click My Computer > Properties > System Restore tab > check "Turn off System Restore".
Click Apply, then OK.
Restart and turn System Restore back on.
Should be fine after that. Any problems or symptoms?
Edit: recommended firewalls and anti-programs.
Firewalls:(choose only one)
Zone Alarm Free
Agnitum Outpost Firewall
Kerio Personal Firewall
Remember to turn off Windows firewall if it is running.
Anti-spyware: (you've already got Spybot so that's good, but you need one that has real-time protection)
AVG Anti-spyware 7.5
SpySweeper
Anti-virus:(choose only one)
AVG Free(or Pro)
NOD32
Kaspersky
Panda
"Anti-Adware":
Ad-Aware SE Personal 1.06.
Edit 2:
Other things to keep you safe.
McAfee Site Advisor <--must have!
Read rav009's Free Windows' Security Guide for more free security programs.
This message has been edited since posting. Last time this message was edited on 2. December 2006 @ 21:23
|
Member
|
2. December 2006 @ 21:24 |
Link to this message
|
|
Can't find c:\windows\uniq
Edit: Is it a file called uniq in the windows folder that I am suppose to delete?
Am going to try the others. Edit: Have done everything else. guess I should do the restore thing agin after deleting the uniq file?
This message has been edited since posting. Last time this message was edited on 2. December 2006 @ 21:40
|
Senior Member
|
2. December 2006 @ 21:36 |
Link to this message
|
|
Sorry, should have posted this...it's probably hidden.
Show hidden files and folders.
Start > Control Panel > Folder Options > View tab > check "Show hidden files and folders".
Click Apply, then OK.
Make sure you hide them again after removing the files and folders.
|
Member
|
2. December 2006 @ 21:47 |
Link to this message
|
|
Its the Uniq file in the windows folder that I am supposed to delete right? Its 0 bytes. (I cannot find a Uniq folder in the windows folder)
Then empty recyle bin.
Change uncheck Restore option
Reboot
Check restore option.
All should be ok
Correct???
This message has been edited since posting. Last time this message was edited on 2. December 2006 @ 21:54
|
Senior Member
|
2. December 2006 @ 21:55 |
Link to this message
|
|
Well, ActiveScan names it as a folder, but if it is a file, then yes delete the file.
Empty the Recycle Bin normally or you can also right-click and choose "Run Cleaner" which will overwrite all the files 7 times with CCleaner. :) I always 'shred' my files with CCleaner when emptying the Recycle Bin, it's just an extra security step-they can't be recovered, ever.
Yes to all the others...
This message has been edited since posting. Last time this message was edited on 2. December 2006 @ 21:56
|
Member
|
2. December 2006 @ 22:14 |
Link to this message
|
|
Sir Niobis:
My hats off to you, many thanks.
How to check for a clean bill of health? I hope I have done all the checking & unchecking on my system.
The symptoms and pop-ups that appeared since 2 days ago are no longer. I feel ok to let my young ones on the system again.
I owe a deep gratitude to you and of course afterdawn.com for helping me in this crisis. Your knowledge is awesome, wow how can I learn this stuff?
Out of curiosity, what happened here? can you give me a breif synopsis?
God Bless You. There is not enough I can say to thank you.
|
Senior Member
|
2. December 2006 @ 22:31 |
Link to this message
|
Quote:
How to check for a clean bill of health?
Not sure I understand what you're asking here.
Quote:
how can I learn this stuff?
A strong will to learn, a lot of free time and train at an online malware removing university.
Quote:
Out of curiosity, what happened here? can you give me a breif synopsis?
Well, to tell you the truth, a fake codec was your main problem. These fake codecs are known as the Myzor trojan or Zlob, it's part of the Smitfraud family. They come from porn sites-when you try to watch a clip, a message pops up saying you need this codec to watch the clip. When the fake codec is downloaded the files are added to the computer, therefore, prompting you the "critical system alerts". There are a lot of variants to Myzor. It seems like there is a new one made every 2-3 days. That is the reason I wrote the guide. :) We have a new case almost everyday here. Actually, Myzor is the number one most common infection going around right now.
You're very welcome. :)
Good luck!
|
Member
|
2. December 2006 @ 22:39 |
Link to this message
|
|
What I meant is How do I check to make sure we are clean?
Strangely enough I never visited any porn sites (I am not into that).
Which malware online univesity are you talking about? I do have the desire to learn, time is another issue.
On a serious note how can I get good at this?
By using the softwares you have recommended it reduces the risk.
You do this just to see the joy you bring us amateurs and of course its your battle against evil.
|
Senior Member
|
2. December 2006 @ 23:03 |
Link to this message
|
Quote:
What I meant is How do I check to make sure we are clean?
Well, you could run another online scan to get a second opinion. You could run a rootkit scan, but I don't think that's necessary. You could use WinPFind...it will show us a lot more than HijackThis, but you'll need someone to look over your log. And trust me, no one like to look over WinPFind logs, they're very long and take a long time to look over. :)
I think your best bet is to run another online scan. Run Kaspersky.
Go here to run Kaspersky Online Scanner.
After downloading, click "My Computer" to scan.
After scanning, click "Save report as".
Save as a text file on the desktop.
If you need me to look over it, just post it here and I will. :)
Quote:
Which malware online univesity are you talking about? I do have the desire to learn, time is another issue.
I'll PM you with a link. :)
Quote:
time is another issue.
You mean you want to learn quickly? If so, sorry to say, but that won't happen. Any universty keeps you in training a long time. Learning how to remove malware properly takes many months. I've been at this for almost a year now and I still learn something new almost everyday. :)
Quote:
On a serious note how can I get good at this?
Just takes time, just with like anything else. A HjT log to you probably looks like rubbish, well at first they did me too. But now, I can look over the average log in under 2 minutes and tell if there is malware or not. Just takes time and a lot, I mean a lot of researching. That's what you'll spend most of your time doing for the first 4-5 months. Searching here, searching there, searching everywhere for file after file, after file. :)
If you really want to learn the first thing you need to do is learn ab out HijackThis and how to read the log. I'll include a tutorial in the PM I send you.
Quote:
You do this just to see the joy you bring us amateurs and of course its your battle against evil.
Exactly!
Check your PM(top of page) for the links.
|
Member
|
2. December 2006 @ 23:14 |
Link to this message
|
With time I meant I have to make it. I have a fairly busy schedule. I realize good things take time to learn. You are only as good as the amount of time and effort you put into something.
Can I ask you about windows firewall issue I have or should I go to another forum? I have posted it in another forum. I cannot change the firewall settings on windows.
|
Senior Member
|
2. December 2006 @ 23:19 |
Link to this message
|
lol, I just seen your thread and I was loading the page to edit my post to answer your question, then I seen your post. :)
Don't worry about. Windows' firewall isn't running, well, it can't run, for some reason...not sure why. Just go ahead and install the firewall you chose. Shouldn't have any conflicts since it "can't" be run.
|
Member
|
3. December 2006 @ 02:36 |
Link to this message
|
|
Just got up so here is my report from Kaspersky.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, December 03, 2006 7:30:15 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 3/12/2006
Kaspersky Anti-Virus database records: 233742
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 126427
Number of viruses found: 1
Number of infected objects: 4 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:02:20
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Jessa\Application Data\Mozilla\Firefox\Profiles\dvcnrmjk.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jessa\Application Data\Mozilla\Firefox\Profiles\dvcnrmjk.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Jessa\Application Data\Mozilla\Firefox\Profiles\dvcnrmjk.default\history.dat Object is locked skipped
C:\Documents and Settings\Jessa\Application Data\Mozilla\Firefox\Profiles\dvcnrmjk.default\key3.db Object is locked skipped
C:\Documents and Settings\Jessa\Application Data\Mozilla\Firefox\Profiles\dvcnrmjk.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jessa\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jessa\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jessa\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jessa\Local Settings\Application Data\Mozilla\Firefox\Profiles\dvcnrmjk.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jessa\Local Settings\Application Data\Mozilla\Firefox\Profiles\dvcnrmjk.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jessa\Local Settings\Application Data\Mozilla\Firefox\Profiles\dvcnrmjk.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jessa\Local Settings\Application Data\Mozilla\Firefox\Profiles\dvcnrmjk.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jessa\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jessa\Local Settings\Temp\~DF77F4.tmp Object is locked skipped
C:\Documents and Settings\Jessa\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jessa\My Documents\Downloaded Files\d-f2ede1.exe/run.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.bbj skipped
C:\Documents and Settings\Jessa\My Documents\Downloaded Files\d-f2ede1.exe/run.exe/stream Infected: Trojan-Downloader.Win32.Zlob.bbj skipped
C:\Documents and Settings\Jessa\My Documents\Downloaded Files\d-f2ede1.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.bbj skipped
C:\Documents and Settings\Jessa\My Documents\Downloaded Files\d-f2ede1.exe ZIP: infected - 3 skipped
C:\Documents and Settings\Jessa\ntuser.dat Object is locked skipped
C:\Documents and Settings\Jessa\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\L0000181.FCS Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\F-Secure Internet Security\Common\admin.pub Object is locked skipped
C:\Program Files\F-Secure Internet Security\Common\policy.bpf Object is locked skipped
C:\Program Files\F-Secure Internet Security\Common\policy.ipf Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{771610D3-3BE3-4CD4-992B-8B334212095C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Doesn't look very harmful. Is it?
I am re-evaluating my time situation, I am seriously considering learning, and thanks for your offer of teaching. I will keep you posted.
What do you think of the report?
|
Senior Member
|
3. December 2006 @ 12:19 |
Link to this message
|
|
Delete this file:
C:\Documents and Settings\Jessa\My Documents\Downloaded Files\d-f2ede1.exe
Be fine after that. :)
|
Member
|
3. December 2006 @ 14:17 |
Link to this message
|
Thanks, I thought so, I deleted this file. Intersting thing happened to me. I downloaded AVG free Antivirus software, and after installation it said the program was installed but with 1 error (something to do with the device not being present). Then when I clicked the OK button (there was no other choice at that point), my system kept rebooting on its own.
I rebooted in Safe mode, removed AVG and all was fine (except that windows would give me the error that I have just recovered from a critical system failure- this error did not appear on a 2nd reboot).
Is this because I had another anti-virus pgm on the system (F-secure). Do I have totally remove the F-secure to install AVG, or do you think during the download something may have gotten corrupted?
I tried this twice with the same result.
|
|
Advertisement
|
|
|
Senior Member
|
3. December 2006 @ 14:26 |
Link to this message
|
Quote:
Is this because I had another anti-virus pgm on the system (F-secure).
YES! You can only have one AV with real-time protection running at any time. You could probably keep both, but turn off the real-time protection of one.
In this case, I don't think F-Secure and AVG can co-exist on a computer.
|
