Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Thursday 6.3.2025 / 13:18
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hit again ! can't stop it ! (logs)
Show topics
 
Forums
Forums
hit again ! can't stop it ! (logs)
  Jump to:
 
Posted Message
narcismo
Member
_ 		21. August 2006 @ 21:03 _ Link to this message    Send private message to this user   
i have every anti-virus, anti mal-stuff, program known to man, but it keeps coming!

BitDefender Online Scanner



Scan report generated at: Tue, Aug 22, 2006 - 00:33:53





Scan path: A:\;C:\;D:\;E:\;F:\;







Statistics

Time
00:29:11

Files
172305

Folders
3696

Boot Sectors
4

Archives
1042

Packed Files
6534




Results

Identified Viruses
1

Infected Files
1

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
1




Engines Info

Virus Definitions
450144

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
39

Unpack plugins
5

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Delete

Second Action
None

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4XUJ8XMN\sp2-adtegrity-728[1].swf=>[SWF command]
Infected with: Trojan.SwfDL.A

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4XUJ8XMN\sp2-adtegrity-728[1].swf=>[SWF command]
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4XUJ8XMN\sp2-adtegrity-728[1].swf
Update failed



Incident Status Location

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@club.cdfreaks[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ehg-dig.hitbox[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@go[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe any help is most appreciated.

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe

[img]
can u help out?

Niobis you out there?
[ + quote]

This message has been edited since posting. Last time this message was edited on 21. August 2006 @ 21:10
Advertisement
_ 		__
Niobis
Senior Member
_ 		22. August 2006 @ 00:53 _ Link to this message    Send private message to this user   
I'm here mate. :D

Go here http://forum.misec.net/board/TrojanHunter;action=display;num=1143... and click the "Download" link to get the trail version of Trojan Hunter.

Run and you should be cleaned of the Trojan.

Post new log if you have any troubles.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
narcismo
Member
_ 		22. August 2006 @ 20:37 _ Link to this message    Send private message to this user   
hello, whats up Niobis ? wish i was here just to say hi. but .....aparently i still have issues! trogan scan came up empty....no log to post yet, but i'll post one soon enough. i'm sure
it's no big deal, and i'll figure it out in time(w?ur help)lol
but, hey!!!!! thanks 4 ur help in the past,(and idvance 4 the future)
ur def a cyber friend!!!:-)


[ + quote]

This message has been edited since posting. Last time this message was edited on 22. August 2006 @ 20:42
Niobis
Senior Member
_ 		22. August 2006 @ 20:46 _ Link to this message    Send private message to this user   
:( That's not good.

Glad to be of help. Let's see those logs. :D
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
narcismo
Member
_ 		23. August 2006 @ 17:17 _ Link to this message    Send private message to this user   
whats up! ok here a few logs.....bitsdefender to start with. i'll post a trojan hunter & a HijackThis log after that. or r there any others you would rather i post? bitdefender does'nt seem to trust smithfraud, does it. see what u think.

[ + quote]
narcismo
Member
_ 		23. August 2006 @ 17:23 _ Link to this message    Send private message to this user   
BitDefender Online Scanner



Scan report generated at: Wed, Aug 23, 2006 - 21:00:01





Scan path: A:\;C:\;D:\;E:\;F:\;







Statistics

Time
00:29:56

Files
172455

Folders
3709

Boot Sectors
4

Archives
1043

Packed Files
6714




Results

Identified Viruses
1

Infected Files
1

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
1




Engines Info

Virus Definitions
450477

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
39

Unpack plugins
5

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Delete

Second Action
None

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4XUJ8XMN\sp2-adtegrity-728[1].swf=>[SWF command]
Infected with: Trojan.SwfDL.A

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4XUJ8XMN\sp2-adtegrity-728[1].swf=>[SWF command]
Deleted

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4XUJ8XMN\sp2-adtegrity-728[1].swf
Update failed
[ + quote]
narcismo
Member
_ 		23. August 2006 @ 17:31 _ Link to this message    Send private message to this user   
heres trojan hunter log(maybe i should have run in safe mode)




Registry scan
No suspicious entries found
Inifile scan
No suspicious entries found
Port scan
No suspicious open ports found
Memory scan
No trojans found in memory
File scan
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Bearshare.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Bearshare1.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration1.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration10.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration11.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration12.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration13.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration14.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration15.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration16.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration17.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration2.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration3.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration4.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration5.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration6.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration7.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration8.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration9.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RealDownloadExpress.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RealDownloadExpress1.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RealDownloadExpress2.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RealDownloadExpress3.zip
C:\pagefile.sys Not scanned (in use by another application)
While scanning C:\WINDOWS\bdoscandellang.ini: File C:\WINDOWS\BQSHYJ2R.ocx not found
While scanning C:\WINDOWS\explorer.exe: File C:\WINDOWS\F9B5D4PH.ocx not found
While scanning C:\WINDOWS\notepad.exe: File C:\WINDOWS\NWQNADHB.ocx not found
While scanning C:\WINDOWS\notepad.exe: File C:\WINDOWS\O83PPKBG.ocx not found
While scanning C:\WINDOWS\system32\1033\dwintl.dll: File C:\WINDOWS\system32\2KG2D6GN.ocx not found
C:\WINDOWS\system32\drivers\sptd.sys Not scanned (in use by another application)
C:\WINDOWS\system32\drivers\sptd2237.sys Not scanned (in use by another application)
While scanning C:\WINDOWS\system32\dxtrans.dll: File C:\WINDOWS\system32\E2DGHAFK.ocx not found
While scanning C:\WINDOWS\system32\getuname.dll: File C:\WINDOWS\system32\GHP6JVUB.ocx not found
While scanning C:\WINDOWS\system32\keymgr.dll: File C:\WINDOWS\system32\KJIXEDQK.ocx not found
While scanning C:\WINDOWS\system32\rwinsta.exe: File C:\WINDOWS\system32\S239DIEF.ocx not found
While scanning C:\WINDOWS\vmmreg32.dll: File C:\WINDOWS\VO63QJ2E.ocx not found
No trojan files found
11943 files scanned in 1019 seconds
[ + quote]
narcismo
Member
_ 		23. August 2006 @ 17:35 _ Link to this message    Send private message to this user   
heres HijackThis log.


Logfile of HijackThis v1.99.1
Scan saved at 9:26:25 PM, on 8/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\program files\counterspy\sunThreatEngine.exe
C:\WINDOWS\System32\svchost.exe
E:\program files\counterspy\SunProtectionServer.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\program files\PowerDVD\PDVDServ.exe
E:\program files\counterspy\sunserver.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
E:\program files\Multimedia Launcher\PowerBar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\HJT\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\program files\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [RemoteControl] "E:\program files\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunServer] E:\program files\counterspy\sunserver.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [PowerBar] "E:\program files\Multimedia Launcher\PowerBar.exe" /AtBootTime
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/29e58afed3c0286f6704/netzip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe




trojan hunter does'nt seem to see anything huh?
[ + quote]
Niobis
Senior Member
_ 		23. August 2006 @ 18:34 _ Link to this message    Send private message to this user   
If your still having problems run Spy Hunter in safe mode.

Go here http://www.ccleaner.com and get Ccleaner. Install and run both "Cleaner" and "Issues" Fix.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
Advertisement
_ 		__
 
_
narcismo
Member
_ 		23. August 2006 @ 21:51 _ Link to this message    Send private message to this user   
ran both, came up empty, sooo...i ran the file path infected w/the trojan thru KILL BOX & it did'nt exist. guess i'm ok.





logs are cool! heh,heh,heh!!!
thanks again, have a good one mate!
this machine is clean!!!
[ + quote]

This message has been edited since posting. Last time this message was edited on 23. August 2006 @ 21:55
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hit again ! can't stop it ! (logs)
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork