Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

remnants of trojan downloader ruin???

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby beynac » December 22nd, 2006, 1:38 pm

there's only one recycle bin and it's not been emptyied

When you ran CCleaner, it should have emptied the recycle bin. Please empty it now: Right-click on the Recycle bin on your desktop and then select Empty Recycle Bin, then click Yes.

i uninstalled java-rebooted.it's installed but the download manager isnt doing owt @ all.

Sorry, I don't understand. My instructions were to download the new version, then uninstall the old one and install the new. If you've installed the new one, what do you expect your download manager to do? Could you please clarify.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England
Advertisement
Register to Remove

Unread postby echo06 » December 22nd, 2006, 1:52 pm

• Go to http://java.sun.com/javase/downloads/index.jsp
• Click on the link named Java Runtime Environment (JRE) 6
• Click on the radio button to Accept License Agreement
• Click on Windows Offline Installation, Multi-language and save the downloaded file to your hard disk
• Go to Start => Control Panel => Add or Remove Programs
• Uninstall all old versions of Java (Java 2 Runtime Environment, JRE or JSE)
• Reboot your computer
• Install the new version by running the newly-downloaded file, and follow the on-screen instructions.
• Reboot your computer

I did just that.the new file seems to be ok.i click yes to everything and the download manager comes up but it doesn’t do owt
echo06
Regular Member
 
Posts: 15
Joined: December 19th, 2006, 12:55 pm

Unread postby beynac » December 22nd, 2006, 2:05 pm

there are 30 items in 'c:\WINDOWS\DESKTOP\folders n stuff\DOWNLOADS' folder-all set up files for different programs-hence the setup.exe

It is the file setup.exe which is infected and needs to be deleted. There can only be one of those in a folder. There can be more than one file called setup but they would have to have different extensions. If you are not seeing the extensions, please do the following:

  • Click Start
  • Open My Computer
  • Select the Tools menu and click Folder Options
  • Select the View tab
  • In b]Advanced Settings:[/b] uncheck Hide extensions for known file types
  • Click Yes to confirm
  • Click OK
-------------------------------------------------

I've just read your latest post. I don't understand where 'download manager' comes into it. To install the update, click on Start then Run and click Browse and navigate to where you saved the downloaded file. Select the file (jre-6-windows-i586.exe), click OK and then run it. Can you explain what you expect 'download manager' to do, please? To check that it has installed correctly, go to Control Panel and click on the Java icon.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby echo06 » December 22nd, 2006, 2:27 pm

java's installed ok.everything was ok in folder options so i just deleted the files.if there had been some way of showing you that there was multiple setup.exe i would've done it.narrowed it down to 3 in the end-i changed the view to list all files.
echo06
Regular Member
 
Posts: 15
Joined: December 19th, 2006, 12:55 pm

Unread postby beynac » December 22nd, 2006, 2:33 pm

That's great. :)

We just need the Kaspersky report now, to make sure we've got everything. Could you also post a new HijackThis log please.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby echo06 » December 22nd, 2006, 3:16 pm

Logfile of HijackThis v1.99.1
Scan saved at 19:14:03, on 22/12/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MSMPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=midd-cache-1.server.ntli.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL (HKCU)
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.co.uk/r/neutral/contr ... 5,0,1730,0
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - http://moneymanager.egg.com/activex/accounttracking.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F49159DA-E0C6-11D1-8E28-08005AAA630C} (IFS_Service Control) - http://tescoonline.co.uk/dbpc2/controls ... S_Serv.cab
O16 - DPF: {6CAE02B8-EB30-11D1-8CE5-0004ACF74B57} (IFS_List Control) - http://tescoonline.co.uk/dbpc2/controls ... S_List.cab
O16 - DPF: {5DD1BBF5-E4B2-11D1-9211-0004ACF75CFC} (IFS_Wizard2 Control) - http://tescoonline.co.uk/dbpc2/controls ... S_Wz02.cab
O16 - DPF: {F3DAE1EA-01DA-11D2-8E33-08005AAA630C} (IFS_Wizard4 Control) - http://tescoonline.co.uk/dbpc2/controls ... S_Wz04.cab
O16 - DPF: {5915C16A-F555-11D1-8E31-08005AAA630C} (IFS_Wizard5 Control) - http://tescoonline.co.uk/dbpc2/controls ... S_Wz05.cab
O16 - DPF: {C6C07D4E-3911-11D2-8708-0001FAF8D5C4} (IFS_Wizard7 Control) - http://tescoonline.co.uk/dbpc2/controls ... S_Wz07.cab
O16 - DPF: {A3186A8D-134F-11D3-BBAE-0010E3624141} (IFS_Wizard8 Control) - http://tescoonline.co.uk/dbpc2/controls ... S_Wz08.cab
O16 - DPF: {35831956-96AF-11D3-BC12-0010E3624141} (IFS_Wizard10 Control) - http://tescoonline.co.uk/dbpc2/controls ... S_Wz10.cab
O16 - DPF: {1096842F-FEE6-11D2-965E-0010E3622565} (IFS_Lib00) - http://tescoonline.co.uk/dbpc2/controls ... FS_OLB.cab
O16 - DPF: {8F78C964-B20B-11D2-8D4A-0004ACF74B57} (IFS_Lib01) - http://tescoonline.co.uk/dbpc2/controls ... S_Lb01.cab
O16 - DPF: {C6726AD0-E1E0-11D2-929E-0004ACF75CFC} (IFS_Lib03) - http://tescoonline.co.uk/dbpc2/controls ... S_Lb03.cab
O16 - DPF: {C0E10B5C-DA42-11D3-9FED-0004ACF74B57} (IFS_Lib02) - http://tescoonline.co.uk/dbpc2/controls ... S_Lb02.cab
O16 - DPF: {219CF65A-B13C-11D2-8D4A-0004ACF74B57} (IFS_Lib04) - http://tescoonline.co.uk/dbpc2/controls ... S_Lb04.cab
O16 - DPF: {F0FB4064-2940-11D3-92B1-0004ACF75CFC} (IFS_Lib06) - http://tescoonline.co.uk/dbpc2/controls ... S_Lb06.cab
O16 - DPF: {5B2FD039-D08C-11D2-9FFD-0004ACF74B57} (IFS_Lib08) - http://tescoonline.co.uk/dbpc2/controls ... S_Lb08.cab
O16 - DPF: {770941A0-11BD-11D3-8E92-0001FAF8D90D} (IFS_Lib09) - http://tescoonline.co.uk/dbpc2/controls ... S_Lb09.cab
O16 - DPF: {498439C0-0921-11D3-9484-0001FAF8503C} (IFS_Lib10) - http://tescoonline.co.uk/dbpc2/controls ... S_Lb10.cab
O16 - DPF: {9E2D89BB-D888-11D2-A002-0004ACF74B57} (IFS_Lib12) - http://tescoonline.co.uk/dbpc2/controls ... S_Lb12.cab
O16 - DPF: {9D24756B-CBFC-11D2-9FFB-0004ACF74B57} (IFS_Lib13) - http://tescoonline.co.uk/dbpc2/controls ... S_Lb13.cab
O16 - DPF: {D71A2028-D578-11D2-9FFF-0004ACF74B57} (IFS_Lib14) - http://tescoonline.co.uk/dbpc2/controls ... S_Lb14.cab
O16 - DPF: {F3A16EEE-39B4-11D3-8E96-0001FAF8D90D} (IFS_Lib15) - http://tescoonline.co.uk/dbpc2/controls ... S_Lb15.cab
O16 - DPF: {BBAE9E7E-3F7D-11D3-94B7-0001FAF8503C} (IFS_Lib16) - http://tescoonline.co.uk/dbpc2/controls ... S_Lb16.cab
O16 - DPF: {29548124-B145-11D3-BC1B-0010E3624141} (IFS_Lib18) - http://tescoonline.co.uk/dbpc2/controls ... S_Lb18.cab
O16 - DPF: {D6CD9D82-AC85-11D3-878A-0010E36241AE} (IFS_Lib19) - http://tescoonline.co.uk/dbpc2/controls ... S_Lb19.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnview95.cab
O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://www.pcpitstop.com/antivirus/PCPAV.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... Client.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.showroom@alfaromeo.co.uk/Com ... SurVid.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://www.showroom@alfaromeo.co.uk/Com ... utside.cab
O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} - http://sp.ask.com/docs/toolbar/download/askbar-inst.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/file ... _en_US.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.35.74.133:8080/activex/AxisCamControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.sc-server1.bt.com/broadband/ ... reQual.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... n_ansi.cab
echo06
Regular Member
 
Posts: 15
Joined: December 19th, 2006, 12:55 pm

Unread postby beynac » December 23rd, 2006, 1:12 pm

The HijackThis log looks fine. Have you had a chance to run the Kaspersky scan yet?
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby echo06 » December 24th, 2006, 6:56 am

not yet cos not had chance to put pc on.


weird thing happened when i put it on just now-the IE icon had disappeared from taskbar.just dragged it across from desktop
echo06
Regular Member
 
Posts: 15
Joined: December 19th, 2006, 12:55 pm

Unread postby echo06 » December 24th, 2006, 11:49 am

i've done another scan and the Opera items are still coming up even though i opened the program and deleted all mail/emptied the trash

Total number of scanned objects 63306
Number of viruses found 1
Number of infected objects 9 / 0
Number of suspicious objects 0
Duration of the scan process 01:32:50

Infected Object Name Virus Name Last Action
c:\_RESTORE\LOGS\vxdsfp.log Object is locked skipped

c:\_RESTORE\LOGS\vxdalt1.log Object is locked skipped

c:\WINDOWS\SYSTEM\CATROOT\SYSMAST.CBD Object is locked skipped

c:\WINDOWS\SYSTEM\CATROOT\SYSMAST.CBK Object is locked skipped

c:\WINDOWS\SYSTEM\CATROOT\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.CBD Object is locked skipped

c:\WINDOWS\SYSTEM\CATROOT\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.CBK Object is locked skipped

c:\WINDOWS\SCHEDLOG.TXT Object is locked skipped

c:\WINDOWS\WIN386.SWP Object is locked skipped

c:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

c:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

c:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

c:\WINDOWS\Internet Logs\OEMCOMPUTER.ldb Object is locked skipped

c:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

c:\WINDOWS\TEMP\ZLT0261b.TMP Object is locked skipped

c:\WINDOWS\COOKIES\INDEX.DAT Object is locked skipped

c:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT Object is locked skipped

c:\WINDOWS\HISTORY\HISTORY.IE5\MSHist012006122420061225\index.dat Object is locked skipped

c:\WINDOWS\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

c:\WINDOWS\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

c:\WINDOWS\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped

c:\WINDOWS\Application Data\Opera\OPERA7\Mail\storage\mbox632.mbs/[From "Danne" ][Date Thu, 20 Jul 2006 20:21:54 -0200]/UNNAMED/[From "Utopian Idealism" ][Date Thu, 20 Jul 2006 20:54:55 -0100]/UNNAMED/[From "Dena Vigil" ][Date Thu, 20 Jul 2006 16:08:13 -0600]/UNNAMED/[From "tory jackson" ][Date Thu, 20 Jul 2006 13:09:15 -0100]/text/[From "Donald Arias" ... /[From "Spysoftcentral Team" ][Date Fri, 21 Jul 2006 03:33:22 - ... /DD269901.exe Infected: Trojan-Downloader.Win32.Agent.aqj skipped

c:\WINDOWS\Application Data\Opera\OPERA7\Mail\storage\mbox632.mbs/[From "Danne" ][Date Thu, 20 Jul 2006 20:21:54 -0200]/UNNAMED/[From "Utopian Idealism" ][Date Thu, 20 Jul 2006 20:54:55 -0100]/UNNAMED/[From "Dena Vigil" ][Date Thu, 20 Jul 2006 16:08:13 -0600]/UNNAMED/[From "tory jackson" ][Date Thu, 20 Jul 2006 13:09:15 -0100]/text/[From "Donald Arias" ... /[From "Spysoftcentral Team" ][Date Fri, 21 Jul 2006 03:33:22 -0100]/DD269901.zip Infected: Trojan-Downloader.Win32.Agent.aqj skipped

c:\WINDOWS\Application Data\Opera\OPERA7\Mail\storage\mbox632.mbs/[From "Danne" ][Date Thu, 20 Jul 2006 20:21:54 -0200]/UNNAMED/[From "Utopian Idealism" ][Date Thu, 20 Jul 2006 20:54:55 -0100]/UNNAMED/[From "Dena Vigil" ][Date Thu, 20 Jul 2006 16:08:13 -0600]/UNNAMED/[From "tory jackson" ][Date Thu, 20 Jul 2006 13:09:15 -0100]/text/[From "Donald Arias" ][Date Thu, 20 Jul 2006 17:20:42 -0500]/text Infected: Trojan-Downloader.Win32.Agent.aqj skipped

c:\WINDOWS\Application Data\Opera\OPERA7\Mail\storage\mbox632.mbs/[From "Danne" ][Date Thu, 20 Jul 2006 20:21:54 -0200]/UNNAMED/[From "Utopian Idealism" ][Date Thu, 20 Jul 2006 20:54:55 -0100]/UNNAMED/[From "Dena Vigil" ][Date Thu, 20 Jul 2006 16:08:13 -0600]/UNNAMED/[From "tory jackson" ][Date Thu, 20 Jul 2006 13:09:15 -0100]/text/[From "Donald Arias" ][Date Thu, 20 Jul 2006 12:24:24 -0600]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.aqj skipped

c:\WINDOWS\Application Data\Opera\OPERA7\Mail\storage\mbox632.mbs/[From "Danne" ][Date Thu, 20 Jul 2006 20:21:54 -0200]/UNNAMED/[From "Utopian Idealism" ][Date Thu, 20 Jul 2006 20:54:55 -0100]/UNNAMED/[From "Dena Vigil" ][Date Thu, 20 Jul 2006 16:08:13 -0600]/UNNAMED/[From "tory jackson" ][Date Thu, 20 Jul 2006 13:09:15 -0100]/text Infected: Trojan-Downloader.Win32.Agent.aqj skipped

c:\WINDOWS\Application Data\Opera\OPERA7\Mail\storage\mbox632.mbs/[From "Danne" ][Date Thu, 20 Jul 2006 20:21:54 -0200]/UNNAMED/[From "Utopian Idealism" ][Date Thu, 20 Jul 2006 20:54:55 -0100]/UNNAMED/[From "Dena Vigil" ][Date Thu, 20 Jul 2006 16:08:13 -0600]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.aqj skipped

c:\WINDOWS\Application Data\Opera\OPERA7\Mail\storage\mbox632.mbs/[From "Danne" ][Date Thu, 20 Jul 2006 20:21:54 -0200]/UNNAMED/[From "Utopian Idealism" ][Date Thu, 20 Jul 2006 20:54:55 -0100]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.aqj skipped

c:\WINDOWS\Application Data\Opera\OPERA7\Mail\storage\mbox632.mbs/[From "Danne" ][Date Thu, 20 Jul 2006 20:21:54 -0200]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.aqj skipped

c:\WINDOWS\Application Data\Opera\OPERA7\Mail\storage\mbox632.mbs Mail Berkeley mbox: infected - 8 skipped

c:\WINDOWS\Sti_Trace.log Object is locked skipped

c:\WINDOWS\Temporary Internet Files\CONTENT.IE5\index.dat Object is locked skipped

Scan process completed
echo06
Regular Member
 
Posts: 15
Joined: December 19th, 2006, 12:55 pm

Unread postby beynac » December 25th, 2006, 5:13 am

Hi and :santa: Merry Christmas :santa:

Thanks for the Kaspersky report. I don't understand why the emails are still there! However, as you don't use Opera for email, I think that the best way to get rid of them would be to uninstall Opera and delete the folder. Open Control Panel and then Add or Remove Programs. Select Opera 7.0 and the click on Uninstall. Close Control Panel.

Click on Start then My Computer, find the following folder (highlighted in red) and delete it.
C:\WINDOWS\Application Data\Opera\OPERA7\ <- Delete folder

You can also delete FixWareout from your desktop and the report (C:\fixwareout\report.txt).

Reboot your computer.

If you wish to re-install Opera, you can download the current version from here.

----------------------------------------------------------------

The infected files in System restore do not appear on the Kaspersky report. Presumably, you have flushed the restore points. If not, please do so now.
  • Open Control Panel, click System.
  • Click the Performance tab.
  • Click the File System button.
  • Click the Troubleshooting tab.
  • Click to select the Disable System Restore check box.
  • Click OK, and then click Close.
  • Reboot your computer
  • Open Control Panel, click System.
  • Click the Performance tab.
  • Click the File System button.
  • Click the Troubleshooting tab.
  • Click to deselect the Disable System Restore check box.
  • Click OK, and then click Close.
  • Reboot your computer
-----------------------------------------------------------

This is my standard 'speech' once someone's computer is clean. Forgive me if you already do some, or all, of the following.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Internet Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to 'Prompt'
      • Change the Download unsigned ActiveX controls to 'Disable'
      • Change the Initialise and script ActiveX controls not marked as safe to 'Disable'
      • Change the Installation of desktop items to 'Prompt'
      • Change the Launching programs and files in an IFRAME to 'Prompt'
      • Change the Navigate sub-frames across different domains to 'Prompt'
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the OK button to exit the Internet Properties page.
  • Use an Anti-Virus Software - It is very important that you have an anti-virus program running on your computer. This alone can save you a lot of trouble with malware in the future. See this link for a list of some online and stand-alone anti-virus programs:
    Computer Safety On line - Anti-Virus
  • Update your Anti-Virus Software - It is imperative that you update your anti-virus software at least once a week (even more if you can). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I cannot stress how important it is that you use a firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can greatly lower your risk. For an article on firewalls, and a list of some available ones, see this link:
    Computer Safety Online - Software Firewalls
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit Windows Update regularly. This will ensure you always have the latest security updates installed on your computer. If there are new updates to install, install them immediately, reboot your computer and revisit the site until there are no more critical updates.
  • If they are not already present, I would recommend that you download and install some, or all, of the following programs (all free):
    • Spybot - Search and Destroy -Download and install Spybot - Search and Destroy with its TeaTimer option.
      This will provide real-time spyware and hijacker protection on your computer, alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here: Instructions for Spybot S&D and Ad-Aware
    • Ad-Aware SE Personal - Download and install Ad-Aware SE Personal. You should also scan your computer with the program on a regular basis just as you would an anti-virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here: Instructions for Spybot S&D and Ad-Aware
    • SpywareBlaster - SpywareBlaster will add a large list of programs and websites into your Internet Explorer and/or Firefox browser settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here: Computer Safety on line - Anti-Malware
  • Update all of these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected will reduce dramatically.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby echo06 » December 26th, 2006, 7:33 am

cheers

yea i'd flushed out the restore folder again when i saw the items in the report.i still dont understand how i'm getting these problems.everything is uptodate.i use AVG/ZA/spybot/adaware/spyblaster and god knows what else.those four programs i use all the time.the IE settings as you described are the same on my system so i didnt have to change owt.

i'll uninstall Opera.
echo06
Regular Member
 
Posts: 15
Joined: December 19th, 2006, 12:55 pm

Unread postby Nellie2 » December 26th, 2006, 8:12 am

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

The help you receive here is free but you can help support this site from this link if you wish:
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 38 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware