Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I have 3 trojans and a registry problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: I have 3 trojans and a registry problem

Unread postby Bv202 » February 26th, 2009, 1:43 pm

Hi Eurocab

It looks like computer A is not affected :)
There is some malware showing the kaspersky log, but it's just some adware which is not that dangerous ;)

We can clean it, but please post the logs from the other computers first - that has priority :)
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)
Advertisement
Register to Remove

Re: I have 3 trojans and a registry problem

Unread postby Eurocab » February 27th, 2009, 9:36 am

Bjorn,

I am having a difficult time running the Kaspersky Online Scan on Computer B. When I try to run it I get a an error message that is caused by Klif.sys and windows is shut down to protect the computer. I researched that file name and it appears to be related to Kaspersksy. I have Kaspersky AntiVirus loaded on Computer B. I tried running the scan with it enabled and disabled. The same thing happens.

I ran a scan using Kaspersky Internet Security and it Detects HEUR:Exploit.Script.Generic. I think that is related to the Online Scan. The following are the results of jotti on Computer B:

Service load:
0% 100%
File: userinit.exe
Status:
OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: a93aee1928a9d7ce3e16d24ec7380f89
Packers detected:
-
Scanner results
Scan taken on 25 Feb 2009 15:38:50 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

Service load:
0% 100%
File: cmd.exe
Status:
OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 6d778e0f95447e6546553eeea709d03c
Packers detected:
-
Scanner results
Scan taken on 25 Feb 2009 15:43:18 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing


Again a problem with sytem32/regedit.exe THis time the error message
stated that the file contains 0 bytes and is probably a firewall???

Service load:
0% 100%
File: regedit.exe
Status:
OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 058710b720282ca82b909912d3ef28db
Packers detected:
-
Scanner results
Scan taken on 25 Feb 2009 15:47:26 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
Eurocab
Active Member
 
Posts: 14
Joined: February 13th, 2009, 2:26 pm

Re: I have 3 trojans and a registry problem

Unread postby Bv202 » February 27th, 2009, 2:55 pm

Hi Eurocab

Sorry to hear you're having trouble with the Kaspersky online scan; we'll try another one :)

PANDA ONLINE SCAN
Please go >here< to run Panda's ActiveScan
  • Once you are on the Panda site, click the Scan your PC now button
  • A new window will open...click the Scan Now button
  • Allow the ActiveX control to be installed. It will start downloading the files it requires for the scan. Note: This may take a couple of minutes
  • Run the ActiveX control, if requested. The screen will then show the scanning progress - the scan will take a while to finish. Please be patient.
  • When the scan has finished, click on Export To
  • Save the file as Activescan.txt to your Desktop
  • Close the Activescan window then go to your Desktop
  • Double-click on Activescan.txt and it will open in Notepad
  • In Notepad, click Edit > Select all, then Edit > Copy
  • Reply to this thread and click Ctrl+V to paste the log in your reply
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: I have 3 trojans and a registry problem

Unread postby Eurocab » February 28th, 2009, 10:00 pm

Bjorn,

Here are the results of Panda.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-02-28 20:53:37
PROTECTIONS: 1
MALWARE: 43
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Kaspersky Internet Security 8.0.0.506 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00020942 adware/exact.bargainbuddy Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
00035328 Application/KillApp.A HackTools No 0 Yes No C:\hp\bin\Terminator.exe
00035937 adware/exact.searchbar Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
00035937 adware/exact.searchbar Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE188402-6EE7-4022-8868-AB25173A3E14}
00047863 adware/ieplugin Adware No 0 Yes No c:\windows\kwv2.dat
00114216 adware/coupons Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{1954A4B1-9627-4CF2-A041-58AA2045CB35}
00114216 adware/coupons Adware No 0 Yes No hkey_classes_root\clsid\{1954a4b1-9627-4cf2-a041-58aa2045cb35}
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.trafficmp.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.atdmt.com/]
00145392 Cookie/Internetfuel TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.internetfuel.com/]
00145392 Cookie/Internetfuel TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.internetfuel.com/]
00145392 Cookie/Internetfuel TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.internetfuel.com/]
00145392 Cookie/Internetfuel TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.internetfuel.com/]
00145392 Cookie/Internetfuel TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.internetfuel.com/]
00145392 Cookie/Internetfuel TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.internetfuel.com/]
00145392 Cookie/Internetfuel TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.internetfuel.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.tribalfusion.com/]
00145758 Cookie/Mysearch TrackingCookie No 0 Yes No C:\Documents and Settings\Rick Adams\Cookies\rick adams@mysearch[2].txt
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.centrport.net/]
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.centrport.net/]
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.centrport.net/]
00149048 Cookie/Cityclubcasino TrackingCookie No 0 Yes No C:\Documents and Settings\Rick Adams\Cookies\rick adams@cityclubcasino[1].txt
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.maxserving.com/]
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.maxserving.com/]
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.belnk.com/]
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.belnk.com/]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.revenue.net/]
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.findwhat.com/]
00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.dist.belnk.com/]
00167665 Cookie/Clicktracks TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.stats1.clicktracks.com/]
00167665 Cookie/Clicktracks TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.stats1.clicktracks.com/]
00167665 Cookie/Clicktracks TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.stats1.clicktracks.com/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[rightmedia.net/]
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[fe.lea.lycos.fr/]
00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.tickle.com/]
00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.tickle.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.perf.overture.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Rick Adams\Cookies\rick_adams@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[ad.yieldmanager.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.bs.serving-sys.com/]
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.as-us.falkag.net/]
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.as-us.falkag.net/]
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.as-us.falkag.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[server.iad.liveperson.net/hc/75401068]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[server.iad.liveperson.net/hc/75401068]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[server.iad.liveperson.net/hc/62210861]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[server.iad.liveperson.net/hc/8683723]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[server.iad.liveperson.net/hc/62210861]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[server.iad.liveperson.net/hc/6844036]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[server.iad.liveperson.net/hc/8683723]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[server.iad.liveperson.net/hc/6844036]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.stat.onestat.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.advertising.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.realmedia.com/]
00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.terra.com.br/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.questionmarket.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Rick Adams\Cookies\rick_adams@adrevolver[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.go.com/]
00196960 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.ath.belnk.com/]
00246053 Adware/KeenValue Adware No 0 Yes No C:\WINDOWS\Downloaded Program Files\imloader.exe
00249100 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Rick Adams\Cookies\rick adams@cgi-bin[4].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[.atwola.com/]
00263700 Cookie/E-eliminator TrackingCookie No 0 Yes No C:\Documents and Settings\Rick Adams\Cookies\rick adams@evidence-eliminator[1].txt
00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Rick Adams\Cookies\rick adams@cgi-bin[2].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\John Dawe\Application Data\Mozilla\Firefox\Profiles\powk1afj.default\cookies.txt[citi.bridgetrack.com/]
;===================================================================================================================================================================================
SUSPECTS
Sent Location ؅
;===================================================================================================================================================================================
No C:\WINDOWS\Downloaded Program Files\popcaploader.dll ؅
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description ؅
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Eurocab
Active Member
 
Posts: 14
Joined: February 13th, 2009, 2:26 pm

Re: I have 3 trojans and a registry problem

Unread postby Bv202 » March 1st, 2009, 12:42 pm

Hi Eurocab

Most of these 'infections' Panda shows are just tracking cookies and not dangerous. There is some adware showing in there, but it's again not very dangerous, so it looks like this computer isn't infected too.

Are there any more computers? If so, please post the logs of them :)
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: I have 3 trojans and a registry problem

Unread postby Eurocab » March 1st, 2009, 1:02 pm

Thanks Bjorn,

The infected computer has been reformatted and is running like a new machine again. I loaded PC Tools Antivirus Software to check the computer after reformatting and removing unnecessary programs that are never used and it appears to be squeaky clean.

The only other computer is offline and used strictly for drawing in AutoCad. It has AVG software loaded on it and isn't used online so it should be healthy. I really don't have access to the computer to run logs. So thanks again for your help.
Eurocab
Active Member
 
Posts: 14
Joined: February 13th, 2009, 2:26 pm

Re: I have 3 trojans and a registry problem

Unread postby Bv202 » March 3rd, 2009, 3:32 pm

Hi Eurocab

If you want to, we can clean the other 2 computers from the adware which is present on it now. If you like to do so, please post back a HijackThis log from one of these computers (please start with only one system!) and tell me which system it is :)
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: I have 3 trojans and a registry problem

Unread postby Eurocab » March 4th, 2009, 9:36 am

Okay, let's start with computer "A".

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:33, on 2009-03-04
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Rick Adams\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Rick Adams\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 9052 bytes
Eurocab
Active Member
 
Posts: 14
Joined: February 13th, 2009, 2:26 pm

Re: I have 3 trojans and a registry problem

Unread postby Bv202 » March 8th, 2009, 3:54 am

I'm very sorry for the delay.

Hi Eurocab

After looking at the HijackThis log, it looks like computer A is clean. Please continue with computer B :)
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: I have 3 trojans and a registry problem

Unread postby Bv202 » March 12th, 2009, 1:22 pm

Hi Eurocab

Are you still here? :)
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: I have 3 trojans and a registry problem

Unread postby Eurocab » March 13th, 2009, 8:38 am

Bjorn,

I am sorry, but I have been busy. My other computer has been cleaned also and remains offline. I guess that means you were successful. Thanks for your help.
Eurocab
Active Member
 
Posts: 14
Joined: February 13th, 2009, 2:26 pm

Re: I have 3 trojans and a registry problem

Unread postby Bv202 » March 13th, 2009, 3:24 pm

Hi Eurocab

Thank you for the reply.

So do you still require help or can we close your thread? If so, would you like some tips to prevent re-infection in the future?
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: I have 3 trojans and a registry problem

Unread postby Eurocab » March 13th, 2009, 6:03 pm

Bjorn,

I think we should close the thread. I am eager to hear any tips you may have on preventing future reinfections.
Eurocab
Active Member
 
Posts: 14
Joined: February 13th, 2009, 2:26 pm

Re: I have 3 trojans and a registry problem

Unread postby Bv202 » March 14th, 2009, 8:50 am

Hi Eurocab

Let's give you these tips in that case :)

Tips to prevent re-infection
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Make sure you enable Automatic Updates for your computer. You can set this in the control panel -> windows update.
An alternative way is to visit Microsoft often to get the latest updates for your computer:
http://www.update.microsoft.com
Note: If you are still running SP2, I suggest you to upgrade to SP3! You can do this on the same method as "normal" updates.


Here are some free programs I recommend that could help you improve your computer's security.

Malwarebytes' Anti-Malware
Download it from here. Click "Download" and you'll get redirected to download.com, where you can download the product. You can also buy this program, which gives you real-time protection against common malware. However, you can use the free program to scan and remove any infections found.

Install SpyWare Blaster 4.0
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

FIREWALL
Without a firewall your computer is susceptible to being hacked and taken over. If you use the Windows Firewall you might think that's sufficient but it only controls one way of the traffic (inbound). Simply using a Firewall in its default configuration can lower your risk greatly.
It's preferable to install one of the suggested firewalls.

FREE FIREWALLS
  • Comodo
    When installing, it will ask you to install Anti-Virus functionality. Please uncheck "install comodo antivirus (recommended)" unless you've uninstalled your AV. NEVER have 2 or more Anti-Virus programs on your computer; it will cause performance loss and/or other problems.
  • Online Armor
  • Sunbelt Kerio

Tutorial about Firewalls can be found here


Read some information here how to prevent Malware.

Is your pc running slow?
Read What to do if your Computer is running slowly

Happy safe surfing!

Please reply once more to this thread so we know it can be closed. If you have any questions left, it's now the time to ask! :)
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: I have 3 trojans and a registry problem

Unread postby Blade81 » March 16th, 2009, 12:46 pm

Since topic appears to be resolved this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware