Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Rogue anti-spyware, unable to search in IE esp. Yahoo+Google

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Rogue anti-spyware, unable to search in IE esp. Yahoo+Google

Unread postby silver » January 10th, 2008, 10:53 pm

Hi kliao93,

I've done everything you told me to so far! Do you think this will be done by Sunday?
Certainly, we'll be done today if you have the time available :)

It looks like you posted the previous ComboFix report instead of the Kaspersky log.
Please post the Kaspersky log for me to check and let me know how your computer is running.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Advertisement
Register to Remove

Re: Rogue anti-spyware, unable to search in IE esp. Yahoo+Google

Unread postby kliao93 » January 11th, 2008, 12:42 am

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, January 10, 2008 11:40:48 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/01/2008
Kaspersky Anti-Virus database records: 473842
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 40118
Number of viruses found: 5
Number of infected objects: 77
Number of suspicious objects: 0
Duration of the scan process: 01:19:33

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-01-10_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0604284F.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06384815.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\063B7212.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\063E1C0E.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06457007.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06481A03.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\065217F8.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\066269E7.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\066613E3.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06693DDF.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\066F11D8.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\067665D1.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06830DC3.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\068637BF.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\068A61BB.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\068D0BB8.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\069709AD.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06AA0597.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06B15990.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06B4038D.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06B72D89.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06BB5786.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06CB2974.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E324817.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E3F7008.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E431A05.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E496DFE.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E5615EF.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E6013E5.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E8E5FB2.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E9433AB.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E985DA7.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E9E31A0.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EA15B9D.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EAB5992.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EB55787.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EBB2B80.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EC27F79.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EC85372.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2ECF276A.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2ED92560.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EDF7958.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EE9774E.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EF9493C.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F001D34.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F0D4526.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F1A6D18.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F2E6902.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F3B10F4.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F725AB7.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F832CA5.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F937E93.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FA35081.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FD11C4E.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FE51839.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FEE162E.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FFB3E20.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30053C15.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30126407.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\302C33EA.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\303A5BDB.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\304703CD.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\304D57C6.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30542BBF.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\306153B0.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30957377.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\309F716C.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30A96F61.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\423B5E9C.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62D62830.exe Infected: Trojan.Win32.Qhost.adl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6454588B.sys Infected: Rootkit.Win32.Agent.sv skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Vicky\Application Data\GTek\GTUpdate\AUpdate\EasyLinkAdvisor\gdql_lsa_LinksysAgent.log Object is locked skipped
C:\Documents and Settings\Vicky\Application Data\GTek\GTUpdate\AUpdate\EasyLinkAdvisor\glog.log Object is locked skipped
C:\Documents and Settings\Vicky\Application Data\GTek\GTUpdate\AUpdate\EasyLinkAdvisor\LinksysAgent.log Object is locked skipped
C:\Documents and Settings\Vicky\Application Data\GTek\GTUpdate\AUpdate\EasyLinkAdvisor\LinksysAgent_GTActions.log Object is locked skipped
C:\Documents and Settings\Vicky\Application Data\Mozilla\Firefox\Profiles\ymhpcfbi.default\cert8.db Object is locked skipped
C:\Documents and Settings\Vicky\Application Data\Mozilla\Firefox\Profiles\ymhpcfbi.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Vicky\Application Data\Mozilla\Firefox\Profiles\ymhpcfbi.default\history.dat Object is locked skipped
C:\Documents and Settings\Vicky\Application Data\Mozilla\Firefox\Profiles\ymhpcfbi.default\key3.db Object is locked skipped
C:\Documents and Settings\Vicky\Application Data\Mozilla\Firefox\Profiles\ymhpcfbi.default\parent.lock Object is locked skipped
C:\Documents and Settings\Vicky\Application Data\Mozilla\Firefox\Profiles\ymhpcfbi.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Vicky\Application Data\Mozilla\Firefox\Profiles\ymhpcfbi.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Vicky\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Vicky\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Vicky\Local Settings\Application Data\Microsoft\Messenger\kliao93@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Vicky\Local Settings\Application Data\Microsoft\Messenger\kliao93@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Vicky\Local Settings\Application Data\Microsoft\Messenger\kliao93@hotmail.com\SharingMetadata\Working\database_6824_193F_2419_1224\dfsr.db Object is locked skipped
C:\Documents and Settings\Vicky\Local Settings\Application Data\Microsoft\Messenger\kliao93@hotmail.com\SharingMetadata\Working\database_6824_193F_2419_1224\fsr.log Object is locked skipped
C:\Documents and Settings\Vicky\Local Settings\Application Data\Microsoft\Messenger\kliao93@hotmail.com\SharingMetadata\Working\database_6824_193F_2419_1224\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Vicky\Local Settings\Application Data\Microsoft\Messenger\kliao93@hotmail.com\SharingMetadata\Working\database_6824_193F_2419_1224\tmp.edb Object is locked skipped
C:\Documents and Settings\Vicky\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Vicky\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Vicky\Local Settings\Application Data\Microsoft\Windows Live Contacts\kliao93@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Vicky\Local Settings\Application Data\Microsoft\Windows Live Contacts\kliao93@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Vicky\Local Settings\Application Data\Mozilla\Firefox\Profiles\ymhpcfbi.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Vicky\Local Settings\Application Data\Mozilla\Firefox\Profiles\ymhpcfbi.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Vicky\Local Settings\Application Data\Mozilla\Firefox\Profiles\ymhpcfbi.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Vicky\Local Settings\Application Data\Mozilla\Firefox\Profiles\ymhpcfbi.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Vicky\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Vicky\Local Settings\History\History.IE5\MSHist012008011020080111\index.dat Object is locked skipped
C:\Documents and Settings\Vicky\Local Settings\Temp\flaEEA.tmp Object is locked skipped
C:\Documents and Settings\Vicky\Local Settings\Temp\Perflib_Perfdata_8ac.dat Object is locked skipped
C:\Documents and Settings\Vicky\Local Settings\Temp\~DF2B37.tmp Object is locked skipped
C:\Documents and Settings\Vicky\Local Settings\Temp\~DF3618.tmp Object is locked skipped
C:\Documents and Settings\Vicky\Local Settings\Temp\~DFD7E8.tmp Object is locked skipped
C:\Documents and Settings\Vicky\Local Settings\Temp\~DFDCA6.tmp Object is locked skipped
C:\Documents and Settings\Vicky\Local Settings\Temporary Internet Files\Content.IE5\76ZGJO4S\ADSAdClient31[1].htm Object is locked skipped
C:\Documents and Settings\Vicky\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Vicky\My Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped
C:\Documents and Settings\Vicky\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Vicky\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Yahoo!\NAV\AVApp.log Object is locked skipped
C:\Program Files\Yahoo!\NAV\AVError.log Object is locked skipped
C:\Program Files\Yahoo!\NAV\AVVirus.log Object is locked skipped
C:\Program Files\Yahoo!\NAV\Savrt\0258NAV~.TMP Object is locked skipped
C:\Program Files\Yahoo!\NAV\Savrt\0278NAV~.TMP Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\wsystmp_tsn.exe.vir Infected: Trojan-Dropper.Win32.Small.bdf skipped
C:\RECYCLER\S-1-5-21-606747145-706699826-839522115-1004\Dc2.exe Object is locked skipped
C:\RECYCLER\S-1-5-21-606747145-706699826-839522115-1004\Dc28.zip/trayicon.exe.vir Infected: Trojan.Win32.Agent.drm skipped
C:\RECYCLER\S-1-5-21-606747145-706699826-839522115-1004\Dc28.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{98FCD0ED-90C8-47B4-B487-2D1923BE7BAC}\RP461\A0097767.exe Infected: Trojan-Dropper.Win32.Small.bdf skipped
C:\System Volume Information\_restore{98FCD0ED-90C8-47B4-B487-2D1923BE7BAC}\RP464\A0097941.exe Infected: Trojan.Win32.Agent.drm skipped
C:\System Volume Information\_restore{98FCD0ED-90C8-47B4-B487-2D1923BE7BAC}\RP465\A0097963.exe Infected: Trojan.Win32.Agent.drm skipped
C:\System Volume Information\_restore{98FCD0ED-90C8-47B4-B487-2D1923BE7BAC}\RP465\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
kliao93
Regular Member
 
Posts: 44
Joined: December 30th, 2007, 10:41 pm

Re: Rogue anti-spyware, unable to search in IE esp. Yahoo+Google

Unread postby silver » January 11th, 2008, 2:29 am

Hi kliao93,

Please click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Press OK and Yes to confirm

Please delete ComboFix from your Desktop and also delete this folder:
C:\QooBox


Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
Press OK and Yes to confirm

Re-hide hidden/system files and folders:
Click Start -> My Computer
Select the Tools menu, click Folder Options and select the View tab
Under the Hidden files and folders heading SELECT Do not show hidden files and folders
CHECK the Hide extensions for known file types option
CHECK the Hide protected operating system files (recommended) option
Press OK

Then please open Norton Antivirus and clean your quarantined files.

Once complete, please tell me if you had any problems with the instructions and how your computer is running.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Rogue anti-spyware, unable to search in IE esp. Yahoo+Google

Unread postby kliao93 » January 11th, 2008, 8:35 pm

for some reason, i do not now how to get to the quarantine file. help me?
kliao93
Regular Member
 
Posts: 44
Joined: December 30th, 2007, 10:41 pm

Re: Rogue anti-spyware, unable to search in IE esp. Yahoo+Google

Unread postby silver » January 11th, 2008, 8:55 pm

Please try this:

Open the Symantec Control Panel
Click View | Quarantine.
Select the file or group of files.
Do one of the following:
  • Right click the file and choose Delete Permanently
  • Click the X Delete button.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Rogue anti-spyware, unable to search in IE esp. Yahoo+Google

Unread postby kliao93 » January 11th, 2008, 9:21 pm

i mean, like the shield icon isn't there and when i go to all programs, i dont have symantec...
kliao93
Regular Member
 
Posts: 44
Joined: December 30th, 2007, 10:41 pm

Re: Rogue anti-spyware, unable to search in IE esp. Yahoo+Google

Unread postby silver » January 11th, 2008, 9:34 pm

Can you find Norton Antivirus or Norton Internet Security?

Is a shield icon normally present?
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Rogue anti-spyware, unable to search in IE esp. Yahoo+Google

Unread postby kliao93 » January 11th, 2008, 10:07 pm

there is no shield but i can find the quarantine. but then i had to restart my comp cuz it crashed and now norton says i have a trojan. trojan.kibik!inf to be exact. ummm... i guess i need more help? sgtray is back as well. oh god... the trojans in my messneger program and the other one in a thing called sonice update. help me?
kliao93
Regular Member
 
Posts: 44
Joined: December 30th, 2007, 10:41 pm

Re: Rogue anti-spyware, unable to search in IE esp. Yahoo+Google

Unread postby silver » January 11th, 2008, 10:52 pm

Hi kliao93,

You have files which have been modified by malware but are no longer malicious:
C:\WINDOWS\system32\igfxtray.exe <- Intel Graphics Accelerator
C:\WINDOWS\system32\hkcmd.exe <- Intel Hotkey Command Activator
C:\WINDOWS\system32\igfxpers.exe <- Intel Common User Interface Module
C:\Program Files\Analog Devices\Core\smax4pnp.exe <- Sound driver related
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe <- Samsung printer driver related
C:\WINDOWS\system32\dla\tfswctrl.exe <- HP DLA Packet Writing Software
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe <- VERITAS backup software
C:\WINDOWS\system32\NeroCheck.exe <- Nero Burning ROM
C:\PROGRA~1\Yahoo!\YOP\yop.exe <- SBC Yahoo! Online Protection
C:\Program Files\QuickTime\qttask.exe <- Quicktime/iTunes
C:\Program Files\iTunes\iTunesHelper.exe <- Quicktime/iTunes
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe <- Java Runtime
C:\Program Files\MSN Messenger\MsnMsgr.exe <- MSN Messenger
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe <- Linksys EasyLink Advisor
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe <- Google Toolbar


These files are now safe but if they are detected by your antivirus program they may be quarantined and cause the program to stop functioning. You can either tell your antivirus to permanently ignore these files, or allow them to be quarantined/deleted and reinstall/repair the programs. I recommend you reinstall these programs wherever possible.

Please confirm whether these are the files being detected by Norton.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Rogue anti-spyware, unable to search in IE esp. Yahoo+Google

Unread postby kliao93 » January 11th, 2008, 11:57 pm

i keep getting a pop-up that says high risk. and it can not be repaired because access was denied.
kliao93
Regular Member
 
Posts: 44
Joined: December 30th, 2007, 10:41 pm

Re: Rogue anti-spyware, unable to search in IE esp. Yahoo+Google

Unread postby kliao93 » January 11th, 2008, 11:58 pm

ica not even go to my rogers online protection anymore!
kliao93
Regular Member
 
Posts: 44
Joined: December 30th, 2007, 10:41 pm

Re: Rogue anti-spyware, unable to search in IE esp. Yahoo+Google

Unread postby silver » January 12th, 2008, 12:14 am

ica not even go to my rogers online protection anymore!

I believe that program is on the list, I recommend you reinstall this program and the others on the list.

i keep getting a pop-up that says high risk. and it can not be repaired because access was denied.

Can you tell me what filename is being detected here?

Are you able to confirm whether the detections are as I've listed or whether they are something else?
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Rogue anti-spyware, unable to search in IE esp. Yahoo+Google

Unread postby kliao93 » January 12th, 2008, 10:34 am

yes they seem to all be from the list. however, i can not do anything to them. It only allows me to press the okay button. it says

norton has detected a virus on your computer

object name: c:Windows/SAM/...SSMGR.EXE

action taken: unable to repair this file.

action taken: access to the file was denied

and then theres the okay button.
kliao93
Regular Member
 
Posts: 44
Joined: December 30th, 2007, 10:41 pm

Re: Rogue anti-spyware, unable to search in IE esp. Yahoo+Google

Unread postby kliao93 » January 12th, 2008, 10:39 am

i just got another kind of pop-up. its from norton's personal firewall.

something is trying to access te internet but I do not noe if it is a virus. Oh, and its not in your list.
kliao93
Regular Member
 
Posts: 44
Joined: December 30th, 2007, 10:41 pm

Re: Rogue anti-spyware, unable to search in IE esp. Yahoo+Google

Unread postby silver » January 12th, 2008, 10:28 pm

Hi kliao93,

As I mentioned, these legitimate files have been modified by the malware but are now harmless, however it looks like your antivirus program is detecting them so you won't be able to use them as-is and reinstallation will be required.

I have posted instructions below to quarantine the files in question which I recommend you follow, this should stop your antivirus complaining but the functions provided by the programs will also stop. The most important ones I can see on the list is your Veritas backup software, and tfswctrl.exe - this helps your CD/DVD drive work correctly.

Download OTMoveIt to your desktop and double-click the program to start it.
Select the contents of the below file list, then press Ctrl+C to copy it to the clipboard
In OTMoveIt, click in the left-hand pane and press Ctrl+V to paste the file-list into the program
Then, press MoveIt!
If the program asks you to reboot now, click No
Copy the Results output and paste it into a new notepad file so you can post it in your next response. Do this by clicking in the right-hand pane, press Ctrl-A then Ctrl-C to select all and copy. Then open Notepad, press Ctrl-V to paste in the text, and save this text file to your desktop.

OTMoveIt file list:
Code: Select all
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\NeroCheck.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

Then reboot your computer to complete the removals.


something is trying to access te internet but I do not noe if it is a virus. Oh, and its not in your list.

Does Norton tell you the name of the process which is trying to gain access?

Once complete, please post the OTMoveIt report along with a new HijackThis log.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 441 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware