I run Comodo Internet Security and Malwarebytes Anti Malware
At the moment by CIS is blocking both files, From program and firewall request (By my own will). IT did try to access the internet but I stopped it. People are telling me to Format but I have too much on here to do that.
CIS and Malware Bytes dont detect nothing.
Here are the virusscan.jotti.org results
File 1: 1CB72.exe.exe
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found Win32:Downloader-CGE
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found Troj.Downloader.W32.CodecPack.epq
Dr.Web
Found nothing
F-Prot Antivirus
Found W32/Downldr3.DZ
F-Secure Anti-Virus
Found Trojan.Win32.Agent2.hga
Ikarus
Found nothing
Kaspersky Anti-Virus
Found Trojan.Win32.Agent2.hga
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Quick Heal
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found Trojan-Downloader.VB.gen
File 2: 9F6B3.exe.exe
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found Win32:Downloader-CGE
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found Troj.Downloader.W32.CodecPack.epq
Dr.Web
Found nothing
F-Prot Antivirus
Found W32/Downldr3.DZ
F-Secure Anti-Virus
Found Trojan.Win32.Agent2.hga
Ikarus
Found nothing
Kaspersky Anti-Virus
Found Trojan.Win32.Agent2.hga
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Quick Heal
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found Trojan-Downloader.VB.gen
----------------------------------------------------------------------------------------------------------------------------------------------------------------
Here are the VirusTotal results
File 1 : 1CB72.exe.exe
a-squared 4.0.0.101 2009.04.10 -
AhnLab-V3 5.0.0.2 2009.04.10 -
AntiVir 7.9.0.138 2009.04.10 -
Antiy-AVL 2.0.3.1 2009.04.10 Trojan/Win32.Agent2
Authentium 5.1.2.4 2009.04.09 W32/Downldr3.DZ
Avast 4.8.1335.0 2009.04.09 Win32:Downloader-CGE
AVG 8.5.0.285 2009.04.10 -
BitDefender 7.2 2009.04.10 -
CAT-QuickHeal 10.00 2009.04.10 -
ClamAV 0.94.1 2009.04.10 -
Comodo 1109 2009.04.10 -
DrWeb 4.44.0.09170 2009.04.10 -
eSafe 7.0.17.0 2009.04.07 -
eTrust-Vet 31.6.6448 2009.04.10 -
F-Prot 4.4.4.56 2009.04.09 W32/Downldr3.DZ
F-Secure 8.0.14470.0 2009.04.10 Trojan.Win32.Agent2.hga
Fortinet 3.117.0.0 2009.04.09 -
GData 19 2009.04.10 Win32:Downloader-CGE
Ikarus T3.1.1.49.0 2009.04.10 -
K7AntiVirus 7.10.698 2009.04.09 -
Kaspersky 7.0.0.125 2009.04.10 Trojan.Win32.Agent2.hga
McAfee 5579 2009.04.09 -
McAfee+Artemis 5579 2009.04.09 -
McAfee-GW-Edition 6.7.6 2009.04.10 -
Microsoft 1.4502 2009.04.10 -
NOD32 3999 2009.04.10 -
Norman 6.00.06 2009.04.09 -
nProtect 2009.1.8.0 2009.04.10 -
Panda 10.0.0.14 2009.04.10 -
Prevx1 V2 2009.04.10 Medium Risk Malware
Rising 21.24.44.00 2009.04.10 -
Sophos 4.40.0 2009.04.10 -
Sunbelt 3.2.1858.2 2009.04.10 Trojan.Win32.Agent2.hga
Symantec 1.4.4.12 2009.04.10 -
TheHacker 6.3.4.0.305 2009.04.09 -
TrendMicro 8.700.0.1004 2009.04.10 TROJ_AGENT.AQER
VBA32 3.12.10.2 2009.04.10 Trojan-Downloader.VB.gen
ViRobot 2009.4.10.1688 2009.04.10 -
VirusBuster 4.6.5.0 2009.04.10 -
File 2: Could get it to upload, Virustotal is working when it wants to
error : Please report failure as: ErrorTime= "Apr 10 16:05:29"
----------------------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:03 AM, on 4/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\EVGA Precision\EVGAPrecision.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\EVGA Precision\Bundle\OSDServer\RTSS.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Mister Tickle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mister Tickle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mister Tickle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mister Tickle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mister Tickle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mister Tickle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mister Tickle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mister Tickle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mister Tickle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\regedit.exe
C:\Documents and Settings\Mister Tickle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mister Tickle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [EVGAPrecision] "C:\Program Files\EVGA Precision\EVGAPrecision.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: 1CB72.exe.exe
O4 - Startup: 9F6B3.exe.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\cssdll32.dll
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 6977 bytes
------------------------------------------------------------------------------------------------------------------------------------------------------------------
Sorry for posting so much stuff, I wanted to make sure I had everything so I can be assited properly.
Please help me out, Thanks.
Edit: I have two new files named BAB2D.exe and 0E808.exe after a blue screen when I tried to run some program that supposed to scan for rootkits or something.
Oh and I cant seem to get on http://www.bleepingcomputer.com/forums/ from google chrome but i can get on the main site its strange, so I'm using IE for now. What is this bleep? Please help,
Oh and everytime I restart, Even though I changed some settings with AusLogic Boost thing it says "Excuting .dll" something before it starts up and i see my desktop, It spammed alot of em the first time but I think its related to AusLogic
The new files seem to be very different, Heres a picture of sometihng I thought looked important
http://www.bleepingcomputer.com/forums/topic218273.html