| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 95122 | 2008-11-25 06:17:00 | One for Speedy and others | apsattv (7406) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 722805 | 2008-11-25 09:23:00 | Could be some kind of autosending worm / malware He probably didnt know it was sent |
Speedy Gonzales (78) | ||
| 722806 | 2008-11-25 11:17:00 | I dealt with something like this a little while back. Turns out its not specifically a virus / trojan, but they just need to change their MSN password to fix the issue -- Otherwise it'll keep sending, even after a clean install of Windows etc. At least, Im pretty sure the URL format was the same. Have your contact Virus / Spyware / Trojan scan their PC, clean it, then change their MSN / Hotmail / Live passport password, and they should be right as rain. Its worth noting that hopto.org is one of No-IP.com's free Dynamic DNS domains (IIRC - either that or its DynDNS), and the account is probably long gone or changed IP's by now... |
Chilling_Silence (9) | ||
| 722807 | 2008-11-25 12:33:00 | The link worked first time it was clicked and opened Windows Live image search engine and a request for MSN name and password! I;ve changed my MSN p.w just to be on the safe side. Anyway this is the log file after he scanned with Malwarebytes. Malwarebytes' Anti-Malware 1.30 Database version: 1419 Windows 5.1.2600 Service Pack 2 25\11\2008 7:36:49 p.m. mbam-log-2008-11-25 (19-36-49).txt Scan type: Quick Scan Objects scanned: 74948 Time elapsed: 9 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 51 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{03f998b2-0e00-11d3-a498-00104b6eb52e} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{03f998b2-0e00-11d3-a498-00104b6eb52e} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransp orterx (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2018c303-e3f2-4455-aa1a-773f84f10902} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{22578653-72ac-11d5-993d-005004eb7e3f} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2b7e6aa9-c4fa-4951-815b-4afe39d81453} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2d1e1117-949a-46d1-369e-fb7990337cb2} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{36018685-c5b5-9b32-ab55-39a30ea1a452} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3d5d83b0-47dc-4862-93d6-3e827a14aed1} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{03f998b2-0e00-11d3-a498-00104b6eb52e} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{977046b0-a87f-11d5-8fea-ffffff000000} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{97d85205-80cf-4b71-90a5-d220da4fee58} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b448faa5-dc36-4c3d-9436-67021cdeca82} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{bbbfcb14-3b21-491c-9e2a-b0f3d50f83fd} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{bc5f1e50-5110-11d1-aff5-006097c9a284} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{bc5f1e51-5110-11d1-aff5-006097c9a284} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{bc5f1e53-5110-11d1-aff5-006097c9a284} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d216096e-8ffa-446d-b985-0464e40f9fb4} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d98e820f-6acd-4dc0-921e-9841e3d8b4a7} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{df66afc9-c61d-404a-b535-64fbf91d420f} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e3a3b1d9-5675-43c0-bf04-37be11939fb7} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e4528244-55b0-4fbc-b27e-26851b634d02} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e7eec168-a4c4-42c6-8601-b02816959b24} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f27ce930-4ca3-11d1-aff2-006097c9a284} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f4c6d6e0-a8fb-4281-be24-1662d646fe2b} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{fbe840e5-13a5-4cff-b2a9-4d1e64a17ff2} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransp orterx.1 (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{006c2f9b-122d-438f-bac0-de3c620d2ec6} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{010653e4-75ec-4d9b-ae49-f64fc810770d} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{01417316-4620-43c7-b635-f4f381596978} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{7aa32fc7-133b-4ae7-998e-ced0d9829b12} (Trojan.Dialer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{6860a44b-5d3e-433d-a7b5-d517f810d0e7} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{06dd38d3-d187-11cf-a80d-00c04fd74ad8} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{111c85e9-bb62-4528-a806-f0be908e02f0} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1b00725b-c455-4de6-bfb6-ad540ad427cd} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{1b00725b-c455-4de6-bfb6-ad540ad427cd} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1b00725b-c455-4de6-bfb6-ad540ad427cd} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\wrx.luna (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\wrx.luna.1 (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\sai.instantiator (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\sai.instantiator.1 (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{4fdca62b-a50c-d75e-fd15-5428a866100d} (Adware.Minibug) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\All Users\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\Media\services.lst (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. C:\Program Files\Common Files\Microsoft Shared\THEMES11\BLANK (Adware.Minibug) -> Delete on reboot. C:\Documents and Settings\All Users\Application Data\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. C:\a (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\HOSTS (Trojan.Agent) -> Quarantined and deleted successfully. |
apsattv (7406) | ||
| 722808 | 2008-11-25 12:34:00 | BTW he was using Adaware..but not any longer! | apsattv (7406) | ||
| 1 2 | |||||