| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 64103 | 2005-12-03 05:38:00 | Spyaxe and | Tim_Northland (9353) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 409724 | 2005-12-04 05:22:00 | I ran Ewido and it found and cleaned 22 items including Zlob.br Zlob is very persistant and has reappeared since the scan but was caught and deleted by Ewido. Will downloader trojans continue to appear? I'd like to thank you all for your timley assistance it is much appreciated. I dont know if all the gremlins have been given the boot yet, as the last zlob aprehension (by Edido) was after the edwio scan. I would be grateful of any further thoughts and advice you might have. regards Tim |
Tim_Northland (9353) | ||
| 409725 | 2005-12-04 05:25:00 | Maybe the reason you cant find this C:\WINDOWS\system32\hpBA76.tmp is because of this..... To show hidden files instructions (WinXP) Doubleclick My Computer | Tools | Folder Options | View tab Select Show Hidden Files and Folders Uncheck Hide extensions for known file types Uncheck Hide protected operating system files (Recommended) Select Apply to All Folders | Yes | Apply | OK Just post a new hjt log when you are all finished.There is no rush. |
Pancake (6359) | ||
| 409726 | 2005-12-04 05:54:00 | Hello Eddy, did all that in safe mode. I still couldn’t find C:\WINDOWS\system32\hpBA76.tmp though. I fixed the 02 entry with HJT again On reboot Ewdio caught Zlob and then everytime I launching IE it does so again. Once after that NAV caught Download. Trojan :mad: Id love to see it announced in the news that an international accord had been made to allow the apprehension and incarceration (preferably in a country that allows the death penalty) of who ever makes things like Spyaxe. Here's the latest log Logfile of HijackThis v1.99.1 Scan saved at 6:52:47 p.m., on 4/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvctrl.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\WinRoute Pro\WrCtrl.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\user\Desktop\Antispyware\hijackthis\Hijac kThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = www.utu.co.nz O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\system32\hpF906.tmp O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll (file missing) O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [WrCtrl] C:\Program Files\WinRoute Pro\WrCtrl.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - download.ewido.net O16 - DPF: {42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB} (HomePrintingCtrl Class) - www.kodakgallery.com O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - download.zonelabs.com O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - www.systemrequirementslab.com O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WinRoute Pro 4.2 (WinRoute) - Unknown owner - C:\Program Files\WinRoute Pro\winroute.exe |
Tim_Northland (9353) | ||
| 409727 | 2005-12-04 06:28:00 | Normaly those 02 items are not a problem to fix.Leave it with me for a while.I will look into it. The rest of you log by the way is ok.Just as a point for future scans its best to run Ewido in safe mode. :) |
Pancake (6359) | ||
| 409728 | 2005-12-04 06:38:00 | I have downloaded and installed Firefox and the trojan hasn't been detected by NAV or Edwio I tried to find a setting in Edwio which specified safe mode but drew a blank. I'll check their website. Edit: NAV just caught downloader Edit: I just re-read the comment about safemode :rolleyes: I'll try that |
Tim_Northland (9353) | ||
| 409729 | 2005-12-04 06:45:00 | You will have to Boot the computer into safe mode and then run Ewido :) Anyway . As that 02 is part of the SmitFreud virus well will try that part again . In safe mode Open the smitRem folder, then double click the RunThis . bat file to start the tool . Follow the prompts on screen . Wait for the tool to complete and disk cleanup to finish . The tool will create a log named smitfiles . txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed . Please then try to remove the 02 with HJT and post that log along with the smitfiles . txt . EDIT This downloader that NAV keeps finding . Does it gve you a path to it ? |
Pancake (6359) | ||
| 409730 | 2005-12-04 07:44:00 | I rebooted in safe mode Ran Smitrem: smitRem © log file version 2 . 7 by noahdfear Microsoft Windows XP [Version 5 . 1 . 2600] The current date is: Sun 04/12/2005 The current time is: 19:51:11 . 90 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard . com key PSGuard . com key not present! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ shopping ~~~ system32 folder ~~~ 1024 dir msvol . tlb ld**** . tmp ncompat . tlb nvctrl . exe mscornet . exe ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ shopping ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet . dll ~~~ CLEAN! :) Then I ran HJT twice the second time to see that the 02 entry was fixed . This the current log: Logfile of HijackThis v1 . 99 . 1 Scan saved at 8:40:56 p . m . , on 4/12/2005 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v6 . 00 SP2 (6 . 00 . 2900 . 2180) Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\Ati2evxx . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr . exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr . exe C:\WINDOWS\system32\spoolsv . exe C:\Program Files\ewido\security suite\ewidoctrl . exe C:\Program Files\ewido\security suite\ewidoguard . exe C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2 . EXE C:\Program Files\Intel\Intel Application Accelerator\iaantmon . exe C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc . exe C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT . EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan . exe C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB . EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc . exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC . exe C:\WINDOWS\system32\Ati2evxx . exe C:\WINDOWS\Explorer . EXE C:\Program Files\Intel\NCS\PROSet\PRONoMgr . exe C:\WINDOWS\SOUNDMAN . EXE C:\Program Files\Intel\Intel Application Accelerator\iaanotif . exe C:\Program Files\ATI Technologies\ATI . ACE\cli . exe C:\Program Files\Common Files\Symantec Shared\ccApp . exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr . exe C:\Program Files\QuickTime\qttask . exe C:\Program Files\Microsoft AntiSpyware\gcasServ . exe C:\Program Files\WinRoute Pro\WrCtrl . exe C:\Program Files\ATI Technologies\ATI . ACE\CLI . exe C:\Program Files\Logitech\MouseWare\system\em_exec . exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ . exe C:\WINDOWS\System32\svchost . exe C:\PROGRA~1\MOZILL~1\FIREFOX . EXE C:\WINDOWS\system32\NOTEPAD . EXE C:\Program Files\Messenger\msmsgs . exe C:\Documents and Settings\user\Desktop\Antispyware\hijackthis\Hijac kThis . exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www . google . co . nz/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = . utu . co . nz/index . php" target="_blank">www . utu . co . nz O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt . dll (file missing) O4 - HKLM\ . . \Run: [PRONoMgr . exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr . exe O4 - HKLM\ . . \Run: [SoundMan] SOUNDMAN . EXE O4 - HKLM\ . . \Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif . exe O4 - HKLM\ . . \Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx . exe O4 - HKLM\ . . \Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI . ACE\cli . exe" runtime O4 - HKLM\ . . \Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp . exe" O4 - HKLM\ . . \Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr . exe /startup O4 - HKLM\ . . \Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon . exe /Consumer O4 - HKLM\ . . \Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN . EXE /logon O4 - HKLM\ . . \Run: [Logitech Utility] Logi_MwX . Exe O4 - HKLM\ . . \Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask . exe" -atboottime O4 - HKLM\ . . \Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ . exe" O4 - HKCU\ . . \Run: [WrCtrl] C:\Program Files\WinRoute Pro\WrCtrl . exe O4 - Global Startup: Adobe Reader Speed Launch . lnk = C:\Program Files\Adobe\Acrobat 7 . 0\Reader\reader_sl . exe O4 - Global Startup: ATI CATALYST System Tray . lnk = C:\Program Files\ATI Technologies\ATI . ACE\CLI . exe O4 - Global Startup: Microsoft Office . lnk = C:\Program Files\Microsoft Office\Office10\OSA . EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL . EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O12 - Plugin for . spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox . dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - . ewido . net/ewidoOnlineScan . cab" target="_blank">download . ewido . net O16 - DPF: {42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB} (HomePrintingCtrl Class) - . kodakgallery . com/downloads/hmpr/HMPR_WIN_IE_1/axhomepr . cab" target="_blank">www . kodakgallery . com O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - . zonelabs . com/bin/promotions/spywaredetector/ICSScanner37240 . cab" target="_blank">download . zonelabs . com O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - . systemrequirementslab . com/sysreqlab . cab" target="_blank">www . systemrequirementslab . com O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx . exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag . exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr . exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc . exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr . exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl . exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard . exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2 . EXE O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon . exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc . exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc . exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT . EXE O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan . exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ . exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc . exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB . EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc . exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC . exe O23 - Service: WinRoute Pro 4 . 2 (WinRoute) - Unknown owner - C:\Program Files\WinRoute Pro\winroute . exe Then I ran Ewido It found twice as many problems in safe mode: --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 8:09:48 p . m . , 4/12/2005 + Report-Checksum: 1448BABA + Scan result: :mozilla . 9:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\id0o0bfi . default\coo kies . txt -> Spyware . Cookie . Doubleclick : Cleaned with backup :mozilla . 23:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\id0o0bfi . default\coo kies . txt -> Spyware . Cookie . Statcounter : Cleaned with backup :mozilla . 24:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\id0o0bfi . default\coo kies . txt -> Spyware . Cookie . Tribalfusion : Cleaned with backup C:\Documents and Settings\user\Cookies\user@doubleclick[1] . txt -> Spyware . Cookie . Doubleclick : Cleaned with backup C:\Documents and Settings\user\Cookies\user@tribalfusion[1] . txt -> Spyware . Cookie . Tribalfusion : Cleaned with backup C:\Documents and Settings\user\Desktop\Antispyware\spybotsd10 . niasw iss\Spybot - Search & Destroy 1 . 0\Recovery\DoubleClick . zip/user@doubleclick[1] . txt -> Spyware . Cookie . Doubleclick : Error during cleaning C:\Documents and Settings\user\Desktop\Antispyware\spybotsd10 . niasw iss\Spybot - Search & Destroy 1 . 0\Recovery\DoubleClick1 . zip/user@doubleclick[1] . txt -> Spyware . Cookie . Doubleclick : Error during cleaning C:\RECYCLER\NPROTECT\00000727 . DLL -> Downloader . Zlob . br : Cleaned with backup C:\RECYCLER\NPROTECT\00000728 . DLL -> Downloader . Zlob . br : Cleaned with backup :mozilla . 23:C:\RECYCLER\NPROTECT\00000859 . MOZ -> Spyware . Cookie . Tribalfusion : Cleaned with backup :mozilla . 31:C:\RECYCLER\NPROTECT\00000859 . MOZ -> Spyware . Cookie . Doubleclick : Cleaned with backup :mozilla . 6:C:\RECYCLER\NPROTECT\00000861 . MOZ -> Spyware . Cookie . Doubleclick : Cleaned with backup :mozilla . 24:C:\RECYCLER\NPROTECT\00000861 . MOZ -> Spyware . Cookie . Tribalfusion : Cleaned with backup :mozilla . 11:C:\RECYCLER\NPROTECT\00000866 . MOZ -> Spyware . Cookie . Doubleclick : Cleaned with backup :mozilla . 24:C:\RECYCLER\NPROTECT\00000866 . MOZ -> Spyware . Cookie . Tribalfusion : Cleaned with backup :mozilla . 11:C:\RECYCLER\NPROTECT\00000868 . MOZ -> Spyware . Cookie . Doubleclick : Cleaned with backup :mozilla . 24:C:\RECYCLER\NPROTECT\00000868 . MOZ -> Spyware . Cookie . Tribalfusion : Cleaned with backup :mozilla . 11:C:\RECYCLER\NPROTECT\00000874 . MOZ -> Spyware . Cookie . Doubleclick : Cleaned with backup :mozilla . 24:C:\RECYCLER\NPROTECT\00000874 . MOZ -> Spyware . Cookie . Tribalfusion : Cleaned with backup :mozilla . 20:C:\RECYCLER\NPROTECT\00000876 . MOZ -> Spyware . Cookie . Doubleclick : Cleaned with backup :mozilla . 35:C:\RECYCLER\NPROTECT\00000876 . MOZ -> Spyware . Cookie . Tribalfusion : Cleaned with backup :mozilla . 16:C:\RECYCLER\NPROTECT\00000877 . MOZ -> Spyware . Cookie . Doubleclick : Cleaned with backup :mozilla . 18:C:\RECYCLER\NPROTECT\00000877 . MOZ -> Spyware . Cookie . Statcounter : Cleaned with backup :mozilla . 19:C:\RECYCLER\NPROTECT\00000877 . MOZ -> Spyware . Cookie . Tribalfusion : Cleaned with backup :mozilla . 19:C:\RECYCLER\NPROTECT\00000883 . MOZ -> Spyware . Cookie . Doubleclick : Cleaned with backup :mozilla . 20:C:\RECYCLER\NPROTECT\00000883 . MOZ -> Spyware . Cookie . Statcounter : Cleaned with backup :mozilla . 21:C:\RECYCLER\NPROTECT\00000883 . MOZ -> Spyware . Cookie . Tribalfusion : Cleaned with backup :mozilla . 11:C:\RECYCLER\NPROTECT\00000884 . MOZ -> Spyware . Cookie . Doubleclick : Cleaned with backup :mozilla . 23:C:\RECYCLER\NPROTECT\00000884 . MOZ -> Spyware . Cookie . Statcounter : Cleaned with backup :mozilla . 24:C:\RECYCLER\NPROTECT\00000884 . MOZ -> Spyware . Cookie . Tribalfusion : Cleaned with backup :mozilla . 11:C:\RECYCLER\NPROTECT\00000886 . MOZ -> Spyware . Cookie . Doubleclick : Cleaned with backup :mozilla . 23:C:\RECYCLER\NPROTECT\00000886 . MOZ -> Spyware . Cookie . Statcounter : Cleaned with backup :mozilla . 24:C:\RECYCLER\NPROTECT\00000886 . MOZ -> Spyware . Cookie . Tribalfusion : Cleaned with backup :mozilla . 11:C:\RECYCLER\NPROTECT\00000887 . MOZ -> Spyware . Cookie . Doubleclick : Cleaned with backup :mozilla . 23:C:\RECYCLER\NPROTECT\00000887 . MOZ -> Spyware . Cookie . Statcounter : Cleaned with backup :mozilla . 24:C:\RECYCLER\NPROTECT\00000887 . MOZ -> Spyware . Cookie . Tribalfusion : Cleaned with backup :mozilla . 11:C:\RECYCLER\NPROTECT\00000897 . MOZ -> Spyware . Cookie . Doubleclick : Cleaned with backup :mozilla . 23:C:\RECYCLER\NPROTECT\00000897 . MOZ -> Spyware . Cookie . Statcounter : Cleaned with backup :mozilla . 24:C:\RECYCLER\NPROTECT\00000897 . MOZ -> Spyware . Cookie . Tribalfusion : Cleaned with backup :mozilla . 11:C:\RECYCLER\NPROTECT\00000898 . MOZ -> Spyware . Cookie . Doubleclick : Cleaned with backup :mozilla . 23:C:\RECYCLER\NPROTECT\00000898 . MOZ -> Spyware . Cookie . Statcounter : Cleaned with backup :mozilla . 24:C:\RECYCLER\NPROTECT\00000898 . MOZ -> Spyware . Cookie . Tribalfusion : Cleaned with backup D:\RECYCLER\NPROTECT\00000000 . TXT -> Spyware . Cookie . Adorigin : Cleaned with backup D:\RECYCLER\NPROTECT\00000001 . TXT -> Spyware . Cookie . Burstnet : Cleaned with backup D:\RECYCLER\NPROTECT\00000002 . TXT -> Spyware . Cookie . Com : Cleaned with backup D:\RECYCLER\NPROTECT\00000003 . TXT -> Spyware . Cookie . Wegcash : Cleaned with backup D:\RECYCLER\NPROTECT\00000004 . TXT -> Spyware . Cookie . Burstbeacon : Cleaned with backup D:\RECYCLER\NPROTECT\00000005 . TXT -> Spyware . Cookie . Myaffiliateprogram : Cleaned with backup D:\RECYCLER\NPROTECT\00000006 . TXT -> Spyware . Cookie . Adorigin : Cleaned with backup D:\RECYCLER\NPROTECT\00000007 . TXT -> Spyware . Cookie . Link4ads : Cleaned with backup D:\RECYCLER\NPROTECT\00000008 . TXT -> Spyware . Cookie . Link4ads : Cleaned with backup D:\RECYCLER\NPROTECT\00000009 . TXT -> Spyware . Cookie . Popuptraffic : Cleaned with backup D:\RECYCLER\NPROTECT\00000010 . TXT -> Spyware . Cookie . Popuptraffic : Cleaned with backup D:\RECYCLER\NPROTECT\00000011 . TXT -> Spyware . Cookie . Popuptraffic : Cleaned with backup ::Report End I'll run HJT again and save the log to make sure we got the 02 entry . Edit: :thumbs: looks like we won :) I'll cross my fingers Thanks again |
Tim_Northland (9353) | ||
| 409731 | 2005-12-04 07:49:00 | EDIT This downloader that NAV keeps finding.Does it gve you a path to it ? The path in NAV's logs is C:\WINDOWS\system32\1024\ldBA03.tmp |
Tim_Northland (9353) | ||
| 409732 | 2005-12-04 08:00:00 | Your log is now clean, well done! You should be set to go . I would now be inclined to empty the Recycle Bin . Recommended Protection Programs Now that you are clean, to help protect yoursystem I recommend that you get the following free programs if you want them: SpywareBlaster to help prevent spyware from installing . SpywareGuard to catch and block spyware . IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email . If you do not have a firewall, here is a free one for personal use: ZoneAlarm |
Pancake (6359) | ||
| 409733 | 2005-12-04 08:42:00 | have u turned off system restore rebooted then turned it back on again pretty much essential you do this |
bartsdadhomer (80) | ||
| 1 2 3 4 | |||||