Results 1 to 7 of 7

Thread: Packed.Win32.Klone.g, Trojan.Win32.Agent.vg, Trojan-Agent.TEX TrojanTrojan.Winlogon

  1. 2006-10-20, 03:38 #1
    OSURico112
    OSURico112 is offline
    Junior Member
    Join Date
    Oct 2006
    Posts
    5

    Default Packed.Win32.Klone.g, Trojan.Win32.Agent.vg, Trojan-Agent.TEX TrojanTrojan.Winlogon

    Ran Counterspy and came up with these Trojans...

    -Packed.Win32.Klone.g
    -Trojan.Win32.Agent.vg
    -Trojan-Agent.TEX
    -Trojan.WinlogonHook.Delf.A

    They are always detected and i always try remove or quarantine remove, but they always reappear. I've done the steps posted and tried Spybot to no avail. Here are my logs...

    HiJackTHis Log

    Logfile of HijackThis v1.99.1
    Scan saved at 9:29:10 PM, on 10/19/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    C:\Program Files\ccxgui\ccXservice.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\ccxgui\ccxstream.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Windows Media Connect 2\WMCCFG.exe
    C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\AOL\1135890229\ee\AOLSoftware.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\HiJackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/Mothership?...33343835353841
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.alienware.com/Mothership?...33343835353841
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {348FE907-249E-4C65-A838-F34A193FE1D1} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135890229\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe /SCB
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe -a
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: windmi32 - windmi32.dll (file missing)
    O20 - Winlogon Notify: winhab32 - winhab32.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    O23 - Service: ccXgui - [XC]D-Ice - C:\Program Files\ccxgui\ccXservice.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  2. 2006-10-20, 03:40 #2
    OSURico112
    OSURico112 is offline
    Junior Member
    Join Date
    Oct 2006
    Posts
    5

    Default

    Online Scan through Panda Scan..

    Incident Status Location

    Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{2031A833-0D48-1033-0430-051116040001}\Services.dll
    Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{2031A833-0D48-1033-0430-051116040001}\Update.exe
    Adware:Adware/UltimateDefender Not disinfected C:\WINDOWS\system32\windmi32.dll
    Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Eric\Start Menu\Programs\Startup\PowerReg Scheduler.exe
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.com.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[statse.webtrendslive.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.targetnet.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.azjmp.com/]
    Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.bravenet.com/]
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.zedo.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.adrevolver.com/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.burstnet.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[servedby.advertising.com/]
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.fastclick.net/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.bfast.com/]
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.questionmarket.com/]
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.hitbox.com/]
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.ads.pointroll.com/]
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.mediaplex.com/]
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.as-us.falkag.net/]
    Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[stat.onestat.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.overture.com/]
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.bs.serving-sys.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.qksrv.net/]
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.maxserving.com/]
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.trafficmp.com/]
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[stats.drivecleaner.com/]
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.drivecleaner.com/]
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.apmebf.com/]
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.bluestreak.com/]
    Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.errorsafe.com/]
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.belnk.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.perf.overture.com/]
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.ehg-dig.hitbox.com/]
  3. 2006-10-20, 03:41 #3
    OSURico112
    OSURico112 is offline
    Junior Member
    Join Date
    Oct 2006
    Posts
    5

    Default

    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.go.com/]
    Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.revenue.net/]
    Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[searchportal.information.com/]
    Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[www.burstbeacon.com/]
    Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.adtech.de/]
    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.target.com/]
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.ehg.hitbox.com/]
    Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.adviva.net/]
    Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.fortunecity.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Eric\Cookies\eric@112.2o7[1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Eric\Cookies\eric@ath.belnk[2].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Eric\Cookies\eric@atwola[1].txt
    Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Eric\Cookies\eric@banner[2].txt
    Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Eric\Cookies\eric@did-it[1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Eric\Cookies\eric@dist.belnk[1].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Eric\Cookies\eric@go[2].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Eric\Cookies\eric@mediaplex[1].txt
    Adware:Adware/ClockSync Not disinfected C:\Documents and Settings\Eric\Desktop\bsplayer139.829.exe[VVSNInst.exe]
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Eric\Desktop\SmitfraudFix\Process.exe
    Adware:Adware/PrintView Not disinfected C:\Documents and Settings\Eric\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\F754C810-D093-474C-B13C-1861BD\1356483B-FEE7-4713-8284-0F2D00
    Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Eric\Local Settings\Temporary Internet Files\Content.IE5\7EDBTL4E\mulbin32[1].exe
    Adware:Adware/PrintView Not disinfected C:\Documents and Settings\Eric\Local Settings\Temporary Internet Files\Content.IE5\8PI3UZ2X\124[1].net
    Adware:Adware/Adservice Not disinfected C:\Documents and Settings\Eric\Local Settings\Temporary Internet Files\Content.IE5\8PI3UZ2X\antzom[1].exe
    Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\Eric\Local Settings\Temporary Internet Files\Content.IE5\IK1IEDMD\wlzip32[1].exe
    Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Eric\Local Settings\Temporary Internet Files\Content.IE5\SB6PAB69\mulbin32[1].exe
    Adware:Adware/YazzleSudoku Not disinfected C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
    Adware:Adware/YazzleSudoku Not disinfected C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
    Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
    Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{3031A833-0D48-1033-0430-051116040001}\Activate.exe
    Adware:Adware/DollarRevenue Not disinfected C:\Program Files\Common Files\{3031A833-0D48-1033-0430-051116040001}\Uninst.exe
    Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
    Adware:Adware/YazzleSudoku Not disinfected C:\WINDOWS\Temp\b116.exe
    Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\Temp\b122.exe[mc-0-0-0.exe][²ÜÇ\nsProcess.dll]
    Adware:Adware/PCodec Not disinfected C:\WINDOWS\Temp\b122.exe[²ÜÇ\nsRandom.dll]
    Adware:Adware/PrintView Not disinfected C:\WINDOWS\Temp\b124.exe
    Adware:Adware/Adservice Not disinfected C:\WINDOWS\Temp\mst795D.tmp
    Adware:Adware/Adservice Not disinfected C:\WINDOWS\Temp\mst8634.tmp
    Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\Temp\nsgB7FF.tmp\nsProcess.dll
    Adware:Adware/Yazzle Not disinfected C:\WINDOWS\Temp\win7909.tmp.exe
    Adware:Adware/Yazzle Not disinfected C:\WINDOWS\Temp\win85CD.tmp.exe
    Adware:Adware/Yazzle Not disinfected C:\WINDOWS\Temp\winB105.tmp.exe
    Adware:Adware/Yazzle Not disinfected C:\WINDOWS\Temp\winB6FE.tmp.exe
    Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\Temp\winB7FB.tmp.exe
  4. 2006-10-20, 03:46 #4
    OSURico112
    OSURico112 is offline
    Junior Member
    Join Date
    Oct 2006
    Posts
    5

    Default

    Just incase this may be helpful here is the counterspy log file for the virii. I did detect smitfraud at one point in time but used the fix to remove it or so it appears. I have noticed that tex trojan was new today it never appeared on the scan yesterday.


    Spyware Scan Details
    Start Date: 10/19/2006 2:00:15 AM
    End Date: 10/19/2006 3:03:32 AM
    Total Time: 1 hrs 3 mins 17 secs

    Detected spyware

    Packed.Win32.Klone.g Trojan more information...
    Status: Quarantined

    Infected files detected
    c:\windows\temp\win13.tmp
    c:\windows\temp\wina.tmp


    Trojan.Win32.Agent.vg Trojan more information...
    Status: Quarantined

    Infected files detected
    C:\Documents and Settings\Eric\Local Settings\Temporary Internet Files\Content.IE5\8PI3UZ2X\antzom[1].exe
    C:\WINDOWS\system32\windmi32.dll


    Trojan-Agent.TEX Trojan more information...
    Status: Deleted

    Infected files detected
    C:\WINDOWS\Temp\mst795D.tmp
    C:\WINDOWS\Temp\mst8634.tmp


    Trojan.WinlogonHook.Delf.A Trojan more information...
    Details: WinlogonHook.Delf.A is a backdoor trojan that gives an attacker the ability to control the infected machine without the user's knowledge.
    Status: Quarantined

    Infected registry entries detected
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Brnd 779
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR PSTV
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SSTV
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SCLIST
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SSLIST
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Data 156429040
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR LSTV
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR BSTV
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR MSLIST
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR BPTV 1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR PID 2
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Rid 203
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR LID 52
  5. 2006-10-20, 04:28 #5
    OSURico112
    OSURico112 is offline
    Junior Member
    Join Date
    Oct 2006
    Posts
    5

    Default

    Sorry for the super long post from panda scan, one of the trojans happens to be a adware downloader and apparently continues to download. I've tried so many different types of removals. Using safe mode and scanning with Counterspy, Adaware, Spybot, the trojans always remain.
  6. 2006-10-25, 16:42 #6
    LonnyRJones
    LonnyRJones is offline
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Welcome to the forum

    Post a combofix log
    1. Download this file - combofix.exe
    http://download.bleepingcomputer.com/sUBs/combofix.exe
    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall
    If the log is large You might need to post half in one reply half in another.
    ~~~~~~~~~~~~~~~~~~~~~~~
    Microsoft MVP Windows-Security 2006
  7. 2006-10-30, 16:50 #7
    tashi
    tashi is online now
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,959

    Default

    This topic has been closed to prevent others with similar issues posting in it.
    If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

    Applies only to the original topic starter.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules