jonkay
2007-11-26, 20:56
From an earlier post so you know what has happened:
erm, bit of a newcomer and don´t really understand much, but I have a problem!!
I have executed the program and the icon has appeared in the bottom right, but with a lock over it and "ejecutar spybot s&d" is in grey and I can´t access it. I have tried to update and am told
"the external update application has been corrupted. Please make sure you download the "updater" update to replace it"
then
"the external "blindman" application has been corrupted. Please use the update function to get it again!"
I then try updating and nothing changes... still a lock over the icon in the bottom right.
BUT....
I have just been to my mail and I got a message saying it was a bit dangerous, so SOMETHING must be working in my computer....
¿can somebody help? thankx
As instructed, I have performed the online scan, these are the results:
KASPERSKY ONLINE SCANNER REPORT
Monday, November 26, 2007 5:23:41 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/11/2007
Kaspersky Anti-Virus database records: 465933
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 114564
Number of viruses found: 4
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 01:38:05
Infected Object Name / Virus Name / Last Action
C:\Archivos de programa\Jasc Software Inc\Paint Shop Pro 9\PlugIns\VirtualPainter4\register.exe Object is locked skipped
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe Object is locked skipped
C:\Archivos de programa\Telefonica\KitAIM\AVS.log Object is locked skipped
C:\BAK\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Configuración local\Historial\History.IE5\MSHist012007112620071127\index.dat Object is locked skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Configuración local\Temp\180D.tmp Infected: not-a-virus:AdWare.Win32.180Solutions.ac skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Mis documentos\Crack WGA Validation Tool\RockXP4.exe/data.rar/pwdump2/pwdump2.exe Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Mis documentos\Crack WGA Validation Tool\RockXP4.exe/data.rar/pwdump2/samdump.dll Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Mis documentos\Crack WGA Validation Tool\RockXP4.exe/data.rar/RockXP4_.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Mis documentos\Crack WGA Validation Tool\RockXP4.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Mis documentos\Crack WGA Validation Tool\RockXP4.exe RarSFX: infected - 4 skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Mis documentos\My Shared Folder\Photomatix\2.5.3\Photomatix Pro 2.5.3.exe Infected: Trojan-Downloader.Win32.Bagle.fx skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Mis documentos\My Shared Folder\Photomatix\Photomatix Pro 2.5.3.zip/Photomatix Pro 2.5.3.exe Infected: Trojan-Downloader.Win32.Bagle.fx skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Mis documentos\My Shared Folder\Photomatix\Photomatix Pro 2.5.3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Bishop_.BISHOP.000\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Bishop_.BISHOP.000\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{EF744947-03A8-482E-A0C6-15FFF7ECE15C}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{7291DF49-DACB-45DA-A8C1-956AA2135375}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\hidr.exe Infected: Trojan-Downloader.Win32.Bagle.fx skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\mmf.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Following this I tried to reboot in SAFE mode, but I couldn´t.
Sorry if this is too long, but I don´t know what is classed as too long.
Edit:
Helpers need to see the HJT log, as requested in the sticky topic I linked to here:
http://forums.spybot.info/showthread.php?t=20641 ;)
erm, bit of a newcomer and don´t really understand much, but I have a problem!!
I have executed the program and the icon has appeared in the bottom right, but with a lock over it and "ejecutar spybot s&d" is in grey and I can´t access it. I have tried to update and am told
"the external update application has been corrupted. Please make sure you download the "updater" update to replace it"
then
"the external "blindman" application has been corrupted. Please use the update function to get it again!"
I then try updating and nothing changes... still a lock over the icon in the bottom right.
BUT....
I have just been to my mail and I got a message saying it was a bit dangerous, so SOMETHING must be working in my computer....
¿can somebody help? thankx
As instructed, I have performed the online scan, these are the results:
KASPERSKY ONLINE SCANNER REPORT
Monday, November 26, 2007 5:23:41 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/11/2007
Kaspersky Anti-Virus database records: 465933
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 114564
Number of viruses found: 4
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 01:38:05
Infected Object Name / Virus Name / Last Action
C:\Archivos de programa\Jasc Software Inc\Paint Shop Pro 9\PlugIns\VirtualPainter4\register.exe Object is locked skipped
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe Object is locked skipped
C:\Archivos de programa\Telefonica\KitAIM\AVS.log Object is locked skipped
C:\BAK\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Configuración local\Historial\History.IE5\MSHist012007112620071127\index.dat Object is locked skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Configuración local\Temp\180D.tmp Infected: not-a-virus:AdWare.Win32.180Solutions.ac skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Mis documentos\Crack WGA Validation Tool\RockXP4.exe/data.rar/pwdump2/pwdump2.exe Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Mis documentos\Crack WGA Validation Tool\RockXP4.exe/data.rar/pwdump2/samdump.dll Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Mis documentos\Crack WGA Validation Tool\RockXP4.exe/data.rar/RockXP4_.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Mis documentos\Crack WGA Validation Tool\RockXP4.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Mis documentos\Crack WGA Validation Tool\RockXP4.exe RarSFX: infected - 4 skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Mis documentos\My Shared Folder\Photomatix\2.5.3\Photomatix Pro 2.5.3.exe Infected: Trojan-Downloader.Win32.Bagle.fx skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Mis documentos\My Shared Folder\Photomatix\Photomatix Pro 2.5.3.zip/Photomatix Pro 2.5.3.exe Infected: Trojan-Downloader.Win32.Bagle.fx skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Mis documentos\My Shared Folder\Photomatix\Photomatix Pro 2.5.3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Bishop_.BISHOP.000\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Bishop_.BISHOP.000\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{EF744947-03A8-482E-A0C6-15FFF7ECE15C}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{7291DF49-DACB-45DA-A8C1-956AA2135375}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\hidr.exe Infected: Trojan-Downloader.Win32.Bagle.fx skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\mmf.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Following this I tried to reboot in SAFE mode, but I couldn´t.
Sorry if this is too long, but I don´t know what is classed as too long.
Edit:
Helpers need to see the HJT log, as requested in the sticky topic I linked to here:
http://forums.spybot.info/showthread.php?t=20641 ;)