PDA

View Full Version : problems with spybot



jonkay
2007-11-26, 20:56
From an earlier post so you know what has happened:

erm, bit of a newcomer and don´t really understand much, but I have a problem!!
I have executed the program and the icon has appeared in the bottom right, but with a lock over it and "ejecutar spybot s&d" is in grey and I can´t access it. I have tried to update and am told

"the external update application has been corrupted. Please make sure you download the "updater" update to replace it"
then
"the external "blindman" application has been corrupted. Please use the update function to get it again!"

I then try updating and nothing changes... still a lock over the icon in the bottom right.

BUT....
I have just been to my mail and I got a message saying it was a bit dangerous, so SOMETHING must be working in my computer....

¿can somebody help? thankx


As instructed, I have performed the online scan, these are the results:

KASPERSKY ONLINE SCANNER REPORT
Monday, November 26, 2007 5:23:41 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/11/2007
Kaspersky Anti-Virus database records: 465933
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 114564
Number of viruses found: 4
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 01:38:05

Infected Object Name / Virus Name / Last Action
C:\Archivos de programa\Jasc Software Inc\Paint Shop Pro 9\PlugIns\VirtualPainter4\register.exe Object is locked skipped
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe Object is locked skipped
C:\Archivos de programa\Telefonica\KitAIM\AVS.log Object is locked skipped
C:\BAK\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Configuración local\Historial\History.IE5\MSHist012007112620071127\index.dat Object is locked skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Configuración local\Temp\180D.tmp Infected: not-a-virus:AdWare.Win32.180Solutions.ac skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Mis documentos\Crack WGA Validation Tool\RockXP4.exe/data.rar/pwdump2/pwdump2.exe Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Mis documentos\Crack WGA Validation Tool\RockXP4.exe/data.rar/pwdump2/samdump.dll Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Mis documentos\Crack WGA Validation Tool\RockXP4.exe/data.rar/RockXP4_.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Mis documentos\Crack WGA Validation Tool\RockXP4.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Mis documentos\Crack WGA Validation Tool\RockXP4.exe RarSFX: infected - 4 skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Mis documentos\My Shared Folder\Photomatix\2.5.3\Photomatix Pro 2.5.3.exe Infected: Trojan-Downloader.Win32.Bagle.fx skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Mis documentos\My Shared Folder\Photomatix\Photomatix Pro 2.5.3.zip/Photomatix Pro 2.5.3.exe Infected: Trojan-Downloader.Win32.Bagle.fx skipped
C:\Documents and Settings\Bishop_.BISHOP.000\Mis documentos\My Shared Folder\Photomatix\Photomatix Pro 2.5.3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Bishop_.BISHOP.000\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Bishop_.BISHOP.000\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{EF744947-03A8-482E-A0C6-15FFF7ECE15C}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{7291DF49-DACB-45DA-A8C1-956AA2135375}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\hidr.exe Infected: Trojan-Downloader.Win32.Bagle.fx skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\mmf.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Following this I tried to reboot in SAFE mode, but I couldn´t.

Sorry if this is too long, but I don´t know what is classed as too long.

Edit:
Helpers need to see the HJT log, as requested in the sticky topic I linked to here:
http://forums.spybot.info/showthread.php?t=20641 ;)

jonkay
2007-11-27, 09:55
SORRY!!!
ref. from earlier thread: http://forums.spybot.info/showthread.php?t=20679

I did step 1, I couldn´t do step 2 or 3.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:28, on 27/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe
C:\Archivos de programa\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
C:\Archivos de programa\Telefonica\KitAIM\AimMon.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NVMixerTray] "C:\Archivos de programa\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Archivos de programa\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AgenteADSL_15] C:\Archivos de programa\Telefonica\KitAIM\AimExDll.exe AimGestA.dll 7
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Archivos de programa\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.es/activescan (file missing)
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5214D4F3-096D-4A23-ABB1-F2909F59A0A2}: NameServer = 80.58.61.250 80.58.61.254
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - rundll32.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

--
End of file - 6298 bytes

shelf life
2007-12-06, 05:57
hi,

uh ohhh!

Crack WGA Validation Tool\RockXP4.exe

looks like you dont have a legit license of windows

i would get a legit copy of windows.

shelf life