PDA

View Full Version : I have lukily won trojan.win32.dialer.yz



The_Age_of_Love
2008-01-23, 21:10
I have AV nod32 and last night appeared a message that he found Trojan.Win32.dialer.yz in operative memory within an (for me unknown winelf.dll or winefl.dll) I've run a scan, he found it and than I decided to delete it.. on my fortune it was the only file that was infected with that.. but for my calm sleep I've run kaspersky online scanner and for operative memory I had 8 files infected with not-a-virus mywebsearch things and after a deep scan of My computer, I have a log.. :

KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 23, 2008 7:55:56 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/01/2008
Kaspersky Anti-Virus database records: 528211
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 71462
Number of viruses found 23
Number of infected objects 57
Number of suspicious objects 0
Duration of the scan process 01:52:56

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\05vtl514.default\cert8.db Object is locked skipped
C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\05vtl514.default\history.dat Object is locked skipped
C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\05vtl514.default\key3.db Object is locked skipped
C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\05vtl514.default\parent.lock Object is locked skipped
C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\05vtl514.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\05vtl514.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Korisnik\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Korisnik\Desktop\Webs\Log me in instal\LogMeIn.exe/data.rar/LogMeIn.msi/data.cab/LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\Documents and Settings\Korisnik\Desktop\Webs\Log me in instal\LogMeIn.exe/data.rar/LogMeIn.msi/data.cab/ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\Documents and Settings\Korisnik\Desktop\Webs\Log me in instal\LogMeIn.exe/data.rar/LogMeIn.msi/data.cab Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\Documents and Settings\Korisnik\Desktop\Webs\Log me in instal\LogMeIn.exe/data.rar/LogMeIn.msi Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\Documents and Settings\Korisnik\Desktop\Webs\Log me in instal\LogMeIn.exe/data.rar Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\Documents and Settings\Korisnik\Desktop\Webs\Log me in instal\LogMeIn.exe RarSFX: infected - 5 skipped
C:\Documents and Settings\Korisnik\Desktop\Webs\SmitFraud\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Last.fm\Client\lastfmhelper.log Object is locked skipped
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Mozilla\Firefox\Profiles\05vtl514.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Mozilla\Firefox\Profiles\05vtl514.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Mozilla\Firefox\Profiles\05vtl514.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Mozilla\Firefox\Profiles\05vtl514.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Korisnik\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Korisnik\Local Settings\History\History.IE5\MSHist012008012320080124\index.dat Object is locked skipped
C:\Documents and Settings\Korisnik\Local Settings\Temp\IH613.tmp Infected: Trojan.Win32.DNSChanger.aum skipped
C:\Documents and Settings\Korisnik\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Korisnik\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Korisnik\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\FZAHWHDA.NQF/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.eca skipped
C:\Program Files\ESET\infected\FZAHWHDA.NQF/stream Infected: Trojan-Downloader.Win32.Zlob.eca skipped
C:\Program Files\ESET\infected\FZAHWHDA.NQF NSIS: infected - 2 skipped
C:\Program Files\ESET\infected\FZAHWHDA.NQF PE-Crypt.XorPE: infected - 2 skipped
C:\Program Files\ESET\infected\RIFTMYDA.NQF Infected: Trojan.Win32.DNSChanger.aum skipped
C:\Program Files\ESET\infected\YHAWMEAA.NQF/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Program Files\ESET\infected\YHAWMEAA.NQF/WISE0015.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program Files\ESET\infected\YHAWMEAA.NQF WiseSFX: infected - 2 skipped
C:\Program Files\ESET\infected\YHAWMEAA.NQF WiseSFXDropper: infected - 2 skipped
C:\Program Files\ESET\infected\YHAWMEAA.NQF PE-Crypt.XorPE: infected - 2 skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\Program Files\EZT\dlclient.exe Infected: not-a-virus:AdWare.Win32.Eztracks.d skipped
C:\Program Files\EZT_Partner\eztracks.msi/_BF136F360708271D62F65CFA0C9681EE/_84AAEEF46094927BD36AC06864E91460 Infected: not-a-virus:AdWare.Win32.Eztracks.d skipped
C:\Program Files\EZT_Partner\eztracks.msi/_BF136F360708271D62F65CFA0C9681EE Infected: not-a-virus:AdWare.Win32.Eztracks.d skipped
C:\Program Files\EZT_Partner\eztracks.msi Embedded: infected - 2 skipped
C:\Program Files\Internet Explorer\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D5E1B739-59E0-4903-BFA5-191B67D4DABD}\RP303\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\f3PSSavr.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\d\programi\DivX Codecs\DivX 5.02 Pro sa reklamama\DivXPro502GAINBundle.exe/Gain_Trickler.exe Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
D:\d\programi\DivX Codecs\DivX 5.02 Pro sa reklamama\DivXPro502GAINBundle.exe Vise: infected - 1 skipped
D:\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
D:\mIRC\mirc.exe.bak Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.

Can anyone tell me what is the state of my computer, I've cleaned some viruses before within a help of forums so tell me if I must do anything else.. ?

Thank you, and sorry if I've put this thread on place where it shouldn't be.. I am new here :)

Shaba
2008-01-25, 12:08
Hi The_Age_of_Love and welcome to Safer Networking Forums :)

Click here (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to download HJTInstall.exe
Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Shaba
2008-01-30, 12:35
Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.