igger
2008-12-25, 20:39
Hi,
On 12/8 I was hit with what appeared to be trojan.zlob.g
After several scans and updates from Windows (Vista), Spybot and Norton Anti-virus, I thought the problem was resolved. (No more browser re-directs.)
I then realized (or so I thought) that the problem was not resolved, and that it was still hidden in appdata>roaming>google so I just manually deleted the Google file since Norton Anti-virus and Spybot did not pick it up.
Since deleting that file, my computer gives me a warning tone (no message) upon startup. I have not experienced any problems with my computer, but I would like to resolve this issue.
I therefore looked at my Spybot Resident log starting from the date of the infection (below).
It seems to me that the problem might be related to the fact that I denied entry to "Smax4v," but that it was still apparently added in System Startup.
Your help would be greatly appreciated!
Apologies if I have posted incorrectly!
12/8/2008 12:08:07 AM Denied (based on user decision) value "Smax4v" (new data: ""C:\Users\famousB\AppData\Roaming\Google\windep.exe"") added in System Startup user entry!
12/8/2008 12:27:42 AM Denied (based on user decision) value "Smax4v" (new data: ""C:\Users\famousB\AppData\Roaming\Google\windep.exe"") added in System Startup user entry!
12/8/2008 12:53:31 AM Denied (based on user decision) value "Smax4v" (new data: ""C:\Users\famousB\AppData\Roaming\Google\windep.exe"") added in System Startup user entry!
12/8/2008 1:18:47 AM Denied (based on user blacklist) value "Smax4v" (new data: ""C:\Users\famousB\AppData\Roaming\Google\windep.exe"") added in System Startup user entry!
12/8/2008 1:34:16 AM Denied (based on user blacklist) value "Smax4v" (new data: ""C:\Users\famousB\AppData\Roaming\Google\windep.exe"") added in System Startup user entry!
12/8/2008 1:47:04 AM Denied (based on user blacklist) value "Smax4v" (new data: ""C:\Users\famousB\AppData\Roaming\Google\windep.exe"") added in System Startup user entry!
12/8/2008 1:59:41 AM Denied (based on user blacklist) value "Smax4v" (new data: ""C:\Users\famousB\AppData\Roaming\Google\windep.exe"") added in System Startup user entry!
12/8/2008 2:12:16 AM Denied (based on user blacklist) value "Smax4v" (new data: ""C:\Users\famousB\AppData\Roaming\Google\windep.exe"") added in System Startup user entry!
12/8/2008 2:24:58 AM Denied (based on user blacklist) value "Smax4v" (new data: ""C:\Users\famousB\AppData\Roaming\Google\windep.exe"") added in System Startup user entry!
12/8/2008 2:37:31 AM Denied (based on user blacklist) value "Smax4v" (new data: ""C:\Users\famousB\AppData\Roaming\Google\windep.exe"") added in System Startup user entry!
12/9/2008 11:28:23 PM Denied (based on user decision) value "WinDNS" (new data: ""C:\Users\famousB\AppData\Roaming\Google\windsn.exe" 2") added in System Startup user entry!
12/23/2008 8:54:06 PM Allowed (based on user decision) value "SunJavaUpdateSched" (new data: "") deleted in System Startup global entry!
12/23/2008 8:55:22 PM Allowed (based on user decision) value "{8AD9C840-044E-11D1-B3E9-00805F499D93}" (new data: "") deleted in ActiveX Distribution Unit!
12/23/2008 8:55:27 PM Allowed (based on user decision) value "{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}" (new data: "") deleted in ActiveX Distribution Unit!
12/23/2008 8:55:32 PM Allowed (based on user decision) value "{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" (new data: "") deleted in ActiveX Distribution Unit!
12/23/2008 8:57:23 PM Allowed (based on user decision) value "SunJavaUpdateSched" (new data: ""C:\Program Files\Java\jre6\bin\jusched.exe"") added in System Startup global entry!
12/23/2008 8:57:25 PM Allowed (based on user decision) value "{8AD9C840-044E-11D1-B3E9-00805F499D93}" (new data: "") added in ActiveX Distribution Unit!
12/23/2008 8:57:29 PM Allowed (based on user decision) value "{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}" (new data: "") added in ActiveX Distribution Unit!
12/23/2008 8:57:30 PM Allowed (based on user decision) value "{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" (new data: "") added in ActiveX Distribution Unit!
On 12/8 I was hit with what appeared to be trojan.zlob.g
After several scans and updates from Windows (Vista), Spybot and Norton Anti-virus, I thought the problem was resolved. (No more browser re-directs.)
I then realized (or so I thought) that the problem was not resolved, and that it was still hidden in appdata>roaming>google so I just manually deleted the Google file since Norton Anti-virus and Spybot did not pick it up.
Since deleting that file, my computer gives me a warning tone (no message) upon startup. I have not experienced any problems with my computer, but I would like to resolve this issue.
I therefore looked at my Spybot Resident log starting from the date of the infection (below).
It seems to me that the problem might be related to the fact that I denied entry to "Smax4v," but that it was still apparently added in System Startup.
Your help would be greatly appreciated!
Apologies if I have posted incorrectly!
12/8/2008 12:08:07 AM Denied (based on user decision) value "Smax4v" (new data: ""C:\Users\famousB\AppData\Roaming\Google\windep.exe"") added in System Startup user entry!
12/8/2008 12:27:42 AM Denied (based on user decision) value "Smax4v" (new data: ""C:\Users\famousB\AppData\Roaming\Google\windep.exe"") added in System Startup user entry!
12/8/2008 12:53:31 AM Denied (based on user decision) value "Smax4v" (new data: ""C:\Users\famousB\AppData\Roaming\Google\windep.exe"") added in System Startup user entry!
12/8/2008 1:18:47 AM Denied (based on user blacklist) value "Smax4v" (new data: ""C:\Users\famousB\AppData\Roaming\Google\windep.exe"") added in System Startup user entry!
12/8/2008 1:34:16 AM Denied (based on user blacklist) value "Smax4v" (new data: ""C:\Users\famousB\AppData\Roaming\Google\windep.exe"") added in System Startup user entry!
12/8/2008 1:47:04 AM Denied (based on user blacklist) value "Smax4v" (new data: ""C:\Users\famousB\AppData\Roaming\Google\windep.exe"") added in System Startup user entry!
12/8/2008 1:59:41 AM Denied (based on user blacklist) value "Smax4v" (new data: ""C:\Users\famousB\AppData\Roaming\Google\windep.exe"") added in System Startup user entry!
12/8/2008 2:12:16 AM Denied (based on user blacklist) value "Smax4v" (new data: ""C:\Users\famousB\AppData\Roaming\Google\windep.exe"") added in System Startup user entry!
12/8/2008 2:24:58 AM Denied (based on user blacklist) value "Smax4v" (new data: ""C:\Users\famousB\AppData\Roaming\Google\windep.exe"") added in System Startup user entry!
12/8/2008 2:37:31 AM Denied (based on user blacklist) value "Smax4v" (new data: ""C:\Users\famousB\AppData\Roaming\Google\windep.exe"") added in System Startup user entry!
12/9/2008 11:28:23 PM Denied (based on user decision) value "WinDNS" (new data: ""C:\Users\famousB\AppData\Roaming\Google\windsn.exe" 2") added in System Startup user entry!
12/23/2008 8:54:06 PM Allowed (based on user decision) value "SunJavaUpdateSched" (new data: "") deleted in System Startup global entry!
12/23/2008 8:55:22 PM Allowed (based on user decision) value "{8AD9C840-044E-11D1-B3E9-00805F499D93}" (new data: "") deleted in ActiveX Distribution Unit!
12/23/2008 8:55:27 PM Allowed (based on user decision) value "{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}" (new data: "") deleted in ActiveX Distribution Unit!
12/23/2008 8:55:32 PM Allowed (based on user decision) value "{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" (new data: "") deleted in ActiveX Distribution Unit!
12/23/2008 8:57:23 PM Allowed (based on user decision) value "SunJavaUpdateSched" (new data: ""C:\Program Files\Java\jre6\bin\jusched.exe"") added in System Startup global entry!
12/23/2008 8:57:25 PM Allowed (based on user decision) value "{8AD9C840-044E-11D1-B3E9-00805F499D93}" (new data: "") added in ActiveX Distribution Unit!
12/23/2008 8:57:29 PM Allowed (based on user decision) value "{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}" (new data: "") added in ActiveX Distribution Unit!
12/23/2008 8:57:30 PM Allowed (based on user decision) value "{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" (new data: "") added in ActiveX Distribution Unit!