PDA

View Full Version : Bogus Warning Bug



jharreld
2006-06-18, 05:28
My PC has one of those bugs that produces pop-ups and the bogus warnings trying to get me to buy some protection software. I scanned and cleaned infected files with updated Norton Antivirus. The pop-up widows still show, but do not connect to any content. I also used Ad-Aware SE Personal and did some more cleaning. Finally, I went through the 11 step "self help" recommended from your site to remove the infections on Windows. I'm not sure if the problem's fixed yet or not, but the HJT and SmitFraudFix logs are below and the ewido report is in the next message. Any help or confirmation is greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 5:55:54 PM, on 6/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\JHH\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://news.bbc.co.uk/1/hi/world/"); (C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Web Page to askSam... - C:\Program Files\askSam\askSam6\ASAdd.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: asksam6 - {72A9B8AD-6895-422C-A3F7-F2A7A88B88DA} - C:\Program Files\askSam\askSam6\AS6_AIPP.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe





SmitFraudFix v2.61

Scan done at 15:48:25.93, Sat 06/17/2006
Run from C:\Documents and Settings\JHH\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

jharreld
2006-06-18, 05:39
The ewido report:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:24:17 PM, 6/17/2006
+ Report-Checksum: D8F65A76

+ Scan result:

:mozilla.14:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Ivwbox : Cleaned with backup
:mozilla.15:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.31:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.35:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.78:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.80:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.81:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup
:mozilla.96:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.98:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.99:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.100:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.101:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.102:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.103:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.104:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.105:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.106:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.107:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.108:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.109:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.110:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.111:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.112:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.113:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.114:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.115:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.116:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.117:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.118:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.119:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.126:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.127:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.128:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.141:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.144:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.145:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.147:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.149:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.150:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.154:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.155:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.156:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.161:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.172:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.173:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.174:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.175:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.176:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.177:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.178:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.179:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.180:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.181:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.182:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.183:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.184:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.185:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.186:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.187:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.193:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.194:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.195:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.196:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.197:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.198:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.211:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.212:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.217:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.227:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.229:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.230:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.231:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.232:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.233:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.234:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.235:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.236:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.237:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.238:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.239:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.240:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.241:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.242:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.255:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.261:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.262:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.263:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.264:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.269:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.286:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.287:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.290:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.291:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.292:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.293:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.294:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.295:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.296:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.297:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.298:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.299:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.300:C:\Documents and Settings\JHH\Application Data\Mozilla\Profiles\default\0klppmw0.slt\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
C:\Program Files\Media-Codec -> Trojan.Small : Cleaned with backup
C:\Program Files\Media-Codec\uninst.exe -> Trojan.Small : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP598\A0037577.tlb -> Downloader.Zlob.rk : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP598\A0037590.tlb -> Downloader.Zlob.rk : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP601\A0037664.exe -> Downloader.Zlob.rk : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP604\A0037782.exe -> Downloader.Zlob.rk : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP604\A0037784.tlb -> Downloader.Zlob.rk : Cleaned with backup


::Report End

pskelley
2006-06-18, 15:57
Thanks for the feedback, I did not get to see the original scan by SmitFraudFix, but I can see Downloader.Zlob.rk in your ewido which indicates the trojan was there. You are storing a lot of junk cookies in Mozilla, this information may help you with that:
http://privacy.getnetwise.org/browsing/tools/firefox1/ffdisablecookies
http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html

SmitFraudFix v2.61 is showing no infection left, ewido removed everything it located and your HJT log is clean. I would say you are good to go, but you are the one setting in front of the computer. How is it running?? Here is information you need.

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://boards.cexx.org/viewtopic.php?t=957
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

ewido is a great program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam

If all is running well, then I will wish you safe surfing:) tashi will close you in a few days.

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.