dalfish
2010-10-30, 19:33
Dear Friends,
I got infected with 177 malware items. I just tried to download opensuse11.3 from mirrorackspace.com. So i cleaned the 170 infections with Spybot. When i run the spybot the items now detected are
MS Office 12.0 (Excel): [SBI $546355D5] Recent Cartel List (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1953444363-2538418381-4065474521-1000\Software\Microsoft\Office\12.0\Excel\File MRU
MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1953444363-2538418381-4065474521-1000\Software\Microsoft\Office\12.0\Word\File MRU
Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1953444363-2538418381-4065474521-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (28 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1953444363-2538418381-4065474521-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1953444363-2538418381-4065474521-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Cache: [SBI $49804B54] Cache (7) (Cache, nothing done)
History: [SBI $49804B54] History (4) (History, nothing done)
Congratulations!: No immediate threats were found. (Status)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-10-11 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-09-07 advcheck.dll (1.6.4.18)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-02-17 Includes\Adware (2).sbi (*)
2010-06-29 Includes\Adware.sbi (*)
2010-03-02 Includes\AdwareC (2).sbi (*)
2010-10-12 Includes\AdwareC.sbi (*)
2010-01-25 Includes\Cookies (2).sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer (2).sbi (*)
2010-09-22 Includes\Dialer.sbi (*)
2010-03-02 Includes\DialerC (2).sbi (*)
2010-10-12 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty (2).sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers (2).sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-03-02 Includes\HijackersC (2).sbi (*)
2010-10-12 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-01-20 Includes\Keyloggers (2).sbi (*)
2010-08-02 Includes\Keyloggers.sbi (*)
2010-03-02 Includes\KeyloggersC (2).sbi (*)
2010-10-12 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP (2).sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-03-02 Includes\Malware (2).sbi (*)
2010-09-13 Includes\Malware.sbi (*)
2010-03-02 Includes\MalwareC (2).sbi (*)
2010-10-19 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS (2).sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-03-02 Includes\PUPSC (2).sbi (*)
2010-10-12 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision (2).sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security (2).sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-03-02 Includes\SecurityC (2).sbi (*)
2010-10-12 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots (2).sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC (2).sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-03-02 Includes\Spyware (2).sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-03-02 Includes\SpywareC (2).sbi (*)
2010-10-12 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks (2).uti (*)
2010-03-08 Includes\Tracks.uti
2010-03-03 Includes\Trojans (2).sbi (*)
2010-08-04 Includes\Trojans.sbi (*)
2010-03-03 Includes\TrojansC (2).sbi (*)
2010-10-12 Includes\TrojansC-02.sbi (*)
2010-10-12 Includes\TrojansC-03.sbi (*)
2010-10-12 Includes\TrojansC-04.sbi (*)
2010-10-20 Includes\TrojansC-05.sbi (*)
2010-10-12 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
The windows explorer is not removed rest of all are removed by spybot Spybot asks for a startup scan. i have done that but the items detected wont show up Instead Spybot windows show 3 detected at the bottom left side. Spybot dialog box say it is resident in the memory. How to remove the no 6 item called the windows explorer
Could not get the DDS log as got this message when did so
(new) ERR (3) Freshdownload could not take over the download! Click back button to return to normal mode. Please Help us
Regards
Dalfish
I got infected with 177 malware items. I just tried to download opensuse11.3 from mirrorackspace.com. So i cleaned the 170 infections with Spybot. When i run the spybot the items now detected are
MS Office 12.0 (Excel): [SBI $546355D5] Recent Cartel List (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1953444363-2538418381-4065474521-1000\Software\Microsoft\Office\12.0\Excel\File MRU
MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1953444363-2538418381-4065474521-1000\Software\Microsoft\Office\12.0\Word\File MRU
Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1953444363-2538418381-4065474521-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (28 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1953444363-2538418381-4065474521-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1953444363-2538418381-4065474521-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Cache: [SBI $49804B54] Cache (7) (Cache, nothing done)
History: [SBI $49804B54] History (4) (History, nothing done)
Congratulations!: No immediate threats were found. (Status)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-10-11 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-09-07 advcheck.dll (1.6.4.18)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-02-17 Includes\Adware (2).sbi (*)
2010-06-29 Includes\Adware.sbi (*)
2010-03-02 Includes\AdwareC (2).sbi (*)
2010-10-12 Includes\AdwareC.sbi (*)
2010-01-25 Includes\Cookies (2).sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer (2).sbi (*)
2010-09-22 Includes\Dialer.sbi (*)
2010-03-02 Includes\DialerC (2).sbi (*)
2010-10-12 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty (2).sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers (2).sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-03-02 Includes\HijackersC (2).sbi (*)
2010-10-12 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-01-20 Includes\Keyloggers (2).sbi (*)
2010-08-02 Includes\Keyloggers.sbi (*)
2010-03-02 Includes\KeyloggersC (2).sbi (*)
2010-10-12 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP (2).sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-03-02 Includes\Malware (2).sbi (*)
2010-09-13 Includes\Malware.sbi (*)
2010-03-02 Includes\MalwareC (2).sbi (*)
2010-10-19 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS (2).sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-03-02 Includes\PUPSC (2).sbi (*)
2010-10-12 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision (2).sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security (2).sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-03-02 Includes\SecurityC (2).sbi (*)
2010-10-12 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots (2).sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC (2).sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-03-02 Includes\Spyware (2).sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-03-02 Includes\SpywareC (2).sbi (*)
2010-10-12 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks (2).uti (*)
2010-03-08 Includes\Tracks.uti
2010-03-03 Includes\Trojans (2).sbi (*)
2010-08-04 Includes\Trojans.sbi (*)
2010-03-03 Includes\TrojansC (2).sbi (*)
2010-10-12 Includes\TrojansC-02.sbi (*)
2010-10-12 Includes\TrojansC-03.sbi (*)
2010-10-12 Includes\TrojansC-04.sbi (*)
2010-10-20 Includes\TrojansC-05.sbi (*)
2010-10-12 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
The windows explorer is not removed rest of all are removed by spybot Spybot asks for a startup scan. i have done that but the items detected wont show up Instead Spybot windows show 3 detected at the bottom left side. Spybot dialog box say it is resident in the memory. How to remove the no 6 item called the windows explorer
Could not get the DDS log as got this message when did so
(new) ERR (3) Freshdownload could not take over the download! Click back button to return to normal mode. Please Help us
Regards
Dalfish