Johnathan
2010-12-27, 19:51
Hello all Trojan fighters I require your help!
Recently my computer crashed and once I restarted it, I couldn't disconnect the internet or use any admin options and all the graphics were changed (plus the background wasn't working). I decided to restart the computer on safe mode and run Norton(which is my only anti-virus). Sadly, it failed to find anything. Afterward, I restarted my computer again, but this time everything was fine. It was almost like nothing ever happened. That is when I got here and checked my computer with spybot.
It found:
Problem Kind
Microsoft.WindowsSecurityCenter_disabled 1 entries Security
Smitfraud-C.gp 3 entries Malware
Smitfraud-C.MSVPS 1 entries Trojans
Zlob.Downloader.bs 1 entries Trojans
Zlob.Downloader.vcd 1 entries Trojans
After a fix and another scan only a few of them were fixed:
Problem Kind
Smitfraud-C.gp 3 entries Malware
Smitfraud-C.MSVPS 1 entries Trojans
Zlob.Downloader.bs 1 entries Trojans
Results:
Smitfraud-C.gp: [SBI $69E2C5E3] Link (File, nothing done)
C:\Documents and Settings\Johnatan\Favorites\Error Cleaner.url
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Smitfraud-C.gp: [SBI $180C14CB] Link (File, nothing done)
C:\Documents and Settings\Johnatan\Favorites\Privacy Protector.url
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Smitfraud-C.gp: [SBI $A580ABCE] Link (File, nothing done)
C:\Documents and Settings\Johnatan\Favorites\Spyware&Malware Protection.url
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Smitfraud-C.MSVPS: [SBI $6FE8300C] Text file (File, nothing done)
C:\WINDOWS\dat.txt
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Zlob.Downloader.bs: [SBI $E8A4595B] Text file (File, nothing done)
C:\WINDOWS\rs.txt
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2010-12-27 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-10-05 Includes\Adware.sbi (*)
2010-11-30 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2010-12-14 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2010-11-30 Includes\HijackersC.sbi (*)
2010-06-02 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2010-12-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-12-14 Includes\Malware.sbi (*)
2010-12-22 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-12-14 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-12-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-12-14 Includes\Spyware.sbi (*)
2010-12-14 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-11-02 Includes\Trojans.sbi (*)
2010-12-17 Includes\TrojansC-02.sbi (*)
2010-12-16 Includes\TrojansC-03.sbi (*)
2010-12-16 Includes\TrojansC-04.sbi (*)
2010-12-21 Includes\TrojansC-05.sbi (*)
2010-12-16 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
After trying to fix the problems, this time a spybot - Search & Destroy window kept popping up. Which read:
Spybot - Search & Destroy has detected an important registry entry that has been changed
Category: System Startup global entry
Change: Value added
Entry: SpybotDeletingC8911 (usually the numbers and chars after SpybotDeleting change every time that it pops back up)
New data: cmd.exe /c del "C:\Documents and Settings\Johnathan\Favorites\SpywareMaleware Protection.url" (the url changed between the three others and it just kept spamming everyone of them)
I decided to deny change every single time since there was no info about it at all.
The image files for the tests are attached
I think that the Zlob Trojan is a Trojan that I got some years ago. Last time around Norton kept deleting it, but it kept coming right back, until it finally disappeared. I'm guessing that it has been on my computer ever since then.
I hope you guys will be able to help me get rid of these Trojans.
:thanks:
Recently my computer crashed and once I restarted it, I couldn't disconnect the internet or use any admin options and all the graphics were changed (plus the background wasn't working). I decided to restart the computer on safe mode and run Norton(which is my only anti-virus). Sadly, it failed to find anything. Afterward, I restarted my computer again, but this time everything was fine. It was almost like nothing ever happened. That is when I got here and checked my computer with spybot.
It found:
Problem Kind
Microsoft.WindowsSecurityCenter_disabled 1 entries Security
Smitfraud-C.gp 3 entries Malware
Smitfraud-C.MSVPS 1 entries Trojans
Zlob.Downloader.bs 1 entries Trojans
Zlob.Downloader.vcd 1 entries Trojans
After a fix and another scan only a few of them were fixed:
Problem Kind
Smitfraud-C.gp 3 entries Malware
Smitfraud-C.MSVPS 1 entries Trojans
Zlob.Downloader.bs 1 entries Trojans
Results:
Smitfraud-C.gp: [SBI $69E2C5E3] Link (File, nothing done)
C:\Documents and Settings\Johnatan\Favorites\Error Cleaner.url
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Smitfraud-C.gp: [SBI $180C14CB] Link (File, nothing done)
C:\Documents and Settings\Johnatan\Favorites\Privacy Protector.url
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Smitfraud-C.gp: [SBI $A580ABCE] Link (File, nothing done)
C:\Documents and Settings\Johnatan\Favorites\Spyware&Malware Protection.url
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Smitfraud-C.MSVPS: [SBI $6FE8300C] Text file (File, nothing done)
C:\WINDOWS\dat.txt
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Zlob.Downloader.bs: [SBI $E8A4595B] Text file (File, nothing done)
C:\WINDOWS\rs.txt
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2010-12-27 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-10-05 Includes\Adware.sbi (*)
2010-11-30 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2010-12-14 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2010-11-30 Includes\HijackersC.sbi (*)
2010-06-02 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2010-12-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-12-14 Includes\Malware.sbi (*)
2010-12-22 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-12-14 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-12-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-12-14 Includes\Spyware.sbi (*)
2010-12-14 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-11-02 Includes\Trojans.sbi (*)
2010-12-17 Includes\TrojansC-02.sbi (*)
2010-12-16 Includes\TrojansC-03.sbi (*)
2010-12-16 Includes\TrojansC-04.sbi (*)
2010-12-21 Includes\TrojansC-05.sbi (*)
2010-12-16 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
After trying to fix the problems, this time a spybot - Search & Destroy window kept popping up. Which read:
Spybot - Search & Destroy has detected an important registry entry that has been changed
Category: System Startup global entry
Change: Value added
Entry: SpybotDeletingC8911 (usually the numbers and chars after SpybotDeleting change every time that it pops back up)
New data: cmd.exe /c del "C:\Documents and Settings\Johnathan\Favorites\SpywareMaleware Protection.url" (the url changed between the three others and it just kept spamming everyone of them)
I decided to deny change every single time since there was no info about it at all.
The image files for the tests are attached
I think that the Zlob Trojan is a Trojan that I got some years ago. Last time around Norton kept deleting it, but it kept coming right back, until it finally disappeared. I'm guessing that it has been on my computer ever since then.
I hope you guys will be able to help me get rid of these Trojans.
:thanks: