rbakker
2011-05-27, 09:54
About a week ago my ESET NOD32 Security Center started recognizing a trojan/rootkit called Win32/Olmarik.AJL trojan. It showed it once before, about a month ago, and I could not clean it. It showed up for another 2 days but because of my busy schedule I did not do anything about it and left it. It dissapeared after these 2 days. Now it has shown up again.
28-4-2011 0:42:03 Startup scanner boot sector MBR sector of the 0. physical disk Win32/Olmarik.AJL trojan
and one timestamped today
26-5-2011 13:03:12 Startup scanner boot sector MBR sector of the 0. physical disk Win32/Olmarik.AJL trojan
Now normally I never get any virusses as I always watch out with what I download and what I do on the internet. I have a clue though about how it got on my pc; a friend came by with a portable harddisk; it might have infected my pc.
I quit playing World of Warcraft about 2 months ago and hadn't logged into my account anymore. I had been receiving phishing e-mails for ages, so naturally I wasn't that scared of anything happening. I had been playing since 2006, and never got hacked.
Now today, I checked my e-mail. In the email was a, what I thought was at first glance another phishing scam. On further inspection, I noticed this was actually an e-mail sent in reply to an e-mail sent from MY hotmail account. I checked my SENT folder and there it was. An e-mail sent by a hacker, to the account and billing support asking for a reset of the password/secret question.
That's when I got scared. I tried to log in to my account, password did not work. I tried to recover the password, the secret question had been altered and did not work either.
The fact that the WoW account has been compromised I don't really care about. But apparently someone has the login details to my e-mail account, logged in on it, and sent an e-mail; so there is probably some kind of key or type logger on my pc recording everything I do. I also use internet banking and I use an e-mail account directly linked to the one compromised for my business containing confidential business matters.
As you can imagine I need this cleaned quickly.
DDS log:
DDS (Ver_2011-05-26.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_25
Run by Besproken at 1:34:10 on 2011-05-27
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.1024.116 [GMT 2:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Ati2evxx.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [<NO NAME>]
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
mRun: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
mRun: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15114/CTPID.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SoundMan] SOUNDMAN.EXE
mRun-x64: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
mRun-x64: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
mRun-x64: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Besproken\AppData\Roaming\Mozilla\Firefox\Profiles\rixs8576.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ig
FF - component: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn\components\WCFirefoxExtn.dll
FF - component: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]
S3 COMMONFX;COMMONFX;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]
.
=============== Created Last 30 ================
.
2011-05-26 23:20:37 -------- d-----w- C:\Users\Besproken\AppData\Local\HP
2011-05-26 23:10:38 -------- d-----w- C:\ProgramData\WEBREG
2011-05-26 22:53:08 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2011-05-26 22:52:38 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2011-05-26 22:48:20 -------- d-----w- C:\Program Files (x86)\HP
2011-05-26 22:37:21 642360 ----a-w- C:\Windows\System32\hpzids40.dll
2011-05-26 22:37:21 551424 ----a-w- C:\Windows\System32\hppldcoi.dll
2011-05-26 22:37:20 938496 ----a-w- C:\Windows\System32\hpowiax7.dll
2011-05-26 22:37:20 740864 ----a-w- C:\Windows\System32\hpotscl6.dll
2011-05-26 22:37:20 505344 ----a-w- C:\Windows\System32\hpovst15.dll
2011-05-25 08:30:36 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-24 15:40:59 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-24 15:40:59 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-24 09:53:54 8718160 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EB940CA3-8DC7-4013-8A44-543C1CF1F973}\mpengine.dll
2011-05-18 10:01:19 -------- d-----w- C:\Users\Besproken\AppData\Local\{0FF6C0D7-311B-4238-B320-9BABE57D070F}
2011-05-17 09:35:58 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-17 01:04:56 -------- d-----w- C:\Program Files (x86)\MoTeC
2011-05-15 20:03:10 -------- d-----w- C:\Users\Besproken\AppData\Roaming\MoTeC
2011-05-15 17:21:33 -------- d-----w- C:\ProgramData\Trymedia
2011-05-15 17:18:16 -------- d-----w- C:\Program Files (x86)\CTDP ChampionshipTrackManager
2011-05-15 17:10:17 227485 ----a-w- C:\Windows\rFactor Data Acquisition Plugin Uninstaller.exe.bak
2011-05-15 17:09:08 -------- d-----w- C:\Program Files\MoTeC
2011-05-15 17:08:34 -------- d-----w- C:\MoTeC
2011-05-15 17:08:24 -------- d-----w- C:\ProgramData\MoTeC
2011-05-15 17:06:08 -------- d-----w- C:\Users\Besproken\AppData\Local\Downloaded Installations
2011-05-15 17:02:45 224725 ----a-w- C:\Windows\rFactor Data Acquisition Plugin Uninstaller.exe
2011-05-15 17:02:44 -------- d-----w- C:\Program Files (x86)\Common Files\Thraex Software
2011-05-15 16:50:39 -------- d-----w- C:\Program Files (x86)\rFactor
2011-05-15 16:25:22 -------- d-----w- C:\Users\Besproken\AppData\Local\Logitech
2011-05-15 16:23:38 -------- d-----w- C:\Program Files\Common Files\Logitech
2011-05-15 16:23:37 -------- d-----w- C:\Program Files\Logitech
2011-05-14 20:20:07 -------- d-----w- C:\Program Files (x86)\Infogrames
2011-05-14 20:19:49 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2011-05-13 09:27:11 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-13 09:27:03 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-13 09:27:01 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-08 21:38:46 -------- d-----w- C:\Program Files\BOINC
2011-05-08 21:38:45 -------- d-----w- C:\ProgramData\BOINC
2011-05-08 21:36:56 -------- d-----w- C:\Windows\Downloaded Installations
2011-04-29 07:48:03 -------- d-----w- C:\Users\Besproken\AppData\Local\{443B7ED1-146D-4192-B543-78076EAB1178}
2011-04-27 12:31:04 2870272 ----a-w- C:\Windows\explorer.exe
2011-04-27 12:31:03 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-04-27 12:31:01 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-04-27 12:31:01 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
.
==================== Find3M ====================
.
2011-05-24 09:50:54 78848 ----a-w- C:\Windows\KMSEmulator.exe
2011-05-15 21:42:31 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-05-14 10:25:34 2828 --sha-w- C:\ProgramData\KGyGaAvL.sys
2011-03-25 11:13:40 999088 ----a-w- C:\Windows\boinc.scr
2011-03-11 06:23:13 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:23:06 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:23:06 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:23:06 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:23:00 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:22:41 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:22:40 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:18:20 2566144 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:15:54 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:39:35 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:37:34 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-07 02:08:13 93552 ----a-w- C:\Windows\SysWow64\ElbyCDIO.dll
2011-03-07 00:52:09 134512 ----a-w- C:\Windows\SysWow64\ElbyVCD.dll
2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 1:40:26,93 ===============
attach.zip is included.
I am currently still running nod32 scan and spybot S&D, which should be finished tomorrow-morning. Now I need to sleep. Have lots of work to do in the morning.
I have notification on and will reply immediately to any response during the day.
Thank you in advance for any help you can give.
Spybot S&D scan found these:
Doubleclick
Fastclick
Mediaplex
Right Media
Tradedoubler
ESET scan found 2 threats:
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4V133ENW\icvrm[1].exe - a variant of Win32/Olmarik.AOG trojan - cleaned by deleting - quarantined [1]
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ERKQ1D8P\telnet[1].exe - Win32/TrojanDownloader.FakeAlert.BBT trojan - cleaned by deleting - quarantined [1]
I am however still getting the startup scan Win32/Olmarik.ajl trojan/rootkit alert, as in my above post.
Please advise on how to proceed
I'd like to add these are all tracking cookies (Spybot scan)
28-4-2011 0:42:03 Startup scanner boot sector MBR sector of the 0. physical disk Win32/Olmarik.AJL trojan
and one timestamped today
26-5-2011 13:03:12 Startup scanner boot sector MBR sector of the 0. physical disk Win32/Olmarik.AJL trojan
Now normally I never get any virusses as I always watch out with what I download and what I do on the internet. I have a clue though about how it got on my pc; a friend came by with a portable harddisk; it might have infected my pc.
I quit playing World of Warcraft about 2 months ago and hadn't logged into my account anymore. I had been receiving phishing e-mails for ages, so naturally I wasn't that scared of anything happening. I had been playing since 2006, and never got hacked.
Now today, I checked my e-mail. In the email was a, what I thought was at first glance another phishing scam. On further inspection, I noticed this was actually an e-mail sent in reply to an e-mail sent from MY hotmail account. I checked my SENT folder and there it was. An e-mail sent by a hacker, to the account and billing support asking for a reset of the password/secret question.
That's when I got scared. I tried to log in to my account, password did not work. I tried to recover the password, the secret question had been altered and did not work either.
The fact that the WoW account has been compromised I don't really care about. But apparently someone has the login details to my e-mail account, logged in on it, and sent an e-mail; so there is probably some kind of key or type logger on my pc recording everything I do. I also use internet banking and I use an e-mail account directly linked to the one compromised for my business containing confidential business matters.
As you can imagine I need this cleaned quickly.
DDS log:
DDS (Ver_2011-05-26.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_25
Run by Besproken at 1:34:10 on 2011-05-27
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.1024.116 [GMT 2:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Ati2evxx.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [<NO NAME>]
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
mRun: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
mRun: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15114/CTPID.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SoundMan] SOUNDMAN.EXE
mRun-x64: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
mRun-x64: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
mRun-x64: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Besproken\AppData\Roaming\Mozilla\Firefox\Profiles\rixs8576.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ig
FF - component: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn\components\WCFirefoxExtn.dll
FF - component: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]
S3 COMMONFX;COMMONFX;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]
.
=============== Created Last 30 ================
.
2011-05-26 23:20:37 -------- d-----w- C:\Users\Besproken\AppData\Local\HP
2011-05-26 23:10:38 -------- d-----w- C:\ProgramData\WEBREG
2011-05-26 22:53:08 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2011-05-26 22:52:38 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2011-05-26 22:48:20 -------- d-----w- C:\Program Files (x86)\HP
2011-05-26 22:37:21 642360 ----a-w- C:\Windows\System32\hpzids40.dll
2011-05-26 22:37:21 551424 ----a-w- C:\Windows\System32\hppldcoi.dll
2011-05-26 22:37:20 938496 ----a-w- C:\Windows\System32\hpowiax7.dll
2011-05-26 22:37:20 740864 ----a-w- C:\Windows\System32\hpotscl6.dll
2011-05-26 22:37:20 505344 ----a-w- C:\Windows\System32\hpovst15.dll
2011-05-25 08:30:36 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-24 15:40:59 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-24 15:40:59 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-24 09:53:54 8718160 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EB940CA3-8DC7-4013-8A44-543C1CF1F973}\mpengine.dll
2011-05-18 10:01:19 -------- d-----w- C:\Users\Besproken\AppData\Local\{0FF6C0D7-311B-4238-B320-9BABE57D070F}
2011-05-17 09:35:58 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-17 01:04:56 -------- d-----w- C:\Program Files (x86)\MoTeC
2011-05-15 20:03:10 -------- d-----w- C:\Users\Besproken\AppData\Roaming\MoTeC
2011-05-15 17:21:33 -------- d-----w- C:\ProgramData\Trymedia
2011-05-15 17:18:16 -------- d-----w- C:\Program Files (x86)\CTDP ChampionshipTrackManager
2011-05-15 17:10:17 227485 ----a-w- C:\Windows\rFactor Data Acquisition Plugin Uninstaller.exe.bak
2011-05-15 17:09:08 -------- d-----w- C:\Program Files\MoTeC
2011-05-15 17:08:34 -------- d-----w- C:\MoTeC
2011-05-15 17:08:24 -------- d-----w- C:\ProgramData\MoTeC
2011-05-15 17:06:08 -------- d-----w- C:\Users\Besproken\AppData\Local\Downloaded Installations
2011-05-15 17:02:45 224725 ----a-w- C:\Windows\rFactor Data Acquisition Plugin Uninstaller.exe
2011-05-15 17:02:44 -------- d-----w- C:\Program Files (x86)\Common Files\Thraex Software
2011-05-15 16:50:39 -------- d-----w- C:\Program Files (x86)\rFactor
2011-05-15 16:25:22 -------- d-----w- C:\Users\Besproken\AppData\Local\Logitech
2011-05-15 16:23:38 -------- d-----w- C:\Program Files\Common Files\Logitech
2011-05-15 16:23:37 -------- d-----w- C:\Program Files\Logitech
2011-05-14 20:20:07 -------- d-----w- C:\Program Files (x86)\Infogrames
2011-05-14 20:19:49 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2011-05-13 09:27:11 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-13 09:27:03 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-13 09:27:01 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-08 21:38:46 -------- d-----w- C:\Program Files\BOINC
2011-05-08 21:38:45 -------- d-----w- C:\ProgramData\BOINC
2011-05-08 21:36:56 -------- d-----w- C:\Windows\Downloaded Installations
2011-04-29 07:48:03 -------- d-----w- C:\Users\Besproken\AppData\Local\{443B7ED1-146D-4192-B543-78076EAB1178}
2011-04-27 12:31:04 2870272 ----a-w- C:\Windows\explorer.exe
2011-04-27 12:31:03 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-04-27 12:31:01 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-04-27 12:31:01 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
.
==================== Find3M ====================
.
2011-05-24 09:50:54 78848 ----a-w- C:\Windows\KMSEmulator.exe
2011-05-15 21:42:31 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-05-14 10:25:34 2828 --sha-w- C:\ProgramData\KGyGaAvL.sys
2011-03-25 11:13:40 999088 ----a-w- C:\Windows\boinc.scr
2011-03-11 06:23:13 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:23:06 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:23:06 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:23:06 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:23:00 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:22:41 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:22:40 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:18:20 2566144 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:15:54 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:39:35 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:37:34 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-07 02:08:13 93552 ----a-w- C:\Windows\SysWow64\ElbyCDIO.dll
2011-03-07 00:52:09 134512 ----a-w- C:\Windows\SysWow64\ElbyVCD.dll
2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 1:40:26,93 ===============
attach.zip is included.
I am currently still running nod32 scan and spybot S&D, which should be finished tomorrow-morning. Now I need to sleep. Have lots of work to do in the morning.
I have notification on and will reply immediately to any response during the day.
Thank you in advance for any help you can give.
Spybot S&D scan found these:
Doubleclick
Fastclick
Mediaplex
Right Media
Tradedoubler
ESET scan found 2 threats:
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4V133ENW\icvrm[1].exe - a variant of Win32/Olmarik.AOG trojan - cleaned by deleting - quarantined [1]
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ERKQ1D8P\telnet[1].exe - Win32/TrojanDownloader.FakeAlert.BBT trojan - cleaned by deleting - quarantined [1]
I am however still getting the startup scan Win32/Olmarik.ajl trojan/rootkit alert, as in my above post.
Please advise on how to proceed
I'd like to add these are all tracking cookies (Spybot scan)