PDA

View Full Version : Packed.Win32.Klone.g, Trojan.Win32.Agent.vg, Trojan-Agent.TEX TrojanTrojan.Winlogon



OSURico112
2006-10-20, 04:38
Ran Counterspy and came up with these Trojans...

-Packed.Win32.Klone.g
-Trojan.Win32.Agent.vg
-Trojan-Agent.TEX
-Trojan.WinlogonHook.Delf.A

They are always detected and i always try remove or quarantine remove, but they always reappear. I've done the steps posted and tried Spybot to no avail. Here are my logs...

HiJackTHis Log

Logfile of HijackThis v1.99.1
Scan saved at 9:29:10 PM, on 10/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\ccxgui\ccXservice.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ccxgui\ccxstream.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1135890229\ee\AOLSoftware.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.alienware.com/Mothership?Comp=AWC&SysCode=PC-AREA51-5500-R2&ai=636E3D33323839353626706F3D504F2D33343835353841
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.alienware.com/Mothership?Comp=AWC&SysCode=PC-AREA51-5500-R2&ai=636E3D33323839353626706F3D504F2D33343835353841
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {348FE907-249E-4C65-A838-F34A193FE1D1} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135890229\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: windmi32 - windmi32.dll (file missing)
O20 - Winlogon Notify: winhab32 - winhab32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ccXgui - [XC]D-Ice - C:\Program Files\ccxgui\ccXservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

OSURico112
2006-10-20, 04:40
Online Scan through Panda Scan..

Incident Status Location

Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{2031A833-0D48-1033-0430-051116040001}\Services.dll
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{2031A833-0D48-1033-0430-051116040001}\Update.exe
Adware:Adware/UltimateDefender Not disinfected C:\WINDOWS\system32\windmi32.dll
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Eric\Start Menu\Programs\Startup\PowerReg Scheduler.exe
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.com.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.azjmp.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.advertising.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.bfast.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.overture.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[stats.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.ehg-dig.hitbox.com/]

OSURico112
2006-10-20, 04:41
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.go.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.target.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.ehg.hitbox.com/]
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.adviva.net/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\by3436yg.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Eric\Cookies\eric@112.2o7[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Eric\Cookies\eric@ath.belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Eric\Cookies\eric@atwola[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Eric\Cookies\eric@banner[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Eric\Cookies\eric@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Eric\Cookies\eric@dist.belnk[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Eric\Cookies\eric@go[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Eric\Cookies\eric@mediaplex[1].txt
Adware:Adware/ClockSync Not disinfected C:\Documents and Settings\Eric\Desktop\bsplayer139.829.exe[VVSNInst.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Eric\Desktop\SmitfraudFix\Process.exe
Adware:Adware/PrintView Not disinfected C:\Documents and Settings\Eric\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\F754C810-D093-474C-B13C-1861BD\1356483B-FEE7-4713-8284-0F2D00
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Eric\Local Settings\Temporary Internet Files\Content.IE5\7EDBTL4E\mulbin32[1].exe
Adware:Adware/PrintView Not disinfected C:\Documents and Settings\Eric\Local Settings\Temporary Internet Files\Content.IE5\8PI3UZ2X\124[1].net
Adware:Adware/Adservice Not disinfected C:\Documents and Settings\Eric\Local Settings\Temporary Internet Files\Content.IE5\8PI3UZ2X\antzom[1].exe
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\Eric\Local Settings\Temporary Internet Files\Content.IE5\IK1IEDMD\wlzip32[1].exe
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Eric\Local Settings\Temporary Internet Files\Content.IE5\SB6PAB69\mulbin32[1].exe
Adware:Adware/YazzleSudoku Not disinfected C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
Adware:Adware/YazzleSudoku Not disinfected C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{3031A833-0D48-1033-0430-051116040001}\Activate.exe
Adware:Adware/DollarRevenue Not disinfected C:\Program Files\Common Files\{3031A833-0D48-1033-0430-051116040001}\Uninst.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Adware:Adware/YazzleSudoku Not disinfected C:\WINDOWS\Temp\b116.exe
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\Temp\b122.exe[mc-0-0-0.exe][²ÜÇ\nsProcess.dll]
Adware:Adware/PCodec Not disinfected C:\WINDOWS\Temp\b122.exe[²ÜÇ\nsRandom.dll]
Adware:Adware/PrintView Not disinfected C:\WINDOWS\Temp\b124.exe
Adware:Adware/Adservice Not disinfected C:\WINDOWS\Temp\mst795D.tmp
Adware:Adware/Adservice Not disinfected C:\WINDOWS\Temp\mst8634.tmp
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\Temp\nsgB7FF.tmp\nsProcess.dll
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\Temp\win7909.tmp.exe
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\Temp\win85CD.tmp.exe
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\Temp\winB105.tmp.exe
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\Temp\winB6FE.tmp.exe
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\Temp\winB7FB.tmp.exe

OSURico112
2006-10-20, 04:46
Just incase this may be helpful here is the counterspy log file for the virii. I did detect smitfraud at one point in time but used the fix to remove it or so it appears. I have noticed that tex trojan was new today it never appeared on the scan yesterday.


Spyware Scan Details
Start Date: 10/19/2006 2:00:15 AM
End Date: 10/19/2006 3:03:32 AM
Total Time: 1 hrs 3 mins 17 secs

Detected spyware

Packed.Win32.Klone.g Trojan more information...
Status: Quarantined

Infected files detected
c:\windows\temp\win13.tmp
c:\windows\temp\wina.tmp


Trojan.Win32.Agent.vg Trojan more information...
Status: Quarantined

Infected files detected
C:\Documents and Settings\Eric\Local Settings\Temporary Internet Files\Content.IE5\8PI3UZ2X\antzom[1].exe
C:\WINDOWS\system32\windmi32.dll


Trojan-Agent.TEX Trojan more information...
Status: Deleted

Infected files detected
C:\WINDOWS\Temp\mst795D.tmp
C:\WINDOWS\Temp\mst8634.tmp


Trojan.WinlogonHook.Delf.A Trojan more information...
Details: WinlogonHook.Delf.A is a backdoor trojan that gives an attacker the ability to control the infected machine without the user's knowledge.
Status: Quarantined

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Brnd 779
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR PSTV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SSTV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SCLIST
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SSLIST
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Data 156429040
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR LSTV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR BSTV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR MSLIST
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR BPTV 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR PID 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Rid 203
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR LID 52

OSURico112
2006-10-20, 05:28
Sorry for the super long post from panda scan, one of the trojans happens to be a adware downloader and apparently continues to download. I've tried so many different types of removals. Using safe mode and scanning with Counterspy, Adaware, Spybot, the trojans always remain.

LonnyRJones
2006-10-25, 17:42
Welcome to the forum

Post a combofix log
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.

tashi
2006-10-30, 17:50
This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.