Help--infected with Smitfraud-C and Zeno Search

Hi

Kaspersky findings will get deleted when you reset system restore and remove the used tools. Instructions for both below.


Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis



Now lets uninstall ComboFix:
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

Next we remove all used tools.

Please download OTMoveIt2 and save it to desktop.
  • Double-click OTMoveIt2.exe.
  • Click the CleanUp! button.
  • Select Yes when the
    Begin cleanup Process?
    prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet, please allow it to do so.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says
    The J2SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

  • Comodo BOCLEAN <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
  • Download SpywareBlaster
    Spyware blaster is a program that stops known malicious activex controls from installing on your computer. It works by changing settings in your registry. It makes
    kill bits
    in the registry, so that certain activex controls can't install.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster here here
    SpywareBlaster tutorial
  • Download iespyad
    It puts many bad webpages on your restricted zones list. This means that you can still view the
    bad
    webpages, but the webpages cannot do certain things (such as use javascripts and cookies).
    If you need help understanding how it works, there is a tutorial here
    Download it here
  • hosts file:
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. [*]Click the start button (at the lower left hand corner of your screen) [*]Click run [*]In the dialog box, type services.msc [*]hit enter, then locate dns client [*]Highlight it, then double-click it. [*]On the dropdown box, change the setting from automatic to manual. [*]Click ok

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.
    See here to choose one if your McAfee doesn't contain a firewall.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Run the spybot and adaware regularly. (Once or twice a week minimum.)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:
 
A question before I go further...

Hi-

Yes, the pop-ups that were attacking my computer have totally stopped! Thanks, I can't tell you how much I appreciate it! I will follow the instructions in your last post, but first I have a question.

I have an external hard drive where I keep most of the data that I use on this computer (I don't keep much on the computer's hard drive). I also have a flash drive that has a lot of data on it. Is there any way I can make sure that none of the bad stuff got into the external hard drive and flash drive? I didn't have them connected when I was following the repair steps you gave me. I want to make sure that the problems don't come back when I connect one or both of those drives to the computer.

Thanks,
George
 
Hi

Scan those drives with Kaspersky online scanner. I think you can plug them in the system now :)
 
Strange problem with Kaspersky...

Hi-
I attempted to run the Kaspersky scanner as you said in your last post (with my flash drive and external hard drive plugged in), but I got the following message: "You need to install Java version 1.5 or later to run Kaspersky Online Scanner."

I'm not sure why that is...as you know, I ran Kaspersky several times while you were helping me with my original problem. I tried to download Java 1.5 through the link on Kaspersky, but it said "We have encountered an issue while trying to download Java."

Where do I go from here?

Thanks,
George
 
New Kaspersky log with external hard drive and flash drive plugged in...

Hi-
Here's a new Kaspersky log. The scan was done while my external hard drive and my flash drive were plugged into the computer. Does it look as if I have any more problems to deal with? Thanks, George

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, June 17, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, June 17, 2008 21:40:37
Records in database: 877129
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 95600
Threat name: 43
Infected objects: 94
Suspicious objects: 0
Duration of the scan: 03:05:06


File name / Threat name / Threats count
lsass.exe\lsass.exe/lsass.exe\lsass.exe Infected: Backdoor.Win32.VB.dav 1
C:\Documents and Settings\NYPD\lsass.exe/C:\Documents and Settings\NYPD\lsass.exe Infected: Backdoor.Win32.VB.dav 1
C:\Documents and Settings\NYPD\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\NYPD\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\NYPD\lsass.exe Infected: Backdoor.Win32.VB.dav 1
C:\IBMTOOLS\APPS\RRPC\RRPC\superinstall.EXE Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 2
C:\QooBox\Quarantine\C\Program Files\Common Files\WNSXS~1\іexplore.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.id 1
C:\QooBox\Quarantine\C\Program Files\Common Files\YSTEM3~1\dvdplay.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.fk 1
C:\QooBox\Quarantine\C\Program Files\Outerinfo\FF\components\FF.dll.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.hh 1
C:\QooBox\Quarantine\C\Program Files\QdrModule\mainladupd.exe.vir Infected: not-a-virus:AdWare.Win32.AdBand.af 1
C:\QooBox\Quarantine\C\Program Files\QdrModule\QdrModule16.exe.vir Infected: not-a-virus:AdWare.Win32.AdBand.ac 1
C:\QooBox\Quarantine\C\Program Files\QdrModule\QdrModule17.exe.vir Infected: not-a-virus:AdWare.Win32.AdBand.af 1
C:\QooBox\Quarantine\C\Program Files\QdrPack\QdrPack15.exe.vir Infected: not-a-virus:AdWare.Win32.AdBand.z 1
C:\QooBox\Quarantine\C\WINDOWS\b155.exe_old.vir Infected: Trojan.Win32.BHO.blh 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\rawwann.sys.zip Infected: Trojan.Win32.Pakes.cwd 1
C:\QooBox\Quarantine\C\WINDOWS\system32\g29.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.byy 1
C:\QooBox\Quarantine\C\WINDOWS\system32\jqwnw64j.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.am 1
C:\QooBox\Quarantine\C\WINDOWS\system32\pnVes18\pnVes182328.exe.vir Infected: Trojan-Downloader.Win32.VB.ebf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rcntrkdm.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.bc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rwwnw64d.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.am 1
C:\QooBox\Quarantine\C\WINDOWS\system32\tcntaxdn.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.ax 1
C:\QooBox\Quarantine\C\WINDOWS\system32\x4\demw136.exe.vir Infected: Trojan-Downloader.Win32.Small.uuw 1
C:\QooBox\Quarantine\C\WINDOWS\system32\xzej.dll.vir Infected: not-a-virus:AdWare.Win32.PurityScan.if 1
C:\QooBox\Quarantine\C\WINDOWS\system32\{81f3a1e4-cd23-1d59-1798-24c78d1a1745}.dll.vir Infected: Trojan.Win32.BHO.cmd 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP397\A0109262.exe Infected: Trojan-Downloader.Win32.Homles.bj 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP398\A0109266.exe Infected: Trojan-Downloader.Win32.Homles.bk 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP398\A0109312.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.ax 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP398\A0109329.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.am 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP398\A0109338.exe Infected: Trojan.Win32.BHO.bkm 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP398\A0109344.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bc 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP399\A0109401.exe Infected: Trojan-Downloader.Win32.Homles.bj 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110392.exe Infected: not-a-virus:AdWare.Win32.Rond.e 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110393.exe Infected: Trojan.Win32.Agent.lke 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110394.exe Infected: not-a-virus:AdWare.Win32.Insider.c 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110395.exe Infected: not-a-virus:AdWare.Win32.Insider.c 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110396.exe Infected: not-a-virus:AdWare.Win32.Insider.f 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110398.exe Infected: Trojan-Downloader.Win32.Agent.ezc 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110399.exe Infected: Trojan-Downloader.Win32.Agent.jih 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110400.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gp 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110401.exe Infected: Trojan-Downloader.Win32.TSUpdate.n 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110402.exe Infected: Trojan-Downloader.Win32.TSUpdate.p 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110403.exe Infected: Trojan-Downloader.Win32.TSUpdate.f 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110405.exe Infected: not-a-virus:AdWare.Win32.Rond.d 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110407.exe Infected: Trojan.Win32.Scapur.k 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110408.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110411.exe Infected: Trojan-Downloader.Win32.Small.buy 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110412.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.am 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110421.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110423.exe Infected: Trojan.Win32.BHO.blh 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110424.exe Infected: Trojan-Downloader.Win32.Homles.bk 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110429.exe Infected: Trojan-Downloader.Win32.Agent.ndt 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110430.exe Infected: Trojan-Downloader.Win32.TSUpdate.l 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110466.exe Infected: Trojan-Downloader.Win32.Agent.qqn 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP401\A0111658.exe Infected: not-a-virus:AdWare.Win32.PurityScan.hl 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP401\A0111676.dll Infected: not-a-virus:AdWare.Win32.PurityScan.hk 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP401\A0111718.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP401\A0111799.exe Infected: Trojan-Downloader.Win32.PurityScan.fj 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP401\A0111800.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bc 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP404\A0115215.dll Infected: not-a-virus:AdWare.Win32.Agent.byy 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP404\A0115216.exe Infected: Trojan-Downloader.Win32.PurityScan.fk 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP404\A0115217.dll Infected: not-a-virus:AdWare.Win32.PurityScan.hk 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP404\A0115219.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bc 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP404\A0115454.exe Infected: Trojan-Downloader.Win32.PurityScan.fk 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP404\A0115455.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.ax 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP405\A0115802.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.ax 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP405\A0115803.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.am 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP405\A0115804.exe Infected: not-a-virus:AdWare.Win32.Agent.byy 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP405\A0115805.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.am 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP405\A0115811.dll Infected: Trojan.Win32.BHO.cmd 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP405\A0115814.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.ax 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP405\A0118006.exe Infected: not-a-virus:AdWare.Win32.PurityScan.hl 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP405\A0118007.exe Infected: not-a-virus:AdWare.Win32.PurityScan.hh 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP405\A0118953.dll Infected: not-a-virus:AdWare.Win32.Agent.byy 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP406\A0119069.exe Infected: not-a-virus:AdWare.Win32.PurityScan.id 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP406\A0119070.exe Infected: Trojan-Downloader.Win32.PurityScan.fk 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP406\A0119073.exe Infected: not-a-virus:AdWare.Win32.PurityScan.hh 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP406\A0119076.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP406\A0119078.exe Infected: not-a-virus:AdWare.Win32.AdBand.af 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP406\A0119079.exe Infected: not-a-virus:AdWare.Win32.AdBand.ac 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP406\A0119080.exe Infected: not-a-virus:AdWare.Win32.AdBand.af 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP406\A0119081.exe Infected: not-a-virus:AdWare.Win32.AdBand.z 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP406\A0119086.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.am 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP406\A0119087.dll Infected: not-a-virus:AdWare.Win32.PurityScan.if 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP406\A0119094.exe Infected: Trojan-Downloader.Win32.Small.uuw 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP407\A0119377.exe Infected: not-a-virus:AdWare.Win32.Agent.byy 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP407\A0119381.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.am 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP407\A0119384.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bc 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP407\A0119385.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.ax 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP408\A0119519.exe Infected: Trojan-Downloader.Win32.VB.ebf 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP408\A0119520.dll Infected: Trojan.Win32.BHO.cmd 1
E:\Start.exe Infected: Backdoor.Win32.VB.dav 1
F:\Start.exe Infected: Backdoor.Win32.VB.dav 1

The selected area was scanned.
 
Hi

Delete following files:
C:\Documents and Settings\NYPD\Desktop\SmitfraudFix.exe
C:\Documents and Settings\NYPD\lsass.exe
E:\Start.exe
F:\Start.exe

and folder:
C:\Documents and Settings\NYPD\Desktop\SmitfraudFix


Those in QooBox & system restore will be removed when you uninstall ComboFix (instructions in earlier post).

After this run Kaspersky online scanner again.
 
Removing the items...

Hi-
I think I was able to remove the proper items from the C drive. But I was not able to find the Start.exe items on the external drives. I used the Search function, but couldn't find them...I don't want to remove the wrong items. What should I do now? Thanks, George
 
Hi

Let's see if those files are there or not.


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: 
    E:\Start.exe
F:\Start.exe
  • Return to OTMoveIt2, right click in the
    Paste Standard List of Files/Folders to Move
     window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. Also, re-run Kaspersky online scanner and post its report.
 
Results of OTMoveIt2

Hi-
Here's what was in the Results window of OTMoveIt2. I will now rerun Kaspersky and post the report shortly.
George


E:\Start.exe moved successfully.
F:\Start.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06202008_141719
 
New Kaspersky report

Hi-
Here's a new Kaspersky report. Thanks for your patience in looking at all this stuff. George

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, June 20, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, June 20, 2008 18:25:58
Records in database: 879810
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 96408
Threat name: 43
Infected objects: 91
Suspicious objects: 0
Duration of the scan: 02:50:15


File name / Threat name / Threats count
C:\IBMTOOLS\APPS\RRPC\RRPC\superinstall.EXE Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 2
C:\QooBox\Quarantine\C\Program Files\Common Files\WNSXS~1\іexplore.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.id 1
C:\QooBox\Quarantine\C\Program Files\Common Files\YSTEM3~1\dvdplay.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.fk 1
C:\QooBox\Quarantine\C\Program Files\Outerinfo\FF\components\FF.dll.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.hh 1
C:\QooBox\Quarantine\C\Program Files\QdrModule\mainladupd.exe.vir Infected: not-a-virus:AdWare.Win32.AdBand.af 1
C:\QooBox\Quarantine\C\Program Files\QdrModule\QdrModule16.exe.vir Infected: not-a-virus:AdWare.Win32.AdBand.ac 1
C:\QooBox\Quarantine\C\Program Files\QdrModule\QdrModule17.exe.vir Infected: not-a-virus:AdWare.Win32.AdBand.af 1
C:\QooBox\Quarantine\C\Program Files\QdrPack\QdrPack15.exe.vir Infected: not-a-virus:AdWare.Win32.AdBand.z 1
C:\QooBox\Quarantine\C\WINDOWS\b155.exe_old.vir Infected: Trojan.Win32.BHO.blh 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\rawwann.sys.zip Infected: Trojan.Win32.Pakes.cwd 1
C:\QooBox\Quarantine\C\WINDOWS\system32\g29.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.byy 1
C:\QooBox\Quarantine\C\WINDOWS\system32\jqwnw64j.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.am 1
C:\QooBox\Quarantine\C\WINDOWS\system32\pnVes18\pnVes182328.exe.vir Infected: Trojan-Downloader.Win32.VB.ebf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rcntrkdm.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.bc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rwwnw64d.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.am 1
C:\QooBox\Quarantine\C\WINDOWS\system32\tcntaxdn.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.ax 1
C:\QooBox\Quarantine\C\WINDOWS\system32\x4\demw136.exe.vir Infected: Trojan-Downloader.Win32.Small.uuw 1
C:\QooBox\Quarantine\C\WINDOWS\system32\xzej.dll.vir Infected: not-a-virus:AdWare.Win32.PurityScan.if 1
C:\QooBox\Quarantine\C\WINDOWS\system32\{81f3a1e4-cd23-1d59-1798-24c78d1a1745}.dll.vir Infected: Trojan.Win32.BHO.cmd 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP397\A0109262.exe Infected: Trojan-Downloader.Win32.Homles.bj 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP398\A0109266.exe Infected: Trojan-Downloader.Win32.Homles.bk 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP398\A0109312.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.ax 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP398\A0109329.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.am 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP398\A0109338.exe Infected: Trojan.Win32.BHO.bkm 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP398\A0109344.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bc 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP399\A0109401.exe Infected: Trojan-Downloader.Win32.Homles.bj 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110392.exe Infected: not-a-virus:AdWare.Win32.Rond.e 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110393.exe Infected: Trojan.Win32.Agent.lke 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110394.exe Infected: not-a-virus:AdWare.Win32.Insider.c 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110395.exe Infected: not-a-virus:AdWare.Win32.Insider.c 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110396.exe Infected: not-a-virus:AdWare.Win32.Insider.f 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110398.exe Infected: Trojan-Downloader.Win32.Agent.ezc 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110399.exe Infected: Trojan-Downloader.Win32.Agent.jih 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110400.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gp 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110401.exe Infected: Trojan-Downloader.Win32.TSUpdate.n 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110402.exe Infected: Trojan-Downloader.Win32.TSUpdate.p 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110403.exe Infected: Trojan-Downloader.Win32.TSUpdate.f 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110405.exe Infected: not-a-virus:AdWare.Win32.Rond.d 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110407.exe Infected: Trojan.Win32.Scapur.k 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110408.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110411.exe Infected: Trojan-Downloader.Win32.Small.buy 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110412.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.am 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110421.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110423.exe Infected: Trojan.Win32.BHO.blh 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110424.exe Infected: Trojan-Downloader.Win32.Homles.bk 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110429.exe Infected: Trojan-Downloader.Win32.Agent.ndt 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110430.exe Infected: Trojan-Downloader.Win32.TSUpdate.l 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP400\A0110466.exe Infected: Trojan-Downloader.Win32.Agent.qqn 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP401\A0111658.exe Infected: not-a-virus:AdWare.Win32.PurityScan.hl 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP401\A0111676.dll Infected: not-a-virus:AdWare.Win32.PurityScan.hk 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP401\A0111718.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP401\A0111799.exe Infected: Trojan-Downloader.Win32.PurityScan.fj 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP401\A0111800.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bc 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP404\A0115215.dll Infected: not-a-virus:AdWare.Win32.Agent.byy 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP404\A0115216.exe Infected: Trojan-Downloader.Win32.PurityScan.fk 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP404\A0115217.dll Infected: not-a-virus:AdWare.Win32.PurityScan.hk 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP404\A0115219.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bc 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP404\A0115454.exe Infected: Trojan-Downloader.Win32.PurityScan.fk 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP404\A0115455.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.ax 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP405\A0115802.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.ax 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP405\A0115803.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.am 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP405\A0115804.exe Infected: not-a-virus:AdWare.Win32.Agent.byy 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP405\A0115805.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.am 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP405\A0115811.dll Infected: Trojan.Win32.BHO.cmd 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP405\A0115814.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.ax 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP405\A0118006.exe Infected: not-a-virus:AdWare.Win32.PurityScan.hl 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP405\A0118007.exe Infected: not-a-virus:AdWare.Win32.PurityScan.hh 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP405\A0118953.dll Infected: not-a-virus:AdWare.Win32.Agent.byy 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP406\A0119069.exe Infected: not-a-virus:AdWare.Win32.PurityScan.id 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP406\A0119070.exe Infected: Trojan-Downloader.Win32.PurityScan.fk 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP406\A0119073.exe Infected: not-a-virus:AdWare.Win32.PurityScan.hh 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP406\A0119076.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP406\A0119078.exe Infected: not-a-virus:AdWare.Win32.AdBand.af 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP406\A0119079.exe Infected: not-a-virus:AdWare.Win32.AdBand.ac 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP406\A0119080.exe Infected: not-a-virus:AdWare.Win32.AdBand.af 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP406\A0119081.exe Infected: not-a-virus:AdWare.Win32.AdBand.z 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP406\A0119086.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.am 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP406\A0119087.dll Infected: not-a-virus:AdWare.Win32.PurityScan.if 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP406\A0119094.exe Infected: Trojan-Downloader.Win32.Small.uuw 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP407\A0119377.exe Infected: not-a-virus:AdWare.Win32.Agent.byy 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP407\A0119381.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.am 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP407\A0119384.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bc 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP407\A0119385.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.ax 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP408\A0119519.exe Infected: Trojan-Downloader.Win32.VB.ebf 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP408\A0119520.dll Infected: Trojan.Win32.BHO.cmd 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP411\A0121840.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP411\A0121875.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP411\A0121886.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\_OTMoveIt\MovedFiles\06202008_141719\Start.exe Infected: Backdoor.Win32.VB.dav 1

The selected area was scanned.
 
Hi

This can be ignored:
C:\IBMTOOLS\APPS\RRPC\RRPC\superinstall.EXE Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 2

Other findings get deleted when you do a system restore, uninstall ComboFix and run CleanUp! function of OtMoveit2. Instructions for this are in post #21
 
Still having a problem...

Hi-
I still seem to be having a problem...I don't know if it's a different problem, or part of the same problems.

I followed your instructions in post 21...reset system restore, uninstalled Combofix, etc. I then attempted to do another Kaspersky scan, so I could post it for you to look at and make sure all was now well.

But now I have not been able to get through the Kaspersky scan. It gets part way through, and then all of a sudden I get a blue screen that says "Windows has encountered a problem and needs to close." The computer then reboots. I tried four times to run the Kaspersky, and was not able to get farther than 33% of the way through before the computer would reboot.

Is this related to the problem I was having, or is this a brand new problems? :) Thanks for your patience in helping me with all this mess.

George
 
Hi

That may be hardware problem. Try defraggind hard drive and then try again. If it shows bsod (blue screen of death ) again then please note down complete error message.
 
No luck...

Hi-

I tried again twice. The first time, the computer froze up about four hours (30%) into the process...it was frozen to the extent that I had to take the battery out to get it to reboot. The second time, just putting the Kaspersky scanner up on the screen froze up the computer, before I could even start the scan (that time I was able to reboot using Control Alt Delete).

Where do I go from here? Sorry for the long chain of problems. You're putting a lot of time into talking me through this process, and I appreciate it.

George
 
Hi

Did you do defragmentation before trying to scan?

If you did then maybe you could try this then :)

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Please post contents of that file in your next reply.
 
Malwarebytes log...

Hi-I did defragmentation before my last time trying Kaspersky, and it didn't help. Here's the Malwarebytes log--thanks:

Malwarebytes' Anti-Malware 1.18
Database version: 892

6:58:49 PM 6/25/2008
mbam-log-6-25-2008 (18-58-49).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 130558
Time elapsed: 1 hour(s), 19 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\stflex.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\stflex.band.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mySearchAssistant (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spcron (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\wTMP (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP1\A0000047.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP412\A0121951.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
 
Break in problem-solving...:)

Hi-

I'm off to Hawaii for two weeks, and don't have time before leaving to try to run the Kaspersky and see what happens. Can I do it when I return and let you know? Will this thread remain active?

George
 
You must log in or register to reply here.
Back
Top