Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: WIN32.TROJAN.SPY virus problems plus more

  1. #11
    Member magnus's Avatar
    Join Date
    Feb 2007
    Location
    Arizona
    Posts
    34

    Default

    okay, java is installed...

    now, whats next?

  2. #12
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,252

    Default

    Thanks for posting a new HJT log, it looks better but this item was scheduled for removal and is still there:
    O2 - BHO: FrontierBA BHO - {A93A3CC1-BA23-4d0d-9440-6A0148362B7E} - C:\Program Files\FrontierBA\BrowserAssistant\fbabar.dll
    http://www.castlecops.com/tk31167-fbabar_dll.html

    CastleCops and myself consider this item questionable and optional. If you can not or do not wish to remove stuff according to my instructions, it is your computer but please make me aware so I will know it is not being missed...thanks.

    Logfile of HijackThis v1.99.1 Scan saved at 7:30:55 AM, on 2/27/2007

    Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

    O2 - BHO: FrontierBA BHO - {A93A3CC1-BA23-4d0d-9440-6A0148362B7E} - C:\Program Files\FrontierBA\BrowserAssistant\fbabar.dll
    O3 - Toolbar: &Frontier Browser Assistant - {A93A3CC9-BA23-4d0d-9440-6A0148362B7E} - C:\Program Files\FrontierBA\BrowserAssistant\fbabar.dll

    Close all programs but HJT and all browser windows, then click on "Fix Checked"

    Besides that, this HJT log appears to be clean of malware, let me know how the computer is running.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  3. #13
    Member magnus's Avatar
    Join Date
    Feb 2007
    Location
    Arizona
    Posts
    34

    Default

    okay,
    this time it seemed to get rid of them.

    I wanted to ask you a question though. Spybot, last time i ran a scan, found that smitfraud-c.toolbar888 file that seemed never to go away. im running a scan right now to see if its still there.

    Meanwhile, the menu that kept popping up about the internet being temporarily unavailable has stopped. it used to be that about every twenty seconds something kept trying to acces the internet and every time it tried (this is when i unplugged the cable in my modem) it kept asking me if i wanted to try again or work offline, and now its finally stopped.

    Thanks much for that

    also, should the popups for winantivirus stop now too (along with the other ads)?

    (mind you, i JUST plugged my internet cable back in)

    and for my last question; was the MSSMGR registry value taken care of during all of this? or will it pose future problems (i assume this a redundant question; please dont think i underestimate your ability. You're a god to me)

    Oh, my spybot scan finished...

    it still has that Smitfraud'-C.Toolbar888 and a Microsoft.WindowsSecurityCenter_disabled listing
    heres the log:

    --- Report generated: 2007-02-27 08:11 ---

    Smitfraud-C.Toolbar888: Settings (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR

    Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2


    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2007-02-23 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2007-01-15 advcheck.dll (1.2.1.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2007-01-02 Tools.dll (2.0.1.0)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2007-02-21 Includes\Cookies.sbi (*)
    2006-12-08 Includes\Dialer.sbi (*)
    2007-02-21 Includes\DialerC.sbi (*)
    2007-02-07 Includes\Hijackers.sbi (*)
    2007-02-21 Includes\HijackersC.sbi (*)
    2006-10-27 Includes\Keyloggers.sbi (*)
    2007-02-21 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2007-02-14 Includes\Malware.sbi (*)
    2007-02-21 Includes\MalwareC.sbi (*)
    2007-01-19 Includes\PUPS.sbi (*)
    2007-02-21 Includes\PUPSC.sbi (*)
    2007-02-21 Includes\Revision.sbi (*)
    2006-12-08 Includes\Security.sbi (*)
    2007-02-21 Includes\SecurityC.sbi (*)
    2007-02-02 Includes\Spybots.sbi (*)
    2007-02-21 Includes\SpybotsC.sbi (*)
    2005-02-17 Includes\Tracks.uti
    2007-02-14 Includes\Trojans.sbi (*)
    2007-02-21 Includes\TrojansC.sbi (*)

    also i looked up the MSSMGR value using the regedit and the MSSMGR value is still there. I know its loosely associated with the smitfraud thing. I didnt delete or change anything in the registry.

    other than my questions, things seem okay.

  4. #14
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,252

    Default

    I wanted to ask you a question though. Spybot, last time i ran a scan, found that smitfraud-c.toolbar888 file that seemed never to go away. im running a scan right now to see if its still there.
    Is your version of Spybot up to date? I understand this was a false positive from a while back:
    http://forums.spybot.info/showthread.php?t=8668
    Smitfraud-C.Toolbar888
    That should have cleaned up with the newest data base. I will also look at the rest of your questions, but I would prefer you post questions about Spybot here: http://forums.spybot.info/forumdisplay.php?f=4

    Let's do a check with Smitfraudfix to make sure nothing is lingering. I will also post closing information for your benefit. Please review it and post in 24 to 48 hours, giving you time to make sure all issues are resolved, and let us know.

    http://siri.geekstogo.com/SmitfraudFix.php <<< Download Smitfraudfix from here and follow ONLY these directions.
    Search:
    Double-click SmitfraudFix.exe
    Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt

    Post that report when you have it.


    System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
    http://service1.symantec.com/SUPPORT...rc=sec_doc_nam

    Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
    http://forums.spybot.info/showthread.php?t=279
    http://russelltexas.com/malware/allclear.htm
    http://forum.malwareremoval.com/viewtopic.php?t=14
    http://www.bleepingcomputer.com/forums/topict2520.html
    http://cybercoyote.org/security/not-admin.shtml

    Thanks...pskelley
    Safer Networking Forums
    http://www.spybot.info/en/donate/index.html
    If you are reading this information...thank a teacher,
    If you are reading it in English...thank a soldier.
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  5. #15
    Member magnus's Avatar
    Join Date
    Feb 2007
    Location
    Arizona
    Posts
    34

    Default

    sorry for the long reply. I was reading up on the false positive situation.

    here is the rapport log:
    SmitFraudFix v2.144

    Scan done at 8:49:12.84, Tue 02/27/2007
    Run from K:\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    hosts


    C:\


    C:\WINDOWS


    C:\WINDOWS\system


    C:\WINDOWS\Web


    C:\WINDOWS\system32


    C:\WINDOWS\system32\LogFiles


    C:\Documents and Settings\HP_Administrator


    C:\Documents and Settings\HP_Administrator\Application Data


    Start Menu


    C:\DOCUME~1\HP_ADM~1\FAVORI~1


    Desktop


    C:\Program Files


    Corrupted keys


    Desktop Components



    Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    pe386-msguard-lzx32-huy32


    Scanning wininet.dll infection


    End

  6. #16
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,252

    Default

    No problem and thanks. You can delete that tool, that log is clean
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  7. #17
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,252

    Default

    As the problem appears to be resolved this topic has been closed.

    If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

    Anyone else with similar problems please start a new topic.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •