Results 1 to 5 of 5

Thread: Bad trouble with Trojan "Antivirus XP 2008"

  1. #1
    Junior Member
    Join Date
    Aug 2008
    Posts
    7

    Exclamation Bad trouble with Trojan "Antivirus XP 2008"

    I downloaded a video "codec" that turned out to be this ugly trojan, worm, THING. Basically, "Antivirus XP 2008" keeps popping up. My background was hijacked, but I've fixed that. I only have Avast home edition, and its not doing a good job of scanning, although, I've been able to move a couple infections to the chest.

    I have no idea how to get a log for my computer, so I need help. And lots of it.

  2. #2
    Junior Member
    Join Date
    Aug 2008
    Posts
    7

    Default

    Bump!!!

  3. #3
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,460

    Default

    This is the malware removal forum and the procedure is here:
    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Quote Originally Posted by Statictricity View Post
    Bump!!!
    Bump and Topic May Be Closed
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  4. #4
    Junior Member
    Join Date
    Aug 2008
    Posts
    7

    Question Getting rid of remains of Antivirus XP 2008

    I was hit with a Trojan in the form of a downloadable "codec"... yeah right.

    Antivirus XP 2008 has popped up quite a bit. Avast keeps finding malware and worms and such. Here are my Malwarebyte logs. I also probably had some adware on there before the Antivirus infection. Please help!
    *******************************

    Malwarebytes' Anti-Malware 1.24
    Database version: 1058
    Windows 5.1.2600 Service Pack 2

    1:26:07 PM 8/16/2008
    mbam-log-8-16-2008 (13-25-57).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 114254
    Time elapsed: 41 minute(s), 57 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 31
    Registry Values Infected: 7
    Registry Data Items Infected: 2
    Folders Infected: 21
    Files Infected: 23

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\WINDOWS\system32\blphc7n1j0e59c.scr (Trojan.FakeAlert) -> No action taken.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> No action taken.
    HKEY_CLASSES_ROOT\TypeLib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> No action taken.
    HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> No action taken.
    HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> No action taken.
    HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> No action taken.
    HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> No action taken.
    HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> No action taken.
    HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> No action taken.
    HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> No action taken.
    HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> No action taken.
    HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> No action taken.
    HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> No action taken.
    HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc3n1j0e59c (Rogue.Multiple) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\rhc3n1j0e59c (Rogue.Multiple) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc7n1j0e59c (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

    Folders Infected:
    C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> No action taken.
    C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> No action taken.
    C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> No action taken.
    C:\Program Files\rhc3n1j0e59c (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Amy Jarvis\Application Data\ShoppingReport (Adware.Shopping.Report) -> No action taken.
    C:\Documents and Settings\Amy Jarvis\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> No action taken.
    C:\Documents and Settings\Amy Jarvis\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> No action taken.
    C:\Documents and Settings\Amy Jarvis\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> No action taken.
    C:\Documents and Settings\Amy Jarvis\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> No action taken.
    C:\Documents and Settings\Amy Jarvis\Application Data\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> No action taken.
    C:\Documents and Settings\Amy Jarvis\Application Data\rhc3n1j0e59c (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Amy Jarvis\Application Data\rhc3n1j0e59c\Quarantine (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Amy Jarvis\Application Data\rhc3n1j0e59c\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Amy Jarvis\Application Data\rhc3n1j0e59c\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Amy Jarvis\Application Data\rhc3n1j0e59c\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Amy Jarvis\Application Data\rhc3n1j0e59c\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Amy Jarvis\Application Data\rhc3n1j0e59c\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Amy Jarvis\Application Data\rhc3n1j0e59c\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Amy Jarvis\Application Data\rhc3n1j0e59c\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Amy Jarvis\Application Data\rhc3n1j0e59c\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Amy Jarvis\Application Data\rhc3n1j0e59c\Quarantine\Packages (Rogue.Multiple) -> No action taken.

    Files Infected:
    C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (Adware.Shopping.Report) -> No action taken.
    C:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> No action taken.
    C:\Program Files\rhc3n1j0e59c\database.dat (Rogue.Multiple) -> No action taken.
    C:\Program Files\rhc3n1j0e59c\license.txt (Rogue.Multiple) -> No action taken.
    C:\Program Files\rhc3n1j0e59c\MFC71.dll (Rogue.Multiple) -> No action taken.
    C:\Program Files\rhc3n1j0e59c\MFC71ENU.DLL (Rogue.Multiple) -> No action taken.
    C:\Program Files\rhc3n1j0e59c\msvcp71.dll (Rogue.Multiple) -> No action taken.
    C:\Program Files\rhc3n1j0e59c\msvcr71.dll (Rogue.Multiple) -> No action taken.
    C:\Program Files\rhc3n1j0e59c\rhc3n1j0e59c.exe.local (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Amy Jarvis\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> No action taken.
    C:\Documents and Settings\Amy Jarvis\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> No action taken.
    C:\Documents and Settings\Amy Jarvis\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> No action taken.
    C:\Documents and Settings\Amy Jarvis\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> No action taken.
    C:\Documents and Settings\Amy Jarvis\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> No action taken.
    C:\Documents and Settings\Amy Jarvis\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> No action taken.
    C:\Documents and Settings\Amy Jarvis\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> No action taken.
    C:\WINDOWS\system32\blphc7n1j0e59c.scr (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\phc7n1j0e59c.bmp (Trojan.FakeAlert) -> No action taken.
    C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk (Rogue.Antivirus) -> No action taken.
    C:\Documents and Settings\Amy Jarvis\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> No action taken.
    C:\Documents and Settings\Amy Jarvis\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\Amy Jarvis\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\Amy Jarvis\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> No action taken.
    Last edited by tashi; 2008-08-16 at 20:40. Reason: merged two topics

  5. #5
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,460

    Default

    Hello,

    Please read "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) again and start a new topic with the HJT log only.

    Thank you.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •