Page 2 of 10 FirstFirst 123456 ... LastLast
Results 11 to 20 of 100

Thread: IDP & Crypt AQLW Trojan DDS Log pasted.

  1. #11
    Member
    Join Date
    Apr 2012
    Posts
    66

    Default CKScanner Results

    Thanks for the warning. My Banks needs a number generated from a dongle - so is safe, and I have changed my paypal account with authorisation via my mobile needed - other than my bank and paypal details (now wiped - with the password not kept on the machine) I do not keep passwords on the machine. I have done no transactions from the machine since the Trojan arrived.

    here is the scanner results;
    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\documents and settings\all users\favorites\computerfixes\permanent method to crack wga and patch windows xp (inc mce) or 2003 as genuine my digital life.url
    c:\documents and settings\all users\favorites\computerfixes\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows validat.url
    c:\documents and settings\all users\favorites\computerfixes\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows2.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\beginners guide to hacking windows - part 2 governmentsecurity.org.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\brian carr's home pagewindows.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\bugmenot.com - login with these free web passwords to bypass compulsory registration.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\bypass windows genuine advantage validation check in windows update my digital life.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\crackskeygen.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\cracksserial numbers&passwords..url
    c:\documents and settings\all users\favorites\computerfixes\cracks\daring devil 'i'.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\filehippo.com - download free software.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\free email account with sky sky.com.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\keygen.cc - download keygen crack serial patch.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\official ways to disable or manually uninstall the microsoft windows genuine advantage notifications from microsoft my digita.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\permanent method to crack wga and patch windows xp (inc mce) or 2003 as genuine my digital life.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\remove, bypass, patch and disable microsoft windows genuine advantage wga validation version 1.5.708.0 with legitcheckcontrol.d.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\sagem router has been cracked - take 2.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\samsung sgh-e900 - support forum - expansys uk.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\software serial numbers and passwords..url
    c:\documents and settings\all users\favorites\computerfixes\cracks\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows validat.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows2.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\wga remover.url
    c:\documents and settings\all users\favorites\gizmos\crack.ms - download eudora email v7.0.0.16 crack or serial for free.url
    c:\documents and settings\all users\favorites\gizmos\seriall.com - serials, keys, keygen, cracks.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\permanent method to crack wga and patch windows xp (inc mce) or 2003 as genuine my digital life.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows validat.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows2.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\beginners guide to hacking windows - part 2 governmentsecurity.org.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\brian carr's home pagewindows.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\bugmenot.com - login with these free web passwords to bypass compulsory registration.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\bypass windows genuine advantage validation check in windows update my digital life.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\crackskeygen.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\cracksserial numbers&passwords..url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\daring devil 'i'.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\filehippo.com - download free software.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\free email account with sky sky.com.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\keyfinder magical jelly bean.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\keygen.cc - download keygen crack serial patch.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\official ways to disable or manually uninstall the microsoft windows genuine advantage notifications from microsoft my digita.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\permanent method to crack wga and patch windows xp (inc mce) or 2003 as genuine my digital life.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\remove, bypass, patch and disable microsoft windows genuine advantage wga validation version 1.5.708.0 with legitcheckcontrol.d.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\sagem router has been cracked - take 2.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\samsung sgh-e900 - support forum - expansys uk.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\software serial numbers and passwords..url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows validat.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows2.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\wga remover.url
    c:\documents and settings\dr michael foster\favorites\gizmos\crack.ms - download eudora email v7.0.0.16 crack or serial for free.url
    c:\documents and settings\dr michael foster\favorites\gizmos\seriall.com - serials, keys, keygen, cracks.url
    c:\documents and settings\dr michael foster\my files\crack.htm
    c:\program files\qualcomm\eudora\attach\crackers bulk buy.doc
    c:\program files\qualcomm\yyeudora\attach\crackers bulk buy.doc
    scanner sequence 3.ZZ.11.KEAPIG
    ----- EOF -----

  2. #12
    Member
    Join Date
    Apr 2012
    Posts
    66

    Default Results of scanner

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\documents and settings\all users\favorites\computerfixes\permanent method to crack wga and patch windows xp (inc mce) or 2003 as genuine my digital life.url
    c:\documents and settings\all users\favorites\computerfixes\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows validat.url
    c:\documents and settings\all users\favorites\computerfixes\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows2.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\beginners guide to hacking windows - part 2 governmentsecurity.org.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\brian carr's home pagewindows.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\bugmenot.com - login with these free web passwords to bypass compulsory registration.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\bypass windows genuine advantage validation check in windows update my digital life.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\crackskeygen.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\cracksserial numbers&passwords..url
    c:\documents and settings\all users\favorites\computerfixes\cracks\daring devil 'i'.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\filehippo.com - download free software.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\free email account with sky sky.com.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\keygen.cc - download keygen crack serial patch.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\official ways to disable or manually uninstall the microsoft windows genuine advantage notifications from microsoft my digita.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\permanent method to crack wga and patch windows xp (inc mce) or 2003 as genuine my digital life.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\remove, bypass, patch and disable microsoft windows genuine advantage wga validation version 1.5.708.0 with legitcheckcontrol.d.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\sagem router has been cracked - take 2.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\samsung sgh-e900 - support forum - expansys uk.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\software serial numbers and passwords..url
    c:\documents and settings\all users\favorites\computerfixes\cracks\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows validat.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows2.url
    c:\documents and settings\all users\favorites\computerfixes\cracks\wga remover.url
    c:\documents and settings\all users\favorites\gizmos\crack.ms - download eudora email v7.0.0.16 crack or serial for free.url
    c:\documents and settings\all users\favorites\gizmos\seriall.com - serials, keys, keygen, cracks.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\permanent method to crack wga and patch windows xp (inc mce) or 2003 as genuine my digital life.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows validat.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows2.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\beginners guide to hacking windows - part 2 governmentsecurity.org.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\brian carr's home pagewindows.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\bugmenot.com - login with these free web passwords to bypass compulsory registration.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\bypass windows genuine advantage validation check in windows update my digital life.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\crackskeygen.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\cracksserial numbers&passwords..url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\daring devil 'i'.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\filehippo.com - download free software.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\free email account with sky sky.com.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\keyfinder magical jelly bean.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\keygen.cc - download keygen crack serial patch.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\official ways to disable or manually uninstall the microsoft windows genuine advantage notifications from microsoft my digita.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\permanent method to crack wga and patch windows xp (inc mce) or 2003 as genuine my digital life.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\remove, bypass, patch and disable microsoft windows genuine advantage wga validation version 1.5.708.0 with legitcheckcontrol.d.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\sagem router has been cracked - take 2.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\samsung sgh-e900 - support forum - expansys uk.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\software serial numbers and passwords..url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows validat.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows2.url
    c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\wga remover.url
    c:\documents and settings\dr michael foster\favorites\gizmos\crack.ms - download eudora email v7.0.0.16 crack or serial for free.url
    c:\documents and settings\dr michael foster\favorites\gizmos\seriall.com - serials, keys, keygen, cracks.url
    c:\documents and settings\dr michael foster\my files\crack.htm
    c:\program files\qualcomm\eudora\attach\crackers bulk buy.doc
    c:\program files\qualcomm\yyeudora\attach\crackers bulk buy.doc
    scanner sequence 3.ZZ.11.KEAPIG
    ----- EOF -----

  3. #13
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    CKScanner has detected illegal software on your system. Besides being illegal, it's the number one way of infecting your system as all cracked/keygen software is infected. This forum, as well as all the other malware removal forums, do not support the use of illegal software except for their removal. If I were to continue helping you with illegal software installed, it could be construed in the eyes of the law as aiding and abetting a crime.

    I have worked up a fix for their removal. If you do not agree to this then this thread will be closed and no further help will be offered because I will never be able to tell you your malware logs are clean. Please let me know if you wish to continue.

  4. #14
    Member
    Join Date
    Apr 2012
    Posts
    66

    Default Legacy issues

    The URLs and other items were left over from the time when my youngsters all had access to my machine. My oldest son had a mate who was in to computers, and seemed to be somewhat of a buff. My son left home some years ago. I even have his folders with his homework in!!!
    All my software programs have legitimate licences. The folder with the URLs in was kept as it also contains some solutions to past troubles with Norton which kept failing to update. I swapped to AVG since then. Looking at the list - these are sites I have not visited, and it is no problem to remove the URLs. My software is plain and simple - just for word processing, graphic scanning and research in history, and printing booklets. All for which I have legit software.
    The Bulk buy crackers listing ammused me when I went to look at the doc and it is a letter offering bulk buying of Christmas Crackers!
    In case I have problems I used Belarch Adviser to find my software licences and I have printed them out. The operating system is that purchased with the machine (XP) - by PC World. The windows 7 on my second disk was supplied from a shop again with a licence.
    So no problem with agreeing with your request.

  5. #15
    Member
    Join Date
    Apr 2012
    Posts
    66

    Default Further investigations

    Besides the urls list for the various crack sites, which I have not bothered looking into (for the reasons you suggest) I have just looked at the crack.htm listed in "my files" and in fact it is a saved web page for a religious society - why it was named crack I have no idea! Its a page which is three years old!
    I have deleted the urls.
    I had four youngster, who all at one time used my computer, and I never bothered removing their folders just in case they needed the information. I have folders for them all under family, but for the life of me, I have not really searched what is there - they lay forgotten. Two have moved home, and the other two have their own machines - so I need to ask them to either delete their files or transfer them (if it is safe so to do) - as there is a good number of mp3s (I noticed once when I had to search for an mp3 file), it will save me a lot of space.

  6. #16
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    Not all of them are bad. Let me review everything and make sure I get it all and I will return as quickly as I can.

  7. #17
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,


    Please read through these instructions to familarize yourself with what to expect when this tool runs

    Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Notes:

    1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    4. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
    5. If after the reboot you get errors about programs being marked for deletion then reboot, that will cure it.
    ---------

  8. #18
    Member
    Join Date
    Apr 2012
    Posts
    66

    Default machine stalled

    The progran did indeed load a recovery console. Then the program detected a rootkit asked to reboot, so I clicked OK - went away for five minutes to come back to a loading page (wallpaper visible) but with no other signs of life, save that I can move the arrow cursor. It has been like that for a good ten minutes.

  9. #19
    Member
    Join Date
    Apr 2012
    Posts
    66

    Default still stalled

    The machine after half an hour is still stalled. In reflection, it may not have closed down (rather than failed to have rebooted). Cttl Alt Del had brought up the Windows Task Manager, which shows under apps that I have a web page running (MS ei) and my Outlook Calender, which suggest it did not shut down (the web page should not be running after a reboot).

  10. #20
    Member
    Join Date
    Apr 2012
    Posts
    66

    Default Reboot

    After well over 1 1/2 hours, I have rebooted. The blank wallpaper is back, and ComboFix has appeared. The legend is;

    Please wait.
    ComboFix is preparing to run.

    There has been no activity since ComboFix reappeared, and this has been 10 minutes!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •