Need HELP!!!

[fearfx]

I will continue later... is there anyway to just email you this? its like 6mb file?

 

[pskelley]

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:01:05 PM, on 10/27/2007
Thanks, that's a clean HJT log:bigthumb: Let's see what Kaspersky has to day.

KASPERSKY ONLINE SCANNER REPORT Saturday, October 27, 2007 4:38:43 PM

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ <<< delete the contents of that folder

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\ >>> delete the contents of that quarantine folder


In the scan from here:
C:\Documents and Settings\All Users\Documents\desktop.ini Object is locked skipped
down was clean, if you need to post another scan don't post that same stuff, edit it out.

Since the HJT log is clean and all the Kaspersky found appear to be in Spybot Recovery and Norton Quarantine, this should be a clean computer, how is it running.

Thanks

 

[fearfx]

Right now I'm at work and I will delete those file tommorrow morning.

As far as the laptop goes, its been running good as before. Thank you VERY MUCH!!!!

As I looked at the rest of the K report almost everything is skipped locked. But I will post the last pages since it said infected.

 

[fearfx]

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP459\A0123510.exe Infected: Trojan-Downloader.Win32.Agent.dpn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP459\A0123513.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP459\A0123520.exe Infected: Trojan-Downloader.Win32.Adload.lv skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP459\A0123521.exe Infected: Trojan.Win32.Agent.bqn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP459\A0123546.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP459\A0123546.exe/stream Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP459\A0123546.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP459\A0123547.exe Infected: Trojan-Downloader.Win32.Agent.enr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP459\A0123548.exe Infected: Trojan-Downloader.Win32.Agent.enr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP459\A0123552.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP459\A0123553.exe Infected: Trojan-Downloader.Win32.VB.bkw skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP462\A0123810.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP462\A0123817.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP462\A0123855.dll Infected: Trojan.Win32.Pakes.sc skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP463\A0124298.exe Infected: Trojan-Downloader.Win32.Agent.enr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP466\A0124484.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP466\A0124486.exe Infected: Trojan.Win32.Agent.bnd skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP466\A0124487.exe Infected: Trojan.Win32.Agent.bnd skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP466\A0124488.exe Infected: Trojan.Win32.Agent.bnd skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP466\A0124504.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP466\A0124506.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP466\A0124510.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP469\A0124561.exe Infected: Trojan-Downloader.Win32.Agent.enr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP469\A0124562.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP469\A0124564.exe Infected: Trojan-Downloader.Win32.Adload.lv skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP469\A0124603.exe Infected: Trojan-Downloader.Win32.Agent.dpn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP469\A0124604.exe Infected: Trojan-Downloader.Win32.Small.fxy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP469\A0124685.exe Infected: Trojan.Win32.Agent.bqn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP471\A0125699.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP474\A0125802.exe Infected: Trojan-Downloader.Win32.Agent.enr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP474\A0125803.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP477\A0125869.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP488\A0130196.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP488\A0130197.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP488\A0130198.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP488\A0130199.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP488\A0130214.exe Infected: Trojan-Downloader.Win32.VB.bkw skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP489\A0130305.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP489\A0130306.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP489\A0130308.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP489\change.log Object is locked skipped

 

[fearfx]

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{0144F48D-A223-4F0D-8FA4-08269787909C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\Macromed\Shockwave 8\Control.dll Object is locked skipped
C:\WINDOWS\system32\Macromed\Shockwave 8\dirapi.dll Object is locked skipped
C:\WINDOWS\system32\Macromed\Shockwave 8\iml32.dll Object is locked skipped
C:\WINDOWS\system32\Macromed\Shockwave 8\Plugin.dll Object is locked skipped
C:\WINDOWS\system32\Macromed\Shockwave 8\PluginPing.dll Object is locked skipped
C:\WINDOWS\system32\Macromed\Shockwave 8\SwMenu.dll Object is locked skipped
C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\CBrowser.x32 Object is locked skipped
C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\INetURL.x32 Object is locked skipped
C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\NetFile.x32 Object is locked skipped
C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\NetLingo.x32 Object is locked skipped
C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\Speech.x32 Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

 

[pskelley]

Looks like all infected items are in your System Restore, clean those files like this:

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Thanks

 

[fearfx]

Thank you very much for all you help PSKelly. Our lappie is happy ::bigthumb:

Is there anything else I need to do?

 

[pskelley]

Music to my ears:bigthumb: some information for you about that infection, first...how easy it is to get infected:
http://www.theregister.com/2007/05/11/google_malware_map/

More news: Since there is a class action involving this one, you may want to view this information:
http://www.networkworld.com/news/2007/030807-mystery-around-winfixer-slowly-unravels.html
http://www.youtube.com/watch?v=zBUZHiKhsog
http://msmvps.com/blogs/spywaresucks/search.aspx?q=winfixer+msn

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.