|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
Nasty virus(es)....
Here is my Hi jack this log.
Logfile of HijackThis v1.99.1 Scan saved at 3:07:47 PM, on 3/23/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\Explorer.EXE C:\windows\system32\spoolsv.exe C:\Program Files\ISTsvc\istsvc.exe C:\windows\eosxwwac.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Network\ipnetwork.exe C:\program files\valve\steam\steam.exe C:\windows\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\windows\newfrn.exe C:\windows\system32\winlog.exe C:\Documents and Settings\John Cs\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing) O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\windows\DH.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [ep0ru] C:\windows\eosxwwac.exe O4 - HKLM\..\Run: [bO²ùð#×y-¯Œ] C:\windows\eosxwwac.exe O4 - HKLM\..\Run: [bO²ùõö/ØG%)ßfÏNb½¾C:\Program Files\ISTsvc\istsvc.exe] C:\windows\eosxwwac.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [bO²ùõš/‚²‘ÆßfÏNb‰»C:\Program Files\ISTsvc\istsvc.exe] C:\windows\eosxwwac.exe O4 - HKLM\..\Run: [Á³#*L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\windows\eosxwwac.exe O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe O4 - HKLM\..\Run: [keyboard] c:\windows\keyboard5.exe O4 - HKLM\..\Run: [newname] c:\windows\newname5.exe O4 - HKLM\..\Run: [mousepad] c:\windows\mousepad5.exe O4 - HKLM\..\Run: [System service79] C:\windows\etb\pokapoka79.exe O4 - HKLM\..\Run: [NewFrn] C:\windows\newfrn.exe O4 - HKLM\..\Run: [MRT] "C:\windows\system32\MRT.exe" /R O4 - HKLM\..\Run: [] winlog.exe O4 - HKLM\..\RunServices: [] winlog.exe O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000137.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll iv worked a long time on this and they keep coming back.. i have yet to find a program to remove it and i cant do it manually.. they just keep coming back.... i know the winlog, pokapoka79.exe, the keyboard5.exe, newname5.exe, and mousepad5.exe are all on there but they wont come off.. even after i turn them off... i stop the programs but im leaving something... |
#2
|
|||
|
|||
ok iv worked on this some.. and got this now
Logfile of HijackThis v1.99.1 Scan saved at 3:30:54 PM, on 3/23/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\Explorer.EXE C:\windows\system32\spoolsv.exe C:\Program Files\winsupdater\winsupdater.exe C:\Program Files\ISTsvc\istsvc.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\windows\eosxwwac.exe C:\Program Files\Network\ipnetwork.exe C:\program files\valve\steam\steam.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\windows\system32\winlog.exe C:\windows\System32\svchost.exe C:\Program Files\Common Files\Windows\services32.exe C:\Documents and Settings\John Cs\Desktop\HijackThis.exe R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing) O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\windows\DH.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [ep0ru] C:\windows\eosxwwac.exe O4 - HKLM\..\Run: [bO²ùð#×y-¯Œ] C:\windows\eosxwwac.exe O4 - HKLM\..\Run: [bO²ùõö/ØG%)ßfÏNb½¾C:\Program Files\ISTsvc\istsvc.exe] C:\windows\eosxwwac.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [bO²ùõš/‚²‘ÆßfÏNb‰»C:\Program Files\ISTsvc\istsvc.exe] C:\windows\eosxwwac.exe O4 - HKLM\..\Run: [Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\windows\eosxwwac.exe O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe O4 - HKLM\..\Run: [] winlog.exe O4 - HKLM\..\RunServices: [] winlog.exe O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000137.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll thanks for the help =) |
#3
|
||||
|
||||
Howdy dooley988,
A fair bit of infection there. Let's clean that up. Download this Ist removal tool and click on it to run. Next, download the trial version of Ewido Security Suite from here and install it. When installing, under "Additional Options" uncheck "Install Background Guard" and "Install scan via context menu". Launch Ewido, (there should be an icon on your desktop, doubleclick it). The program will now go to the main screen. You will need to update Ewido to the latest definition files. On the left hand side of the main screen click update and then click on Start Update. The update will start and a progress bar will show the updates being installed. If you have problems with the updater, you can use this link to manually update ewido. ewido manual updates http://www.ewido.net/en/download/updates/. Do not run a scan yet. ------------------------------------------------------------------ Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode). Run Ewido. Click on scanner and click Complete System Scan and the scan will begin. During the scan it will prompt you to clean files, click OK. When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK. When the scan is finished, click the Save report button at the bottom of the screen. Save the report to your desktop and close Ewido. Then reboot. Run a new scan with HijackThis, and post that and the Ewido log back here for review please. |
#4
|
|||
|
|||
It worked!!! thank you so much.. here are the logs just to be sure.
Symantec Adware.Istbar / Trojan.ISTsvc Removal Tool 1.1.0 registry: HKEY_USERS\S-1-5-21-746137067-1770027372-839522115-1003\Software\IST (key deleted) registry: HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc (key deleted) registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\ISTsvc (key deleted) registry: HKEY_USERS\S-1-5-21-746137067-1770027372-839522115-1003\Software\Microsoft\Internet Explorer\Main: BandRest (value deleted) registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main: BandRest (value deleted) C:\System Volume Information: (not scanned) Adware.Istbar has not been found on your computer. -------------------------------------------------------------------------- --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 3:48:32 PM, 3/24/2006 + Report-Checksum: 8237B444 + Scan result: HKLM\SOFTWARE\Classes\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup HKLM\SOFTWARE\Classes\Ysb.YsbObj -> Adware.YourSiteBar : Cleaned with backup HKLM\SOFTWARE\Classes\Ysb.YsbObj\CLSID -> Adware.YourSiteBar : Cleaned with backup HKLM\SOFTWARE\Classes\Ysb.YsbObj\CurVer -> Adware.YourSiteBar : Cleaned with backup HKLM\SOFTWARE\Classes\Ysb.YsbObj.1 -> Adware.YourSiteBar : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\YourSiteBar -> Adware.ISTBar : Cleaned with backup HKLM\SOFTWARE\YourSiteBar -> Adware.ISTBar : Cleaned with backup HKU\S-1-5-21-746137067-1770027372-839522115-1003\Software\DNS -> Adware.Shorty : Cleaned with backup HKU\S-1-5-21-746137067-1770027372-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup C:\at.exe -> Backdoor.Rbot.adx : Cleaned with backup C:\Documents and Settings\John Cs\astr.exe -> Downloader.VB.na : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@banners.searchingbooth[2].txt -> TrackingCookie.Searchingbooth : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@project2.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup C:\Documents and Settings\John Cs\Cookies\john cs@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup C:\Documents and Settings\John Cs\Desktop\backups\backup-20060323-153450-791.dll -> Hijacker.Small.jf : Cleaned with backup C:\Documents and Settings\John Cs\im.exe -> Not-A-Virus.PSWTool.Win32.Messen.103 : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\131304_912_1716_1204_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\131304_912_1716_1216_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\131304_912_1716_1432_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\196938_912_1716_1148_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\196938_912_1716_1416_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\262580_1656_2868_3020_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\262580_1656_2868_3024_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\459080_1516_3828_228_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\459386_2300_1584_3060_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\589968_1656_2868_3032_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\65996_1656_2868_3012_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\65996_1656_2868_3016_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\66194_1656_2868_3028_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\983202_3640_1440_3680_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@com[2].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@project2.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\k_29B.tmp -> Trojan.EliteBar.f : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\k_8E31.tmp -> Trojan.EliteBar.f : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\k_B1DB.tmp -> Trojan.EliteBar.f : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\k_C14C.tmp -> Trojan.EliteBar.f : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\k_C89F.tmp -> Trojan.EliteBar.f : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\k_D495.tmp -> Trojan.EliteBar.f : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\k_D793.tmp -> Trojan.EliteBar.f : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\k_D968.tmp -> Trojan.EliteBar.f : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\k_E241.tmp -> Trojan.EliteBar.f : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\k_E33.tmp -> Trojan.EliteBar.f : Cleaned with backup C:\Documents and Settings\John Cs\Local Settings\Temp\s67YvF.exe -> Downloader.IstBar.mx : Cleaned with backup C:\Documents and Settings\John Cs\pwha.exe -> Not-A-Virus.PSWTool.Win32.PassView.162 : Cleaned with backup C:\drsmartload1.exe -> Downloader.Adload.x : Cleaned with backup C:\keyboard2.exe -> Downloader.VB.yn : Cleaned with backup C:\keyboard3.exe -> Downloader.VB.yv : Cleaned with backup C:\mousepad3.exe -> Hijacker.VB.lv : Cleaned with backup C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup C:\newname2.exe -> Downloader.Adload.aa : Cleaned with backup C:\newname3.exe -> Downloader.VB.ri : Cleaned with backup C:\Program Files\Common Files\Download\freeprodtb.exe -> Adware.Maxifiles : Cleaned with backup C:\Program Files\Common Files\mc-58-12-0000137.exe -> Downloader.Small.bqq : Cleaned with backup C:\Program Files\Common Files\services.exe -> Adware.Maxifiles : Cleaned with backup C:\Program Files\Common Files\system32.dll/gui.exe -> Downloader.Agent.rv : Cleaned with backup C:\Program Files\Common Files\Windows\mc-110-12-0000137.exe -> Dropper.Agent.aac : Cleaned with backup C:\Program Files\Common Files\Windows\services32.exe -> Adware.Maxifiles : Cleaned with backup C:\Program Files\ISTsvc -> Adware.ISTBar : Cleaned with backup C:\Program Files\ISTsvc\istsvc.exe -> Adware.ISTBar : Cleaned with backup C:\Program Files\MsMovies\MsMovies.exe -> Dropper.WinAD.h : Cleaned with backup C:\Program Files\MsMovies\p.zip/Video.exe -> Dropper.WinAD.h : Cleaned with backup C:\Program Files\MsMovies\v.tmp -> Dropper.WinAD.h : Cleaned with backup C:\Program Files\Network\ipnetwork.exe -> Adware.Maxifiles : Cleaned with backup C:\Program Files\winsupdater\a.tmp -> Worm.VB.an : Cleaned with backup C:\Program Files\winsupdater\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\WINDOWS\DH.dll -> Hijacker.Small.jf : Cleaned with backup C:\WINDOWS\eosxwwac.exe -> Downloader.IstBar.ij : Cleaned with backup C:\WINDOWS\etb\nt_hide79.dll -> Trojan.EliteBar.h : Cleaned with backup C:\WINDOWS\etb\pokapoka79.exe -> Trojan.EliteBar.h : Cleaned with backup C:\WINDOWS\mousepad4.exe -> Hijacker.VB.lv : Cleaned with backup C:\WINDOWS\newfrn.exe -> Hijacker.VB.is : Cleaned with backup C:\WINDOWS\newname5.exe -> Downloader.Adload.ae : Cleaned with backup C:\WINDOWS\system32\ad.html -> Hijacker.Agent.e : Cleaned with backup C:\WINDOWS\system32\mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup C:\WINDOWS\system32\winlog.exe -> Backdoor.Rbot.adx : Cleaned with backup C:\WINDOWS\wallpap.exe -> Hijacker.Agent.gp : Cleaned with backup C:\WINDOWS\xqlyye.exe -> Downloader.IstBar.ij : Cleaned with backup ::Report End -------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 3:52:43 PM, on 3/24/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\Explorer.EXE C:\windows\system32\spoolsv.exe C:\program files\valve\steam\steam.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\windows\System32\svchost.exe C:\windows\system32\wuauclt.exe C:\Documents and Settings\John Cs\Desktop\HijackThis.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe Thank you so much!!! |
#5
|
||||
|
||||
Yes, those tools did a handy job of it. That last HijackThis post appears very incomplete. Was it run in Safe Mode? Please do a fresh scan with HijackThis and post that back here.
Also, Go here for an online AV scan. Scan "Local Disks" and when finished save the scan log and then post the log here. |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Nasty Virus...need help | Cris_Toth | Windows 7 | 2 | January 10th, 2012 02:45 AM |
Nasty virus!!!! | chuckweis | Malware Removal | 29 | March 13th, 2009 03:43 AM |
Nasty virus | idiotmyshkin | Windows XP | 5 | October 29th, 2008 01:54 AM |
Please help with another nasty Virus | marvontherim | Malware Removal | 17 | August 2nd, 2007 09:54 PM |
Please help me get rid of this nasty virus | zymase | Malware Removal | 7 | February 28th, 2005 03:25 AM |
All times are GMT +1. The time now is 05:50 AM.