Komeiji

Hey there, I had some issues removing a trojan dropper today. but I think I got it cleaned out. But I'd like to be really sure, if its not too much trouble can you just tell me if my logs are clean? . DDS (Ver_11-03-05.01) - NTFSx86 Run by Andrew at 17:22:13.20 on Thu 05/05/2011 Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_24 Microsoft Attach.zip

I keep getting this stupid virus, and it's not difficult to clean out but it's been getting annoying, what are ways to prevent it? since it's new and all...

Awesome mate, thanks for your help.

PC was running fine before the combofix scan and same for afterwards. Had to replace my AVG with avast! since combofix wouldnt run with it even installed and I planned on changing soon anyways. ComboFix 11-02-15.01 - Andrew 02/15/2011 19:54:39.1.2 - x86 Microsoft

I would like to continue with the cleaning. If problems persist I will reformat.

Hey, I was here not too long ago with the following problem: http://forums.malwarebytes.org/index.php?showtopic=74219&st=0&p=382550&hl=need%20help%20please%20komeiji&fromsearch=1entry382550 This issue keeps happening whenever it seems my browser runs Java. I saved my log this time around from cleaning out the virus. Regardless of how many times I keep cleaning this bugger out, it keeps returning whenever I go to a site that runs java on the side. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5766 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 2/14/2011 10:06:33 PM mbam-log-2011-02-14 (22-06-33).txt Scan type: Quick scan Objects scanned: 152898 Time elapsed: 9 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\gpsfblxs (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\proxyserver (PUM.Bad.Proxy) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Andrew\AppData\Local\temp\561F.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.

awesome, thanks for your help! as for your tip about bittorrent I don't even use it really, so I guess I might as well part with it.

Nothing came up in the AVG scan I take it we're all done?

C:\HP\HPQWare\aim_icq\triton_de_de\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined C:\HP\HPQWare\aim_icq\triton_en_gb\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined C:\HP\HPQWare\aim_icq\triton_es_es\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined C:\HP\HPQWare\aim_icq\triton_fr_fr\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined C:\HP\HPQWare\aim_icq\triton_it_it\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined C:\HP\HPQWare\aim_icq\triton_nl_nl\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\6bafd9a6-34764530 probably a variant of Win32/Agent.FPEXZHL trojan deleted - quarantined C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\472eb3f0-44e9f8b1 multiple threats deleted - quarantined C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\481ee53d-63d5b693 probably a variant of Win32/Agent.HRYTTOE trojan deleted - quarantined and heres the log.... ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=18b34776c9f3564b87b3f1427fefed84 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-02-02 02:59:36 # local_time=2011-02-01 08:59:36 (-0600, Central Standard Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1032 16777213 100 95 0 39659616 0 0 # compatibility_mode=5892 16776574 100 100 23554116 133211044 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=315313 # found=9 # cleaned=9 # scan_time=12105 C:\HP\HPQWare\aim_icq\triton_de_de\setup.exe probably a variant of Win32/Agent.HZHBURL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\HP\HPQWare\aim_icq\triton_en_gb\setup.exe probably a variant of Win32/Agent.HZHBURL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\HP\HPQWare\aim_icq\triton_es_es\setup.exe probably a variant of Win32/Agent.HZHBURL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\HP\HPQWare\aim_icq\triton_fr_fr\setup.exe probably a variant of Win32/Agent.HZHBURL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\HP\HPQWare\aim_icq\triton_it_it\setup.exe probably a variant of Win32/Agent.HZHBURL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\HP\HPQWare\aim_icq\triton_nl_nl\setup.exe probably a variant of Win32/Agent.HZHBURL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\6bafd9a6-34764530 probably a variant of Win32/Agent.FPEXZHL trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\472eb3f0-44e9f8b1 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\481ee53d-63d5b693 probably a variant of Win32/Agent.HRYTTOE trojan (deleted - quarantined) 00000000000000000000000000000000 C

Hello Borislav, I request that you inform me of any findings in the following logs, even if there are none. I appreciate your help. --- Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5655 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 2/1/2011 2:19:47 PM mbam-log-2011-02-01 (14-19-47).txt Scan type: Quick scan Objects scanned: 151898 Time elapsed: 11 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS (Ver_10-12-12.02) - NTFSx86 Run by Andrew at 14:12:30.40 on Tue 02/01/2011 Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_23 Microsoft Attach.zip

So I was browsing youtube when this popup comes up. (I normally don't get popups) but it was running this scan on my computer, clearly fake so I tried to exit out. Prompts kept the stupid thing open with questions like ARE YOU SURE? YOUR COMPUTER WILL GO UNPROTECTED WOULD YOU LIKE TO PURCHASE OUR SOFTWARE? I got the stupid thing closed but my firefox was unaccesable from a proxy or something from that point so I ran a malwarebytes scan afraid I was infected with something. 5 Infections came up, I didn't save the log but it said they were all removed successfully. and I was prompted to restart my computer. When I restarted windows said it couldnt start up properly so it had to run a repair. after the repair ran i got to my desktop where my anti-virus was now updating in the corner. I feared I did not get whatever was there out of the system properly as many updates started going I ran another malwarebytes scan and got no results as follows below.... Even though my computer detects no viruses, I do not trust that. Can you guys help me sniff out anything that might still be here? Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4313 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 1/31/2011 8:23:30 PM mbam-log-2011-01-31 (20-23-30).txt Scan type: Quick scan Objects scanned: 129134 Time elapsed: 16 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Got a new router today which seems to have solved the problem. Thanks for all your help screen317

Viewpoint Media Player was listed in my programs So I uninstalled it after I googled a bit of information about it. Anyways; thank you for helping me with this issue anyways, I'll give my provider a call tomorrow about my internet speed and see what they can do. thanks again~

I understand this is not the issue I should normally take to this forum. But thank you very much for checking, I just want to be 100% sure. --------------- DDS (Ver_10-03-17.01) - NTFSx86 Run by Andrew at 23:59:13.16 on Sun 07/11/2010 Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20 Microsoft

Sorry about double posting but I should probably mention that nothing comes up with the most updated malwarebytes scan.