Jump to content

football_dynasties

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

 Content Type 

Posts posted by football_dynasties

    I caught the Trojan.Zlob.G too

    in Resolved Malware Removal Logs

    Posted

    Hey :angry: - was wondering if you could tell me how you found the files and how you go about renaming them? I know nothing about this and don't want to muck it up but my browsers (IE and Firefox) keep crashing - thanks for any help!

    "JohnD2 said that renamed two files 'spcffwl.dll' and 'kjzna1562565.exe' in C:\Documents and Settings\<myusername>\Application Data\Google"

    Find those two files then just right click and rename them. I just added 'test'. I still get the pop-up, but I can use IE without it crashing. I'd just say be careful, because I don't think this is a permanent fix. I'm still waiting for someone to help.

    I caught the Trojan.Zlob.G too

    in Resolved Malware Removal Logs

    Posted

    I used this trick "JohnD2 said that renamed two files 'spcffwl.dll' and 'kjzna1562565.exe' in C:\Documents and Settings\<myusername>\Application Data\Google"

    to renamed the files. I'm still getting the pop-up that's trying to get me to install Perfect Defender 2009, but I can now search the internet and was able to run the Panda Security scan. Still waiting to here for a permanent solution. I haven't deleted those files, just renamed them.

    ;*******************************************************************************

    ********************************************************************************

    *

    *******************

    ANALYSIS: 2008-12-07 16:17:21

    PROTECTIONS: 1

    MALWARE: 20

    SUSPECTS: 0

    ;*******************************************************************************

    ********************************************************************************

    *

    *******************

    PROTECTIONS

    Description Version Active Updated

    ;===============================================================================

    ================================================================================

    =

    ===================

    Symantec Antivirus Corporate Edition 10.1 No Yes

    ;===============================================================================

    ================================================================================

    =

    ===================

    MALWARE

    Id Description Type Active Severity Disinfectable Disinfected Location

    ;===============================================================================

    ================================================================================

    =

    ===================

    00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@trafficmp[2].txt

    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Tech\Cookies\tech@doubleclick[1].txt

    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@atdmt[2].txt

    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Tech\Cookies\tech@atdmt[2].txt

    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\linda\Cookies\linda@atdmt[2].txt

    00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\linda\Cookies\linda@fastclick[2].txt

    00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Tech\Cookies\tech@fastclick[1].txt

    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@tribalfusion[1].txt

    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\linda\Cookies\linda@tribalfusion[1].txt

    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Tech\Cookies\tech@tribalfusion[2].txt

    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@azjmp[1].txt

    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@ad.yieldmanager[2].txt

    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Tech\Cookies\tech@apmebf[2].txt

    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@serving-sys[1].txt

    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@bs.serving-sys[2].txt

    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@advertising[2].txt

    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@ads.pointroll[2].txt

    00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@overture[1].txt

    00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@realmedia[2].txt

    00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@questionmarket[2].txt

    00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Tech\Cookies\tech@adrevolver[2].txt

    00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\linda\Cookies\linda@adrevolver[2].txt

    00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@adrevolver[1].txt

    00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@go[2].txt

    00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@target[1].txt

    00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@atwola[1].txt

    00456116 Adware/Antivirus2009 Adware No 0 Yes No C:\Documents and Settings\asmith\Local Settings\Temporary Internet Files\Content.IE5\6Z2N2HIB\freescan[1].htm

    ;===============================================================================

    ================================================================================

    =

    ===================

    SUSPECTS

    Sent Location Y

    ;===============================================================================

    ================================================================================

    =

    ===================

    ;===============================================================================

    ================================================================================

    =

    ===================

    VULNERABILITIES

    Id Severity Description Y

    ;===============================================================================

    ================================================================================

    =

    ===================

    ;===============================================================================

    ================================================================================

    =

    ===================

    I caught the Trojan.Zlob.G too

    in Resolved Malware Removal Logs

    Posted

    I was unable to use the Panda security scan because my browser keeps crashing, but here are the MBAM and HijackThis logs..

    Malwarebytes' Anti-Malware 1.31

    Database version: 1456

    Windows 5.1.2600 Service Pack 3

    12/7/2008 4:15:49 AM

    mbam-log-2008-12-07 (04-15-49).txt

    Scan type: Full Scan (C:\|)

    Objects scanned: 101493

    Time elapsed: 22 minute(s), 30 second(s)

    Memory Processes Infected: 1

    Memory Modules Infected: 4

    Registry Keys Infected: 18

    Registry Values Infected: 3

    Registry Data Items Infected: 2

    Folders Infected: 4

    Files Infected: 20

    Memory Processes Infected:

    C:\Program Files\GetModule\GetModule31.exe (Trojan.Agent) -> Unloaded process successfully.

    Memory Modules Infected:

    C:\WINDOWS\system32\pmnmkIBt.dll (Trojan.Vundo.H) -> Delete on reboot.

    C:\WINDOWS\system32\ubhvbqku.dll (Trojan.Vundo.H) -> Delete on reboot.

    C:\WINDOWS\system32\opnmJDWM.dll (Trojan.Vundo.H) -> Delete on reboot.

    C:\WINDOWS\system32\ouhlxt.dll (Trojan.Vundo) -> Delete on reboot.

    Registry Keys Infected:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnmjdwm (Trojan.Vundo.H) -> Delete on reboot.

    HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8052fbe4-c578-403b-80ee-061ea8bd8063} (Trojan.Vundo.H) -> Delete on reboot.

    HKEY_CLASSES_ROOT\CLSID\{8052fbe4-c578-403b-80ee-061ea8bd8063} (Trojan.Vundo.H) -> Delete on reboot.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{af0e4b9c-dd2c-404f-a722-8d79284428ed} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{af0e4b9c-dd2c-404f-a722-8d79284428ed} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8052fbe4-c578-403b-80ee-061ea8bd8063} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af0e4b9c-dd2c-404f-a722-8d79284428ed} (Trojan.Vundo) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\GetModule (Adware.Agent) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Values Infected:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d4d74915 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getmodule31 (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Data Items Infected:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\pmnmkibt -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\pmnmkibt -> Delete on reboot.

    Folders Infected:

    C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\Documents and Settings\asmith\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\Documents and Settings\asmith\Application Data\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.

    Files Infected:

    C:\WINDOWS\system32\opnmJDWM.dll (Trojan.Vundo.H) -> Delete on reboot.

    C:\WINDOWS\system32\pmnmkIBt.dll (Trojan.Vundo.H) -> Delete on reboot.

    C:\WINDOWS\system32\tBIkmnmp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\tBIkmnmp.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\ouhlxt.dll (Trojan.Vundo.H) -> Delete on reboot.

    C:\WINDOWS\system32\ubhvbqku.dll (Trojan.Vundo.H) -> Delete on reboot.

    C:\WINDOWS\system32\ukqbvhbu.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

    C:\Documents and Settings\asmith\Local Settings\Temporary Internet Files\Content.IE5\2XCDIHAD\zc113432[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.

    C:\Documents and Settings\asmith\Local Settings\Temporary Internet Files\Content.IE5\CBN36OPL\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\pdvniade.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\Program Files\GetModule\GetModule31.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\Documents and Settings\asmith\Application Data\gadcom\purasi.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\Documents and Settings\asmith\Application Data\GetModule\dicik.gz (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\Documents and Settings\asmith\Application Data\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\Documents and Settings\asmith\Application Data\GetModule\losi.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\Documents and Settings\asmith\Application Data\GetModule\ofadik.gz (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\wpv961228549770.cpx (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\yayaWoMD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    --------------------------------------------------------------------------------------------------------------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 4:32:20 AM, on 12/7/2008

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

    C:\Program Files\Symantec AntiVirus\DefWatch.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

    C:\Program Files\Symantec AntiVirus\SavRoam.exe

    C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\wscntfy.exe

    C:\Program Files\Apoint\Apoint.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\WINDOWS\stsystra.exe

    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

    C:\WINDOWS\system32\igfxsrvc.exe

    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

    C:\Program Files\Apoint\ApMsgFwd.exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\Program Files\Apoint\HidFind.exe

    C:\Program Files\Apoint\Apntex.exe

    C:\PROGRA~1\SYMANT~1\VPTray.exe

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.