Jump to content

FBI Money Pak virus with white screen


Recommended Posts

I am running Windows XP Home and I finally got to safe mode with this but Malwarebytes doesnt pick the virus up. When I boot normally I have the whire screen of Death - it did say the FBI moneypack before i ran the scan in safemode, now, just a white screen and cursor on my desktop. Please help.

Link to post
Share on other sites

Hello janeD and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please boot in Safe mode with Networking:

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

ComboFix 13-05-16.02 - Administrator 05/16/2013 13:49:24.2.1 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1647 [GMT -4:00]

Running from: E:\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((( Files Created from 2013-04-16 to 2013-05-16 )))))))))))))))))))))))))))))))

.

.

2013-05-16 07:53 . 2013-05-16 07:53 60872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{56C92C22-427B-4B6E-BAF8-361FF2610CF3}\offreg.dll

2013-05-16 04:32 . 2013-05-16 04:32 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-05-16 04:32 . 2013-05-16 04:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2013-05-15 22:58 . 2013-05-15 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2013-05-15 22:58 . 2013-05-15 22:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-05-15 22:58 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-15 22:16 . 2013-04-10 00:08 6906960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{56C92C22-427B-4B6E-BAF8-361FF2610CF3}\mpengine.dll

2013-05-15 17:21 . 2013-05-15 17:21 -------- d-----w- c:\documents and settings\Administrator

2013-05-13 02:47 . 2013-04-10 00:08 6906960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-04-19 14:58 . 2013-04-19 14:58 -------- d-----w- C:\MATS

2013-04-19 14:43 . 2013-04-19 14:43 -------- d-----w- c:\documents and settings\Shirley\Local Settings\Application Data\FixItCenter

2013-04-19 14:31 . 2013-04-19 14:31 -------- d-----w- c:\windows\MATS

2013-04-19 14:31 . 2013-04-19 14:31 -------- d-----w- c:\program files\Microsoft Fix it Center

2013-04-18 19:20 . 2013-04-18 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\ErrorEND

2013-04-18 15:17 . 2013-04-18 15:17 -------- d-----w- c:\windows\system32\wbem\Repository

2013-04-18 15:16 . 2013-04-19 15:25 -------- d-----w- c:\program files\Microsoft Security Client

2013-04-18 14:56 . 2013-04-18 14:56 -------- d-----w- c:\windows\LastGood(2).Tmp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-02 15:28 . 2012-03-06 23:35 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-03-14 06:35 . 2012-09-17 14:18 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-14 06:35 . 2012-03-06 05:04 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-14 06:34 . 2013-03-14 06:34 15859416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2013-03-08 08:36 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2013-03-07 01:28 . 2004-08-04 12:00 2193408 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-07 00:50 . 2004-08-03 22:59 2070016 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-03-02 02:06 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2013-03-02 02:06 . 2004-08-04 12:00 6012416 ----a-w- c:\windows\system32\mshtml(2)(3).dll

2013-03-02 02:06 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-03-02 02:06 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-03-02 01:25 . 2004-08-04 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys

2013-03-02 01:08 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec

2013-02-27 07:56 . 2006-03-11 16:54 2067456 ----a-w- c:\windows\system32\mstscax.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2005-09-09 06:18 57344 ----a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

2005-04-13 10:12 88209 ----a-r- c:\windows\AGRSMMSG.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]

2013-01-28 23:16 1644680 ----a-w- c:\program files\Ask.com\Updater\Updater.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

2005-02-08 16:38 159744 ----a-r- c:\program files\Apoint2K\Apoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]

2006-03-28 01:06 233534 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]

2004-12-03 18:24 290816 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2005-02-08 10:32 126976 ----a-r- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

2005-07-29 01:28 176128 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

2005-05-04 15:59 794624 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2005-02-08 10:36 155648 ----a-r- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

2004-08-04 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-04-02 20:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]

2013-01-27 15:11 947152 ----a-w- c:\program files\Microsoft Security Client\msseces.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2004-10-14 14:11 1388544 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\temp\\HP_WebRelease\\Setup\\HPZnet01.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [5/15/2013 6:58 PM 418376]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/15/2013 6:58 PM 701512]

S2 pciinfo;HP Pci Information;\??\c:\docume~1\Shirley\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\Shirley\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]

S2 SkypeUpdate;Skype Updater;"c:\program files\Skype\Updater\Updater.exe" --> c:\program files\Skype\Updater\Updater.exe [?]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/15/2013 6:58 PM 22856]

S3 NuVision;Hauppauge WinTV USB Pro (NTSC);c:\windows\system32\drivers\Nuvision.sys [6/9/2006 5:43 PM 260144]

S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [9/9/2002 2:53 PM 17018]

S3 SCPSp50;SCPSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\SCPSp50.sys --> c:\windows\system32\Drivers\SCPSp50.sys [?]

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-17 06:35]

.

2013-04-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

2013-05-16 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 15:11]

.

2013-05-16 c:\windows\Tasks\MpIdleTask.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 15:11]

.

2013-05-16 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2013-01-28 23:16]

.

.

------- Supplementary Scan -------

.

TCP: Interfaces\{03495829-3D7D-4A1C-B308-3EFBC7B8335C}: NameServer = 4.2.2.1,4.2.2.2

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-05-16 13:54

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(608)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(1864)

c:\windows\system32\WININET.dll

.

Completion time: 2013-05-16 13:56:27

ComboFix-quarantined-files.txt 2013-05-16 17:56

ComboFix2.txt 2013-05-15 22:46

.

Pre-Run: 40,789,291,008 bytes free

Post-Run: 40,775,270,400 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - E4AAB1A90B33AA33B88C7140AB596498

Link to post
Share on other sites

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Safe mode with network support

User : Administrator [Admin rights]

Mode : Scan -- Date : 05/16/2013 16:36:45

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST960812A +++++

--- User ---

[MBR] 4dfda03da948ac86f234ab721d8c39eb

[bSP] c7f8731d62b20ac824d046b229a4db8f : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 57223 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: USB2.0 VAULT DRIVE USB Device +++++

--- User ---

[MBR] ac2ffac9fd9a9d3434b60fa844680cf1

[bSP] dec9f0908d0564afbcbcc26fa1ab4266 : Empty MBR Code

Partition table:

0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 63 | Size: 960 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1]_S_05162013_02d1636.txt >>

RKreport[1]_S_05162013_02d1636.txt

Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.

    [*]Check "YES, I accept the Terms of Use."

    [*]Click the Start button.

    [*]Accept any security warnings from your browser.

    [*]Under Scan Settings, check "Scan Archives" and "Remove found threats"

    [*]Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, click List Threats

    [*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    [*]Click the Back button.

    [*]Click the Finish button.

Link to post
Share on other sites

C:\Documents and Settings\Shirley\Application Data\Sun\Java\Deployment\cache\6.0\15\46a4280f-4471b0e6 a variant of Java/Exploit.Agent.OFX trojan cleaned by deleting - quarantined

C:\Documents and Settings\Shirley\Application Data\Sun\Java\Deployment\cache\6.0\2\258e3c02-5d046d0c multiple threats cleaned by deleting - quarantined

C:\Documents and Settings\Shirley\Application Data\Sun\Java\Deployment\cache\6.0\26\2f08ff1a-2a1e44ba Java/Exploit.Agent.OCF trojan cleaned by deleting - quarantined

C:\Documents and Settings\Shirley\Application Data\Sun\Java\Deployment\cache\6.0\3\3e9df603-48d594a7 a variant of Java/Exploit.Agent.OGG trojan cleaned by deleting - quarantined

C:\Documents and Settings\Shirley\Application Data\Sun\Java\Deployment\cache\6.0\32\712d4820-1de26a58 a variant of Java/Exploit.Agent.OFX trojan cleaned by deleting - quarantined

C:\Documents and Settings\Shirley\Application Data\Sun\Java\Deployment\cache\6.0\33\68c7b561-412c4353 multiple threats cleaned by deleting - quarantined

C:\Documents and Settings\Shirley\Application Data\Sun\Java\Deployment\cache\6.0\35\443f4a3-7b5d681f multiple threats cleaned by deleting - quarantined

C:\Documents and Settings\Shirley\Application Data\Sun\Java\Deployment\cache\6.0\39\18902c67-29ad8e2f a variant of Java/Exploit.Agent.OFX trojan cleaned by deleting - quarantined

C:\Documents and Settings\Shirley\Application Data\Sun\Java\Deployment\cache\6.0\40\1092d7e8-56d85ee3 multiple threats cleaned by deleting - quarantined

C:\Documents and Settings\Shirley\Application Data\Sun\Java\Deployment\cache\6.0\44\6b16862c-70821d1b a variant of Java/Exploit.Agent.OFX trojan cleaned by deleting - quarantined

C:\Documents and Settings\Shirley\Application Data\Sun\Java\Deployment\cache\6.0\5\5f4723c5-7ce60c9a multiple threats cleaned by deleting - quarantined

C:\Documents and Settings\Shirley\Application Data\Sun\Java\Deployment\cache\6.0\60\51d55afc-69266f26 multiple threats cleaned by deleting - quarantined

C:\Documents and Settings\Shirley\Local Settings\Application Data\AskToolbar\setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

C:\Documents and Settings\Shirley\My Documents\139d2e78.dll a variant of Win32/Kryptik.BBAO trojan cleaned by deleting - quarantined

C:\Documents and Settings\Shirley\My Documents\139d2e78.exe a variant of Win32/Kryptik.BBAO trojan cleaned by deleting - quarantined

Link to post
Share on other sites

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, then click Remove JRE.
  • Run the built-in uninstallers for all copies of java listed
  • Click the Next button
  • Click the Next button again
  • Click the Java Manual Download link
  • A browser window will open with the Java download page
  • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
  • Run the installer
  • Close JavaRa

Link to post
Share on other sites

When I clicked the Uninstall I got this message:

The Windows Insaller Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Link to post
Share on other sites

Please download unhide.exe from here and save it to your Desktop. Double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run. When Unhide is complete, it will create a logfile on the Windows Desktop called Unhide.txt . Post the log file in your next reply here.

Link to post
Share on other sites

Sorry I worked all weekend and still appreciate your help

UNHIDE LOGS

=======================

Unhide by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2013 BleepingComputer.com

More Information about Unhide.exe can be found at this link:

http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 05/19/2013 11:35:26 PM

Windows Version: Windows XP

Please be patient while your files are made visible again.

Processing the C:\ drive

Finished processing the C:\ drive. 65089 files processed.

Processing the E:\ drive

Finished processing the E:\ drive. 139 files processed.

The C:\DOCUME~1\ADMINI~1.CHU\LOCALS~1\Temp\smtmp\ folder does not exist!!

Unhide cannot restore your missing shortcuts!!

Please see this topic in order to learn how to restore default

Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.

- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

No registry changes detected.

Program finished at: 05/19/2013 11:40:14 PM

Execution time: 0 hours(s), 4 minute(s), and 48 seconds(s)

Link to post
Share on other sites

  • 3 weeks later...

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.