Jump to content

sbybot@mxt and PSW trojan attack

rajeshk

By rajeshk
in Resolved Malware Removal Logs

 Share

Recommended Posts

rajeshk

rajeshk

Posted
Posted

Hi ,

My laptop is attacked by sbybot@mxt and PSW trojan attack. I am getting many security threat messages. I saw your forum and have performed the below steps.

1) downloaded Spybot Search & Destroy, immunized and scanned and fixed the errors.

2) downloaded AVG AntiSpyware , scanned and applied the actions. I am attaching the report herewith for you reference.

3) ran Active Panda online scan , attached is the report.

4) also attached is Hijack report

Please let me know what i need to further.

Thanks a lot for your support.

Rajesh

Incident Status Location

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\rk21933\Application Data\Mozilla\Firefox\Profiles\dm8kwoj5.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\rk21933\Application Data\Mozilla\Firefox\Profiles\dm8kwoj5.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\rk21933\Application Data\Mozilla\Firefox\Profiles\dm8kwoj5.default\cookies.txt[.advertising.com/]

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\rk21933\Application Data\Mozilla\Firefox\Profiles\dm8kwoj5.default\cookies.txt[.mediaplex.com/]

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\rk21933\Application Data\Mozilla\Firefox\Profiles\dm8kwoj5.default\cookies.txt[ad.yieldmanager.com/]

Virus:Trj/ClassLoader.AH Disinfected C:\Documents and Settings\rk21933\Application Data\Sun\Java\Deployment\cache\6.0\25\2365d359-5a719658[bnnnnBaa.class]

Virus:Trj/ClassLoader.AH Disinfected C:\Documents and Settings\rk21933\Application Data\Sun\Java\Deployment\cache\6.0\25\2365d359-5a719658[VaannnaaBaa.class]

Virus:Trj/ClassLoader.AH Disinfected C:\Documents and Settings\rk21933\Application Data\Sun\Java\Deployment\cache\6.0\25\2365d359-5a719658[bnnnnn.class]

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\rk21933\Cookies\rk21933@ad.yieldmanager[2].txt

Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\rk21933\Cookies\rk21933@adserver.easyad[2].txt

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\rk21933\Cookies\rk21933@apmebf[1].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\rk21933\Cookies\rk21933@doubleclick[1].txt

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\rk21933\Cookies\rk21933@go[1].txt

Spyware:Cookie/Target Not disinfected C:\Documents and Settings\rk21933\Cookies\rk21933@target[2].txt

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\rk21933\Local Settings\Temp\Cookies\rk21933@adrevolver[1].txt

Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\rk21933\Local Settings\Temp\Cookies\rk21933@adserver.easyad[1].txt

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\rk21933\Local Settings\Temp\Cookies\rk21933@apmebf[2].txt

Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\rk21933\Local Settings\Temp\Cookies\rk21933@bravenet[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\rk21933\Local Settings\Temp\Cookies\rk21933@com[1].txt

Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\rk21933\Local Settings\Temp\Cookies\rk21933@gostats[2].txt

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\rk21933\Local Settings\Temp\Cookies\rk21933@go[2].txt

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\rk21933\Local Settings\Temp\Cookies\rk21933@xiti[1].txt

Virus:Trj/ClassLoader.AH Disinfected C:\Documents and Settings\rk21933\Local Settings\Temp\jar_cache49654.tmp[bnnnnBaa.class]

Virus:Trj/ClassLoader.AH Disinfected C:\Documents and Settings\rk21933\Local Settings\Temp\jar_cache49654.tmp[VaannnaaBaa.class]

Virus:Trj/ClassLoader.AH Disinfected C:\Documents and Settings\rk21933\Local Settings\Temp\jar_cache49654.tmp[bnnnnn.class]

Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\rk21933\Local Settings\Temp\mofugclq.exe

Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\rk21933\Local Settings\Temp\qrjatydi.exe

Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\rk21933\Local Settings\Temp\yazzsnet.exe[

Activescan.txt

Report_Scan_20071123_214116.txt

Activescan.txt

Report_Scan_20071123_214116.txt

Link to post
Share on other sites
JeanInMontana

JeanInMontana

Posted
Posted

Hi rajeshk and welcome to Malwarebytes. Please post all replies in the body of your post, not as an attachment.

You did not take action with AVG, nothing was removed. Please scan again and take action. You also didn't post your HiJack This log at all. We can proceed with the information from the Panda scan.

Please download VundoFix.exe

to your desktop. http://www.atribune.org/ccount/click.php?id=4

* Double-click VundoFix.exe to run it.

* Click the Scan for Vundo button.

* Once it's done scanning, click the Remove Vundo button.

* You will receive a prompt asking if you want to remove the files, click YES

* Once you click yes, your desktop will go blank as it starts removing Vundo.

* When completed, it will prompt that it will reboot your computer, click OK.

* Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.

In this case, VundoFix will run on reboot, simply follow the above

instructions starting from "Click the Scan for Vundo button." when

VundoFix appears at reboot.

Post the log from this and then a HJT log please in your next reply.

Link to post
Share on other sites
rajeshk

rajeshk

Posted
  • Author
Posted

Hi ,

Thanks for the welcome reply. I will not upload the files.

Here is the log from VunndoFix.txt

VundoFix V6.6.2

Checking Java version...

Scan started at 4:42:13 PM 11/24/2007

Listing files found while scanning....

C:\WINDOWS\system32\lsqkgpdc.dll

C:\windows\system32\lsqkgpdc.dllbox

C:\windows\system32\utrxqpsj.dll

Beginning removal...

Attempting to delete C:\windows\system32\lsqkgpdc.dllbox

C:\windows\system32\lsqkgpdc.dllbox Has been deleted!

Attempting to delete C:\windows\system32\utrxqpsj.dll

C:\windows\system32\utrxqpsj.dll Has been deleted!

Performing Repairs to the registry.

Done!

Here is the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:02:55 PM, on 11/24/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CA\eTrustITM\realmon.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Spyware Doctor\SDTrayApp.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\rundll32.exe

E:\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe

C:\Program Files\CA\eTrustITM\InoRpc.exe

C:\Program Files\CA\eTrustITM\InoRT.exe

C:\Program Files\CA\eTrustITM\InoTask.exe

C:\Program Files\Spyware Doctor\svcntaux.exe

C:\Program Files\Spyware Doctor\swdsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.17.24.30:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.satyam.*;<local>

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)

O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [f8f7630a] rundll32.exe "C:\WINDOWS\system32\ipfvoich.dll",b

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Policies\Explorer\Run: [1] \\psiadc001\NETLOGON\proxy.vbs

O4 - HKCU\..\Policies\Explorer\Run: [2] \\psiadc001\netlogon\psi-profile.bat

O4 - HKCU\..\Policies\Explorer\Run: [3] \\psidadc001\netlogon\safeimp.vbs

O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Append to existing PDF - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.satyam.ad

O17 - HKLM\Software\..\Telephony: DomainName = corp.satyam.ad

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.satyam.ad

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.satyam.ad

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\dndlablq.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe

O23 - Service: eTrust ITM RPC Service (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRpc.exe

O23 - Service: eTrust ITM Realtime Service (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRT.exe

O23 - Service: eTrust ITM Job Service (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoTask.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--

End of file - 11361 bytes

I will also run the AVG scan and will take action. will update the log once done.

Thanks a lot for your help.

Rajesh

Link to post
Share on other sites
rajeshk

rajeshk

Posted
  • Author
Posted

Hi ,

Thanks for the welcome reply. I will not upload the files.

Here is the log from VunndoFix.txt

VundoFix V6.6.2

Checking Java version...

Scan started at 4:42:13 PM 11/24/2007

Listing files found while scanning....

C:\WINDOWS\system32\lsqkgpdc.dll

C:\windows\system32\lsqkgpdc.dllbox

C:\windows\system32\utrxqpsj.dll

Beginning removal...

Attempting to delete C:\windows\system32\lsqkgpdc.dllbox

C:\windows\system32\lsqkgpdc.dllbox Has been deleted!

Attempting to delete C:\windows\system32\utrxqpsj.dll

C:\windows\system32\utrxqpsj.dll Has been deleted!

Performing Repairs to the registry.

Done!

Hi ,

Here is the log of AVG. yesterday i posted the report before doing the action. But also it removed downloader.tiny.id ut again today it showed up and now it says it has quarantined.

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

+ Created at: 6:07:27 PM 11/24/2007

+ Scan result:

C:\Documents and Settings\rk21933\Local Settings\Temporary Internet Files\Content.IE5\W6GKHL3N\poiu[1] -> Downloader.Tiny.id : Cleaned with backup (quarantined).

C:\Documents and Settings\rk21933\Local Settings\Temp\mofugclq.exe -> Not-A-Virus.Downloader.Win32.WinFixer.au : Ignored.

C:\Documents and Settings\rk21933\Local Settings\Temp\qrjatydi.exe -> Not-A-Virus.Downloader.Win32.WinFixer.au : Ignored.

::Report end

Thanks,

Rajesh

Link to post
Share on other sites
JeanInMontana

JeanInMontana

Posted
Posted

Please read and follow directions carefully. Run the scan and remove all items then post one HJT log. You still didn't remove some items with AVG. And I can't tell when you actually did the HJT scan. So please delete the quarantine folder in AVG and scan again with AVG, remove everything found. Post that log and a HJT log after taking all actions with AVG.

Link to post
Share on other sites
  • 3 weeks later...
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.