Jump to content

Recommended Posts

HERE IS THE HIJACKTHIS LOG:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:18:46 PM, on 2/13/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\System32\taskswitch.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\D-Link\D-Link DSL-200I USB ADSL Modem\dslmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Common Files\Teleca Shared\logger.exe

F:\Ijud Punyer\Visual Basic\Applications\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 219.93.178.162:3128

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local>

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll

F2 - REG:system.ini: Shell=Explorer.exe ""

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Tok-Cirrhatus] (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')

O4 - Global Startup: DSLMON.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Shahril Izwan\Start Menu\Programs\IMVU\Run IMVU.lnk

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1238556837813

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 11901 bytes

HERE IS MALWAREBYTES LOG:

Malwarebytes' Anti-Malware 1.44

Database version: 3732

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

2/13/2010 8:00:34 PM

mbam-log-2010-02-13 (20-00-34).txt

Scan type: Full Scan (C:\|)

Objects scanned: 238875

Time elapsed: 55 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 102

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\System Volume Information\_restore{5BAC1D37-A855-4708-8BF8-0DE091F86EF1}\RP366\A0097342.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{5BAC1D37-A855-4708-8BF8-0DE091F86EF1}\RP366\A0097331.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{5BAC1D37-A855-4708-8BF8-0DE091F86EF1}\RP366\A0097334.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{5BAC1D37-A855-4708-8BF8-0DE091F86EF1}\RP366\A0097335.com (Worm.Brontok) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{5BAC1D37-A855-4708-8BF8-0DE091F86EF1}\RP366\A0097336.pif (Worm.Brontok) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{5BAC1D37-A855-4708-8BF8-0DE091F86EF1}\RP366\A0097337.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{5BAC1D37-A855-4708-8BF8-0DE091F86EF1}\RP366\A0097338.scr (Worm.Brontok) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{5BAC1D37-A855-4708-8BF8-0DE091F86EF1}\RP366\A0097339.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{5BAC1D37-A855-4708-8BF8-0DE091F86EF1}\RP366\A0097340.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{5BAC1D37-A855-4708-8BF8-0DE091F86EF1}\RP366\A0097341.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{5BAC1D37-A855-4708-8BF8-0DE091F86EF1}\RP366\A0097343.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{5BAC1D37-A855-4708-8BF8-0DE091F86EF1}\RP366\A0097344.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{5BAC1D37-A855-4708-8BF8-0DE091F86EF1}\RP366\A0097345.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{5BAC1D37-A855-4708-8BF8-0DE091F86EF1}\RP366\A0097346.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{5BAC1D37-A855-4708-8BF8-0DE091F86EF1}\RP366\A0097347.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{5BAC1D37-A855-4708-8BF8-0DE091F86EF1}\RP366\A0097348.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{5BAC1D37-A855-4708-8BF8-0DE091F86EF1}\RP366\A0097349.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\My Music\iTunes\iTunes Music\David Byrne\Look Into The Eyeball\Look Into The Eyeball.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\My Music\iTunes\iTunes Music\Ludwig van Beethoven, composer. Seattle\2 & 6 Sinfonia\2 & 6 Sinfonia.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\My Music\iTunes\iTunes Music\Marc Seales, composer. New Stories. Erni\Speakin' Out\Speakin' Out.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\My Music\iTunes\iTunes Music\Sheila Majid\Dimensi Baru\Dimensi Baru.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\My Music\iTunes\iTunes Music\Take That\Unknown Album\Unknown Album.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\My Music\iTunes\iTunes Music\Too Phat\360'\360'.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\My Music\iTunes\iTunes Music\Unknown Artist\Unknown Album\Unknown Album.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\My Music\iTunes\iTunes Music\_NSYNC\No Strings Attached\No Strings Attached.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\My Music\iTunes\Previous iTunes Libraries\Previous iTunes Libraries.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\My Pictures\Picture\Picture.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\My Pictures\Home Sweet Home 2\Acai0\My Portfolio\My Portfolio.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\My Pictures\Kodak V1253\Kodak V1253.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\My Received Files\My Received Files.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\My Scans\2007-11 (Nov)\2007-11 (Nov).exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\My Scans\2008-06 (Jun)\2008-06 (Jun).exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\My Scans\2008-07 (Jul)\2008-07 (Jul).exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\My Scans\2008-09 (Sep)\2008-09 (Sep).exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\My Scans\2009-02 (Feb)\2009-02 (Feb).exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\My Scans\2009-04 (Apr)\2009-04 (Apr).exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\My Scans\2009-05 (May)\2009-05 (May).exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\My Scans\2009-07 (Jul)\2009-07 (Jul).exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\My Scans\2009-08 (Aug)\2009-08 (Aug).exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\My Scans\2009-10 (Oct)\2009-10 (Oct).exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\My Videos\DivX Movies\DivX Movies.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\My Videos\DivX Movies\Temporary Downloaded Files\Temporary Downloaded Files.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\My Videos\RealPlayer Downloads\RealPlayer Downloads.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 07\A. Profiles\A. Profiles`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 07\B. Manager - AcaiFC\B. Manager - AcaiFC`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 07\B. Manager - ManUtd\B. Manager - ManUtd`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 07\D. My Squads\D. My Squads`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 07\E. Replay - CR1\E. Replay - CR1`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 07\E. Replay - NANIA\E. Replay - NANIA`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 07\E. Replay - RON2A\E. Replay - RON2A`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 07\E. Replay - RON2K\E. Replay - RON2K`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 07\E. Replay - RONALD\E. Replay - RONALD`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 07\E. Replay - RONNIE\E. Replay - RONNIE`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 07\E. Replay - RONNK\E. Replay - RONNK`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 07\E. Replay - ROONEY\E. Replay - ROONEY`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 07\E. Replay - WUYOOA\E. Replay - WUYOOA`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 07\user\user.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 08\FIFA 08.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 08\A. Profiles\A. Profiles`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 08\B. Manager - manutd\B. Manager - manutd`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 08\user\user.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 09\FIFA 09.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 09\E. RClip - WOW\E. RClip - WOW`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 09\A. Profiles\A. Profiles`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 09\B. Manager - Acai\B. Manager - Acai`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 09\B. Manager - Ariana\B. Manager - Ariana`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 09\B. Manager - FIFA09\B. Manager - FIFA09`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 09\B. Manager - ManUtd\B. Manager - ManUtd`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 09\E. RClip - ANDE1\E. RClip - ANDE1`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 09\E. RClip - ANDERS\E. RClip - ANDERS`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 09\E. RClip - BERBA1\E. RClip - BERBA1`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 09\E. RClip - KEREK1\E. RClip - KEREK1`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 09\E. RClip - RON3\E. RClip - RON3`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 09\E. RClip - ROO1\E. RClip - ROO1`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 09\E. Replay - ADEH1\E. Replay - ADEH1`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 09\E. Replay - AND2\E. Replay - AND2`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 09\E. Replay - CR1\E. Replay - CR1`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 09\E. Replay - Replay\E. Replay - Replay`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 09\I. Be A Pro - Acai\I. Be A Pro - Acai`.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\FIFA 09\user\user.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\baju_sbh\baju_sbh\baju_sbh.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\Bypass_Tools4dl4all\Bypass Tools\Bypass Tools.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\Sports Interactive\Football Manager 2008\filters\filters.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\Sports Interactive\Football Manager 2008\games\games.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\Sports Interactive\Football Manager 2008\graphics\english\Championship\Championship.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\Sports Interactive\Football Manager 2008\graphics\english\Championship\Clubs\Normal\Normal.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\Sports Interactive\Football Manager 2008\graphics\english\Championship\Clubs\Small\Small.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\Sports Interactive\Football Manager 2008\graphics\english\Championship\Competitions\Normal\Normal.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\Sports Interactive\Football Manager 2008\graphics\english\Championship\Competitions\Small\Small.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\Sports Interactive\Football Manager 2008\graphics\english\Premiership\Premiership.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\Sports Interactive\Football Manager 2008\graphics\english\Premiership\Clubs\Normal\Normal.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\Sports Interactive\Football Manager 2008\graphics\english\Premiership\Clubs\Small\Small.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\Sports Interactive\Football Manager 2008\graphics\english\Premiership\Comps\Normal\Normal.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\Sports Interactive\Football Manager 2008\graphics\english\Premiership\Comps\Small\Small.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\Sports Interactive\Football Manager 2008\graphics\players\players\EPL Arsenal\EPL Arsenal.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\Sports Interactive\Football Manager 2008\graphics\players\players\EPL Chelsea\EPL Chelsea.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\Sports Interactive\Football Manager 2008\graphics\players\players\EPL Liverpool\EPL Liverpool.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\Sports Interactive\Football Manager 2008\graphics\players\players\EPL Man Utd\EPL Man Utd.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\Sports Interactive\Football Manager 2008\graphics\players\players\EPL Tottenham\EPL Tottenham.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\Sports Interactive\Football Manager 2008\matches\matches.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\My Documents\Sports Interactive\Football Manager 2008\tactics\tactics.exe (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shahril Izwan\Templates\16248-NendangBro.com (Worm.Brontok) -> Quarantined and deleted successfully.

Why does it keep coming back? It's frustrating...

Thanks in advance!

Link to post
Share on other sites

Hello,

Make sure you have no peer-to-peer apps {like LimeWire or uTorrent or any other such app} installed.

Otherwise, I will decline further assistance.

Step 1

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 2

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2-B

Download TFC by OldTimer to your desktop

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • IF prompted to Reboot, reply "Yes".

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Do NOT turn off the firewall

Using Internet Explorer browser only, go to ESET Online Scanner website:

Vista users should start IE by Start (Vista Orb) >> Internet Explorer >> Right-Click and select Run As Administrator.

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://www.eset.com/onlinescan/cac4.php?page=faq

    • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
      Otherwise the scan will take twice as long to do:
      everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.

Step 4

Download GMER Rootkit Scanner from here or here. Unzip it to your Desktop.

========================================================

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

========================================================

Double-click gmer.exe. The program will begin to run.

**Caution**

These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click Yes.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt".
  • Save it where you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

  • Click the Scan button and let the program do its work. GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt".
  • Save it where you can easily find it, such as your desktop.

Step 5

Make sure your antivirus app is re-enabled at this point.

Download DDS and save it to your desktop from http://www.techsupportforum.com/sectools/sUBs/dds here

or http://download.bleepingcomputer.com/sUBs/dds.scr

or http://www.forospyware.com/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

Then double click dds.scr to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.

Step 6

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):

  • the contents of ESET scan log
  • the contents of GMER log
  • the contents of DDS.txt
  • the contents of Attach.txt
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.