Alex65 Posted June 14, 2008 ID:20285 Share Posted June 14, 2008 Hi, I need help with an infection on my laptop. I have done the pre-hgt log routine, except for panda live scan which does not seem to be working. Logs below_______SSearch and Destroy Log _____________________--- Search result list ---Zlob.Downloader.vdt: [sBI $AC965326] IE toolbar (Registry value, fixed) HKEY_USERS\S-1-5-21-1935655697-1563985344-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{51D81DD5-55B7-497F-95DB-D356429BB54E}--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---2008-01-28 blindman.exe (1.0.0.7)2008-01-28 SDDelFile.exe (1.0.2.4)2008-01-28 SDMain.exe (1.0.0.5)2007-10-07 SDShred.exe (1.0.1.2)2008-01-28 SDUpdate.exe (1.0.8.8)2008-01-28 SDWinSec.exe (1.0.0.11)2008-01-28 SpybotSD.exe (1.5.2.20)2008-01-28 TeaTimer.exe (1.5.2.16)2008-06-14 unins000.exe (51.49.0.0)2008-01-28 Update.exe (1.4.0.6)2008-01-28 advcheck.dll (1.5.4.5)2007-04-02 aports.dll (2.1.0.0)2007-11-17 DelZip179.dll (1.79.7.4)2008-01-28 SDFiles.dll (1.5.1.19)2008-01-28 SDHelper.dll (1.5.0.11)2008-01-28 Tools.dll (2.1.3.3)2008-06-03 Includes\Adware.sbi (*)2008-06-10 Includes\AdwareC.sbi (*)2008-06-03 Includes\Cookies.sbi (*)2008-06-03 Includes\Dialer.sbi (*)2008-06-10 Includes\DialerC.sbi (*)2008-06-03 Includes\HeavyDuty.sbi (*)2008-06-04 Includes\Hijackers.sbi (*)2008-06-03 Includes\HijackersC.sbi (*)2008-06-03 Includes\Keyloggers.sbi (*)2008-06-10 Includes\KeyloggersC.sbi (*)2004-11-29 Includes\LSP.sbi (*)2008-06-03 Includes\Malware.sbi (*)2008-06-11 Includes\MalwareC.sbi (*)2008-06-03 Includes\PUPS.sbi (*)2008-06-10 Includes\PUPSC.sbi (*)2007-11-07 Includes\Revision.sbi (*)2008-06-10 Includes\Security.sbi (*)2008-06-10 Includes\SecurityC.sbi (*)2008-06-03 Includes\Spybots.sbi (*)2008-06-03 Includes\SpybotsC.sbi (*)2008-06-03 Includes\Spyware.sbi (*)2008-06-03 Includes\SpywareC.sbi (*)2008-06-03 Includes\Tracks.uti2008-06-11 Includes\Trojans.sbi (*)2008-06-11 Includes\TrojansC.sbi (*)2008-03-04 Plugins\Chai.dll2008-03-05 Plugins\Fennel.dll2008-02-26 Plugins\Mate.dll2007-12-24 Plugins\TCPIPAddress.dll--- System information ---Windows XP (Build: 2600) Service Pack 2 (5.1.2600) / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366) / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) / MSXML4SP2: Security update for MSXML4 SP2 (KB936181) / Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs / Windows / SP1: Microsoft National Language Support Downlevel APIs / Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399) / Windows Media Player 10: Mise Link to post Share on other sites More sharing options...
1972vet Posted June 14, 2008 ID:20291 Share Posted June 14, 2008 ...and, can we see the hijackthis log? Link to post Share on other sites More sharing options...
Alex65 Posted June 14, 2008 Author ID:20301 Share Posted June 14, 2008 ...and, can we see the hijackthis log?Actually, I didn't keep as it came up clean. Also, I used the alternate solution to the Panda live scan. This also turned up clean... My fingers are crossed. P Link to post Share on other sites More sharing options...
1972vet Posted June 15, 2008 ID:20315 Share Posted June 15, 2008 Ahh...glad to see you were able to resolve this issue. Now that your system is clean and running the way you expect, let's create a new restore point you can refer to should the need arise at some point in the future.Please click "Start->Programs->Accessories->System Tools->System Restore". In the new window, check the 'Create a restore point' in the right pane and click "Next". In the "Restore point description" textbox, name your restore point to something you will easily recognize. I recommend something like yyyymmdd_Clean (ex. 20060101_Clean) Click "Create" and reboot your computer.To assist in the prevention of spyware infections:Immunize your browser by installing Spywareblaster. What does it do? Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restricts the actions of potentially unwanted sites in Internet Explorer.Keep your anti-virus and spyware definitions up to date. Be sure to scan often.Below you can choose from several of the freeware Firewalls available on the public domain. Even though you may have a Firewall already installed, keep this list handy should you choose not to renew your subscription for whatever reason.You should always have at least (but not more than ) one of these types of third party firewalls running on board:Kerio Personal FirewallZone AlarmOutpost FreeComodoInstall the free security tool "Secunia PSI" to help protect your system against software vulnerabilities. The free utility scans your system's software applications and offers a one button "Download "Solution" feature that updates the exploited software AND provides other related information/patching if warranted.Stay updated with the most recent Windows patches as well...using Microsoft's Windows Update. Make it easy on yourself, and set this feature to Automatic.Using an alternate browser can reduce your chance of certain infections installing themselves. We recommend installing Mozilla Firefox. If you don't already have "Firefox", please consider installing and using this browser for surfing.If you still wish to use Internet Explorer, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.Run CCleaner often. The Yahoo Toolbar is included by default during the installation...if you DO NOT WANT IT, be sure to remove the check from the "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser" option during installation setup.Or if you just want to run your on board Disk Cleanup ("Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files. Don't forget to defrag the system.So how did I get infected in the first place?Regards, and Happy Surfing! Link to post Share on other sites More sharing options...
JeanInMontana Posted June 16, 2008 ID:20457 Share Posted June 16, 2008 Actually, I didn't keep as it came up clean. Also, I used the alternate solution to the Panda live scan. This also turned up clean... My fingers are crossed. PHJT logs can only be determined "clean" by someone familiar with analyzing them. I suggest you submit some sort of AV log and a HJT log to be looked at. Link to post Share on other sites More sharing options...
JeanInMontana Posted June 24, 2008 ID:21013 Share Posted June 24, 2008 Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.Thanks for your excellent assistance 1972vet. Link to post Share on other sites More sharing options...
Recommended Posts