Jump to content

audio malware with random soundbytes


Recommended Posts

This week, I have started getting random audio messages even when not browsing the internet, and with no applications running on the desktop. The most common byte is "Congratulations, You have won," but other times it is a partial ad or just music playing for a few seconds. I have Norton 360 running and Malwarebytes, but neither have found or removed the problem. I could use some help.

Thanks in advance!

HJT Log

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:23:34 AM, on 7/29/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18928)

Boot mode: Normal

Running processes:

C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\PdaNet for Android\PdaNetPC.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"

O4 - HKLM\..\Run: [VAIOSecurity] "C:\Program Files\Sony\VAIO Security Center\VSC.exe" 1

O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"

O4 - HKLM\..\Run: [VAIOSurvey] C:\Program Files\Sony Corporation\VAIO Survey\Vista VAIO Survey.exe

O4 - HKLM\..\Run: [uSB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController

O4 - HKLM\..\Run: [uSBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab

O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - (no file)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Google Update Service (gupdate1c99d143b07fdc0) (gupdate1c99d143b07fdc0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe

O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 12823 bytes

Link to post
Share on other sites

tider,

icon11.gif Download Combofix from either of the links below, and save it to your desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt.

Please include the following in your next post:

  • ComboFix log

Link to post
Share on other sites

tider,

icon11.gif Please download MBRCheck.exe to your desktop.

  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A small window should open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your deskop. Please post the contents of that file.

Please include the following in your next post:

  • MBRCheck log

Link to post
Share on other sites

Here it is....

MBRCheck, version 1.1.1

© 2010, AD

\\.\C: --> \\.\PhysicalDrive0

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done! Press ENTER to exit...

Link to post
Share on other sites

tider,

icon11.gif Run MBRCheck again

  • Double click the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • At the prompt, enter Y and hit Enter
  • At the next prompt (Options), select 2 and hit Enter
  • At the "Enter the physical drive number to fix" option, select 0 and hit Enter
  • At the "Available MBR codes" prompt, select 3 and hit Enter
  • The program will prompt for confirmation. Type YES and hit Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop
  • Reboot your PC
  • Post the contents of the log

icon11.gif Run MBRCheck again

  • Double click the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your deskop. Please post the contents of that file.

Please include the following in your next post:

  • Both MBRCheck logs

Link to post
Share on other sites

okay. I ran MBRCheck again, and followed all of the instructions. It did generate the .txt log file on my desktop. Then, when I rebooted my computer, This came up in the Windows Boot Manager:

Windows failed to start. A recent hardware or software change might be the cause. To fix the problem:

1. Insert your Windows installation disc and restart your computer.

2. Choose your language settings, and then click "Next"

3. Click "Repair your computer."

If you do not have this disc, contact your system administrator or computer manufacturer for assistance.

File: \windows\system32\winload.exe

Status: 0xc000000e

Info: The selected entry could not be loaded because the application is missing or corrupt.

I have no idea where my Windows Vista Installation disc is (or if one even came with this Sony Vaio). Can you help?

Thanks!

Link to post
Share on other sites

I will ask a couple of techie friends and see if one of them has a Vista install disc.

I did a little research last night and found this site... would one of these links be what I need? If so, which one?

http://neosmart.net/blog/2008/windows-vist...-disc-download/

If that is not what I need, just let me know and I will be asking for an install disc.

thanks, man.

Link to post
Share on other sites

Okay, I was able to score a Vista Home Premium 32 bit install disk and did the repair. I am up and running again.

Here are the two MBRCheck log files:

MBRCheck, version 1.1.1

© 2010, AD

\\.\C: --> \\.\PhysicalDrive0

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): Available MBR codes:

[ 0] Default (Windows Vista)

[ 1] Windows XP

[ 2] Windows Server 2003

[ 3] Windows Vista

[ 4] Windows 2008

[ 5] Windows 7

[-1] Cancel

Please select the MBR code to write to this drive:

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: Successfully wrote new MBR code!

Please reboot your computer to complete the fix.

Done! Press ENTER to exit...

________________________________________________________________________________

_________________________________________

MBRCheck, version 1.1.1

© 2010, AD

\\.\C: --> \\.\PhysicalDrive0

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Windows Vista MBR code detected

Done! Press ENTER to exit...

Link to post
Share on other sites

PS: Also, when I reboot my computer now, Norton 360 pops up with an alert that it has discovered two viruses. Here is what it says

Title Status Action (Two options)

Trojan Horse Remove Failed Rescan or Get Help

Trojan.Gen Remove Failed Rescan or Get Help

Should I do nothing about this for the time being?

Link to post
Share on other sites

tider,

Nicely done! I suspect those Norton detections are from the ComboFix quarantine, did it give you the file path? Please run these for me now:

icon11.gif You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

icon11.gif Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

    [*]Click on My Computer under the green Scan bar to the left to start the scan.

    [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

    [*]Click View report... at the bottom.

    [*] Click the Save report... button.

    [*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Please include the following in your next post:

  • MBAM log
  • Kaspersky log

Link to post
Share on other sites

Wow, the Kaspersky scan is epic (took five hours)!

The Norton 360 Alert that says it found two viruses that were not successfully removed has them as

Trojan Horse: [ifology class] inside of [c:\users\bamajeff\appdata\locallow\sun\java\deployment\cache\6.0\17\3f58f2d1-36093d5c]

Trojan.Gen: [brealizer.class] inside of [c:\users\bamajeff\appdata\locallow\sun\java\deployment\cache\6.0\17\3f58f2d1-36093d5c]

________________________________________________________________________________

_____________________________________

Here are the two scan log txt files.....

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4382

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18928

8/2/2010 3:18:30 PM

mbam-log-2010-08-02 (15-18-30).txt

Scan type: Quick scan

Objects scanned: 139783

Time elapsed: 11 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Monday, August 2, 2010

Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Monday, August 02, 2010 15:12:43

Records in database: 4162558

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

Scan statistics:

Objects scanned: 185521

Threats found: 0

Infected objects found: 0

Suspicious objects found: 0

Scan duration: 04:25:58

No threats found. Scanned area is clean.

Selected area has been scanned.

Link to post
Share on other sites

Hello tider,

Those KAV scans are long, but very thorough. Those Norton detections were in your Java cache and Norton took care of them. You can empty that cache yourself from time to time using these instructions:

icon11.gif Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
    • Trace and Log Files

    [*]Click OK on Delete Temporary Files Window

Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

All we have left to take care of are a security update and some very important cleanup:

icon11.gif Your Adobe reader needs to be updated. Please visit Adobe's site and grab the newest version.

icon11.gif Go HERE to scan for any other out of date and/or vulnerable applications on your computer and follow the instructions given for updating them.

icon11.gifJavaRa ...by: Paul McLain and Fred de Vries

Please download JavaRa (Copyright

Link to post
Share on other sites

Okay, man. I went through the final checklist and everything functioned without a hitch. I also went through the whatthetech.com Prevention link recommendations. Looks like we are clear. I have a few follow-up questions:

1. The Secunia online scan for out-of-date/vulnerable apps had two scan options: 1) Enable thorough system inspection and 2) Display only insecure programs. The default had only the second box checked. I assume this was all I needed (not the thorough system inspection). Is that correct? It found and had me update several apps.

2. Should I uninstall HiJackThis, or leave it on my system?

3. I am currently running Norton 360 which has a firewall. Should I use the Norton firewall and turn off Windows Firewall? Or vice versa? or run them both?

4. Do I need Windows Defender turned on?

5. Anti-spyware: I have the free version of Malwarebytes installed. The Whatthetech.com prevention link lists five different Anti-Spyware software. Do I need to install one or more of the others to provide realtime protection, or does Norton 360 handle that?

Thanks for all of your help. You are the best!

Link to post
Share on other sites

You're very welcome. I'm glad we could help. Here are the answers to your questions:

1. Either scan would have been fine. The thorough one just looks in more places for outdated stuff.

2. I'd remove it. It's not used too often anymore.

3. Use the Norton360 FW and disable the Windows FW. If I'm not mistaken, Norton does that by default when it installs.

4. That's up to you. If it runs OK alongside Norton it should be fine, but I thought Norton turned it off by default.

5. Norton 360, and Malwarebytes should be sufficient unless you have high risk surfing/downloading habits. If you get too many security apps running resident they cause more problems than they do good.

Take care.

Link to post
Share on other sites

Thanks again. You are the man! This was the first nasty virus I have ever gotten, and you made the removal process easy, understandable and doable. Thanks for your expertise and patience. I hope I never need you again, but if I ever have another problem, I wouldn't turn anywhere else at this point. Thank you guys for what you do!

Blessings....

Link to post
Share on other sites

  • Staff

Glad we could help. :(

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.