Jump to content

Aftermath of Antivirus XP 2008

mby_hm

By mby_hm
in Resolved Malware Removal Logs

 Share

Recommended Posts

mby_hm

mby_hm

Posted
Posted

Hi,

I got the full version of MBAM, plus SuperAntiSpyware and Spybot S&D. After much trouble, I hope I've eradicate it. Attached are the MBAM, Panda, and HJT logs.

Thanks in advance,

Mike

Malwarebytes' Anti-Malware 1.25

Database version: 1096

Windows 5.1.2600 Service Pack 2

6:05:09 PM 8/30/2008

mbam-log-08-30-2008 (18-05-09).txt

Scan type: Quick Scan

Objects scanned: 34729

Time elapsed: 1 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-08-30 18:46:38

PROTECTIONS: 2

MALWARE: 5

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

McAfee Internet Security Suite 2007 8.1 No Yes

McAfee VirusScan Plus 12.1 No No

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@com[1].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@go[2].txt

00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@searchportal.information[2].txt

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@target[1].txt

00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@did-it[1].txt

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description

;===============================================================================

================================================================================

=

===================

184380 MEDIUM MS08-002

184379 MEDIUM MS08-001

182048 HIGH MS07-069

182046 HIGH MS07-067

182043 HIGH MS07-064

179553 HIGH MS07-061

176382 HIGH MS07-057

176383 HIGH MS07-058

170911 HIGH MS07-050

170907 HIGH MS07-046

170906 HIGH MS07-045

170904 HIGH MS07-043

164915 HIGH MS07-035

164913 HIGH MS07-033

164911 HIGH MS07-031

160623 HIGH MS07-027

157262 HIGH MS07-022

157261 HIGH MS07-021

157260 HIGH MS07-020

157259 HIGH MS07-019

156477 HIGH MS07-017

150253 HIGH MS07-016

150249 HIGH MS07-013

150248 HIGH MS07-012

150247 HIGH MS07-011

150243 HIGH MS07-008

150242 HIGH MS07-007

150241 MEDIUM MS07-006

141034 HIGH MS06-076

141033 MEDIUM MS06-075

141030 HIGH MS06-072

137571 HIGH MS06-070

137568 HIGH MS06-067

133387 MEDIUM MS06-065

133386 MEDIUM MS06-064

133385 MEDIUM MS06-063

133379 HIGH MS06-057

131654 HIGH MS06-055

129977 MEDIUM MS06-053

129976 MEDIUM MS06-052

126093 HIGH MS06-051

126092 MEDIUM MS06-050

126087 HIGH MS06-046

126086 MEDIUM MS06-045

126083 HIGH MS06-042

126082 HIGH MS06-041

126081 HIGH MS06-040

123421 HIGH MS06-036

123420 HIGH MS06-035

120825 MEDIUM MS06-032

120823 MEDIUM MS06-030

120818 HIGH MS06-025

120815 HIGH MS06-022

120814 HIGH MS06-021

117384 MEDIUM MS06-018

114666 HIGH MS06-015

114664 HIGH MS06-013

108744 MEDIUM MS06-008

108743 MEDIUM MS06-007

108742 MEDIUM MS06-006

104567 HIGH MS06-002

104237 HIGH MS06-001

96574 HIGH MS05-053

93395 HIGH MS05-051

93394 HIGH MS05-050

93454 MEDIUM MS05-049

;===============================================================================

================================================================================

=

===================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:47:13 PM, on 8/30/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\User\My Documents\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--

End of file - 5077 bytes

Link to post
Share on other sites
Dakeyras

Dakeyras

Posted
Posted

Hi and welcome to the Malwarebytes Security Forums ;)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of six things:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!.
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

Extra note: Please be aware as I am still in training all of my fixes/posts require prior checking by a Expert. So some delays may be inevitable, please be patient and I will reply again asap.

Link to post
Share on other sites
Dakeyras

Dakeyras

Posted
Posted

Hi mby_hm ;)

Please download ATF Cleaner to your desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Next:

Your Adobe Acrobat Reader is out of date.

Older versions may have vulnerabilities that malware can use to infect your system.

Please download The latest Version to your PC's desktop.

  • Uninstall Adobe(Acrobat) Reader v8.0 via Start > Control Panel > Add/Remove Programs
  • Install the new downloaded updated software.

Note: Adobe Acrobat Reader is a large program and if you prefer a smaller program you can get Foxit 2.0 instead.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next:

You have the guard feature of three anti-spyware applications running consecutively. This is not safe as a system conflict may occur and it actually lessens online protection. If you have multiple anti-spyware applications installed, only use the active monitoring resource of one and keep the others as on-demand scanners only. I advise you disable the following:

Disable Spybot's TeaTimer. This is a two step process.

First step:

  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the older version 1.4, Click on Exit Spybot S&D Resident
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.

Second step, For Either Version :

  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident (shows a red/white shield).
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.

Disable SUPERAntiSpyware

  • Right-click on the shortcut from the system tray
  • Choose View Control Center (preferences/options)
  • On the General and Startup tab, uncheck Start SUPERAntispyware when Windows starts.
  • Click Close to exit.

Next:

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.

    [*]Please post the contents of both log.txt and info.txt.

Note: Please make sure that RSIT.exe is on the desktop before scanning.

When completed the above, please post back the following:

  • Both RSIT logs.
Link to post
Share on other sites
JeanInMontana

JeanInMontana

Posted
Posted

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.

Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.