Jump to content

I performed a Panda Active Scan version 2.0


Recommended Posts

I received errors, which were codes 724 and 731.

I ran the full scan 3 times (twice I aborted under 35 minutes) and quick scan once (log not included).

The scans found infections so I stopped them in order to quarantine and delete

the malware right away.

Malwarebytes' Anti-Malware 1.30

Database version: 1316

Windows 5.1.2600 Service Pack 1

10/24/2008 6:59:14 PM

mbam-log-2008-10-24 (18-59-14).txt

Scan type: Full Scan (C:\|D:\|E:\|)

Objects scanned: 1512

Time elapsed: 1 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\hadl.dll (Trojan.Agent) -> Delete on reboot.

Malwarebytes' Anti-Malware 1.30

Database version: 1316

Windows 5.1.2600 Service Pack 1

10/24/2008 7:58:46 PM

mbam-log-2008-10-24 (19-58-46).txt

Scan type: Full Scan (C:\|D:\|E:\|)

Objects scanned: 18164

Time elapsed: 29 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 4

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINDOWS\system32\hadl.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\systemmanager (Trojan.Dropper) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\hadl.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\comstl.exe (Trojan.Dropper) -> Delete on reboot.

Malwarebytes' Anti-Malware 1.30

Database version: 1316

Windows 5.1.2600 Service Pack 1

10/25/2008 6:37:15 AM

mbam-log-2008-10-25 (06-37-15).txt

Scan type: Full Scan (C:\|D:\|E:\|)

Objects scanned: 171944

Time elapsed: 10 hour(s), 12 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 6

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\Screensavers.com\Installer (Adware.Comet) -> Quarantined and deleted successfully.

C:\Program Files\Screensavers.com\Installer\bin (Adware.Comet) -> Quarantined and deleted successfully.

C:\Program Files\Screensavers.com\Installer\Ready (Adware.Comet) -> Quarantined and deleted successfully.

C:\Program Files\Screensavers.com\Installer\temp (Adware.Comet) -> Quarantined and deleted successfully.

C:\Program Files\Screensavers.com\Installer\Upload (Adware.Comet) -> Quarantined and deleted successfully.

C:\Program Files\Screensavers.com\Wallpaper (Adware.Comet) -> Quarantined and deleted successfully.

Files Infected:

C:\Program Files\Screensavers.com\Installer\bin\siuninst.exe (Adware.Comet) -> Quarantined and deleted successfully.

C:\Program Files\Screensavers.com\Wallpaper\American Flag.jpg (Adware.Comet) -> Quarantined and deleted successfully.

C:\Program Files\Screensavers.com\Wallpaper\swpstart.exe (Adware.Comet) -> Quarantined and deleted successfully.

C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll (Trojan.Sinowal) -> Quarantined and deleted successfully.

C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll (Trojan.Sinowal) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Here it is...

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-10-25 18:36:46

PROTECTIONS: 0

MALWARE: 45

SUSPECTS: 2

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00034347 dialer.su Dialers No 0 Yes No hkey_local_machinesoftwaremicrosoftwindowscurrentversionuninstallswitch

00040007 adware/cws.yexe Adware No 0 Yes No hkey_classes_rootreplace.hbo

00040007 adware/cws.yexe Adware No 0 Yes No hkey_classes_rootreplace.hbo.1

00040007 adware/cws.yexe Adware No 0 Yes No hkey_local_machinesoftwareclassesreplace.hbo

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:Documents and Settingsrich.GRAKOCookiesrich@trafficmp[1].txt

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@trafficmp[2].txt

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@casalemedia[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:Documents and Settingsrich.GRAKOCookiesrich@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@atdmt[2].txt

00145386 Cookie/XXXtoolbar TrackingCookie No 0 Yes No C:Documents and SettingsgrakoCookiesgrako@xxxtoolbar[1].txt

00145433 Cookie/Mammamediasolutions TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@targetnet[1].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@fastclick[2].txt

00145466 Cookie/Advertising TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@servedby.advertising[1].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@tribalfusion[1].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:Documents and Settingsrich.GRAKOCookiesrich@tribalfusion[1].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@mediaplex[1].txt

00145770 Cookie/CentrPort TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@centrport[1].txt

00146967 Cookie/PayCounter TrackingCookie No 0 Yes No D:Documents and SettingsGuestCookiesguest@paycounter[1].txt

00157556 Adware/Look2Me Adware No 0 Yes No C:System Volume Information_restore{77C4D0CD-9489-41EA-9FBA-4B6F94353AEF}RP16A0000143.dll

00157556 Adware/Look2Me Adware No 0 Yes No C:System Volume Information_restore{77C4D0CD-9489-41EA-9FBA-4B6F94353AEF}RP16A0000149.dll

00159564 Cookie/WUpd TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@revenue[1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:Documents and Settingsrich.GRAKOCookiesrich@com[1].txt

00167733 Cookie/Adserver TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@z1.adserver[1].txt

00168048 Cookie/Overture TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@perf.overture[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:Documents and Settingsrich.GRAKOCookiesrich@ad.yieldmanager[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@ad.yieldmanager[2].txt

00168058 Cookie/Sextracker TrackingCookie No 0 Yes No D:Documents and SettingsGuestCookiesguest@counter4.sextracker[1].txt

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@burstnet[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:Documents and Settingsrich.GRAKOCookiesrich@serving-sys[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@serving-sys[1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:Documents and Settingsrich.GRAKOCookiesrich@bs.serving-sys[1].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@www.burstbeacon[1].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@server.iad.liveperson[2].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:Documents and Settingsrich.GRAKOCookiesrich@server.iad.liveperson[2].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@advertising[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:Documents and Settingsrich.GRAKOCookiesrich@advertising[1].txt

00169286 Cookie/Sextracker TrackingCookie No 0 Yes No D:Documents and SettingsGuestCookiesguest@sextracker[1].txt

00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@adrevolver[2].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@statse.webtrendslive[1].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:Documents and Settingsrich.GRAKOCookiesrich@ads.pointroll[1].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@ads.pointroll[2].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@realmedia[1].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:Documents and Settingsrich.GRAKOCookiesrich@realmedia[1].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@questionmarket[1].txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@zedo[1].txt

00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@bluestreak[1].txt

00182104 Cookie/Hitbox TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@phg.hitbox[2].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@adrevolver[1].txt

00186561 Cookie/Banner TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@banner[1].txt

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:Documents and Settingsrich.GRAKOCookiesrich@adultfriendfinder[2].txt

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No D:Documents and SettingsGuestCookiesguest@adultfriendfinder[1].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@go[2].txt

00207862 Cookie/did-it TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@did-it[1].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:Documents and Settingsrich.GRAKOCookiesrich@atwola[2].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@atwola[1].txt

00286739 Cookie/Hitbox TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@ehg-dig.hitbox[2].txt

00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No D:Documents and SettingsgrakoCookiesgrako@ads.addynamix[1].txt

00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:Documents and Settingsrich.GRAKOCookiesrich@ads.addynamix[1].txt

02937621 Application/Srvany.A HackTools No 0 Yes No D:RESETRESET5SETUP.EXE

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location 3X

s5

;===============================================================================

================================================================================

=

===================

No C:RECYCLERS-1-5-21-1343024091-920026266-682003330-1003Dc7.exe 3X

s5

No C:RECYCLERS-1-5-21-1343024091-920026266-682003330-1003Dc8.exe 3X

s5

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description 3X

s5

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:49:00 PM, on 10/25/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSSystem32Ati2evxx.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesVerizonVerizon Internet Security SuiteFws.exe

C:WINDOWSsystem32spoolsv.exe

C:Program FilesCAPPRTbinITMRTSVC.exe

C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE

C:Program FilesRaxcoPerfectDiskPDAgent.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesRaxcoPerfectDiskPDEngine.exe

C:WINDOWSsystem32Ati2evxx.exe

C:WINDOWSExplorer.EXE

C:WINDOWSSystem32WgaTray.exe

C:Program FilesVerizonVSPVerizonServicepoint.exe

C:Program FilesVerizonVerizon Internet Security SuiteRps.exe

C:WINDOWSSystem32ctfmon.exe

C:WINDOWSSystem32devldr32.exe

C:Program FilesVerizonVerizon Internet Security SuiterpsupdaterR.exe

C:WINDOWSSystem32wuauclt.exe

C:Program FilesInternet Exploreriexplore.exe

C:Program FilesInternet Exploreriexplore.exe

C:Program FilesInternet Exploreriexplore.exe

C:Program FilesCommon FilesAuthentiumAntiVirusdvpapi.exe

C:Program FilesTrend MicroHijackThisHijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll

O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:Program FilesVerizonVerizon Internet Security SuitepkR.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar3.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar3.dll

O3 - Toolbar:

Link to post
Share on other sites

I received errors, which were codes 724 and 731.

I ran the full scan 3 times (twice I aborted under 35 minutes) and quick scan once (log not included).

The scans found infections so I stopped them in order to quarantine and delete

the malware right away.

(By the way, these are all logs for MBAB; the other two logs, Panda and HijackThis, are posted somewhere after this one.)

Malwarebytes' Anti-Malware 1.30

Database version: 1316

Windows 5.1.2600 Service Pack 1

10/24/2008 6:59:14 PM

mbam-log-2008-10-24 (18-59-14).txt

Scan type: Full Scan (C:\|D:\|E:\|)

Objects scanned: 1512

Time elapsed: 1 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\hadl.dll (Trojan.Agent) -> Delete on reboot.

Malwarebytes' Anti-Malware 1.30

Database version: 1316

Windows 5.1.2600 Service Pack 1

10/24/2008 7:58:46 PM

mbam-log-2008-10-24 (19-58-46).txt

Scan type: Full Scan (C:\|D:\|E:\|)

Objects scanned: 18164

Time elapsed: 29 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 4

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINDOWS\system32\hadl.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\systemmanager (Trojan.Dropper) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\hadl.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\comstl.exe (Trojan.Dropper) -> Delete on reboot.

Malwarebytes' Anti-Malware 1.30

Database version: 1316

Windows 5.1.2600 Service Pack 1

10/25/2008 6:37:15 AM

mbam-log-2008-10-25 (06-37-15).txt

Scan type: Full Scan (C:\|D:\|E:\|)

Objects scanned: 171944

Time elapsed: 10 hour(s), 12 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 6

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\Screensavers.com\Installer (Adware.Comet) -> Quarantined and deleted successfully.

C:\Program Files\Screensavers.com\Installer\bin (Adware.Comet) -> Quarantined and deleted successfully.

C:\Program Files\Screensavers.com\Installer\Ready (Adware.Comet) -> Quarantined and deleted successfully.

C:\Program Files\Screensavers.com\Installer\temp (Adware.Comet) -> Quarantined and deleted successfully.

C:\Program Files\Screensavers.com\Installer\Upload (Adware.Comet) -> Quarantined and deleted successfully.

C:\Program Files\Screensavers.com\Wallpaper (Adware.Comet) -> Quarantined and deleted successfully.

Files Infected:

C:\Program Files\Screensavers.com\Installer\bin\siuninst.exe (Adware.Comet) -> Quarantined and deleted successfully.

C:\Program Files\Screensavers.com\Wallpaper\American Flag.jpg (Adware.Comet) -> Quarantined and deleted successfully.

C:\Program Files\Screensavers.com\Wallpaper\swpstart.exe (Adware.Comet) -> Quarantined and deleted successfully.

C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll (Trojan.Sinowal) -> Quarantined and deleted successfully.

C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll (Trojan.Sinowal) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Run a manual update of mbam. Allow the scan to complete. Please be patient...you'll find time sooner or later to deal with any issues. Next, please perform the Panda scan as instructed in the sticky information posted at the top of this forum.

Edit added:

I posted these instructions before I realized you had created more than one thread. Please bookmark this thread and keep all replies here. Thanks!

Link to post
Share on other sites

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.

Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.