Jump to content

Whitesmoke virus


Recommended Posts

No, I dont and I don't think so. Let's try additional check:

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Now click on Advanced Settings and select the following:

    • Remove found threats
    • Scan archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

  • Replies 51
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

WOW that took forever!

C:\Documents and Settings\Owner\Desktop\requested-files[2011-01-29_15_11].cab Win32/Delf.OSW trojan deleted - quarantined

C:\hp\recovery\wizard\fscommand\AppRecoveryLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined

C:\hp\recovery\wizard\fscommand\CDLogic_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined

C:\hp\recovery\wizard\fscommand\CreatorLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined

C:\hp\recovery\wizard\fscommand\RestoreLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined

C:\hp\recovery\wizard\fscommand\RTCDLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined

C:\hp\recovery\wizard\fscommand\RunLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined

C:\hp\recovery\wizard\fscommand\SysRecoveryLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined

C:\hp\recovery\wizard\fscommand\WizardLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined

C:\Program Files\BackWeb\BackWeb Client\6.2.3.66L\Program\runner.exe probably a variant of Win32/Agent.CBFNBEO trojan cleaned by deleting - quarantined

C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe probably a variant of Win32/Agent.CBFNBEO trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\480a18\155.mof.vir Win32/RogueAV.A trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\neig.exe.vir Win32/Delf.OSW trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096725.EXE Win32/Adware.FunWeb application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096726.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096727.DLL Win32/FunWeb application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096728.DLL Win32/Toolbar.MyWebSearch.G application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096734.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096735.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096736.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096737.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096738.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096739.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096740.EXE Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096741.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096742.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096743.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096746.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096747.SCR Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096748.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096749.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096750.DLL Win32/Toolbar.MyWebSearch.H application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096751.DLL a variant of Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096754.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096755.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096758.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096759.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096760.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096761.DLL Win32/Toolbar.MyWebSearch.K application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096762.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096765.EXE a variant of Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096766.DLL Win32/Toolbar.MyWebSearch.G application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096767.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096768.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP484\A0096769.DLL probably a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP528\A0100160.exe probably a variant of Win32/Adware.180Solutions application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP528\A0100161.dll a variant of Win32/Adware.HotBar.E application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP528\A0100164.exe a variant of Win32/Adware.HotBar.E application deleted - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP529\A0107706.bat MSIL/Autorun.N worm cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP529\A0108707.bat MSIL/Autorun.N worm cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP530\A0108718.exe Win32/Delf.OSW trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP530\A0108721.bat MSIL/Autorun.N worm cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP530\A0108724.exe Win32/TrojanDownloader.FakeAlert.AQI trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP530\A0108732.exe a variant of Win32/Kryptik.JTM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP530\A0108733.exe Win32/Delf.OSW trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP530\A0108734.exe Win32/Delf.OSW trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP530\A0108736.exe a variant of MSIL/Injector.CJ trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP530\A0108737.exe Win32/Delf.OSW trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP530\A0108745.exe a variant of Win32/Kryptik.JUA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP530\A0108746.exe Win32/Cycbot.AD trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP530\A0108747.exe Win32/Delf.OSW trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP530\A0108748.exe Win32/Cycbot.AD trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP530\A0108749.exe Win32/TrojanDownloader.FakeAlert.AQI trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP530\A0108756.dll a variant of Win32/Cimag.FS trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP530\A0108763.dll a variant of Win32/Kryptik.JWO trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP530\A0108964.exe Win32/Adware.FakeAntiSpy.X application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP530\A0109493.dll a variant of Win32/Wimpixo.AA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP530\A0109513.dll probably a variant of Win32/Adware.Softomate.AD application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP536\A0125819.dll Win32/Adware.WBug.A application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP536\A0125820.scr Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP536\A0125821.dll a variant of Win32/Kryptik.JTC trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP536\A0125822.sys a variant of Win32/Bubnix.BH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP536\A0125833.dll a variant of Win32/Kryptik.JWP trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP536\A0126050.mof Win32/RogueAV.A trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP536\A0126152.exe Win32/Delf.OSW trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP536\A0126209.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP536\A0126210.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP536\A0126211.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP536\A0126212.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP536\A0126213.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP536\A0126214.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP536\A0126215.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP536\A0126216.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP536\A0126217.exe probably a variant of Win32/Agent.CBFNBEO trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP536\A0126218.exe probably a variant of Win32/Agent.CBFNBEO trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8LIROXUJ\MediaTicketsInstaller[1].cab Win32/Adware.MediaTickets application deleted - quarantined

Link to post
Share on other sites

Yes, it seems we finished. Last steps for you:

Step 1

  1. Go to Start => Run... and copy & paste next command in the field:
    ComboFix /uninstall


  2. Then hit Enter button.

This procedure will do the following:

  • Uninstall ComboFix
  • Delete its related folders and files
  • Reset your clock settings
  • Hide file extensions
  • Hide the system/hidden files
  • Resets System Restore again

P.S.: Make sure there's a space between ComboFix and /uninstall

Step 2

Please uninstall ESET Online Scanner.

Step 3

Please manually delete DDS, TDSSKiller and Suspicious File Packer.

Step 4

Keep your software up-to-date:

www.bleepingcomputer.com/tutorials/tutorial174.html

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

Safe surfing! :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.