Jump to content

Recommended Posts

I recently received help form this forum in removing the 'XP Internet Security 2011 malwarre from my system -http://forums.malwarebytes.org/index.php?showtopic=82433&pid=418694.

With this help I was successfully able to remove this infection from my system and return my computer to normal use.

After I removed the infection I boosted the security on my computer and ran updates on old software. The only thing I wasn't able to do was install Windows XP Service Pack 3 (due to an weird admin privileges error?) which I was still working on fixing, I saw this as the last security hole I had left to fix..

Unfortunately for me before I was able to install Service Pack 3 I have been infected with more malware, this time it was the 'Windows Diagnostic' infection. Once I saw the infection I jumped to Safe Mode, run RKILL, updated and run a scan with MBAM. Next I jumped back to normal XP and ran MBAM again, then updated and run a scan with my antivirus (Zone Alarm). Both MBAM and my antivirus found infections and the infections were removed from the system. I have logs I can post for you to review. The final thing I am now running is 'DDS' which I can post the log of if somebody was happy to review for me?

Could you recommend any other steps I should be taking to ensure I've fully removed this new infection? I can't believe my luck..

Thanks in advance!

Matt

Does anyone have any advice on what else I need to do here?

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

MBAM Log

(using the most up to date version of MBAM):

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6553

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

11/05/2011 7:17:28 PM

mbam-log-2011-05-11 (19-17-28).txt

Scan type: Quick scan

Objects scanned: 192050

Time elapsed: 37 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS.txt Log:

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Matt at 19:18:19.80 on Wed 11/05/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1269 [GMT 10:00]

.

AV: ZoneAlarm Security Suite Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}

FW: ZoneAlarm Security Suite Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

svchost.exe

svchost.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Secunia\PSI\sua.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\Launchy\Launchy.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Notepad++\notepad++.exe

C:\Documents and Settings\Matt\Desktop\dds.scr

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.au/

uDefault_Page_URL = hxxp://www.dell.com

uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: DAP Bar: {62999427-33fc-4baf-9c9c-bce6bd127f08} - c:\program files\dap\DAPIEBar.dll

TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\mskagent.exe

uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_9

uRun: [Google Update] "c:\documents and settings\matt\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [RssReader] c:\program files\rssreader\RssReader.exe

uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [<NO NAME>]

mRun: [intelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless

mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"

mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide

mRun: [TuneClone] c:\program files\tuneclone\TuneClone.exe /silence

mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [iSW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\itunes.lnk - c:\windows\installer\{99ecf41f-5cca-42bd-b8b8-a8333e2e2944}\iTunesIco.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe

IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1303383091562

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: {BD42D697-854B-42FE-BDA9-B8BEA84FBFB3} = 192.168.2.1

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Notification Packages = scecli scecli scecli

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\matt\applic~1\mozilla\firefox\profiles\465ftzpg.matt\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au

FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\MozillaDownload.dll

FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll

FF - plugin: c:\documents and settings\matt\application data\facebook\npfbplugin_1_0_0.dll

FF - plugin: c:\documents and settings\matt\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\matt\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\opera\program\plugins\np_gp.dll

FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll

FF - plugin: c:\program files\opera\program\plugins\npdrmv2.dll

FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2010-12-24 128016]

R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-12-24 317072]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-4-30 528128]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-8-27 26352]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-8-27 493032]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]

R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-29 275968]

R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

S?4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-4-19 38224]

S0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys --> c:\windows\system32\drivers\tclondrv.sys [?]

S3 ATIXPGAA;ATIXPGAA;c:\dell\drivers\r101351\ATIXPGAA.SYS [2007-10-11 12032]

S3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2005-9-23 23296]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]

S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys --> c:\windows\system32\drivers\wdcsam.sys [?]

.

=============== Created Last 30 ================

.

2011-04-30 15:54:59 89088 ----a-w- c:\windows\system32\dllcache\wmiaprpl.dll

2011-04-30 10:53:33 382464 ------w- c:\windows\system32\_003953_.tmp.dll

2011-04-30 10:53:33 2897920 ------w- c:\windows\system32\_003952_.tmp.dll

2011-04-29 10:49:55 -------- d-----w- c:\windows\system32\scripting

2011-04-29 10:49:54 -------- d-----w- c:\windows\l2schemas

2011-04-29 10:49:53 -------- d-----w- c:\windows\system32\en

2011-04-29 10:49:53 -------- d-----w- c:\windows\system32\bits

2011-04-29 10:40:24 -------- d-----w- c:\windows\network diagnostic

2011-04-29 10:31:26 382464 ------w- c:\windows\system32\_003918_.tmp.dll

2011-04-29 10:31:26 2897920 ------w- c:\windows\system32\_003917_.tmp.dll

2011-04-29 09:28:30 -------- d-sh--w- c:\documents and settings\matt\PrivacIE

2011-04-22 01:30:15 -------- d-sh--w- c:\documents and settings\matt\IETldCache

2011-04-22 00:49:59 -------- d-----w- c:\windows\ie8updates

2011-04-22 00:49:08 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll

2011-04-22 00:49:08 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2011-04-22 00:49:08 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2011-04-22 00:49:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2011-04-22 00:49:07 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2011-04-22 00:49:07 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2011-04-22 00:49:07 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll

2011-04-22 00:46:58 -------- dc----w- c:\windows\ie8

2011-04-21 16:41:35 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2011-04-21 15:42:38 -------- d-----w- c:\windows\ServicePackFiles

2011-04-21 14:33:59 7168 ----a-w- c:\windows\system32\SET2C7.tmp

2011-04-21 13:48:04 -------- d-----w- c:\windows\system32\CatRoot_bak

2011-04-21 13:10:41 35328 ------w- c:\windows\system32\dllcache\sc.exe

2011-04-21 13:08:29 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe

2011-04-21 12:59:51 331776 ------w- c:\windows\system32\dllcache\msadce.dll

2011-04-21 12:33:32 655872 ------w- c:\windows\system32\dllcache\mstscax.dll

2011-04-21 10:52:14 15064 ------w- c:\windows\system32\wuapi.dll.mui

2011-04-20 14:39:10 -------- d-----w- c:\docume~1\matt\locals~1\applic~1\Secunia PSI

2011-04-20 14:38:43 -------- d-----w- c:\program files\Secunia

2011-04-20 14:35:27 -------- d-----w- c:\program files\PeerBlock

2011-04-18 15:22:38 -------- d-----w- c:\docume~1\matt\applic~1\Malwarebytes

2011-04-18 15:22:30 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-18 15:22:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-04-18 15:22:21 20952 ------w- c:\windows\system32\drivers\mbam.sys

2011-04-18 15:22:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-18 11:42:04 0 --sh--w- c:\docume~1\matt\locals~1\applic~1\ugc.exe

2011-04-18 11:42:04 0 --sh--w- c:\docume~1\matt\locals~1\applic~1\pdu.exe

2011-04-18 11:42:04 0 --sh--w- c:\docume~1\matt\locals~1\applic~1\jku.exe

2011-04-18 11:42:04 0 --sh--w- c:\docume~1\matt\locals~1\applic~1\era.exe

2011-04-18 11:42:04 0 --sh--w- c:\docume~1\alluse~1\applic~1\ybj.exe

2011-04-18 11:42:04 0 --sh--w- c:\docume~1\alluse~1\applic~1\xxi.exe

2011-04-18 11:42:04 0 --sh--w- c:\docume~1\alluse~1\applic~1\ock.exe

2011-04-18 11:42:04 0 --sh--w- c:\docume~1\alluse~1\applic~1\epl.exe

2011-04-18 11:42:04 0 --sh--w- c:\docume~1\alluse~1\applic~1\ckl.exe

.

==================== Find3M ====================

.

2011-04-06 06:20:16 91424 ------w- c:\windows\system32\dnssd.dll

2011-04-06 06:20:16 107808 ------w- c:\windows\system32\dns-sd.exe

2011-02-18 06:36:58 4184352 ------w- c:\windows\system32\usbaaplrc.dll

.

============= FINISH: 21:07:30.88 ===============

My Zone Alarm antivirus is also coming up clean. I think I need to unhide all my programs again too, most of the my folders in my start menu are empty.

Looking forward to hearing your feedback Chris!

Link to post
Share on other sites

  • Staff

Hi,

Please download Unhide.exe by Grinler and save it to your Desktop.

Run it, then restart your computer.

Does this folder exist?

%Temp%\smtmp

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-screen317

Link to post
Share on other sites

Thanks for the feedback. Please see below:

1. I've run 'Unhide.exe' and its unhidden everything except all my Program shortcuts within my Start menu?

2. %Temp%\smtmp IS a real folder on my computer.

3. ESET Online Scanner log.txt below:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=003fc27ec6957b4881cb9398171da777

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-05-14 11:18:27

# local_time=2011-05-14 09:18:27 (+1000, AUS Eastern Standard Time)

# country="Australia"

# lang=9

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# compatibility_mode=9217 16776533 100 77 12161028 22354298 0 0

# scanned=245521

# found=10

# cleaned=10

# scan_time=12089

C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\2\M0000003705.eml HTML/Phishing.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\2\M0000004972.eml HTML/Phishing.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\2\M0000005317.eml HTML/Phishing.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\2\M0000005695.eml HTML/Phishing.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\2\M0000006066.eml HTML/Phishing.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\2\M0000008260.eml HTML/Phishing.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\2\M0000008722.eml HTML/Phishing.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\465ftzpg.Matt\Cache\A\F8\0533Bd01 HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

:\Software\Nero 8\Toolbar.exe Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

F:\Software\Nero 8\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

4. Security Check log below:

Results of screen317's Security Check version 0.99.11

Windows XP Service Pack 2

Out of date service pack!!

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Disabled!

ESET Online Scanner v3

ZoneAlarm Security Suite

ZoneAlarm Toolbar

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 24

Java SE Runtime Environment 6 Update 1

Java 6 Update 5

Java 6 Update 7

Java 2 Runtime Environment, SE v1.4.2_03

Out of date Java installed!

Adobe Flash Player 10.2.159.1

Adobe Reader 8.1.2

Out of date Adobe Reader installed!

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Zone Labs ZoneAlarm zlclient.exe

``````````End of Log````````````

Thanks!

Link to post
Share on other sites

  • Staff

Hi,

Run this version of Unhide:

http://download.bleepingcomputer.com/grinler/beta/unhide.exe

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java

Link to post
Share on other sites

Okay thanks for the tips, I will apply them to my computer tonight.

Installing Service Pack 3 was the last thing I needed to do after my last infection but I kept receiving prompts saying I didn't have enough Admin privileges? I'm the only User set up on my computer and I have full admin access. I tried logging into the default administrator account that XP comes with (when in safe mode) and I experience the same issue. I'm running 'Windows Update' to update my system. Have you come across this before? If I can't upgrade to Service Pack 3 it leaves a pretty large security hole.

Link to post
Share on other sites

Run this version of Unhide: http://download.blee...beta/unhide.exe

Your link 404's?

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

My system couldn't find any instance of Combofix? I copied the text directly into the Run command prompt.

Delete SecurityCheck.

SecurityCheck has been removed.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java

Link to post
Share on other sites

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu). Try installing SP3 from there.

I've tried doing this previously but not with the manual SP3.exe file, I'll try this tonight. Do I use normal Safe Mode or Safe Mode with Networking?

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.