Jump to content

Can't remove Trojan.Agent and Heuristics.Reserved.Word.Exploit

Jman64

By Jman64
in Resolved Malware Removal Logs

 Share

Recommended Posts

Jman64

Jman64

Posted
Posted

Bruce Harrison directed me to post here with this isssue. My orginal post, and logs can be found in this thread,

http://www.malwarebytes.org/forums/index.p...amp;#entry40748

I'm adding in the logs here just for easy reference....

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:18:58 PM, on 12/18/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe

C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Cyberlink\Shared Files\brs.exe

C:\Program Files\Lexmark 6500 Series\lxdfmon.exe

C:\Program Files\Lexmark 6500 Series\lxdfamon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Blackmagic Design\Blackmagic Intensity\CheckVersionPCI.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\lxdfcoms.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\svchost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: Java

Link to post
Share on other sites
Jman64

Jman64

Posted
  • Author
Posted

I read in the forum rules you also wanted a pandascan log, so I'm adding that also.

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-12-20 11:11:55

PROTECTIONS: 0

MALWARE: 24

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jay Taylor\Cookies\jay_taylor@trafficmp[2].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Jay Taylor\Cookies\jay_taylor@doubleclick[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Jay Taylor\Cookies\jay_taylor@atdmt[1].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jay Taylor\Cookies\jay_taylor@247realmedia[2].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Jay Taylor\Cookies\jay_taylor@tribalfusion[2].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Jay Taylor\Cookies\jay_taylor@mediaplex[1].txt

00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jay Taylor\Cookies\jay_taylor@anm.co[2].txt

00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Jay Taylor\Cookies\jay_taylor@ccbill[1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Jay Taylor\Cookies\jay_taylor@com[1].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Jay Taylor\Cookies\jay_taylor@xiti[1].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Jay Taylor\Cookies\jay_taylor@apmebf[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jay Taylor\Cookies\jay_taylor@serving-sys[2].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jay Taylor\Cookies\jay_taylor@bs.serving-sys[1].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Jay Taylor\Cookies\jay_taylor@server.iad.liveperson[5].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jay Taylor\Cookies\jay_taylor@advertising[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jay Taylor\Cookies\jay_taylor@ads.pointroll[1].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Jay Taylor\Cookies\jay_taylor@overture[2].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jay Taylor\Cookies\jay_taylor@realmedia[1].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Jay Taylor\Cookies\jay_taylor@questionmarket[1].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Jay Taylor\Cookies\jay_taylor@atwola[2].txt

00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Jay Taylor\Cookies\jay_taylor@ads.addynamix[1].txt

01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Jay Taylor\Cookies\jay_taylor@enhance[2].txt

04366484 Generic Trojan Virus/Trojan Yes 0 Yes No C:\WINDOWS\svchost.exe

04380420 Generic Trojan Virus/Trojan Yes 0 Yes No c:\windows\system32\wowformf336_167.dll

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location n

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description n

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.