Clean or not too clean? That is the question...

  1. 18-09-2005  #11
    Bagpuss
    Bagpuss is offline Newbie

    Re: Clean or not too clean? That is the question...

    B]ACTIVESCAN[/B]


    Incident Status Location

    Adware:Adware/nCase No disinfected C:\Documents and Settings\Michellle\Local Settings\Temp\180sainstallernusalm.exe
    Adware:adware/tvmedia No disinfected C:\Documents and Settings\User\Application Data\tvmcwrd.dll
    Security Risk:Application/PoliphonicNo disinfected C:\Documents and Settings\User\My Documents\My Received Files\Polyphonic Tones.rar[cwpolywz.exe]
    Adware:adware/adroar No disinfected C:\WINDOWS\artmmp.ini
    Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32m.sys
    Spyware:spyware/marketscore No disinfected C:\WINDOWS\system32\osmim.dll

    BITDEFENDER

    BitDefender Online Scanner



    Scan report generated at: Sat, Sep 17, 2005 - 16:16:56





    Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;J:\;T:\;







    Statistics

    Time
    01:17:19

    Files
    533700

    Folders
    6129

    Boot Sectors
    5

    Archives
    1890

    Packed Files
    68781




    Results

    Identified Viruses
    1

    Infected Files
    2

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    2




    Engines Info

    Virus Definitions
    208497

    Engine build
    AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

    Scan plugins
    13

    Archive plugins
    39

    Unpack plugins
    4

    E-mail plugins
    6

    System plugins
    1




    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;cl ass;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xl a;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp ;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cm d;bas;

    Exclude Extensions


    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes




    Scanned File
    Status

    C:\WINDOWS\astcprup_in.exe=>wise0009
    Infected with: Trojan.Downloader.Adroar.A

    C:\WINDOWS\astcprup_in.exe=>wise0009
    Disinfection failed

    C:\WINDOWS\astcprup_in.exe=>wise0009
    Deleted

    C:\WINDOWS\astcprup_in.exe
    Update failed

    C:\WINDOWS\astcprup_in.exe=>wise0010
    Infected with: Trojan.Downloader.Adroar.A

    C:\WINDOWS\astcprup_in.exe=>wise0010
    Disinfection failed

    C:\WINDOWS\astcprup_in.exe=>wise0010
    Deleted

    C:\WINDOWS\astcprup_in.exe
    Update failed

  3. 18-09-2005  #12
    Bagpuss
    Bagpuss is offline Newbie
    they are in the posts following the main one (the posts following yours). I have to break the hjt log up because it wouldn't let me post the whole thing in one post.
  4. 18-09-2005  #13
    Bagpuss
    Bagpuss is offline Newbie
    I will u/load them for you as well.
    Attached Files
  5. 19-09-2005  #14
    Neal
    Neal is offline Dedicated Member
    Save 20% on AVG Internet Security 2012 Suite!
    Are you still getting popups?

    Download CCleaner from here:
    http://www.majorgeeks.com/download4191.html
    or here:
    http://www.filehippo.com/download_ccleaner.html

    Install and run it. The windows tab should be opened in the upper left of the program. Click analyze and then click run cleaner. Just use the windows tab that is up front by default.

    1.Uncheck "Cookies" under "Internet Explorer".

    2.If you are running Firefox: ,then click on the "Applications" tab and uncheck "Cookies" under "Firefox".


    Hunt down and delete these if found.

    C:\Documents and Settings\Michellle\Local Settings\Temp\180sainstallernusalm.exe

    C:\Documents and Settings\User\Application Data\tvmcwrd.dll

    C:\Documents and Settings\User\My Documents\My Received Files\Polyphonic Tones.rar[cwpolywz.exe] < file

    C:\WINDOWS\artmmp.ini < file

    C:\WINDOWS\smdat32m.sys < file

    C:\WINDOWS\system32\osmim.dll < file

    Go into add/remove program and remove:(IF FOUND)

    twain-tech
    tvmedia
    180 solutions
    windupdates
    and anything else you did not put in there or did not come with your computer


    Scan with HJT again and put a check next to these items, making sure all browser windows are closed includeing this one so print this or create a new text document on desktop by right clicking an open area select new text document and save it to what ever you like. Now put a check next to these:

    R3 - Default URLSearchHook is missing

    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CD...ridge-c139.cab


    Again make sure all browser windows are closed and click FIX


    Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.


    Open C:\Windows\Prefetch\ Delete ALL files in this folder.


    Go to Start > Run and type: CLEANMGR.EXE and hit enter.
    When prompted select the C: drive and click ok.
    Check the boxes for:
    Temporary Internet Files
    Downloaded Program Files
    Recycle Bin
    Temporary Files
    Click OK or Enter

    Make sure you are set to normal startup. Click Start -> Run -> Type Msconfig -> Press Enter -> make sure Startup is set to Normal Start


    Post a new HJT log for further review and feed back on popups please. Thanks
+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
« DL.EXE -troubles | Trojan infection - hclean32.exe »