Newbie
Hey I sorta need lotsa help~ I got a major case of trojan invasion lol.... Neway here are various problem I have. Some files just poping up everywhere but it's like faded, my friend said it's some kinda system file and I wonder how to fix it. Secondly I have scanned my comp with avg anti virus and found several trojan/virus. But I cant' fix it cuz the program can't heal it or if that how they call it. I also think I can't delete some of the file because soem of them are files I need and system files. Here is my hijack log please someone help me or something~
Logfile of HijackThis v1.99.1
Scan saved at 9:45:28 PM, on 2/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\winhlp32.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e
C:\WINDOWS\Integrator.exe
C:\Program Files\Peer2Mail\P2M.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Fr0sTen\Desktop\hijackthis\HijackThis.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37240.cab
O16 - DPF: {886DDE35-E585-11D0-A707-000000521958} - http://69.56.176.76/webplugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Senior Member (Canada)
Please download, install, update and scan your system with the free (trial) version of Ewido trojan scanner:
- When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
- When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
- From the main ewido screen, click on update in the left menu, then click the Start update button.
- After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
- If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
- When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread.
REBOOT.
Post a revised HJT log and Ewido log results.
Newbie
Here is the report thankie for ur help ima restart comp now
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 5:43:06 PM, 2/17/2006
+ Report-Checksum: B4D18685
+ Scan result:
HKU\S-1-5-21-1935655697-1659004503-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{FB0FDDBA-27C2-441E-A4A6-7EC0E9F60E63} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-1935655697-1659004503-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{FBD2EBD0-E6DF-456E-B300-A4D10A90C683} -> Trojan.VB.aft : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Fr0sTen\Application Data\Mozilla\Firefox\Profiles\164x50yg.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Fr0sTen\Application Data\Mozilla\Firefox\Profiles\164x50yg.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Fr0sTen\Application Data\Mozilla\Firefox\Profiles\164x50yg.default\coo kies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Komtrack : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Komtrack : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Fr0sTen\Application Data\Netscape\NSB\Profiles\xfhk7ikl.default\cookie s.txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Fr0sTen\Cookies\fr0sten@abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned with backup
C:\Documents and Settings\Fr0sTen\Cookies\fr0sten@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Fr0sTen\Cookies\fr0sten@adopt.specificcli ck[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Fr0sTen\Cookies\fr0sten@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Fr0sTen\Cookies\fr0sten@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Fr0sTen\Cookies\fr0sten@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Fr0sTen\Cookies\fr0sten@click2begin[1].txt -> TrackingCookie.Click2begin : Cleaned with backup
C:\Documents and Settings\Fr0sTen\Cookies\fr0sten@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Fr0sTen\Cookies\fr0sten@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Fr0sTen\Cookies\fr0sten@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Fr0sTen\Cookies\fr0sten@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Fr0sTen\Cookies\fr0sten@statse.webtrendsl ive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Fr0sTen\Cookies\fr0sten@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Fr0sTen\Cookies\fr0sten@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Fr0sTen\Cookies\fr0sten@www.click2begin[2].txt -> TrackingCookie.Click2begin : Cleaned with backup
C:\Documents and Settings\Fr0sTen\Cookies\fr0sten@www4.click2begin[2].txt -> TrackingCookie.Click2begin : Cleaned with backup
C:\Documents and Settings\Fr0sTen\Cookies\fr0sten@www5.click2begin[1].txt -> TrackingCookie.Click2begin : Cleaned with backup
C:\Documents and Settings\Fr0sTen\Cookies\fr0sten@www6.click2begin[1].txt -> TrackingCookie.Click2begin : Cleaned with backup
C:\Documents and Settings\Fr0sTen\Cookies\fr0sten@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Fr0sTen\Local Settings\Temporary Internet Files\Content.IE5\WDUBW5UJ\webplugin[1].cab/wupdt.exe -> Downloader.OneClickNetSearch.f : Cleaned with backup
C:\WINDOWS\system32\fran-hot.exe -> Adware.EZula : Cleaned with backup
D:\Documents and Settings\minh\Local Settings\Temporary Internet Files\Content.IE5\0LI7GXQ7\play[1].htm -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
D:\Documents and Settings\minh\Cookies\minh@com[1].txt -> TrackingCookie.Com : Cleaned with backup
D:\Documents and Settings\minh\Cookies\minh@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
::Report End
Senior Member (Canada)
How is your PC now behaving?
Please do an online scan (scan only tool) with Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make sure that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)- Scan Options:
- Scan Archives
- Scan Mail Bases- Click OK
- Now under select a target to scan:
- Select My Computer
- This program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your desktop.
- Copy and paste that information in your next post.
Newbie
WEll I won't say it fix the problem but it did find 96 torjan/virus and I think it removed it. Im a computer newbie so what does quarantine mean? I think my comp got a lil faster.. but it's haven't return to it original speed. It's all my friend fault for sending me a unscanned program. Tell me the truth.. will I be able to return my comp back to normal speed without any lag? My comp right now usually at normal states cpu usage doesn't go to 100. but if I open a program it start lagging and when it start stabling then it's return to normal. Downlaoding the update thing u tell me. O btw have u tell me how to fix those icon that my friend said is system files. He say it doesn't normallky show up but it is there.. it's like it there but not seeable. Now it's poping up everywhere but the file is sorta faded like see through u know? How can I fix it?
Last edited by Mrfungus; 18-02-2006 at 03:02 AM. Reason: forgot something
Newbie
I didn't think the ewido help much because before I scan using ewido I scaned using avg anti virus and got 19 infected files. Now after I scan with ewido and removed 96 files or w/e I scan using avg again and it's still have 18
Last edited by Mrfungus; 18-02-2006 at 03:18 AM. Reason: change picture
Senior Member (Canada)
A quarantine area is a holding area where an infection is not able to cause any further damage - it is in a neutralized state awaiting final deletion steps.
Yes, Ewido only found many low risk cookies that can contribute to some limited processing slowdowns.
However, Ewido and AVG will pick up on different things as will Kaspersky. Each tool has different strengths - Ewido is significantly stronger than AVGs limited focus against trojans. Kaspersky is often more timely with its AV updates and is generally a better overall badware diagnostic tool (heuristics technology) and a good second opinion scan.
The current remaining AVG items are Java based infections.
You need to empty the cache in your Java Plugins control panel or remove the jar cache:
Start > Settings > Control panel > Java Plugin [version number] > Choose Cache and click remove JAR Cache.
Or
From the Start button, click Settings > Control Panel
In the Control Panel, open the "Java Plug-in Control Panel"
Select the Cache Tab
Click the Clear button inside the Cache Tab, which will clear your JRE cache directory
Delete any remaining Java fix items found by AVG. Please verify that Ewido and AVG now run clean.
Please do the Kaspersky scan, as suggested.
Newbie
when u say neutralize state waiting for deletion step do u mean I have to manually delete them myself or does the ewido deleteing them slowly? And the java thing I can't find. In my control pannel there no such thing as javaplugin
O yea and here the result of the online scan
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, February 18, 2006 8:04:50 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 18/02/2006
Kaspersky Anti-Virus database records: 177255
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics:
Total number of scanned objects: 64907
Number of viruses found: 6
Number of infected objects: 23
Number of suspicious objects: 0
Duration of the scan process: 03:04:31
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Fr0sTen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cou nt.jar-3a4c38cd-496b837f.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Fr0sTen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cou nt.jar-3a4c38cd-496b837f.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Fr0sTen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cou nt.jar-3a4c38cd-496b837f.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\Fr0sTen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cou nt.jar-3a4c38cd-496b837f.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Fr0sTen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cou nt.jar-3b44fa43-279a0c38.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Fr0sTen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cou nt.jar-3b44fa43-279a0c38.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Fr0sTen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cou nt.jar-3b44fa43-279a0c38.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\Fr0sTen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cou nt.jar-3b44fa43-279a0c38.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Fr0sTen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cou nt.jar-6581f1e3-720f90ee.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Fr0sTen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cou nt.jar-6581f1e3-720f90ee.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Fr0sTen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cou nt.jar-6581f1e3-720f90ee.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\Fr0sTen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cou nt.jar-6581f1e3-720f90ee.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Fr0sTen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cou nt.jar-7d443d2d-3c6e4010.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Fr0sTen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cou nt.jar-7d443d2d-3c6e4010.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Fr0sTen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cou nt.jar-7d443d2d-3c6e4010.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\Fr0sTen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cou nt.jar-7d443d2d-3c6e4010.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Fr0sTen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav ainstaller.jar-5aa0b436-1b0d5ae2.zip/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w skipped
C:\Documents and Settings\Fr0sTen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav ainstaller.jar-5aa0b436-1b0d5ae2.zip ZIP: infected - 1 skipped
C:\System Volume Information\_restore{834C020B-9432-428D-B57D-A94E322CA5F4}\RP116\A0031692.dll Infected: not-a-virus:AdWare.Win32.EZula.bn skipped
C:\System Volume Information\_restore{834C020B-9432-428D-B57D-A94E322CA5F4}\RP132\A0033712.exe Infected: not-a-virus:AdWare.Win32.EZula.bn skipped
C:\WINDOWS\pf78.exe/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.a skipped
C:\WINDOWS\pf78.exe/data0003 Infected: not-a-virus:AdWare.Win32.CASClient.e skipped
C:\WINDOWS\pf78.exe NSIS: infected - 2 skipped
Scan process completed.
thx so much for ur help
Senior Member (Canada)
Each application that has a 'quarantine' area (like AVG) will have an option selection to delete the quarantine area contents.when u say neutralize state waiting for deletion step do u mean I have to manually delete them myself
Select the 'Switch to Classic View' option and search again.And the java thing I can't find. In my control pannel there no such thing as javaplugin
HIDDEN FILES: To make sure you can see all hidden files, please follow the directions here
SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).
Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):
DELETE FILES:, if still present
C:\Documents and Settings\Fr0sTen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cou nt.jar-3a4c38cd-496b837f.zip
C:\Documents and Settings\Fr0sTen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cou nt.jar-3b44fa43-279a0c38.zip
C:\Documents and Settings\Fr0sTen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cou nt.jar-6581f1e3-720f90ee.zip
C:\Documents and Settings\Fr0sTen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cou nt.jar-7d443d2d-3c6e4010.zip
C:\Documents and Settings\Fr0sTen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav ainstaller.jar-5aa0b436-1b0d5ae2.zip
C:\WINDOWS\pf78.exe
POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.
Newbie
For the system file website u gimme what do u want me to do? Is the reason why certain system files appearing on my comp due to it infected by virus and found by avg that why it apear? I don't really want it to appear because as a newbie as I am I might accidently delete everything. Do u suggest me follow the instruction of the system files showing website and make all the file appear then scan my comp and get rid of the trojan?
