System_volume_information spyware help!!!(RESOLVED)
-
Re: System_volume_information spyware help!!!
Panda came up with nothing but here's the spy sweeper log and HJT log.
********
5:57 PM: | Start of Session, Friday, April 28, 2006 |
5:57 PM: Spy Sweeper started
5:57 PM: Sweep initiated using definitions version 667
5:57 PM: Starting Memory Sweep
5:58 PM: Memory Sweep Complete, Elapsed Time: 00:01:09
5:58 PM: Starting Registry Sweep
5:58 PM: Registry Sweep Complete, Elapsed Time:00:00:09
5:58 PM: Starting Cookie Sweep
5:58 PM: Found Spy Cookie: atlas dmt cookie
5:58 PM: kyle@atdmt[2].txt (ID = 2253)
5:58 PM: Found Spy Cookie: 2o7.net cookie
5:58 PM: kyle@msnportal.112.2o7[1].txt (ID = 1958)
5:58 PM: Cookie Sweep Complete, Elapsed Time: 00:00:04
5:58 PM: Starting File Sweep
6:03 PM: Found Adware: cws_tiny0
6:03 PM: wiaservc.log:hvilee (ID = 57116)
6:04 PM: a0026451.pif:rkdldt (ID = 56997)
6:04 PM: a0026451.pif:jcwqxv (ID = 57116)
6:19 PM: File Sweep Complete, Elapsed Time: 00
07
6:19 PM: Full Sweep has completed. Elapsed time 00:22:34
6:19 PM: Traces Found: 5
6:24 PM: Removal process initiated
6:24 PM: Quarantining All Traces: atlas dmt cookie
6:24 PM: Quarantining All Traces: 2o7.net cookie
6:24 PM: Quarantining All Traces: cws_tiny0
6:25 PM: Removal process completed. Elapsed time 00:00:11
********
7:17 PM: | Start of Session, Thursday, April 27, 2006 |
7:17 PM: Spy Sweeper started
7:17 PM: Sweep initiated using definitions version 667
7:17 PM: Starting Memory Sweep
7:20 PM: Memory Sweep Complete, Elapsed Time: 00:03:03
7:20 PM: Starting Registry Sweep
7:20 PM: Registry Sweep Complete, Elapsed Time:00:00:09
7:20 PM: Starting Cookie Sweep
7:20 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
7:20 PM: Starting File Sweep
7:22 PM: Found Adware: cws_tiny0
7:22 PM: a0026183.pif:rkdldt (ID = 56997)
7:26 PM: a0026183.pif:txjvxx (ID = 57116)
7:26 PM: a0026184.ini:ktrmoi (ID = 57116)
7:26 PM: a0026185.ini:jdhulq (ID = 57116)
7:33 PM: wiaservc.log:hvilee (ID = 57116)
7:42 PM: File Sweep Complete, Elapsed Time: 0054
7:42 PM: Full Sweep has completed. Elapsed time 00:25:12
7:42 PM: Traces Found: 5
7:54 PM: Removal process initiated
7:54 PM: Quarantining All Traces: cws_tiny0
7:54 PM: Removal process completed. Elapsed time 00:00:06
11:10 PM: Processing Startup Alerts
11:10 PM: Allowed Startup entry: SunJavaUpdateSched
5:56 PM: Program Version 4.5.9 (Build 709) Using Spyware Definitions 667
5:57 PM: | End of Session, Friday, April 28, 2006 |
********
6:27 PM: | Start of Session, Wednesday, April 26, 2006 |
6:27 PM: Spy Sweeper started
6:27 PM: Sweep initiated using definitions version 665
6:27 PM: Starting Memory Sweep
6:30 PM: Memory Sweep Complete, Elapsed Time: 00:02:36
6:30 PM: Starting Registry Sweep
6:30 PM: Found Adware: security2k hijacker
6:30 PM: HKLM\software\microsoft\windows\currentversion\exp lorer\browser helper objecta\ (ID = 735573)
6:30 PM: Found Trojan Horse: trojan-downloader-zlob
6:30 PM: HKLM\software\microsoft\windows\currentversion\pol icies\explorer\run\ || wininet.dll (ID = 797671)
6:30 PM: Registry Sweep Complete, Elapsed Time:00:00:08
6:30 PM: Starting Cookie Sweep
6:30 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
6:30 PM: Starting File Sweep
6:32 PM: Found Adware: cws_tiny0
6:32 PM: system.ini.backup:rtyhmy (ID = 56997)
6:33 PM: dc929.ini:jdhulq (ID = 57116)
6:36 PM: dc931.bmp:snvcbx (ID = 56997)
6:36 PM: dc930.ini:ktrmoi (ID = 57116)
6:39 PM: dc924.bmp:zsgusv (ID = 56997)
6:40 PM: _default.pif
cqgcu (ID = 56997)
6:41 PM: a0025812.pif:txjvxx (ID = 57116)
6:42 PM: dc925.dat:fykghk (ID = 56997)
6:42 PM: Found Adware: psguard\winhound fakealert
6:42 PM: a0026095.exe (ID = 280102)
6:43 PM: wiaservc.log:hvilee (ID = 57116)
6:43 PM: _default.pif:awrpdv (ID = 56997)
6:45 PM: a0025036.exe (ID = 281463)
6:48 PM: _default.pif:txjvxx (ID = 57116)
6:49 PM: a0025812.pif:rkdldt (ID = 56997)
6:50 PM: Found Adware: cws-aboutblank
6:50 PM: a0025812.pif:qxqvbs (ID = 54882)
6:55 PM: File Sweep Complete, Elapsed Time: 00:24:41
6:55 PM: Full Sweep has completed. Elapsed time 00:27:34
6:55 PM: Traces Found: 17
7:20 PM: Removal process initiated
7:20 PM: Quarantining All Traces: cws-aboutblank
7:20 PM: Quarantining All Traces: psguard\winhound fakealert
7:20 PM: Quarantining All Traces: security2k hijacker
7:20 PM: Quarantining All Traces: trojan-downloader-zlob
7:20 PM: Quarantining All Traces: cws_tiny0
7:20 PM: Removal process completed. Elapsed time 00:00:21
7:17 PM: Your spyware definitions have been updated.
7:17 PM: | End of Session, Thursday, April 27, 2006 |
********
6:25 PM: | Start of Session, Wednesday, April 26, 2006 |
6:25 PM: Spy Sweeper started
6:25 PM: Sweep initiated using definitions version 665
6:25 PM: Starting Memory Sweep
6:25 PM: Sweep Canceled
6:25 PM: Memory Sweep Complete, Elapsed Time: 00:00:09
6:25 PM: Traces Found: 0
6:27 PM: | End of Session, Wednesday, April 26, 2006 |
********
6:24 PM: | Start of Session, Wednesday, April 26, 2006 |
6:24 PM: Spy Sweeper started
6:25 PM: Your spyware definitions have been updated.
6:25 PM: | End of Session, Wednesday, April 26, 2006 |
---------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 6:59:57 PM, on 4/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Ewido Anti-Malware\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Kyle\Desktop\Desktop\Virus Spyware\HijackThis.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Kyle\Desktop\CWShredder.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido Anti-Malware\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
-
Hi,
Let's try that killbox fix again, instead of:
C:\WINDOWS\wiaservc.log:hvilee:$DATA
C:\WINDOWS\_default.pif:jcwqxv:$DATA
C:\WINDOWS\_default.pif:rkdldt:$DATA
Do these:
C:\WINDOWS\wiaservc.log
C:\WINDOWS\_default.pif
From post # 8
Then tell me how your computer is running now and a new hijackthis log please.
Thanks.
-
The windows\_default deleted but the wiaserv.log could not be deleted. I went into safemode yesterday and deleted the wiaserv.log file but I guess it came back. The file says that it was created today when i click on properties but it won't let me delete it. There is also a file named wiadebug.log in the same folder and says that it was modified and created at the same time. I opened the log and here's what the wiadebug.log file says:
"===================Start 'wiaservc.dll' Debug - Time: 2006/04/28 18:27:12:772====================
*> StiServiceMain entered, Time: 2006/04/28 18:27:12:772"
Here's the hijackthis log anyhow:
Logfile of HijackThis v1.99.1
Scan saved at 9:38:09 PM, on 4/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Ewido Anti-Malware\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Kyle\Desktop\Desktop\Virus Spyware\HijackThis.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Kyle\Desktop\CWShredder.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido Anti-Malware\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
-
my computer is running fine now. i ran kasperky twice and the only infected files were in the system volume information folder. Is there anything else I should do? Have do I get rid of those infected files. Here's the log anyhow:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, April 29, 2006 10:28:43 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 29/04/2006
Kaspersky Anti-Virus database records: 190640
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 61255
Number of viruses found: 5
Number of infected objects: 17
Number of suspicious objects: 0
Duration of the scan process: 00:48:47
Infected Object Name / Virus Name / Last Action
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP193\A0025035.exe Infected: Trojan.Win32.Small.ev skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025812.pif:awrpdv:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025812.pif:jcwqxv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025812.pifcqgcu:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026097.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026098.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026101.exe/stream/data0006 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026101.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026101.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0026183.pif:awrpdv:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0026183.pif:jcwqxv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0026183.pifcqgcu:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0026189.dll Infected: Trojan.Win32.Small.ev skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP208\A0026481.pif:jcwqxv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP208\A0026481.pif:rkdldt:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP208\A0026496.pif:jcwqxv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP208\A0026496.pif:rkdldt:$DATA Infected: Trojan.Win32.Agent.bi skipped
Scan process completed.
-
HI, your good to go, below is a list of free tools for you to check out and possibly use a couple of them, also included are instructions on how to flush your system restore.
If you are no longer having any more trouble here is some preventative measures for you.
Here are some preventive measures you can take to keep your computer from getting infected again. also keep all these and Ad-awareSE and SpybotS&D updated.
http://forums.thatcomputerguy.us/ind...showtopic=1190
Flush your restore points in ME and XP, by turning System Restore off and then back on.
This will create a fresh restore point.
Explained here:
Windows XP: service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
Microsoft ME:
http://service1.symantec.com/SUPPORT...rc=sec_doc_nam
RegProtect
This small registry protection tool will save you hours of heartache by notifying you when some program good or bad is trying to access your registry.
You have the option of allowing(good) items or blocking(bad)items.
http://www.diamondcs.com.au/index.php?page=regprot
To reduce the re-infection potential for malware and protect yourself against spyware, here are a few helpful suggestions:
1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft. This will patch many of the security holes through which attackers can gain access to your computer. You CANNOT complete this update using an alternate browser.
http://v5.windowsupdate.microsoft.co....aspx?ln=en-us
http://www.microsoft.com/windows/ie/default.asp
2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching, there are a some good free Antivirus programs that are decent, including AVG and Avast!.
AVG: http://free.grisoft.com/doc/1
Avast: http://www.avast.com/eng/avast_4_home.html
3. In addtion to using Ad-aware consider using another free malware scanning/removal program:
MS Antispyware beta: http://www.microsoft.com/athome/secu...e/default.mspx
4. Consider using a free firewall if you are not already using one. Some good free ones are:
Kerio
http://www.sunbelt-software.com/Kerio.cfm
OutPost Personal Firewall:
Outpost
5. Consider using an alternate free browser for general web surfing but you must use IE for windows update.
Mozilla Firefox: www.mozilla.org/products/firefox/
6. Consider increasing your browser security by using these programs:
SpywareGuard will protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
SpywareBlaster will increase browser protection by blocking Thousands of known malware sites by adding them to IE's restricted sites zone. Download it here:
http://www.javacoolsoftware.com/spywareblaster.html
If you use SpywareBlaster, you can also use a customblocklist to add even more entries into IE restricted sites zone. Go to this site for the current list and how to use instructions: http://customblockinglist.cjb.net/
IE-SPYAD is similar in that it adds thousands more known malware sites to IE's restricted zone. Download it here:
https://netfiles.uiuc.edu/ehowes/www/resource.htm
*Remember just like your primary anti-virus software, it is important to keep all of these programs up-to-date and use them on a regular basis. It's Free
-
i ran spy sweeper again just to see if everything was alright and this is what can up. Here's the log:
********
10:20 PM: | Start of Session, Sunday, April 30, 2006 |
10:20 PM: Spy Sweeper started
10:20 PM: Sweep initiated using definitions version 668
10:20 PM: Starting Memory Sweep
10:24 PM: Memory Sweep Complete, Elapsed Time: 00:03:30
10:24 PM: Starting Registry Sweep
10:24 PM: Registry Sweep Complete, Elapsed Time:00:00:12
10:24 PM: Starting Cookie Sweep
10:24 PM: Found Spy Cookie: addynamix cookie
10:24 PM: kyle@ads.addynamix[1].txt (ID = 2062)
10:24 PM: Found Spy Cookie: pointroll cookie
10:24 PM: kyle@ads.pointroll[2].txt (ID = 3148)
10:24 PM: Found Spy Cookie: advertising cookie
10:24 PM: kyle@advertising[2].txt (ID = 2175)
10:24 PM: Found Spy Cookie: apmebf cookie
10:24 PM: kyle@apmebf[2].txt (ID = 2229)
10:24 PM: Found Spy Cookie: atlas dmt cookie
10:24 PM: kyle@atdmt[1].txt (ID = 2253)
10:24 PM: Found Spy Cookie: burstnet cookie
10:24 PM: kyle@burstnet[2].txt (ID = 2336)
10:24 PM: Found Spy Cookie: go.com cookie
10:24 PM: kyle@espn.go[2].txt (ID = 2729)
10:24 PM: kyle@go[1].txt (ID = 2728)
10:24 PM: kyle@insider.espn.go[2].txt (ID = 2729)
10:24 PM: Found Spy Cookie: mediaplex cookie
10:24 PM: kyle@mediaplex[1].txt (ID = 6442)
10:24 PM: Found Spy Cookie: 2o7.net cookie
10:24 PM: kyle@msnportal.112.2o7[1].txt (ID = 1958)
10:24 PM: kyle@proxy.espn.go[1].txt (ID = 2729)
10:24 PM: Found Spy Cookie: qksrv cookie
10:24 PM: kyle@qksrv[2].txt (ID = 3213)
10:24 PM: kyle@rsi.espn.go[1].txt (ID = 2729)
10:24 PM: kyle@search.espn.go[1].txt (ID = 2729)
10:24 PM: kyle@sports.espn.go[1].txt (ID = 2729)
10:24 PM: Found Spy Cookie: statcounter cookie
10:24 PM: kyle@statcounter[2].txt (ID = 3447)
10:24 PM: Found Spy Cookie: tribalfusion cookie
10:24 PM: kyle@tribalfusion[1].txt (ID = 3589)
10:24 PM: Found Spy Cookie: burstbeacon cookie
10:24 PM: kyle@www.burstbeacon[1].txt (ID = 2335)
10:24 PM: Found Spy Cookie: zedo cookie
10:24 PM: kyle@zedo[2].txt (ID = 3762)
10:24 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
10:24 PM: Starting File Sweep
10:46 PM: File Sweep Complete, Elapsed Time: 0022
10:46 PM: Full Sweep has completed. Elapsed time 00:25:10
10:46 PM: Traces Found: 20
10:47 PM: Removal process initiated
10:47 PM: Quarantining All Traces: 2o7.net cookie
10:47 PM: Quarantining All Traces: addynamix cookie
10:47 PM: Quarantining All Traces: advertising cookie
10:47 PM: Quarantining All Traces: apmebf cookie
10:47 PM: Quarantining All Traces: atlas dmt cookie
10:47 PM: Quarantining All Traces: burstbeacon cookie
10:47 PM: Quarantining All Traces: burstnet cookie
10:47 PM: Quarantining All Traces: go.com cookie
10:47 PM: Quarantining All Traces: mediaplex cookie
10:47 PM: Quarantining All Traces: pointroll cookie
10:47 PM: Quarantining All Traces: qksrv cookie
10:47 PM: Quarantining All Traces: statcounter cookie
10:47 PM: Quarantining All Traces: tribalfusion cookie
10:47 PM: Quarantining All Traces: zedo cookie
10:47 PM: Removal process completed. Elapsed time 00:00:05
********
Last edited by gmendoza; 01-05-2006 at 07:57 PM.
Reason: extra log by accident
-
I wouldn't worry about cookies, it is just a fact of life on the internet just use a good cleaner once a week like CCleaner and cookies will go away until you get on the internet again.
To clean your temp folder, recycle bin, etc..please download this free tool:
CCleaner
Don't install any Toolbars, or other programs, should it ask you!Just uncheck the option of installing the Yahoo toolbar.
It will put a shortcut on your Desktop.
Click on CCleaner to start it. Then click "Run Cleaner", just use the windows tab up front by default.
Then Reboot (Exit)
