TR/Swizzor.GF
-
Re: TR/Swizzor.GF
SmitFraudFix v2.58
Scan done at 1:44:32,18, ti 13.06.2006
Run from C:\Documents and Settings\HP_Omistaja\Ty”p”yt„\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\.protected FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Omistaja\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_OMI~1\Suosikit
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'A403375D9184B225.job'
[TRACE] Printing all job properties
ApplicationName: 'c:\docume~1\hp_omi~1\applic~1\platfo~1\AcidLiveWm a.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'HP_Omistaja'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 06/13/2006 2:00:00
StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0
1 Trigger
Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 02/04/2001
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0
[TRACE] Activating job 'MP Scheduled Scan.job'
[TRACE] Printing all job properties
ApplicationName: 'C:\Program Files\Windows Defender\MpCmdRun.exe'
Parameters: 'Scan -RestrictPrivileges'
WorkingDirectory: ''
Comment: 'Scheduled Scan'
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 06/13/2006 1:00:02
NextRun: 06/14/2006 1:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 1
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 1
TaskFlags: 0
1 Trigger
Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/12/2006
EndDate: 00/00/0000
StartTime: 01:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0
[TRACE] Activating job 'XoftSpySE.job'
[TRACE] Printing all job properties
ApplicationName: 'C:\Program Files\XoftSpySE\XoftSpy.exe'
Parameters: '-t'
WorkingDirectory: 'C:\Program Files\XoftSpySE\'
Comment: 'Runs XoftSpySE at Scheduled Time.'
Creator: 'HP_Omistaja'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 06/13/2006 3:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0
1 Trigger
Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: ..T....
StartDate: 06/10/2006
EndDate: 00/00/0000
StartTime: 03:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0
-
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 1:40:18, 13.6.2006
+ Report-Checksum: 8F149F0A
+ Scan result:
:mozilla.18:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\xb3g4wxh.Default User\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.28:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\xb3g4wxh.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.29:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\xb3g4wxh.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.30:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\xb3g4wxh.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.31:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\xb3g4wxh.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.34:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\xb3g4wxh.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.35:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\xb3g4wxh.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.42:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\xb3g4wxh.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.43:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\xb3g4wxh.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.44:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\xb3g4wxh.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.45:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\xb3g4wxh.Default User\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.46:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\xb3g4wxh.Default User\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.49:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\xb3g4wxh.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.104:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\xb3g4wxh.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.105:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\xb3g4wxh.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.106:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\xb3g4wxh.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.107:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\xb3g4wxh.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@advertisi ng[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@doublecli ck[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\HP_Omistaja\Local Settings\Temporary Internet Files\Content.IE5\Z8B3WOR6\Scripts[1].js -> Adware.MediaMotor : Cleaned with backup
C:\Program Files\Piolet\My Shared Folder\Nero 6.6 with inCD and keygen.exe -> Dropper.VB.lu : Cleaned with backup
C:\Program Files\quickbar\Cache\NNEZTY638.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UERSJ_0001_N68M0902NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
::Report End
-
Very nice,
http://www.kaspersky.com/virusscanner
Please do an online scan with Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
o Scan Options:
- Scan Archives
- Scan Mail Bases
* Click OK
*Now under select a target to scan:
o Select My Computer
* This program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
o Now click on the Save as Text button:
* Save the file to your desktop.
* Copy and paste that information in your next post.
-
Here it is. 
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, June 13, 2006 1:42:53 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 13/06/2006
Kaspersky Anti-Virus database records: 200143
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\
O:\
Scan Statistics:
Total number of scanned objects: 95681
Number of viruses found: 8
Number of infected objects: 12
Number of suspicious objects: 0
Duration of the scan process: 01:44:40
Infected Object Name / Virus Name / Last Action
C:\digipass_ver1.296.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.jl skipped
C:\digipass_ver1.296.exe/data0008 Infected: Trojan-Notifier.Win32.Zlob.a skipped
C:\digipass_ver1.296.exe/data0011 Infected: Trojan-Downloader.Win32.Zlob.jj skipped
C:\digipass_ver1.296.exe NSIS: infected - 3 skipped
C:\digipass_ver1.296.exe UPX: infected - 3 skipped
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP14\A0003941.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP14\A0003942.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP3\A0000712.exe Infected: Trojan-Downloader.Win32.Swizzor.co skipped
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP4\A0001154.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP4\A0001156.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP4\A0001157.exe Infected: Trojan-Downloader.Win32.Swizzor.fh skipped
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP4\A0001159.exe Infected: Trojan-Downloader.Win32.Swizzor.fh skipped
Scan process completed.
Last edited by DaN00b; 13-06-2006 at 11:47 AM.
-
Let's see if we can kill some stuff now.
Please download the Killbox by Option^Explicit.
Note:In the event you already have Killbox, this is a new version that I need you to download.- Save it to your desktop.
- Please double-click Killbox.exe to run it.
- Select
- "Delete on Reboot
- Then click on either the "All Files" button if there is more than 1 item to Delete.
- Please copy the file path(s) below to the clipboard by highlighting ALL of them and pressing CTRL + C
C:\digipass_ver1.296.exe
- Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
- Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.
After the above give me a fresh kaspersky scan I want to see if deleteing that file once is enough or if each instance of it needs to be deleted. Thanks.
The rest is under system restore and we can get those as a very last step.
-
Right on the first second of the kaspersky scanning it found 3 viruses and 5 infected files.
So problably didn't help much? But I'm letting it scan, going to sleep now. ->
-
-
Here it is.
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, June 16, 2006 12:09:15 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 15/06/2006
Kaspersky Anti-Virus database records: 200779
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\
Scan Statistics:
Total number of scanned objects: 96629
Number of viruses found: 6
Number of infected objects: 14
Number of suspicious objects: 0
Duration of the scan process: 01:39:36
Infected Object Name / Virus Name / Last Action
C:\!KillBox\digipass_ver1.296.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.jl skipped
C:\!KillBox\digipass_ver1.296.exe/data0008 Infected: Trojan-Notifier.Win32.Zlob.a skipped
C:\!KillBox\digipass_ver1.296.exe/data0011 Infected: Trojan-Downloader.Win32.Zlob.jj skipped
C:\!KillBox\digipass_ver1.296.exe NSIS: infected - 3 skipped
C:\!KillBox\digipass_ver1.296.exe UPX: infected - 3 skipped
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP14\A0003942.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP22\A0004372.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.jl skipped
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP22\A0004372.exe/data0008 Infected: Trojan-Notifier.Win32.Zlob.a skipped
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP22\A0004372.exe/data0011 Infected: Trojan-Downloader.Win32.Zlob.jj skipped
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP22\A0004372.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP22\A0004372.exe UPX: infected - 3 skipped
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP3\A0000712.exe Infected: Trojan-Downloader.Win32.Swizzor.co skipped
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP4\A0001157.exe Infected: Trojan-Downloader.Win32.Swizzor.fh skipped
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP4\A0001159.exe Infected: Trojan-Downloader.Win32.Swizzor.fh skipped
Scan process completed.
-
Looks like everything is under system restore and we will flush that as a last step.
Plus all those you killed with killbox.
How is your computer behaving now?
-
Pretty much better than it did before, I can see it's faster. 
