After trojan is removed(RESOLVED)
-
Re: After trojan is removed
Oh Neal - you will despair of me. since going over to firefox in the last few weeks I have had more problems than I have ever had. AVG is now showing a virus - Exploit in the virus vault which is not healed - is it a major problem?
-
anything in vault is as good as quarantined and can be deleted and is harmless if left there.
Run the super antispyware again and post anything it finds please.
-
Hallo
Here is the Super AntiSpyware log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/27/2007 at 10:30 PM
Application Version : 3.9.1008
Core Rules Database Version : 3351
Trace Rules Database Version: 1350
Scan type : Quick Scan
Total Scan Time : 00:23:03
Memory items scanned : 467
Memory threats detected : 0
Registry items scanned : 619
Registry threats detected : 0
File items scanned : 15034
File threats detected : 108
Adware.Tracking Cookie
C:\Documents and Settings\V L\Cookies\v_l@serving-sys[1].txt
C:\Documents and Settings\V L\Cookies\v_l@tribalfusion[2].txt
C:\Documents and Settings\V L\Cookies\v_l@atdmt[2].txt
C:\Documents and Settings\V L\Cookies\v_l@bs.serving-sys[1].txt
C:\Documents and Settings\V L\Cookies\v_l@bizrate.co[2].txt
C:\Documents and Settings\V L\Cookies\v_l@questionmarket[2].txt
C:\Documents and Settings\V L\Cookies\v_l@philips.112.2o7[1].txt
C:\Documents and Settings\V L\Cookies\v_l@ad.primopdf[1].txt
C:\Documents and Settings\V L\Cookies\v_l@advertising[2].txt
C:\Documents and Settings\V L\Cookies\v_l@int.sitestat[1].txt
C:\Documents and Settings\Owner\Cookies\owner@008.free-counter.co[1].txt
C:\Documents and Settings\Owner\Cookies\owner@3.adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@a.websponsors[1].txt
C:\Documents and Settings\Owner\Cookies\owner@acvs.mediaonenetwork[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adecn[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.expedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.planetactive[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.revsci[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.techguy[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.tripod.lycos.co[2].txt
C:\Documents and Settings\Owner\Cookies\owner@amlocalhost.trymedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@anad.tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@anat.tacoda[2].txt
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@clicksor[2].txt
C:\Documents and Settings\Owner\Cookies\owner@dealclick.co[2].txt
C:\Documents and Settings\Owner\Cookies\owner@dealtime.co[2].txt
C:\Documents and Settings\Owner\Cookies\owner@exitexchange[1].txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@hypertracker[2].txt
C:\Documents and Settings\Owner\Cookies\owner@imrworldwide[2].txt
C:\Documents and Settings\Owner\Cookies\owner@interclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@jomalone.77tracking[2].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaonenetwork[1].txt
C:\Documents and Settings\Owner\Cookies\owner@nextag.co[2].txt
C:\Documents and Settings\Owner\Cookies\owner@nextag[1].txt
C:\Documents and Settings\Owner\Cookies\owner@parentingteens.about[1].txt
C:\Documents and Settings\Owner\Cookies\owner@stats.renault.co[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sussexpromotions.co[1].txt
C:\Documents and Settings\Owner\Cookies\owner@t4.trackalyzer[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tracking.summitmedia. co[1].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficvenuedirect[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.adtrak[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.clash-media[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.clickmanage[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.education.licence toclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[10].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[11].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[3].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[4].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[5].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[6].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[7].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[8].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[9].txt
C:\Documents and Settings\Owner\Cookies\owner@www.licencetoclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.popuptraffic[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www2.mystats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www2.mystats[3].txt
C:\Documents and Settings\Owner\Cookies\owner@www8.addfreestats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
C:\Documents and Settings\Owner\Cookies\owner@yadro[1].txt
C:\Documents and Settings\Owner\My Documents\My Backups\New Backup Job\C\Documents and Settings\Owner\Cookies\owner@ads.tripod.lycos.co[1].txt
C:\Documents and Settings\Owner\My Documents\My Backups\New Backup Job\C\Documents and Settings\Owner\Cookies\owner@dealtime.co[1].txt
C:\Documents and Settings\Owner\My Documents\My Backups\New Backup Job\C\Documents and Settings\Owner\Cookies\owner@nextag.co[1].txt
C:\Documents and Settings\Owner\My Documents\My Backups\New Backup Job\C\Documents and Settings\Owner\Cookies\owner@tracking.summitmedia. co[1].txt
C:\Documents and Settings\Owner\My Documents\My Backups\New Backup Job\C\Documents and Settings\Owner\Cookies\owner@www.googleadservices[1].txt
C:\Documents and Settings\Owner\My Documents\My Backups\New Backup Job\C\Documents and Settings\Owner\Cookies\owner@www.googleadservices[2].txt
C:\Documents and Settings\V Longland\Cookies\v longland@ad.ambiweb[2].txt
C:\Documents and Settings\V Longland\Cookies\v longland@ads.adbrite[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@ads.heias[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@ads.mediamayhemcorp[2].txt
C:\Documents and Settings\V Longland\Cookies\v longland@ads.soft32[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@ads.techguy[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@ads.tripod.lycos.co[2].txt
C:\Documents and Settings\V Longland\Cookies\v longland@adv.surinter[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@anad.tacoda[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@clickaider[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@clicksor[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@dealtime.co[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@dowscreensaver[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@eas.apm.emediate[2].txt
C:\Documents and Settings\V Longland\Cookies\v longland@eyewonder[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@kanoodle[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@mywebsearch[2].txt
C:\Documents and Settings\V Longland\Cookies\v longland@nextag.co[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@richmedia.yahoo[2].txt
C:\Documents and Settings\V Longland\Cookies\v longland@scalesexpress[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@screensaversandwallpapersfree[2].txt
C:\Documents and Settings\V Longland\Cookies\v longland@smileycentral[2].txt
C:\Documents and Settings\V Longland\Cookies\v longland@stats.channel4[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@stats.softtechreviews[2].txt
C:\Documents and Settings\V Longland\Cookies\v longland@toplist[2].txt
C:\Documents and Settings\V Longland\Cookies\v longland@track.affilibid[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@track.webgains[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@tracking.summitmedia.co[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@tracking.webdiversity.co[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@traffitrack[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@www.clash-media[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@www.clickmanage[2].txt
C:\Documents and Settings\V Longland\Cookies\v longland@www.signsexpress.co[2].txt
C:\Documents and Settings\V Longland\Cookies\v longland@www.stats.tso.co[1].txt
Adware.MyWebSearch
C:\DOCUMENTS AND SETTINGS\V L\DOCTORWEB\QUARANTINE\MWSOEMON.EXE
Unclassified.SpywareBot (Not A Threat)
C:\DOCUMENTS AND SETTINGS\V LONGLAND\DESKTOP\DOWNLOADS\SETUP.EXE
Did you have any comments on the SDFix problem?
Many thanks
-
I have no idea why SDFix will not run on your PC.
Super antispyware found cookies and that is all worth mentioning.
You can disable Trojan Hunter and then try to run SDFix
below is slightly modified instructions and a fresh link for SDFix
Download http://downloads.andymanchesta.com/R...ools/SDFix.exe and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, the Advanced Options Menu should appear;
* Select the first option, to run Windows in Safe Mode, then press Enter.
* Choose your usual account.
* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
* Finally paste the contents of the Report.txt back on the forum
-
Neal
I disabled Trojan Hunter as suggested and re-did SDFix. Still no RunThis.bat but I clicked on RunThis.cmd. It all started up and I got the FindSTR Cannot open then the rubbish which I couldn't understand. However it continued and after re-booting I got the little blue screen which said "Cannot open FindSTR
However I got a Report file which i attach:
SDFix: Version 1.115
Run by V L on 28/11/2007 at 16:05
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 16:15:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avgine t.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgam svr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.ex e"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc. exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
Remaining Files:
---------------
Files with Hidden Attributes:
Sun 4 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f040a43a 7788e207ef67f26bf9f0471f\BIT1D.tmp"
Finished!
I hope that is sufficient for you - I guess the only other alternative is to remove all the other programs I have installed to help the situation and then try SDFix again ........ over to you again I'm afraid.
-
It looks like it ran that time and no trojans were found.
How is your PC performing now?
-
It seems fine now thank you - would you be happy to do an on-line purchase now in my situation - not talking about on-line banking, not into that
I am really grateful for all your patience
-
I probably would do it, without worrying.
If you are no longer having any more trouble here is some preventative measures for you.
Be sure to re-hide hidden files/folders if you were asked to unhide them
Here are some preventive measures you can take to keep your computer from getting infected again. also keep all these and Ad-awareSE and SpybotS&D updated.
http://www.d-a-l.com/help/showthread.php?t=32403
Flush your restore points in ME and XP, by turning System Restore off and then back on.
This will create a fresh restore point.
Explained Here:
Windows XP: http://vil.nai.com/vil/SystemHelpDoc...ysRestore.aspx
Explained Here
Microsoft ME:
http://service1.symantec.com/SUPPORT...rc=sec_doc_nam
RegProtect
This small registry protection tool will save you hours of heartache by notifying you when some program good or bad is trying to access your registry.
You have the option of allowing(good) items or blocking(bad)items.
http://www.diamondcs.com.au/index.php?page=regprot
To reduce the re-infection potential for malware and protect yourself against spyware, here are a few helpful suggestions:
1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft. This will patch many of the security holes through which attackers can gain access to your computer. You CANNOT complete this update using an alternate browser.
http://v5.windowsupdate.microsoft.co....aspx?ln=en-us
http://www.microsoft.com/windows/ie/default.asp
2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching, there are a some good free Antivirus programs that are decent, including AVG and Avast!.
AVG: http://free.grisoft.com/doc/1
Avast: http://www.avast.com/eng/avast_4_home.html
3. In addtion to using Ad-aware consider using another free malware scanning/removal program:
Windows Defender
http://www.microsoft.com/athome/secu...e/default.mspx
4. Consider using a free firewall if you are not already using one. Some good free ones are:
Kerio
http://www.sunbelt-software.com/Kerio.cfm
OutPost Personal Firewall:
Outpost
5. Consider using an alternate free browser for general web surfing but you must use IE for windows update.
Mozilla Firefox: www.mozilla.org/products/firefox/
6. Consider increasing your browser security by using these programs:
SpywareGuard will protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
SpywareBlaster will increase browser protection by blocking Thousands of known malware sites by adding them to IE's restricted sites zone. Download it here:
http://www.javacoolsoftware.com/spywareblaster.html
If you use SpywareBlaster, you can also use a customblocklist to add even more entries into IE restricted sites zone. Go to this site for the current list and how to use instructions: http://customblockinglist.cjb.net/
IE-SPYAD is similar in that it adds thousands more known malware sites to IE's restricted zone. Download it here:
https://netfiles.uiuc.edu/ehowes/www/resource.htm
Block access to Untrustworthy Sites
You can prevent your computer from visiting a myriad of untrustworthy sites and ad-servers by installing a customised hosts file. One of the best available is the: MVPS Hosts File. Simply follow the instructions to install the file in the correct location. This will not only make surfing safer but will improve website load times and block popups from many of the large ad-servers.
*Remember just like your primary anti-virus software, it is important to keep all of these programs up-to-date and use them on a regular basis. It's Free
Valued Member
