-------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Monday, October 13, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, October 13, 2008 04:55:19 Records in database: 1307948 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 71810 Threat name: 5 Infected objects: 7 Suspicious objects: 0 Duration of the scan: 02:15:50 File name / Threat name / Threats count C:\WINDOWS\system32\ti0DdKJx.dll/C:\WINDOWS\system32\ti0DdKJx.dll Infected: Trojan-Downloader.Win32.BHO.pe 1 C:\Documents and Settings\Joey\Local Settings\Temporary Internet Files\Content.IE5\9NC2QLHN\z[1].htm Infected: Trojan-Downloader.Win32.Firu.aqi 1 C:\Documents and Settings\Joey\My Documents\Downloads\Playstation 2 Emulator v2.09.01 [Latest] + Newest Ps2 Bios.rar Infected: Trojan-Downloader.Win32.Small.xnu 1 C:\Documents and Settings\Joey\My Documents\Downloads\Playstation 2 Emulator v2.09.01 [Latest] + Newest Ps2 Bios.rar Infected: Trojan.Win32.Monderc.gen 1 C:\WINDOWS\system32\32Wd7kj8.exe Infected: Trojan-Downloader.Win32.Agent.aivj 1 C:\WINDOWS\system32\6keU4b3H.exe Infected: Trojan-Downloader.Win32.Firu.aqi 1 C:\WINDOWS\system32\ti0DdKJx.dll Infected: Trojan-Downloader.Win32.BHO.pe 1 The selected area was scanned. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:50:33 AM, on 10/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\Brightness.exe C:\Program Files\Apple Keyboard Support\KbdMgr.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\MultiRes\MultiRes.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\32Wd7kj8.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\ti0DdKJx.dll O4 - HKLM\..\Run: [AppleTime] C:\WINDOWS\system32\AppleTime.exe O4 - HKLM\..\Run: [Brightness] C:\WINDOWS\system32\Brightness.exe O4 - HKLM\..\Run: [Apple_KbdMgr] "C:\Program Files\Apple Keyboard Support\KbdMgr.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{38435DA2-1958-4907-907A-15FA40A2DFAC}: NameServer = 68.87.71.226,68.87.73.242 O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe -- End of file - 3769 bytes Running Windows XP SP2
Hey jd3art Please download Malwarebytes Anti-Malware and install it. Follow the prompts and reboot if required. Launch Malwarebytes either by running C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe or double-click the Malwarebytes' Anti-Malware shortcut on your Desktop. Configuring Malwarebytes • Click on the tab Settings. • Make sure only these boxes are checked: Code: Terminate Internet Explorer Automatically save and display logfile after removal Always scan memory objects Always scan registry objects Always scan filesystem Always scan extra and heuristics objects Updating Malwarebytes • Click on the tab Update. • Press the button Check for Updates • Wait for Malwarebytes to be fully updated. Scanning Time • Click on the tab Scanner. • Check Perform full scan and click on Scan • Wait for the scan to complete, and then click on Show Results. • Make sure all items are checked, then click on Remove Selected. **If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately. Post A Log • A text box will pop up after the removal process is over. Post the contents of the text here. • If no text box pops up, launch Malwarebytes, and click on the tab Logs. • The logs will appear as mbam-log-*date-*time.txt. Select the latest one, and then click on Open. • Post the log here. Best Regards
Used HiJackThis and Kapersky WebScanner to isolate what .dll files in my system32 foler that were trojans. After that i rebooted in safe mode and deleted the files and the host file that unleashed the trojans on my system. (not a smart risk downloading it). After that, 32Wd7Kj8.exe and its sub .dll files no longer showed up in my system and the Pop ups subsided. Thank you for your prompt reply and directions for helping me clean my system if otherwise i was unable to.
Hey jd3art Glad you could solve your problem. Make sure you don't get infected the same way again! Best Regards
