i have every anti-virus, anti mal-stuff, program known to man, but it keeps coming! BitDefender Online Scanner Scan report generated at: Tue, Aug 22, 2006 - 00:33:53 Scan path: A:\;C:\;D:\;E:\;F:\; Statistics Time 00:29:11 Files 172305 Folders 3696 Boot Sectors 4 Archives 1042 Packed Files 6534 Results Identified Viruses 1 Infected Files 1 Suspect Files 0 Warnings 0 Disinfected 0 Deleted Files 1 Engines Info Virus Definitions 450144 Engine build AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38) Scan plugins 13 Archive plugins 39 Unpack plugins 5 E-mail plugins 6 System plugins 1 Scan Settings First Action Delete Second Action None Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes Scanned File Status C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4XUJ8XMN\sp2-adtegrity-728[1].swf=>[SWF command] Infected with: Trojan.SwfDL.A C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4XUJ8XMN\sp2-adtegrity-728[1].swf=>[SWF command] Deleted C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4XUJ8XMN\sp2-adtegrity-728[1].swf Update failed Incident Status Location Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@club.cdfreaks[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@dist.belnk[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ehg-dig.hitbox[1].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@go[2].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe any help is most appreciated. Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe can u help out? Niobis you out there?
I'm here mate. Go here http://forum.misec.net/board/TrojanHunter;action=display;num=1143130166;start=0#0 and click the "Download" link to get the trail version of Trojan Hunter. Run and you should be cleaned of the Trojan. Post new log if you have any troubles.
hello, whats up Niobis ? wish i was here just to say hi. but .....aparently i still have issues! trogan scan came up empty....no log to post yet, but i'll post one soon enough. i'm sure it's no big deal, and i'll figure it out in time(w?ur help)lol but, hey!!!!! thanks 4 ur help in the past,(and idvance 4 the future) ur def a cyber friend!!!
whats up! ok here a few logs.....bitsdefender to start with. i'll post a trojan hunter & a hijackthis log after that. or r there any others you would rather i post? bitdefender does'nt seem to trust smithfraud, does it. see what u think.
BitDefender Online Scanner Scan report generated at: Wed, Aug 23, 2006 - 21:00:01 Scan path: A:\;C:\;D:\;E:\;F:\; Statistics Time 00:29:56 Files 172455 Folders 3709 Boot Sectors 4 Archives 1043 Packed Files 6714 Results Identified Viruses 1 Infected Files 1 Suspect Files 0 Warnings 0 Disinfected 0 Deleted Files 1 Engines Info Virus Definitions 450477 Engine build AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38) Scan plugins 13 Archive plugins 39 Unpack plugins 5 E-mail plugins 6 System plugins 1 Scan Settings First Action Delete Second Action None Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes Scanned File Status C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4XUJ8XMN\sp2-adtegrity-728[1].swf=>[SWF command] Infected with: Trojan.SwfDL.A C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4XUJ8XMN\sp2-adtegrity-728[1].swf=>[SWF command] Deleted C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4XUJ8XMN\sp2-adtegrity-728[1].swf Update failed
heres trojan hunter log(maybe i should have run in safe mode) Registry scan No suspicious entries found Inifile scan No suspicious entries found Port scan No suspicious open ports found Memory scan No trojans found in memory File scan Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Bearshare.zip Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Bearshare1.zip Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration.zip Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration1.zip Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration10.zip Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration11.zip Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration12.zip Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration13.zip Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration14.zip Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration15.zip Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration16.zip Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration17.zip Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration2.zip Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration3.zip Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration4.zip Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration5.zip Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration6.zip Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration7.zip Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration8.zip Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration9.zip Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RealDownloadExpress.zip Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RealDownloadExpress1.zip Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RealDownloadExpress2.zip Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RealDownloadExpress3.zip C:\pagefile.sys Not scanned (in use by another application) While scanning C:\WINDOWS\bdoscandellang.ini: File C:\WINDOWS\BQSHYJ2R.ocx not found While scanning C:\WINDOWS\explorer.exe: File C:\WINDOWS\F9B5D4PH.ocx not found While scanning C:\WINDOWS\notepad.exe: File C:\WINDOWS\NWQNADHB.ocx not found While scanning C:\WINDOWS\notepad.exe: File C:\WINDOWS\O83PPKBG.ocx not found While scanning C:\WINDOWS\system32\1033\dwintl.dll: File C:\WINDOWS\system32\2KG2D6GN.ocx not found C:\WINDOWS\system32\drivers\sptd.sys Not scanned (in use by another application) C:\WINDOWS\system32\drivers\sptd2237.sys Not scanned (in use by another application) While scanning C:\WINDOWS\system32\dxtrans.dll: File C:\WINDOWS\system32\E2DGHAFK.ocx not found While scanning C:\WINDOWS\system32\getuname.dll: File C:\WINDOWS\system32\GHP6JVUB.ocx not found While scanning C:\WINDOWS\system32\keymgr.dll: File C:\WINDOWS\system32\KJIXEDQK.ocx not found While scanning C:\WINDOWS\system32\rwinsta.exe: File C:\WINDOWS\system32\S239DIEF.ocx not found While scanning C:\WINDOWS\vmmreg32.dll: File C:\WINDOWS\VO63QJ2E.ocx not found No trojan files found 11943 files scanned in 1019 seconds
heres hijackthis log. Logfile of HijackThis v1.99.1 Scan saved at 9:26:25 PM, on 8/23/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe E:\program files\counterspy\sunThreatEngine.exe C:\WINDOWS\System32\svchost.exe E:\program files\counterspy\SunProtectionServer.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe E:\program files\PowerDVD\PDVDServ.exe E:\program files\counterspy\sunserver.exe C:\Program Files\TrojanHunter 4.5\THGuard.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe E:\program files\Multimedia Launcher\PowerBar.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows NT\Accessories\WORDPAD.EXE C:\HJT\HijackThis.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\program files\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [RemoteControl] "E:\program files\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunServer] E:\program files\counterspy\sunserver.exe O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe" O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [PowerBar] "E:\program files\Multimedia Launcher\PowerBar.exe" /AtBootTime O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/29e58afed3c0286f6704/netzip/RdxIE601.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140654306906 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140654255531 O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe trojan hunter does'nt seem to see anything huh?
If your still having problems run Spy Hunter in safe mode. Go here http://www.ccleaner.com and get Ccleaner. Install and run both "Cleaner" and "Issues" Fix.
ran both, came up empty, sooo...i ran the file path infected w/the trojan thru KILL BOX & it did'nt exist. guess i'm ok. logs are cool! heh,heh,heh!!! thanks again, have a good one mate! this machine is clean!!!
