Jump to content

football_dynasties

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. "JohnD2 said that renamed two files 'spcffwl.dll' and 'kjzna1562565.exe' in C:\Documents and Settings\<myusername>\Application Data\Google" Find those two files then just right click and rename them. I just added 'test'. I still get the pop-up, but I can use IE without it crashing. I'd just say be careful, because I don't think this is a permanent fix. I'm still waiting for someone to help.
  2. I used this trick "JohnD2 said that renamed two files 'spcffwl.dll' and 'kjzna1562565.exe' in C:\Documents and Settings\<myusername>\Application Data\Google" to renamed the files. I'm still getting the pop-up that's trying to get me to install Perfect Defender 2009, but I can now search the internet and was able to run the Panda Security scan. Still waiting to here for a permanent solution. I haven't deleted those files, just renamed them. ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2008-12-07 16:17:21 PROTECTIONS: 1 MALWARE: 20 SUSPECTS: 0 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== Symantec Antivirus Corporate Edition 10.1 No Yes ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@trafficmp[2].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Tech\Cookies\tech@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Tech\Cookies\tech@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\linda\Cookies\linda@atdmt[2].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\linda\Cookies\linda@fastclick[2].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Tech\Cookies\tech@fastclick[1].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@tribalfusion[1].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\linda\Cookies\linda@tribalfusion[1].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Tech\Cookies\tech@tribalfusion[2].txt 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@azjmp[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@ad.yieldmanager[2].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Tech\Cookies\tech@apmebf[2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@serving-sys[1].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@bs.serving-sys[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@advertising[2].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@ads.pointroll[2].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@overture[1].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@realmedia[2].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@questionmarket[2].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Tech\Cookies\tech@adrevolver[2].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\linda\Cookies\linda@adrevolver[2].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@adrevolver[1].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@go[2].txt 00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@target[1].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\asmith\Cookies\asmith@atwola[1].txt 00456116 Adware/Antivirus2009 Adware No 0 Yes No C:\Documents and Settings\asmith\Local Settings\Temporary Internet Files\Content.IE5\6Z2N2HIB\freescan[1].htm ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location Y ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description Y ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = ===================
  3. I was unable to use the Panda security scan because my browser keeps crashing, but here are the MBAM and HijackThis logs.. Malwarebytes' Anti-Malware 1.31 Database version: 1456 Windows 5.1.2600 Service Pack 3 12/7/2008 4:15:49 AM mbam-log-2008-12-07 (04-15-49).txt Scan type: Full Scan (C:\|) Objects scanned: 101493 Time elapsed: 22 minute(s), 30 second(s) Memory Processes Infected: 1 Memory Modules Infected: 4 Registry Keys Infected: 18 Registry Values Infected: 3 Registry Data Items Infected: 2 Folders Infected: 4 Files Infected: 20 Memory Processes Infected: C:\Program Files\GetModule\GetModule31.exe (Trojan.Agent) -> Unloaded process successfully. Memory Modules Infected: C:\WINDOWS\system32\pmnmkIBt.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\ubhvbqku.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\opnmJDWM.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\ouhlxt.dll (Trojan.Vundo) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnmjdwm (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8052fbe4-c578-403b-80ee-061ea8bd8063} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{8052fbe4-c578-403b-80ee-061ea8bd8063} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{af0e4b9c-dd2c-404f-a722-8d79284428ed} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{af0e4b9c-dd2c-404f-a722-8d79284428ed} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8052fbe4-c578-403b-80ee-061ea8bd8063} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af0e4b9c-dd2c-404f-a722-8d79284428ed} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\GetModule (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d4d74915 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getmodule31 (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\pmnmkibt -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\pmnmkibt -> Delete on reboot. Folders Infected: C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\asmith\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\asmith\Application Data\GetModule (Trojan.Agent) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\opnmJDWM.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\pmnmkIBt.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\tBIkmnmp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tBIkmnmp.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ouhlxt.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\ubhvbqku.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\ukqbvhbu.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\asmith\Local Settings\Temporary Internet Files\Content.IE5\2XCDIHAD\zc113432[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\asmith\Local Settings\Temporary Internet Files\Content.IE5\CBN36OPL\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pdvniade.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\GetModule\GetModule31.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\asmith\Application Data\gadcom\purasi.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\asmith\Application Data\GetModule\dicik.gz (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\asmith\Application Data\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\asmith\Application Data\GetModule\losi.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\asmith\Application Data\GetModule\ofadik.gz (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv961228549770.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yayaWoMD.dll (Trojan.Vundo) -> Quarantined and deleted successfully. -------------------------------------------------------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:32:20 AM, on 12/7/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\PROGRA~1\SYMANT~1\VPTray.exe
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.