Post by: Pebbles on April 19, 2006, 02:03:39 AM
I have found this virusy thing in my computer but do not know how to get rid of it
/dry.gif\' class=\'bbc_emoticon\' alt=\'<_<\' /> . I have no real computer knowledge when it comes to the terminolgy and technical side of computers. I have windows 2000 on my computer. Could you please explain and walk me through what i have to do to exterminate this thing?? /ph34r.gif\' class=\'bbc_emoticon\' alt=\':ph34r:\' />Can I just add that I have seen others ask almost the same thing that I have, but I'm a bit daft and dont seem to follow it too well!!!
/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' /> hehe!
Post by: guestolo on April 19, 2006, 08:44:46 AM
So I get a better picture of what's going on
From my signature below, download and save too a permanent folder of it's own onto your harddrive
Hijackthis 1.99.1
Open Hijackthis.exe
Do a "SCAN and Save a Log file"
A log will open in Notepad
Copy and paste the WHOLE contents of the log here... Don't try and fix anything please with Hijackthis unless advised
All the information is important
Post by: Pebbles on April 20, 2006, 06:46:58 PM
Logfile of HijackThis v1.99.1
Scan saved at 9:45:30 AM, on 4/21/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\WINNT\system32\oodag.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AAPT
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINNT\system32\oodag.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
Post by: guestolo on April 20, 2006, 10:24:22 PM
Can you open "MyComputer"
Double click to open Local Disk C: drive
Right click an empty spot and left click NEW>>Folder
A new folder will be placed in the C: folder , name it BFU
So you now have C:\BFU
Please download Brute Force Uninstaller (http://\"http://www.merijn.org/files/bfu.zip\")
Reminder, choose SAVE rather than OPEN
Save this too the desktop
Once you have it saved too desktop
Then Extract (UNZIP) the contents to the (C:\BFU) folder you just made
So you now have C:\Bfu\bfu.exe
[color=\"#CC0000\"]RIGHT CLICK HERE[/color] (http://\"http://metallica.geekstogo.com/alcanshorty.bfu\")
and choose "Save As" (in IE it's "Save Target As") in order to download Alcra Remover.
Save it in the folder you made earlier (c:\BFU)
So you now have C:\Bfu\alcanshorty.bfu
==Download and then Install
Ewido anti-malware 3.5 (http://\"http://download.ewido.net/ewido-setup.exe\")
When installing, under "Additional Options" UNCHECK
- "Install background guard"
"Install scan via context menu".
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work
Can you review the page to help with the Updater from this link
http://www.ewido.net/en/support/?AID=26 (http://\"http://www.ewido.net/en/support/?AID=26\")
Download and install Windows CleanUp! 4.5.1 (http://\"http://www.stevengould.org/downloads/cleanup/CleanUp451.exe\")
Don't run this yet
Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!
I need you too do the following
Spybot's TeaTimer is a great tool, but it may, and probably will interfere with any fixes we are to try
Open Spybot, click on MODE>>Advanced Mode>>Ok the prompt
Click on TOOLS in the bottom left
Then click on RESIDENT on the top left column
On the right hand side, uncheck ONLY Resident "TeaTimer"
Accept the change
Leave this disabled until we are sure we have you clean please
RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
* Empty Recycle Bins
* Delete Cookies
* Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
When it's done click Close
DECLINE to log off or restart the computer
=Open the C:\BFU folder
Double click to run BFU.exe
Use the "Open Script file" button (the folder icon next to Scriptfile to execute)
Navigate to alcanshorty.bfu in the C:\BFU folder
Right click alcanshorty.bfu and choose Select
In Brute Force Uninstaller select Execute
Wait for the "complete script execution" box to pop up and press OK.
Press exit to terminate the BFU program.
=Open Ewido anti-malware
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
NOTE: When Ewido is running, don't open any other Windows
Reboot back to Normal mode
Post back the following please
1. Post a fresh Hijackthis log
2. Post the whole report from Ewido's
Post by: Pebbles on April 21, 2006, 12:48:58 AM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> Logfile of HijackThis v1.99.1
Scan saved at 3:45:13 PM, on 4/21/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\WINNT\system32\oodag.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AAPT
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINNT\system32\oodag.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 3:38:40 PM, 4/21/2006
+ Report-Checksum: 1AC4D0B7
+ Scan result:
C:\backup\counter.cab/counter.exe -> Dropper.Agent.az : Cleaned with backup
C:\backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\backup\Documents and Settings\Administrator\Cookies\administrator@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\backup\Documents and Settings\Administrator\Cookies\administrator@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\backup\Documents and Settings\Administrator\Cookies\administrator@com[3].txt -> TrackingCookie.Com : Cleaned with backup
C:\backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\backup\Documents and Settings\Administrator\Cookies\administrator@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\backup\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\backup\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\backup\Documents and Settings\Administrator\Cookies\administrator@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\backup\Documents and Settings\Administrator\Cookies\administrator@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\backup\Documents and Settings\Administrator\Cookies\administrator@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Administrator\My Documents\CSI Crime Scene Investigation\Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Administrator\My Documents\My Movies\Setup.exe -> Worm.VB.an : Cleaned with backup
::Report End
Thankyou
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
Post by: guestolo on April 22, 2006, 12:21:30 AM
*Install SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
- *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
*Make sure your Anti-Virus software is always kept up to date and actively running in the background
*Keep up to date on Windows updates (High Priorities)
This is the most important step in keeping your system secure
*Make sure your Firewall is enabled and running
A Firewall is also very important
This provides a line of defense against someone who might try to access your computer without your permission
I would opt to hold on to CleanUp! and Ewido
Ewido will become a Limited free version in a couple weeks after installation
Still a great scanner to update and run on a monthly basis
Go back and reenable the the TeaTimer in Spybot
Additionally. In Spybot 1.4
Click on the Immunize button>>OK>>Click Immunize at the top green cross
Please Immunize after every update
Stay safe
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
Post by: Pebbles on April 22, 2006, 06:15:51 PM
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' /> /biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' /> /biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' /> I hope you enjoy the rest of your day!
/cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' />
Post by: guestolo on April 22, 2006, 06:44:40 PM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> I'll lock this topic as your problems appear resolved
Take care