Options

Please Help a Noob

Unknown
edited May 2006 in Spyware & Virus Removal
Hello All.... If anyone has a few moments to help me out I would truly appreciate it.

Some of the problems I have been experiencing has to do with my virus scanner. My virus will not update its virus definition file and will not scan the computer for viruses. I have also noticed that my IE explorer is acting funny. Sometimes when I type a URL into the address bar nothing happens.

Here is the log file. Thank you

Logfile of HijackThis v1.99.1
Scan saved at 7:00:35 PM, on 4/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\notes\ntmulti.exe
C:\Program Files\Pharos\Bin\CTskMstr.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\windows\system32\TpKmpSVC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\windows\system32\TpScrLk.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
c:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\HPHipm11.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe
C:\WINDOWS\system32\PdeSrv2.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmjb.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_director.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MM_TDM~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ecampus.bentley.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ecampus.bentley.edu/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O1 - Hosts: 141.133.112.5 Pan
O1 - Hosts: 141.133.112.3 Atlas
O1 - Hosts: 141.133.112.75 Artemis
O1 - Hosts: 141.133.112.75 Electra
O1 - Hosts: 141.133.64.36 Admin1
O1 - Hosts: 141.133.64.35 Admin2
O1 - Hosts: 141.133.60.12 Facstaff
O1 - Hosts: 141.133.60.13 Student1
O1 - Hosts: 141.133.60.14 Student2
O1 - Hosts: 141.133.60.15 Appserv1
O1 - Hosts: 172.16.1.116 CCURE_HOST
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPKBDLED] C:\windows\system32\TpScrLk.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.exe
O4 - HKLM\..\Run: [QCWLIcon] C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe -a
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1AE6DAB3-8442-48AA-AE7F-6E97D7A5AB0B} (BentleyUpdate.BentleyUpdates) - http://deploy.bentley.edu/controls/BentleyUpdate.CAB
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://student1.bentley.edu/iNotes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1118082355656
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = blue.ad.bentley.edu
O17 - HKLM\Software\..\Telephony: DomainName = blue.ad.bentley.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = blue.ad.bentley.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = blue.ad.bentley.edu
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\Program Files\Pharos\Bin\CTskMstr.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\windows\system32\TpKmpSVC.exe

Comments

  • chiazchiaz
    edited May 2006
    If you did not set this restriction, or if you did not set Spybot Search and Destroy to do, please launch HijackThis and place a checkmark by this entry:
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    Close all windows other than HijackThis and press "Fix Checked". Then close HijackThis and restart the computer.


    Then do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner

    You will be promted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
        Extended (if available otherwise Standard)
      • Scan Options:
        Scan Archives
        Scan Mail Bases

        [*]Click OK
        [*]Now under select a target to scan:
          Select
        My Computer

        [*]This will program will start and scan your system.
        [*]The scan will take a while so be patient and let it run.
        [*]Once the scan is complete it will display if your system has been infected.
        • Now click on the Save as Text button:
        [*]Save the file to your desktop.
        [*]Copy and paste that information in your next post.
      • Bentleyallure
        edited May 2006
        I ran the Kaspersky Online Scanner this is what the report came up with...


        Please help with how to get rid of these viruses and infected files. THANK YOU for all of your help
        KASPERSKY ON-LINE SCANNER REPORT
        Sunday, May 28, 2006 4:00:27 PM
        Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
        Kaspersky On-line Scanner version: 5.0.78.0
        Kaspersky Anti-Virus database last update: 28/05/2006
        Kaspersky Anti-Virus database records: 196888

        Scan Settings:
        Scan using the following antivirus database: extended
        Scan Archives: true
        Scan Mail Bases: true

        Scan Target - My Computer:
        C:\
        D:\

        Scan Statistics:
        Total number of scanned objects: 70678
        Number of viruses found: 9
        Number of infected objects: 46
        Number of suspicious objects: 0
        Duration of the scan process: 01:06:04

        Infected Object Name / Virus Name / Last Action
        C:\data Infected: Trojan-Downloader.Win32.IstBar.ja skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\096C0000.VBN Infected: Trojan.Java.ClassLoader.u skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\096C0001.VBN Infected: Trojan.Java.ClassLoader.u skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AA00000.VBN Infected: Trojan-Downloader.Win32.Small.bvv skipped
        C:\Documents and Settings\COLELLA_MATT\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-7ebfe046-3030af50.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
        C:\Documents and Settings\COLELLA_MATT\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-7ebfe046-3030af50.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
        C:\Documents and Settings\COLELLA_MATT\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-7ebfe046-3030af50.zip ZIP: infected - 2 skipped
        C:\Documents and Settings\COLELLA_MATT\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-44604b10-3bcf1ce0.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
        C:\Documents and Settings\COLELLA_MATT\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-44604b10-3bcf1ce0.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
        C:\Documents and Settings\COLELLA_MATT\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-44604b10-3bcf1ce0.zip ZIP: infected - 2 skipped
        C:\Documents and Settings\COLELLA_MATT\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-eea61fb-2aef2859.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
        C:\Documents and Settings\COLELLA_MATT\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-eea61fb-2aef2859.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
        C:\Documents and Settings\COLELLA_MATT\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-eea61fb-2aef2859.zip ZIP: infected - 2 skipped
        C:\Documents and Settings\COLELLA_MATT\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-3d7228d6-2633ce99.zip/NudeBox.class Infected: Trojan.Java.ClassLoader.u skipped
        C:\Documents and Settings\COLELLA_MATT\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-3d7228d6-2633ce99.zip/Worker.class Infected: Trojan.Java.ClassLoader.u skipped
        C:\Documents and Settings\COLELLA_MATT\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-3d7228d6-2633ce99.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.u skipped
        C:\Documents and Settings\COLELLA_MATT\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-3d7228d6-2633ce99.zip/javautil.zip Infected: Trojan-Downloader.Win32.Small.bvv skipped
        C:\Documents and Settings\COLELLA_MATT\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-3d7228d6-2633ce99.zip/javautil.zip/bot.exe Infected: Trojan-Downloader.Win32.Small.cbp skipped
        C:\Documents and Settings\COLELLA_MATT\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-3d7228d6-2633ce99.zip ZIP: infected - 5 skipped
        C:\Documents and Settings\COLELLA_MATT\Local Settings\Temp\iinstall5192.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped
        C:\Documents and Settings\COLELLA_MATT\Local Settings\Temp\iinstall5192.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.nn skipped
        C:\Documents and Settings\COLELLA_MATT\Local Settings\Temp\iinstall5192.exe/data0005 Infected: Trojan-Downloader.Win32.IstBar.ja skipped
        C:\Documents and Settings\COLELLA_MATT\Local Settings\Temp\iinstall5192.exe NSIS: infected - 3 skipped
        C:\WINDOWS\Temp\43713983.qef/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.ae skipped
        C:\WINDOWS\Temp\43713983.qef/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ae skipped
        C:\WINDOWS\Temp\43713983.qef ZIP: infected - 2 skipped
        C:\WINDOWS\Temp\437449B1.qef/NudeBox.class Infected: Trojan.Java.ClassLoader.u skipped
        C:\WINDOWS\Temp\437449B1.qef/Worker.class Infected: Trojan.Java.ClassLoader.u skipped
        C:\WINDOWS\Temp\437449B1.qef/VerifierBug.class Infected: Trojan.Java.ClassLoader.u skipped
        C:\WINDOWS\Temp\437449B1.qef/javautil.zip Infected: Trojan-Downloader.Win32.Small.btj skipped
        C:\WINDOWS\Temp\437449B1.qef/javautil.zip/bot.exe Infected: Trojan-Downloader.Win32.Small.bmk skipped
        C:\WINDOWS\Temp\437449B1.qef ZIP: infected - 5 skipped
        C:\WINDOWS\Temp\437CA534.qef/NudeBox.class Infected: Trojan.Java.ClassLoader.u skipped
        C:\WINDOWS\Temp\437CA534.qef/Worker.class Infected: Trojan.Java.ClassLoader.u skipped
        C:\WINDOWS\Temp\437CA534.qef/VerifierBug.class Infected: Trojan.Java.ClassLoader.u skipped
        C:\WINDOWS\Temp\437CA534.qef/javautil.zip Infected: Trojan-Downloader.Win32.Small.btj skipped
        C:\WINDOWS\Temp\437CA534.qef/javautil.zip/bot.exe Infected: Trojan-Downloader.Win32.Small.bmk skipped
        C:\WINDOWS\Temp\437CA534.qef ZIP: infected - 5 skipped
        C:\WINDOWS\Temp\437D68F7.qef/NudeBox.class Infected: Trojan.Java.ClassLoader.u skipped
        C:\WINDOWS\Temp\437D68F7.qef/Worker.class Infected: Trojan.Java.ClassLoader.u skipped
        C:\WINDOWS\Temp\437D68F7.qef/VerifierBug.class Infected: Trojan.Java.ClassLoader.u skipped
        C:\WINDOWS\Temp\437D68F7.qef/javautil.zip Infected: Trojan-Downloader.Win32.Small.btj skipped
        C:\WINDOWS\Temp\437D68F7.qef/javautil.zip/bot.exe Infected: Trojan-Downloader.Win32.Small.bmk skipped
        C:\WINDOWS\Temp\437D68F7.qef ZIP: infected - 5 skipped
        C:\WINDOWS\Temp\qspAE.tmp Infected: Trojan.Java.ClassLoader.u skipped
        C:\WINDOWS\Temp\qspC9.tmp Infected: Trojan.Java.ClassLoader.u skipped

        Scan process completed.
      • chiazchiaz
        edited May 2006
        Your scan showed one of more viruses in your Sun Java Runtime Environment (JRE) cache. Delete those by clearing the JRE cache.
        To clear the Java Runtime Environment (JRE) cache:
        • Click Start > Control Panel.
        • Double-click the Java icon in the control panel.
          -The Java Control Panel appears.
        • Click Settings under Temporary Internet Files.
          -The Temporary Files Settings dialog box appears.
        • Click Delete Files.
          -The Delete Temporary Files dialog box appears.
          -There are three options on this window to clear the cache.
          • Delete Files
          • View Applications
          • View Applets
        • Click OK on Delete Temporary Files window.
          -Note: This deletes all the Downloaded Applications and Applets from the cache.
        • Click OK on Temporary Files Settings window.
        • Close the Java Control Panel
        You can view those instructions along with graphics Here


        Next download ATF Cleaner by Atribune.
          Double-click
        ATF-Cleaner.exe to run the program.
        Under Main choose: Select All
        Click the Empty Selected button.
        If you use Firefox browser
          Click
        Firefox at the top and choose: Select All
        Click the Empty Selected button.
        NOTE: If you would like to keep your saved passwords, please click No at the prompt.
        If you use Opera browser
          Click
        Opera at the top and choose: Select All
        Click the Empty Selected button.
        NOTE: If you would like to keep your saved passwords, please click No at the prompt.
        Click Exit on the Main menu to close the program.
        For Technical Support, double-click the e-mail address located at the bottom of each menu.

        Now please open Symantec AntiVirus Corporate Edition and delete all the quarantined files it is keeping.

        Next delete this file:
        C:\data


        Now rescan with Kaspersky and post the fresh log here in your next reply.
      • Bentleyallure
        edited May 2006
        Here is the update after following the steps previously given.. Thank you for your continued help. I truly appreciate it
        KASPERSKY ON-LINE SCANNER REPORT
        Sunday, May 28, 2006 11:28:06 PM
        Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
        Kaspersky On-line Scanner version: 5.0.78.0
        Kaspersky Anti-Virus database last update: 28/05/2006
        Kaspersky Anti-Virus database records: 196888

        Scan Settings:
        Scan using the following antivirus database: extended
        Scan Archives: true
        Scan Mail Bases: true

        Scan Target - My Computer:
        C:\
        D:\

        Scan Statistics:
        Total number of scanned objects: 65496
        Number of viruses found: 3
        Number of infected objects: 5
        Number of suspicious objects: 0
        Duration of the scan process: 01:05:20

        Infected Object Name / Virus Name / Last Action
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AA00000.VBN Infected: Trojan-Downloader.Win32.Small.bvv skipped
        C:\Documents and Settings\COLELLA_MATT\Local Settings\Temp\iinstall5192.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped
        C:\Documents and Settings\COLELLA_MATT\Local Settings\Temp\iinstall5192.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.nn skipped
        C:\Documents and Settings\COLELLA_MATT\Local Settings\Temp\iinstall5192.exe/data0005 Infected: Trojan-Downloader.Win32.IstBar.ja skipped
        C:\Documents and Settings\COLELLA_MATT\Local Settings\Temp\iinstall5192.exe NSIS: infected - 3 skipped

        Scan process completed.
      • chiazchiaz
        edited May 2006
        Could you clear the quarantined items in Symantec AntiVirus Corporate Edition again?

        Aftert that, please navigate to and delete the following file:
        C:\Documents and Settings\COLELLA_MATT\Local Settings\Temp\iinstall5192.exe

        Rescan with Kaspersky Scanner again before posting the new log. You should be more or less cleaned up by now. :)
      • Bentleyallure
        edited May 2006
        I cleared the quarantine list and nothing has shown up in the list since... I also removed iinstall5192.exe from my computer. here is the new log list. Again Thank You for your patience and expertise.....
        KASPERSKY ON-LINE SCANNER REPORT
        Monday, May 29, 2006 10:42:35 AM
        Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
        Kaspersky On-line Scanner version: 5.0.78.0
        Kaspersky Anti-Virus database last update: 29/05/2006
        Kaspersky Anti-Virus database records: 196931

        Scan Settings:
        Scan using the following antivirus database: extended
        Scan Archives: true
        Scan Mail Bases: true

        Scan Target - My Computer:
        C:\
        D:\

        Scan Statistics:
        Total number of scanned objects: 67049
        Number of viruses found: 3
        Number of infected objects: 4
        Number of suspicious objects: 0
        Duration of the scan process: 01:09:14

        Infected Object Name / Virus Name / Last Action
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AA00000.VBN Infected: Trojan-Downloader.Win32.Small.bvv skipped
        C:\Documents and Settings\COLELLA_MATT\Local Settings\Temp\isinst.exe Infected: Trojan-Downloader.Win32.IstBar.pe skipped
        C:\Documents and Settings\COLELLA_MATT\Local Settings\Temp\nss9D00.tmp Infected: Trojan-Downloader.Win32.IstBar.gen skipped
        C:\Documents and Settings\COLELLA_MATT\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNY0CD0G\istdownload[1].exe Infected: Trojan-Downloader.Win32.IstBar.pe skipped

        Scan process completed.
      • chiazchiaz
        edited May 2006
        Download Avenger from here:
        http://swandog46.geekstogo.com/

        Open the program. Check the 'Input script manually' option.
        Click the Magnifying Glass icon.
        In the box that opens, paste this:

        Files to delete:
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AA00000.VBN
        C:\Documents and Settings\COLELLA_MATT\Local Settings\Temp\isinst.exe
        C:\Documents and Settings\COLELLA_MATT\Local Settings\Temp\nss9D00.tmp
        C:\Documents and Settings\COLELLA_MATT\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNY0CD0G\istdownload[1].exe


        and click 'Done'

        Click the Traffic Light icon to start the program, and OK the prompts to reboot your PC.

        Post the Avenger output.txt, which you can find at C:\Avenger\.txt. Also rescan with Kaspersky Scanner one final time.
      • Bentleyallure
        edited May 2006
        Logfile of The Avenger version 1, by Swandog46
        Running from registry key:
        \Registry\Machine\System\CurrentControlSet\Services\kyrolubd

        *******************

        Script file located at: \??\C:\WINDOWS\system32\csbmroex.txt
        Script file opened successfully.

        Script file read successfully

        Backups directory opened successfully at C:\Avenger

        *******************

        Beginning to process script file:



        File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AA00000.VBN not found!
        Deletion of file C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AA00000.VBN failed!

        Could not process line:
        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AA00000.VBN
        Status: 0xc0000034

        File C:\Documents and Settings\COLELLA_MATT\Local Settings\Temp\isinst.exe deleted successfully.
        File C:\Documents and Settings\COLELLA_MATT\Local Settings\Temp\nss9D00.tmp deleted successfully.
        File C:\Documents and Settings\COLELLA_MATT\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNY0CD0G\istdownload[1].exe deleted successfully.

        Completed script processing.

        *******************

        Finished! Terminate.
      • Bentleyallure
        edited May 2006
        KASPERSKY ON-LINE SCANNER REPORTKASPERSKY ON-LINE SCANNER REPORT
        Tuesday, May 30, 2006 1:19:29 AM
        Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build
        2600)
        Kaspersky On-line Scanner version: 5.0.78.0
        Kaspersky Anti-Virus database last update: 30/05/2006
        Kaspersky Anti-Virus database records: 197134


        Scan Settings
        Scan using the following antivirus databaseextended
        Scan Archivestrue
        Scan Mail Basestrue

        Scan TargetMy Computer
        C:\
        D:\

        Scan Statistics
        Total number of scanned objects70842
        Number of viruses found2
        Number of infected objects4
        Number of suspicious objects0
        Duration of the scan process01:12:59

        Infected Object NameVirus NameLast Action
        C:\avenger\backup.zip/avenger/isinst.exe Infected:
        Trojan-Downloader.Win32.IstBar.pe skipped

        C:\avenger\backup.zip/avenger/istdownload[1].exe Infected:
        Trojan-Downloader.Win32.IstBar.pe skipped

        C:\avenger\backup.zip/avenger/nss9D00.tmp Infected:
        Trojan-Downloader.Win32.IstBar.gen skipped

        C:\avenger\backup.zip ZIP: infected - 3 skipped

        Scan process completed.
      • chiazchiaz
        edited May 2006
        Hi, just delete the Avenger backup:
        C:\avenger\backup.zip

        You are clean now. Congratulations!

        Click Start, click All Programs, click Accessories, click System Tools, and then click System Restore. Click to add a check mark beside Turn off System Restore on all Drives, and click Apply. When you are warned that all existing Restore Points will be deleted, click Yes to continue. All system restore points are deleted. Now you should manually create a restore point. Click Start, click All Programs, click Accessories, click System Tools, and then click System Restore.

        Click Create a Restore Point, and then click Next. Name your restore point. (I use the date as well as a descriptive term such as "Clean system.")





        Here are a number of recommendations for additional protection to help prevent any malware infections in the future. These few simple steps can stave off the vast majority of spyware problems.



        You may have already taken some of these steps:

        1. Watch what you download!

        Do not download just anything you see on the web. Some may have spyware bundled into them.



        2. Try not to use peer-to-peer programs.

        P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself. If you insist on using a P2P program, please read this article written by Mike Healan of Spywareinfo.com fame. It is an updated and comprehensive article that gives in-depth detail about which P2P programs are "safe" to use.



        3. Visit Windows Update:

        Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.

        Windows Update: http://v4.windowsupdate.microsoft.com/en/default.asp

        We recommend checking for Windows updates monthly.



        4. Adjust your security settings for ActiveX:

        Go to Internet Options/Security/Internet, press 'default level', then OK.

        Now press "Custom Level."

        In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.



        So why is ActiveX so dangerous that you have to increase the security for it?

        When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.

        Would you run just any random file downloaded off a web site without knowing what it is and what it does?



        5. Download and install the following free programs:

        a. SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html

        b. SpywareGuard: http://www.javacoolsoftware.com/spywareguard.html

        Periodically check for updates.



        6. Keep your antivirus software up to date. If you don't have one, I recommend the free AVG.



        7. Use a firewall. If you don't have a firewall, I recommend the free version of ZoneAlarm

        A tutorial on understanding and using firewalls may be found here



        8. IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Another good hosts program is mvpshosts. This little program packs a powerful punch as it block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial.





        9. You might consider installing Mozilla / Firefox, which is much safer than Internet Explorer.

        http://www.mozilla.org/



        10. Install spyware detection and removal programs:

        Ad-aware: http://www.snapfiles.com/get/adaware.html

        Spybot S&D:

        http://www.safer-networking.org

        Use these programs to regularly scan your system for and remove many forms of spyware/malware.



        11. Microsoft now offers their own anti-spyware product. Windows® Defender (Beta 2) improves Internet browsing safety by guarding over fifty (50) ways spyware can enter your PC. This is a BETA for XP/2000 only.



        12. Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List. It will save you a lot of grief, as well as money if you are thinking of purchasing. Here is the link: http://www.spywarewarrior.com/rogue_anti-spyware.htm

        If you want to know just how effective your anti-spyware program is, or how well any of the "rogue" programs listed at the above link work, check this for an independent comparison of several anti-spyware programs: http://www.spywarewarrior.com/asw-test-guide.htm



        Let us know if we have not resolved your problem. Otherwise, you are good to go.

        Happy and Safe Surfing! :D
      Sign In or Register to comment.