Trojan Horse Pakes.CBE please help

Dustykitten

Morning and thanks again for all your help. I've done the DeWeb so will post the results in the next post.

Dustykitten

A0279524.exe\clientax.dll;C:\System Volume Information\_restore{B118F5D5-F9CA-429A-9A95-E4C70D19D6BA}\RP978\A0279524.exe;Adware.Zango;;A0279524.exe;C:\System Volume Information\_restore{B118F5D5-F9CA-429A-9A95-E4C70D19D6BA}\RP978;Archive contains infected objects;Moved.;

aliEnRIK

Well theyre just restore points (Meaning they (at least to my knowledge) cant do any harm unless you tries to restore to an earler point)

Dustykitten

Thanks for that RIK

I did spybot this morning and there are more unprotected bits. When I scanned it picked up

Zango
CoolWWWSearch
Fraud.MSAntispyware2009
MyWay.MyWebSearcj
Win32.Agemt.gvu

It fixed all but the Zango again.

Am I getting paranoid and these things would be there anyhow?

aliEnRIK

antispyware 2009 is a different thing again so far as im aware!

aliEnRIK

Update MALWAREBYTES and run a another full scan

Dustykitten

Malwarebytes updated and ran - no problems reported:

Malwarebytes' Anti-Malware 1.34
Database version: 1815
Windows 5.1.2600 Service Pack 3
04/03/2009 11:42:14
mbam-log-2009-03-04 (11-42-14).txt
Scan type: Full Scan (C:\|)
Objects scanned: 131092
Time elapsed: 53 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

aliEnRIK

Ok

For now Id suggest uninstalling AVG and installing AVIRA in its place (Avira has a FAR better detection system)

use the AVG removal tool
http://www.avg.com/download-tools

reboot

Download AVIRA ANTI VIRUS PERSONAL (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_antivir/
UPDATE and run a FULL scan (Include any USB drives you may have used since being infected)

Dustykitten

Thanks I'll have a go at that when I get back later.

Dustykitten

I've changed the AVG and here is the report:


Avira AntiVir Personal
Report file date: 05 March 2009 21:17
Scanning for 1285039 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: TW
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 09:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 12:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 21:15:29
ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 3/3/2009 21:15:32
ANTIVIR3.VDF : 7.1.2.128 113664 Bytes 3/5/2009 21:15:33
Engineversion : 8.2.0.105
AEVDF.DLL : 8.1.1.0 106868 Bytes 3/5/2009 21:15:51
AESCRIPT.DLL : 8.1.1.57 356729 Bytes 3/5/2009 21:15:50
AESCN.DLL : 8.1.1.8 127346 Bytes 3/5/2009 21:15:49
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 14:58:38
AEPACK.DLL : 8.1.3.10 397686 Bytes 3/5/2009 21:15:48
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 3/5/2009 21:15:46
AEHEUR.DLL : 8.1.0.104 1634679 Bytes 3/5/2009 21:15:45
AEHELP.DLL : 8.1.2.2 119158 Bytes 3/5/2009 21:15:41
AEGEN.DLL : 8.1.1.25 336243 Bytes 3/5/2009 21:15:39
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 11:05:56
AECORE.DLL : 8.1.6.6 176501 Bytes 3/5/2009 21:15:36
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 11:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 13:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 14:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 05 March 2009 21:17
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'WZQKPICK.EXE' - '1' Module(s) have been scanned
Scan process 'BrMfimon.exe' - '1' Module(s) have been scanned
Scan process 'WindowsSearch.exe' - '1' Module(s) have been scanned
Scan process 'BrMfcWnd.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'KHost.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'EM_EXEC.EXE' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'pptd40nt.exe' - '1' Module(s) have been scanned
Scan process 'iTouch.exe' - '1' Module(s) have been scanned
Scan process 'VTTimer.exe' - '1' Module(s) have been scanned
Scan process 'SMax4PNP.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'KService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'brss01a.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'brsvc01a.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
47 processes with 47 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '65' files ).

Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!

End of the scan: 05 March 2009 21:52
Used time: 34:58 Minute(s)
The scan has been done completely.
7242 Scanning directories
213718 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
213717 Files not concerned
1107 Archives were scanned
1 Warnings
0 Notes