We'd like to remind Forumites to please avoid political debate on the Forum. This is to keep it a safe and useful space for MoneySaving discussions. Threads that are - or become - political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
We're aware that dates on the Forum are not currently showing correctly. Please bear with us while we get this fixed, and see Site feedback for updates.
TR/downloader.gen

Zahc
Posts: 986 Forumite
in Techie Stuff
Hi all,
I go away for a fortnight and come back to my missus complaining that the PC was slow.
I find thousands, and I mean thousands, of instances of TR/downloader.gen on her account in temp files. Trend micro missed the lot and I'm currently using antivir to get rid of them.
How on earth did she manage so many trojan infections? She assures me she hasn't been anywhere naughty!
Her account is now 'limited' until I can identify the source.
Any ideas?
Zahc
I go away for a fortnight and come back to my missus complaining that the PC was slow.
I find thousands, and I mean thousands, of instances of TR/downloader.gen on her account in temp files. Trend micro missed the lot and I'm currently using antivir to get rid of them.
How on earth did she manage so many trojan infections? She assures me she hasn't been anywhere naughty!
Her account is now 'limited' until I can identify the source.
Any ideas?
Zahc
0
Comments
-
Run combofix as instructed below;
Download ComboFix from one of these locations:
Link 1
Link 2
Link 3
* IMPORTANT !!! Save ComboFix.exe to your Desktop- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.0 - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
-
She could have a Vundo Downloader - all you need is one infection and that will then call the rest in -0
-
Thanks all.
Reluctant spender, here's the log file.....
ComboFix 09-03-02.03 - Chaz 2009-03-03 22:39:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1472 [GMT 0:00]
Running from: c:\documents and settings\Chaz\Desktop\ComboFix.exe
AV: Avira Premium Security Suite *On-access scanning disabled* (Updated)
FW: Avira Firewall *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.\resycled
d:\resycled\boot.com
.
((((((((((((((((((((((((( Files Created from 2009-02-03 to 2009-03-03 )))))))))))))))))))))))))))))))
.
2009-03-03 21:25 . 2009-03-03 21:25 <DIR> d
c:\program files\Avira
2009-03-03 21:25 . 2009-03-03 21:25 <DIR> d
c:\documents and settings\All Users\Application Data\Avira
2009-03-03 21:25 . 2008-05-07 13:20 71,592 --a
c:\windows\system32\drivers\avfwot.sys
2009-03-03 21:25 . 2008-05-07 09:51 71,464 --a
c:\windows\system32\drivers\avfwim.sys
2009-03-03 21:15 . 2009-03-03 21:15 <DIR> d
c:\documents and settings\Administrator\Application Data\URSoft
2009-03-03 21:08 . 2009-03-03 21:08 <DIR> d
c:\documents and settings\Lindsey.PRIVATE-13F54F6\Application Data\URSoft
2009-03-03 21:00 . 2009-03-03 21:00 <DIR> d
c:\documents and settings\Lindsey.PRIVATE-13F54F6\Application Data\Local Settings
2009-03-03 20:59 . 2009-03-03 20:59 <DIR> d
c:\documents and settings\Lindsey.PRIVATE-13F54F6
2009-03-03 18:16 . 2009-03-03 18:16 <DIR> d
c:\documents and settings\Administrator\Application Data\Webroot
2009-03-03 18:16 . 2009-03-03 18:16 <DIR> d
c:\documents and settings\Administrator\Application Data\Local Settings
2009-03-03 18:09 . 2009-03-03 18:09 <DIR> d
c:\documents and settings\Lindsey\Application Data\Webroot
2009-03-03 16:52 . 2009-03-03 17:41 <DIR> d
C:\Hijackthis
2009-03-03 16:43 . 2009-03-03 16:43 <DIR> d
c:\documents and settings\Lindsey\Application Data\Malwarebytes
2009-02-17 00:27 . 2009-02-17 00:27 <DIR> d
c:\documents and settings\Chaz\Application Data\Windows Search
2009-02-16 18:52 . 2009-02-16 18:52 <DIR> d
c:\documents and settings\Lindsey\Application Data\Nero
2009-02-14 12:19 . 2009-02-14 12:19 <DIR> d
c:\program files\Rosetta Stone
2009-02-14 12:19 . 2009-02-15 15:52 <DIR> d
c:\documents and settings\All Users\Application Data\Rosetta Stone
2009-02-10 16:35 . 2009-02-10 16:35 <DIR> d
c:\documents and settings\Chaz\Application Data\WinCare2008
2009-02-09 16:35 . 2009-02-09 16:40 9,662 --a
c:\windows\EPISME00.SWB
2009-02-09 16:03 . 2009-02-09 16:03 <DIR> d
c:\documents and settings\Lindsey\Application Data\Local Settings
2009-02-09 15:59 . 2009-02-09 15:59 <DIR> d
c:\documents and settings\Lindsey\Application Data\Samsung
2009-02-09 14:30 . 2006-05-03 22:53 174,592 --a
c:\windows\system32\framedyn.dll
2009-02-09 14:29 . 2009-02-09 14:30 <DIR> d
c:\windows\system32\Samsung_USB_Drivers
2009-02-09 14:29 . 2009-02-09 14:29 <DIR> d
c:\program files\Samsung
2009-02-09 14:29 . 2005-08-30 17:59 94,000 --a
c:\windows\system32\drivers\ss_mdm.sys
2009-02-09 14:29 . 2005-08-30 17:57 58,320 --a
c:\windows\system32\drivers\ss_bus.sys
2009-02-09 14:29 . 2005-08-30 17:58 8,304 --a
c:\windows\system32\drivers\ss_mdfl.sys
2009-02-09 14:29 . 2005-08-30 17:58 6,144 --a
c:\windows\system32\drivers\ss_cmnt.sys
2009-02-09 14:29 . 2005-08-30 17:58 6,144 --a
c:\windows\system32\drivers\ss_cm.sys
2009-02-09 14:29 . 2005-08-30 17:57 5,808 --a
c:\windows\system32\drivers\ss_whnt.sys
2009-02-09 14:29 . 2005-08-30 17:57 5,808 --a
c:\windows\system32\drivers\ss_wh.sys
2009-02-09 14:29 . 2009-02-09 14:55 5,632 --a
c:\windows\system32\drivers\StarOpen.sys
2009-02-09 14:29 . 2005-08-28 20:51 766 --a
c:\windows\system32\Uninstall.ico
2009-02-09 12:15 . 2009-02-09 12:15 <DIR> d
c:\documents and settings\Chaz\Incomplete
2009-02-09 12:15 . 2009-02-09 12:45 <DIR> d
c:\documents and settings\Chaz\Application Data\LimeWireTurbo
2009-02-09 11:25 . 2009-02-09 11:25 <DIR> d
c:\documents and settings\Lindsey\Application Data\PC Suite
2009-02-08 15:45 . 2009-02-08 15:45 <DIR> d
c:\documents and settings\All Users\Application Data\FLEXnet
2009-02-08 15:42 . 2009-02-08 15:42 <DIR> d
c:\program files\Common Files\Macrovision Shared
2009-02-07 17:22 . 2009-02-20 22:26 <DIR> d
c:\windows\system32\Service
2009-02-07 13:11 . 2009-02-07 13:11 <DIR> d
c:\documents and settings\Chaz\dwhelper
2009-02-06 19:18 . 2009-02-06 19:18 <DIR> d
c:\program files\PIXresizer
2009-02-06 19:18 . 2002-08-29 19:00 1,703,936 --a
c:\windows\system32\gdiplus.dll
2009-02-06 19:18 . 2007-04-15 00:05 991,232 --a
c:\windows\system32\imageviewer2.ocx
2009-02-06 19:18 . 1996-01-12 00:00 200,704 --a
c:\windows\system32\threed32.ocx
2009-02-06 19:18 . 1998-06-24 00:00 164,144 --a
c:\windows\system32\comct232.ocx
2009-02-06 19:18 . 1999-09-16 09:04 151,552 --a
c:\windows\system32\ccrpfd6.ocx
2009-02-06 19:18 . 2000-05-01 23:02 110,592 --a
c:\windows\system32\ccrpbds6.dll
2009-02-06 19:18 . 2000-07-09 18:15 106,496 --a
c:\windows\system32\mbprgbar.ocx
2009-02-05 15:29 . 2009-02-05 15:35 <DIR> d
c:\program files\Mayoko
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 22:33 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-03-03 22:33 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2009-03-03 21:15
d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-03 08:37
d
w c:\documents and settings\Chaz\Application Data\Skype
2009-03-03 08:35
d
w c:\documents and settings\Chaz\Application Data\skypePM
2009-02-26 11:28
d
w c:\program files\Microsoft Silverlight
2009-02-16 09:40
d
w c:\documents and settings\Lindsey\Application Data\vlc
2009-02-11 19:16
d
w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-09 14:29
d--h--w c:\program files\InstallShield Installation Information
2009-02-08 15:44
d
w c:\program files\Common Files\Adobe
2009-02-07 17:26
d
w c:\program files\PopCap Games
2009-02-07 13:34
d
w c:\program files\Malwarebytes' Anti-Malware
2009-02-05 16:18
d
w c:\documents and settings\Chaz\Application Data\vlc
2009-02-05 15:23
d
w c:\documents and settings\Chaz\Application Data\FileZilla
2009-02-05 10:25
d
w c:\documents and settings\Chaz\Application Data\Nero
2009-02-01 18:26
d
w c:\program files\Common Files\Nero
2009-02-01 17:59
d
w c:\program files\Nero
2009-02-01 17:56
d
w c:\program files\Windows Sidebar
2009-02-01 17:44
d
w c:\documents and settings\All Users\Application Data\Nero
2009-02-01 14:25
d
w c:\program files\Team JPN
2009-02-01 14:09
d
w c:\documents and settings\Chaz\Application Data\PC Suite
2009-02-01 14:09
d
w c:\documents and settings\Chaz\Application Data\Nokia
2009-02-01 14:09
d
w c:\documents and settings\All Users\Application Data\PC Suite
2009-02-01 14:08 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-01 14:08 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-01 14:06
d
w c:\program files\Nokia
2009-02-01 14:06
d
w c:\program files\DIFX
2009-02-01 14:06
d
w c:\program files\Common Files\PCSuite
2009-02-01 14:06
d
w c:\program files\Common Files\Nokia
2009-02-01 14:05
d
w c:\program files\PC Connectivity Solution
2009-02-01 14:04
d
w c:\documents and settings\All Users\Application Data\Installations
2009-01-30 17:09
d
w c:\documents and settings\Guest\Application Data\Skype
2009-01-30 16:09
d
w c:\documents and settings\Guest\Application Data\skypePM
2009-01-30 13:50
d
w c:\documents and settings\Chaz\Application Data\Malwarebytes
2009-01-30 13:49
d
w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-30 12:14
d
w c:\program files\HistoryKill 2009
2009-01-29 23:53
d
w c:\documents and settings\All Users\Application Data\ElectricSheep
2009-01-29 22:56
d
w c:\program files\Britannica 9.0
2009-01-29 22:47
d--h--w c:\program files\Zero G Registry
2009-01-29 18:20
d
w c:\documents and settings\Guest\Application Data\WinCare2008
2009-01-29 18:20
d
w c:\documents and settings\Guest\Application Data\Local Settings
2009-01-29 17:47 37,376 ----a-w c:\windows\system32\drivers\WMDrive.sys
2009-01-29 17:47
d
w c:\program files\WinMount3
2009-01-29 14:35
d
w c:\documents and settings\Chaz\Application Data\dvdcss
2009-01-28 19:40
dc-h--w c:\documents and settings\All Users\Application Data\!!51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-01-28 19:40
d
w c:\program files\Scrabble_Complete
2009-01-28 19:40
d
w c:\documents and settings\Chaz\Application Data\uTorrent
2009-01-28 19:39
d
w c:\program files\Uniblue
2009-01-28 19:39
d
w c:\program files\Tweak-XP Pro 4
2009-01-28 15:20
d
w c:\program files\Atari
2009-01-28 14:58
d
w c:\program files\Eidos Interactive
2009-01-28 14:47
d
w c:\documents and settings\Chaz\Application Data\Local Settings
2009-01-28 13:58
d
w c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-01-28 12:12
d
w c:\program files\AnswersThatWork
2009-01-27 22:04
d
w c:\documents and settings\Chaz\Application Data\uniblue
2009-01-27 21:23
d
w c:\program files\Reference Assemblies
2009-01-27 21:23
d
w c:\program files\MSBuild
2009-01-27 19:42
d
w c:\documents and settings\Chaz\Application Data\iWin
2009-01-27 19:42
d
w c:\documents and settings\All Users\Application Data\Trymedia
2009-01-27 19:38
d
w c:\program files\BFG
2009-01-27 18:41
d
w c:\program files\Startup Faster
2009-01-27 16:31
d
w c:\documents and settings\Lindsey\Application Data\URSoft
2009-01-27 12:23
d
w c:\documents and settings\Chaz\Application Data\URSoft
2009-01-27 11:56
d
w c:\documents and settings\Administrator\Application Data\WinCare2008
2009-01-27 11:36 98,304 ----a-w c:\windows\system32CmdLineExt.dll
2009-01-27 11:25
d
w c:\program files\Ubisoft
2009-01-27 11:25
d
w c:\program files\Common Files\InstallShield
2009-01-27 00:08 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-27 00:08
d
w c:\program files\Java
2009-01-26 23:15
d
w c:\program files\Windows Live SkyDrive
2009-01-26 23:15
d
w c:\program files\Windows Live
2009-01-26 23:15
d
w c:\program files\Microsoft
2009-01-26 23:11
d
w c:\program files\Common Files\Windows Live
2009-01-26 11:31
d
w c:\program files\Common Files\Ahead
2009-01-26 11:25
d
w c:\program files\DriverGuide Toolkit
2009-01-26 11:23
d
w c:\documents and settings\Chaz\Application Data\Configuration
2009-01-23 17:25
d
w c:\program files\Seagate
2009-01-23 17:22
d
w c:\documents and settings\All Users\Application Data\Seagate
2009-01-22 20:17
d
w c:\documents and settings\Lindsey\Application Data\WinCare2008
2009-01-22 20:01
d
w c:\program files\Western Digital Technologies
2009-01-21 16:45
d
w c:\program files\HDDGURU LLF Tool
2009-01-21 16:37
d
w c:\program files\Western Digital Corp
2009-01-21 11:41
d
w c:\program files\Lavalys
2009-01-21 11:39
d
w c:\program files\CaptureWiz
2009-01-21 11:39
d
w c:\documents and settings\Chaz\Application Data\PixelMetrics
2009-01-21 11:20
d
w c:\program files\Simpli Software
2009-01-20 13:34
d
w c:\program files\Allok Video Joiner
2009-01-20 10:38
d
w c:\documents and settings\Chaz\Application Data\NASA
2009-01-20 10:36
d
w c:\program files\NASA
2009-01-20 10:27
d
w c:\program files\Steganos Privacy Suite 2008
2009-01-20 00:24
d
w c:\program files\Webroot
2009-01-20 00:24
d
w c:\program files\Common Files\Webroot Shared
2009-01-20 00:24
d
w c:\documents and settings\Chaz\Application Data\Webroot
2009-01-20 00:24
d
w c:\documents and settings\All Users\Application Data\Webroot
2009-01-17 13:03
d
w c:\documents and settings\All Users\Application Data\NOS
2009-01-16 20:58
d
w c:\documents and settings\Chaz\Application Data\Ahead
2009-01-16 19:20
d
w c:\program files\Common Files\Adobe AIR
2009-01-16 18:25
d
w c:\program files\uTorrent
2009-01-16 15:01
d
w c:\program files\FileZilla FTP Client
2009-01-16 13:13
d
w c:\program files\Common Files\LogiShrd
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"avgnt"="c:\program files\Avira\Avira Premium Security Suite\avgnt.exe" [2008-06-12 266497]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Lindsey\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"!!56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Program Files\\Rosetta Stone\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"d:\\Program Files\\Rosetta Stone\\RosettaStoneVersion3.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2009-03-03 71592]
R1 SLEE_16_DRIVER;Steganos Live Encryption Engine 16 [Driver];c:\windows\system32\drivers\sleen16.sys [2007-10-11 11:24:00 79104]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;c:\program files\Avira\Avira Premium Security Suite\avfwsvc.exe [2009-03-03 344321]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;c:\program files\Avira\Avira Premium Security Suite\avmailc.exe [2009-03-03 164097]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;c:\program files\Avira\Avira Premium Security Suite\avwebgrd.exe [2009-03-03 258305]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;c:\program files\Avira\Avira Premium Security Suite\avesvc.exe [2009-03-03 41217]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-09-10 156968]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\EDIMAX\Common\RalinkRegistryWriter.exe [2009-01-14 69632]
R2 SatSrv;Steganos AntiTheft;c:\windows\system32\SatSrv.exe [2006-12-05 184320]
R2 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [2009-01-29 37376]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2009-01-20 598856]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2009-03-03 71464]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-01-14 619136]
S3 IdcPHid;IdeaCom HID Touch Screen Driver (PS/2);c:\windows\system32\drivers\idcphid.sys [2008-12-11 16256]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!5d8fb3dc-edff-11dd-9536-001f1f2d235d}]
\Shell\AutoRun\command - InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder
2009-03-03 c:\windows\Tasks\SyncBackSE Action Sync.job
- c:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe []
2009-03-03 c:\windows\Tasks\SyncBackSE Comedy Sync.job
- c:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe []
2009-03-03 c:\windows\Tasks\SyncBackSE Family Sync.job
- c:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe []
2009-03-03 c:\windows\Tasks\SyncBackSE Network Drama Sync.job
- c:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe []
2009-03-03 c:\windows\Tasks\SyncBackSE Thriller Sync.job
- c:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe []
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-!!2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
HKCU-Run-OE - c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
.
Supplementary Scan
.
uStart Page = hxxp://uk.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: avsda.dll
FF - ProfilePath - c:\documents and settings\Chaz\Application Data\Mozilla\Firefox\Profiles\u31nntjo.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/?p=us
FF - component: c:\documents and settings\Chaz\Application Data\Mozilla\Firefox\Profiles\u31nntjo.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 22:40:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'lsass.exe'(1304)
c:\windows\system32\avsda.dll
.
Completion time: 2009-03-03 22:42:12
ComboFix-quarantined-files.txt 2009-03-03 22:42:10
Pre-Run: 9,999,527,936 bytes free
Post-Run: 10,000,941,056 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
271 --- E O F --- 2009-02-25 19:15:490 -
I am seeing uTorrent and Limewire present in your log - if they are not on your system they have been and I would suggest they are the cause of your problem.
Nothing obvious in that log - although my eyes are very tired.
I would run the following program - WARNING IT WILL TAKE AGES TO COMPLETE;
Please go to Eset Onlinescan (NOD32)
(You need to use InternetExplorer or enable IEView in Firefox)- You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
- Now click Start
- Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
- Click Start (the Onlinescanner will now prepare itself for running on your pc)
- To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
- Press Scan
The Onlinescan will now start and scan your pc (please let it run to completion) - When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
- Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
The Scan results will now open in Notepad - Click into the text area, right-click and chose "select all"
- Right-click again and chose "copy"
- Close Notepad
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)
Include this log in your reply by right-clicking and "paste" in the text area of the reply post you just created.0 -
Reluctant_spender wrote: »I am seeing uTorrent and Limewire present in your log - if they are not on your system they have been and I would suggest they are the cause of your problem.
Nothing obvious in that log - although my eyes are very tired.
I would run the following program - WARNING IT WILL TAKE AGES TO COMPLETE;
Please go to Eset Onlinescan (NOD32)
(You need to use InternetExplorer or enable IEView in Firefox)- You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
- Now click Start
- Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
- Click Start (the Onlinescanner will now prepare itself for running on your pc)
- To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
- Press Scan
The Onlinescan will now start and scan your pc (please let it run to completion) - When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
- Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
The Scan results will now open in Notepad - Click into the text area, right-click and chose "select all"
- Right-click again and chose "copy"
- Close Notepad
Include this log in your reply by right-clicking and "paste" in the text area of the reply post you just created.
OK, thanks reluctant spender. uTorrent and limewire haven't been used in ages, in fact I thought I'd uninstalled them (pesky kids).
I reckon I'll set the scanner going and go to bed.
Zahc0 -
My beloved tells me that she's been playing games on facebook; not sure what to make of that!! Is that outspark based?
Zahc
Some games on facebook are dodgy as hell
Download CCLEANER (Make sure you click 'DOWNLOAD LATEST VERSION' ~ make sure YAHOO TOOLBAR is unticked on installation)
http://www.filehippo.com/download_ccleaner/
Run the CLEANER scan (UNTICK 'cookies'). This one will remove the temp files
Then run the REGISTRY scan (Backup the registry when it asks)
Download MALWAREBYTES (Make sure you click 'DOWNLOAD NOW')
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
UPDATE and FULL SCAN
Post the log here AFTER youve deleted everything it finds:idea:0 -
Some games on facebook are dodgy as hell
Download CCLEANER (Make sure you click 'DOWNLOAD LATEST VERSION' ~ make sure YAHOO TOOLBAR is unticked on installation)
http://www.filehippo.com/download_ccleaner/
Run the CLEANER scan (UNTICK 'cookies'). This one will remove the temp files
Then run the REGISTRY scan (Backup the registry when it asks)
Download MALWAREBYTES (Make sure you click 'DOWNLOAD NOW')
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
UPDATE and FULL SCAN
Post the log here AFTER youve deleted everything it finds
Thanks for that. I do that as a matter of course. Antivir appears to have done the trick. I can only imagine it's something to do with facebook.
What really ticks me off is that it got past trend micro internet security. Last time I use that. Back to Kaspersky for me after I trial antivir.
Zahc0
This discussion has been closed.
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 348.3K Banking & Borrowing
- 252.1K Reduce Debt & Boost Income
- 452.4K Spending & Discounts
- 240.9K Work, Benefits & Business
- 617.2K Mortgages, Homes & Bills
- 175.7K Life & Family
- 254.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 15.1K Coronavirus Support Boards