Member Panel


Sponsors and Ads

Live Tag Cloud

[Pending] HJT Logs - AgentA and Vundo posted in the Security & Safety forums; All Logs as requested. -------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 14:59:30 22/04/2008 + Scan result: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\ Cookies\Low\andrew@adtech[1].txt -> TrackingCookie.Adtech : No action taken. C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\ Cookies\Low\andrew@atdmt[2].txt -> ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
  #7  
Old 04-22-2008
Robbie93's Avatar
Bronze Member
 
Join Date: Apr 2008
Posts: 19
PC Experience: Hardware more than software
Robbie93 - See this Members User comments on their Profile page
Default Re: AgentA and Vundo

All Logs as requested.

--------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 14:59:30 22/04/2008
+ Scan result:

C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\ Cookies\Low\andrew@adtech[1].txt -> TrackingCookie.Adtech : No action taken.
C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\ Cookies\Low\andrew@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\ Cookies\Low\andrew@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\ Cookies\Low\andrew@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\ Cookies\Low\andrew@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.

::Report end



SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!
Generated 04/22/2008 at 03:22 PM
Application Version : 4.0.1154
Core Rules Database Version : 3392
Trace Rules Database Version: 1384
Scan type : Complete Scan
Total Scan Time : 00:20:11
Memory items scanned : 255
Memory threats detected : 0
Registry items scanned : 4627
Registry threats detected : 0
File items scanned : 24548
File threats detected : 1
Adware.Tracking Cookie
C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\ Cookies\Low\andrew@ads.devotii[1].txt


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:09:33, on 22/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Andrew\AppData\Local\Temp\tuvTkJyY.dll,#1
O4 - HKCU\..\Run: [MRC] "C:\Program Files\PC Tune-Up\PCTuneUp.exe" /MBRSTART
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Andrew\AppData\Local\Temp\opnmKDUo.dll,c
O4 - HKCU\..\Run: [BM77f2397b] Rundll32.exe "C:\Users\Andrew\AppData\Local\Temp\ohhemiaj.dll", s
O4 - HKCU\..\Run: [74c10ae7] rundll32.exe "C:\Users\Andrew\AppData\Local\Temp\fqljivii.dll", b
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 4856 bytes

At the moment the TR\Vundo.gen trojan horse appears at random intervals and when it does it is three fold.

Yours Robbie


  #8  
Old 04-22-2008
cyberdyne's Avatar
Silver Member
My PC
 
Join Date: Apr 2008
Posts: 167
PC Experience: Jack of all trades, master of none.
cyberdyne - See this Members User comments on their Profile page cyberdyne - See this Members User comments on their Profile page cyberdyne - See this Members User comments on their Profile page cyberdyne - See this Members User comments on their Profile page
Default Re: AgentA and Vundo

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Andrew\AppData\Local\Temp\tuvTkJyY.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Andrew\AppData\Local\Temp\opnmKDUo.dll,c
O4 - HKCU\..\Run: [BM77f2397b] Rundll32.exe "C:\Users\Andrew\AppData\Local\Temp\ohhemiaj.d ll", s
O4 - HKCU\..\Run: [74c10ae7] rundll32.exe "C:\Users\Andrew\AppData\Local\Temp\fqljivii.d ll", b
O13 - Gopher Prefix:
Here is part of your problem, but wait for a professional analysis before doing anything.


__________________

===
cyberdyne
  #9  
Old 04-22-2008
Robbie93's Avatar
Bronze Member
 
Join Date: Apr 2008
Posts: 19
PC Experience: Hardware more than software
Robbie93 - See this Members User comments on their Profile page
Default Re: AgentA and Vundo

Thanks very much cyberdyne, i will wait as suggested.

Yours Robbie


  #10  
Old 04-22-2008
D__'s Avatar
D__ D__ is offline
Moderator
My PC
 
Join Date: Oct 2007
Location: Isle Of Wight
Posts: 1,017
PC Experience: Some Experience
D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page
Default Re: AgentA and Vundo

Moved to HiJack This Forum

Please be patient Robbie, our security team are very busy at the moment



  #11  
Old 04-22-2008
Robbie93's Avatar
Bronze Member
 
Join Date: Apr 2008
Posts: 19
PC Experience: Hardware more than software
Robbie93 - See this Members User comments on their Profile page
Default Re: AgentA and Vundo

Yeah no worries D my good man.




  #12  
Old 04-24-2008
Robbie93's Avatar
Bronze Member
 
Join Date: Apr 2008
Posts: 19
PC Experience: Hardware more than software
Robbie93 - See this Members User comments on their Profile page
Default Re: AgentA and Vundo

Just wondering if any update on this issue????

Yours Robbie.



Reply
New! Norton Internet Security 2008 – Download Now Click Here

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On


All times are GMT +1. The time now is 05:27 AM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top