hi!
;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2009-09-28 05:38:55
PROTECTIONS: 1
MALWARE: 8
SUSPECTS: 12
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
ESET NOD32 Antivirus 4.0 4.0 Yes Yes
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Theresa 21\Cookies\theresa 21@atdmt[1].txt
00157261 Application/FileProtec.A HackTools No 0 No No D:\Setup, Proggies and Stuff\FlyakiteOSX v3.5.exe[wfpdisable.exe]
00157261 Application/FileProtec.A HackTools No 0 No No D:\System Volume Information\_restore{34D94B80-A854-4EA2-92F5-7264A88B38E1}\RP13\A0021192.exe[wfpdisable.exe]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Theresa 21\Cookies\theresa 21@ad.yieldmanager[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Theresa 21\Cookies\theresa 21@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Theresa 21\Cookies\theresa 21@bs.serving-sys[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Theresa 21\Cookies\theresa 21@zedo[1].txt
00235060 Hacktool/PatchTCPSP2 HackTools No 0 Yes No D:\System Volume Information\_restore{F65CE8E5-47BC-496C-8C97-01AD5EDEC561}\RP60\A0085694.exe
00235060 Hacktool/PatchTCPSP2 HackTools No 0 No No D:\My Docs Files August\Crack Stuff\SP2-TCP-Patch.rar[SP2-TCP-Patch\EvID4226Patch.exe]
00235060 Hacktool/PatchTCPSP2 HackTools No 0 Yes No D:\My Docs Files August\SP2-TCP-Patch\EvID4226Patch.exe
00235060 Hacktool/PatchTCPSP2 HackTools No 0 Yes No D:\System Volume Information\_restore{F65CE8E5-47BC-496C-8C97-01AD5EDEC561}\RP53\A0081056.exe
03074964 Trj/CI.A Virus/Trojan Yes 0 Yes No C:\Program Files\YahELite\YahELite.exe
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Sent Location
;================================================= ================================================== ================================================== ==============================
No C:\System Volume Information\_restore{330209CC-40E2-43F2-A23D-87C4D6ED91E4}\RP2\A0004040.exe
No C:\System Volume Information\_restore{330209CC-40E2-43F2-A23D-87C4D6ED91E4}\RP2\A0004054.exe
No C:\System Volume Information\_restore{330209CC-40E2-43F2-A23D-87C4D6ED91E4}\RP2\A0004087.exe
No C:\System Volume Information\_restore{330209CC-40E2-43F2-A23D-87C4D6ED91E4}\RP2\A0004103.exe
No C:\System Volume Information\_restore{330209CC-40E2-43F2-A23D-87C4D6ED91E4}\RP2\A0005104.exe
No C:\w9uxx92.exe
No D:\RECYCLER\S-1-5-21-484763869-162531612-842925246-1003\Dd3.exe
No D:\System Volume Information\_restore{330209CC-40E2-43F2-A23D-87C4D6ED91E4}\RP2\A0004042.exe
No D:\System Volume Information\_restore{330209CC-40E2-43F2-A23D-87C4D6ED91E4}\RP2\A0004055.exe
No D:\System Volume Information\_restore{330209CC-40E2-43F2-A23D-87C4D6ED91E4}\RP2\A0004104.exe
No D:\System Volume Information\_restore{330209CC-40E2-43F2-A23D-87C4D6ED91E4}\RP2\A0005105.exe
No D:\w9uxx92.exe
;================================================= ================================================== ================================================== ==============================
VULNERABILITIES
Id Severity Description
;================================================= ================================================== ================================================== ==============================
212494 HIGH MS09-042
212493 HIGH MS09-041
212490 HIGH MS09-038
211784 HIGH MS09-032
211781 HIGH MS09-029
210625 HIGH MS09-026
210624 HIGH MS09-025
210621 HIGH MS09-022
210618 HIGH MS09-019
208380 HIGH MS09-015
208379 HIGH MS09-014
208378 HIGH MS09-013
208377 HIGH MS09-012
206981 HIGH MS09-007
206980 HIGH MS09-006
204670 HIGH MS09-001
203806 HIGH MS08-078
203508 HIGH MS08-073
203505 HIGH MS08-071
202465 HIGH MS08-068
201683 HIGH MS08-067
201258 HIGH MS08-066
201256 HIGH MS08-064
201255 HIGH MS08-063
201253 HIGH MS08-061
201250 HIGH MS08-058
209275 HIGH MS08-049
209273 HIGH MS08-045
196455 MEDIUM MS08-037
194862 HIGH MS08-032
194861 HIGH MS08-031
194860 HIGH MS08-030
;================================================= ================================================== ================================================== ==============================
Malwarebytes' Anti-Malware 1.41
Database version: 2861
Windows 5.1.2600 Service Pack 3
9/26/2009 2:39:01 PM
mbam-log-2009-09-26 (14-39-01).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 117881
Time elapsed: 24 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 24
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\SHOWALL \CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
D:\System Volume Information\_restore{330209CC-40E2-43F2-A23D-87C4D6ED91E4}\RP2\A0004056.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{330209CC-40E2-43F2-A23D-87C4D6ED91E4}\RP2\A0004057.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{330209CC-40E2-43F2-A23D-87C4D6ED91E4}\RP2\A0004060.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{330209CC-40E2-43F2-A23D-87C4D6ED91E4}\RP2\A0004061.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{330209CC-40E2-43F2-A23D-87C4D6ED91E4}\RP2\A0004063.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{330209CC-40E2-43F2-A23D-87C4D6ED91E4}\RP2\A0004076.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{3DDAD81E-5E3D-4813-B7E4-8646D5F9AA1B}\RP13\A0030757.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{3DDAD81E-5E3D-4813-B7E4-8646D5F9AA1B}\RP13\A0031755.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{3DDAD81E-5E3D-4813-B7E4-8646D5F9AA1B}\RP13\A0032754.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{3DDAD81E-5E3D-4813-B7E4-8646D5F9AA1B}\RP13\A0034757.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{3DDAD81E-5E3D-4813-B7E4-8646D5F9AA1B}\RP13\A0035754.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{3DDAD81E-5E3D-4813-B7E4-8646D5F9AA1B}\RP13\A0035780.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{3DDAD81E-5E3D-4813-B7E4-8646D5F9AA1B}\RP14\A0035794.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{3DDAD81E-5E3D-4813-B7E4-8646D5F9AA1B}\RP14\A0036817.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{3DDAD81E-5E3D-4813-B7E4-8646D5F9AA1B}\RP16\A0039395.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{3DDAD81E-5E3D-4813-B7E4-8646D5F9AA1B}\RP19\A0040499.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{3DDAD81E-5E3D-4813-B7E4-8646D5F9AA1B}\RP19\A0040512.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{3DDAD81E-5E3D-4813-B7E4-8646D5F9AA1B}\RP19\A0041508.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{3DDAD81E-5E3D-4813-B7E4-8646D5F9AA1B}\RP22\A0043104.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{3DDAD81E-5E3D-4813-B7E4-8646D5F9AA1B}\RP22\A0043118.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\Tere\MyWebFaceSetup2.3.50.53.GRfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Theresa 21\Local Settings\Temp\cvasds0.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Theresa 21\Local Settings\Temp\cvasds1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Theresa 21\Local Settings\Temp\herss.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
 |
 |
 |
 |
|
|||||||
| [In Progress] HiJackThis! Logs - Help please! :( posted in the Security & Safety forums; hi! ;************************************************* ************************************************** ************************************************** ****************************** ANALYSIS: 2009-09-28 05:38:55 PROTECTIONS: 1 MALWARE: 8 SUSPECTS: 12 ;************************************************* ************************************************** ************************************************** ****************************** PROTECTIONS Description Version Active Updated ;================================================= ================================================== ================================================== ============================== ESET NOD32 Antivirus ... |
|
09-27-2009
|
#15 |
|
Bronze Member
 Join Date: Sep 2009
Posts: 27 PC Experience: Some Experience
|
Re: Help please! :(
|
|
|
| Advertisement - Register to Remove | |
|
|
09-27-2009
|
#16 |
|
Tech Support Team
 
Join Date: Sep 2008
Location: Caldwell, New Jersey
Posts: 10,112 PC Experience: Always Learning New Things
|
Re: Help please! :(
Scarlet,
First please reboot Then, Please visit Virustotal
__________________
Crush aka Chris [Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate] I am in fact, quite cool. My graphing calculator confirms this |
|
|
|
|
09-27-2009
|
#17 |
|
Bronze Member
Join Date: Sep 2009
Posts: 27 PC Experience: Some Experience
|
Re: Help please! :(
 2009-09-26 Found nothing 2009-09-27 Found nothing 2009-09-27 Riskware.Patch.TCPIP!IK 2009-09-26 Not-A-Virus.Patch.TCPIP 2009-09-26 Win32:Spyware-gen 2009-09-27 Found nothing 2009-09-26 Found nothing 2009-09-26 Win32/Tool.EvID4226 2009-09-25 SPR/Tool.EvID4226 2009-09-26 Found nothing 2009-09-27 Found nothing 2009-09-26 Hacktool/PatchTCPSP2Filename: SP2-TCP-Patch.rar Status: Scan finished. 10 out of 21 scanners reported malware. Scan taken on: Sun 27 Sep 2009 05:01:42 (CET) Permalink |
|
|
|
|
09-27-2009
|
#18 |
|
Bronze Member
Join Date: Sep 2009
Posts: 27 PC Experience: Some Experience
|
Re: Help please! :(
 2009-09-27 Found nothing 2009-09-26 Found nothing 2009-09-27 RemoteAdmin.W32.NetCat.a 2009-09-27 Found nothing 2009-09-27 Tool.Wintcppatch 2009-09-25 Found nothing 2009-09-26 W32/RWare.B 2009-09-26 Trojan.RWare.B 2009-09-26 Found nothing Filename: SP2-TCP-Patch.rar Status: Scan finished. 10 out of 21 scanners reported malware. Scan taken on: Sun 27 Sep 2009 05:01:42 (CET) Permalink |
|
|
|
|
09-27-2009
|
#19 |
|
Bronze Member
Join Date: Sep 2009
Posts: 27 PC Experience: Some Experience
|
Re: Help please! :(
Originally Posted by Crush
C:\Program Files\YahELite\YahELite.exe <-- is deleted 
|
|
|
|
|
09-27-2009
|
#20 |
|
Bronze Member
Join Date: Sep 2009
Posts: 27 PC Experience: Some Experience
|
Re: Help please! :(
D:\Setup, Proggies and Stuff\FlyakiteOSX v3.5.exe is 30mb i cant upload it
 . should i just delete it?
|
|
|
|
|
09-27-2009
|
#21 |
|
Tech Support Team
Join Date: Sep 2008
Location: Caldwell, New Jersey
Posts: 10,112 PC Experience: Always Learning New Things
|
Re: Help please! :(
Yes please. Delete all the files I specified above. Also please let me know how things are running now. I'm sure we have some more work to do but, I'd like to know if you see an improvement
__________________
Crush aka Chris [Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate] I am in fact, quite cool. My graphing calculator confirms this |
|
|
|
|
| Bookmarks |
| Tags |
| autorun.inf, Fixed:, keylogger, trojan, virus |
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
