Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: PLEASE HELP trojandownloader.xs and god knows what else  (Read 3922 times)

0 Members and 1 Guest are viewing this topic.

dgpeete

  • Guest
PLEASE HELP trojandownloader.xs and god knows what else
« on: April 13, 2008, 02:07:14 PM »
I have run ccleaner, and super anti spyware attached is a copy of text from super anti spyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/13/2008 at 02:32 PM

Application Version : 4.0.1154

Core Rules Database Version : 3437
Trace Rules Database Version: 1429

Scan type       : Custom Scan
Total Scan Time : 00:45:05

Memory items scanned      : 461
Memory threats detected   : 5
Registry items scanned    : 5597
Registry threats detected : 54
File items scanned        : 57860
File threats detected     : 125

Trojan.Vundo-Variant/F
   C:\WINDOWS\SYSTEM32\EFCBQNNO.DLL
   C:\WINDOWS\SYSTEM32\EFCBQNNO.DLL
   Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\efcBqnnO

Trojan.Net-MGS/NMC
   C:\WINDOWS\MGSVFLKW.DLL
   C:\WINDOWS\MGSVFLKW.DLL
   HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#mgsvflkw [ {874F94C3-AA99-4591-B60A-59A429FBAC5A} ]

Trojan.Net-QDN/NMC
   C:\WINDOWS\QDNKEWFA.DLL
   C:\WINDOWS\QDNKEWFA.DLL
   HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#qdnkewfa [ {755E45D1-A211-4938-A0A9-F6475DF9F95A} ]

Trojan.Unclassified/Multi-Dropper (Packed)
   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\DGNUTWPG\DMROVONI.EXE
   [oitSrSpcjn] C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\DGNUTWPG\DMROVONI.EXE
   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\DGNUTWPG\DMROVONI.EXE
   C:\DOCUMENTS AND SETTINGS\DELA FAMILY\LOCAL SETTINGS\TEMP\EXPLOR~1.EXE.BAK

Trojan.Unclassified/Multi-Dropper
   C:\WINDOWS\SYSTEM32\LWJGBIZU.EXE
   C:\WINDOWS\SYSTEM32\LWJGBIZU.EXE
   [gmphffdh] C:\WINDOWS\SYSTEM32\LWJGBIZU.EXE

Adware.Vundo Variant
   HKLM\Software\Classes\CLSID\{B82F29E4-8368-4B14-9C00-5138C0D94034}
   HKCR\CLSID\{B82F29E4-8368-4B14-9C00-5138C0D94034}
   HKCR\CLSID\{B82F29E4-8368-4B14-9C00-5138C0D94034}\InprocServer32
   HKCR\CLSID\{B82F29E4-8368-4B14-9C00-5138C0D94034}\InprocServer32#ThreadingModel
   HKLM\Software\Classes\CLSID\{D212F823-17B0-470A-832F-86D3B30EE0D1}
   HKCR\CLSID\{D212F823-17B0-470A-832F-86D3B30EE0D1}
   HKCR\CLSID\{D212F823-17B0-470A-832F-86D3B30EE0D1}
   HKCR\CLSID\{D212F823-17B0-470A-832F-86D3B30EE0D1}\InprocServer32
   HKCR\CLSID\{D212F823-17B0-470A-832F-86D3B30EE0D1}\InprocServer32#ThreadingModel
   HKCR\CLSID\{D212F823-17B0-470A-832F-86D3B30EE0D1}\ProgID
   HKCR\CLSID\{D212F823-17B0-470A-832F-86D3B30EE0D1}\Programmable
   HKCR\CLSID\{D212F823-17B0-470A-832F-86D3B30EE0D1}\TypeLib
   HKCR\CLSID\{D212F823-17B0-470A-832F-86D3B30EE0D1}\VersionIndependentProgID
   C:\WINDOWS\VNBPTXLF.DLL
   HKLM\Software\Classes\CLSID\{DF69FC15-5D77-4679-9C27-FCD90846460F}
   HKCR\CLSID\{DF69FC15-5D77-4679-9C27-FCD90846460F}
   HKCR\CLSID\{DF69FC15-5D77-4679-9C27-FCD90846460F}
   HKCR\CLSID\{DF69FC15-5D77-4679-9C27-FCD90846460F}\InprocServer32
   HKCR\CLSID\{DF69FC15-5D77-4679-9C27-FCD90846460F}\InprocServer32#ThreadingModel
   HKCR\CLSID\{DF69FC15-5D77-4679-9C27-FCD90846460F}\ProgID
   HKCR\CLSID\{DF69FC15-5D77-4679-9C27-FCD90846460F}\Programmable
   HKCR\CLSID\{DF69FC15-5D77-4679-9C27-FCD90846460F}\TypeLib
   HKCR\CLSID\{DF69FC15-5D77-4679-9C27-FCD90846460F}\VersionIndependentProgID
   C:\WINDOWS\TEMLXOPQQWM.DLL
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B82F29E4-8368-4B14-9C00-5138C0D94034}
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF69FC15-5D77-4679-9C27-FCD90846460F}
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{B82F29E4-8368-4B14-9C00-5138C0D94034}
   HKLM\Software\Microsoft\Internet Explorer\Toolbar#{D212F823-17B0-470A-832F-86D3B30EE0D1}
   HKCR\vnbptxlf.1
   HKCR\vnbptxlf
   HKCR\TypeLib\{E209E7D8-8D9C-4C25-9EF2-BF7B2CC48A03}
   HKCR\TypeLib\{E209E7D8-8D9C-4C25-9EF2-BF7B2CC48A03}\1.0
   HKCR\TypeLib\{E209E7D8-8D9C-4C25-9EF2-BF7B2CC48A03}\1.0\0
   HKCR\TypeLib\{E209E7D8-8D9C-4C25-9EF2-BF7B2CC48A03}\1.0\0\win32
   HKCR\TypeLib\{E209E7D8-8D9C-4C25-9EF2-BF7B2CC48A03}\1.0\FLAGS
   HKCR\TypeLib\{E209E7D8-8D9C-4C25-9EF2-BF7B2CC48A03}\1.0\HELPDIR
   HKCR\CLSID\{B82F29E4-8368-4B14-9C00-5138C0D94034}

Unclassified.Unknown Origin
   HKLM\Software\Classes\CLSID\{CCB3638E-35AB-45B3-A96F-8D45295CA9E2}
   HKCR\CLSID\{CCB3638E-35AB-45B3-A96F-8D45295CA9E2}
   HKCR\CLSID\{CCB3638E-35AB-45B3-A96F-8D45295CA9E2}
   HKCR\CLSID\{CCB3638E-35AB-45B3-A96F-8D45295CA9E2}#AppID
   HKCR\CLSID\{CCB3638E-35AB-45B3-A96F-8D45295CA9E2}\InprocServer32
   HKCR\CLSID\{CCB3638E-35AB-45B3-A96F-8D45295CA9E2}\InprocServer32#ThreadingModel
   HKCR\CLSID\{CCB3638E-35AB-45B3-A96F-8D45295CA9E2}\ProgID
   HKCR\CLSID\{CCB3638E-35AB-45B3-A96F-8D45295CA9E2}\Programmable
   HKCR\CLSID\{CCB3638E-35AB-45B3-A96F-8D45295CA9E2}\TypeLib
   HKCR\CLSID\{CCB3638E-35AB-45B3-A96F-8D45295CA9E2}\VersionIndependentProgID
   C:\PROGRAM FILES\HOOPAA\CHOOZTRACK.DLL
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB3638E-35AB-45B3-A96F-8D45295CA9E2}

Adware.Tracking Cookie
   C:\Documents and Settings\Dela Family\Cookies\dela_family@atdmt[2].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@media6degrees[1].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@kinxxx[1].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@gomyhit[3].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@atwola[1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@questionpro[1].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@adnetserver[2].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@trafficmp[1].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@householdaccount[1].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@mediaonenetwork[1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@interclick[1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@nextag[2].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@trafficdashboard[1].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@overture[3].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@tribalfusion[1].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@precisionclick[2].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][5].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@antispywaremaster[1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][4].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@stolenpornpasswords[2].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@xiti[1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@xxxmsncam[1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@lynxtrack[1].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@redorbit[2].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@adultadworld[1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@freeadultmedia[2].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@youramateurporn[2].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@clicksor[2].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][4].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][11].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@sexsearchcom[1].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@mystats[1].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@azjmp[2].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][6].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@dietpilldiscounts[2].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@porndirt[2].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@crossmediaservices[2].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@gomyhit[1].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@adecn[1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][9].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@systemerrorfixer[1].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@adnetserver[1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@adult-youtube-8[1].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@adult-youtube-8[2].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@adultactioncam[2].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@canepmedia[1].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@collective-media[1].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@directtrack[2].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@imrworldwide[2].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@judgemysex[2].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@kinxxx[2].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@optimost[1].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@overture[1].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@partner2profit[2].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][5].txt
   C:\Documents and Settings\Dela Family\Cookies\[email protected][8].txt
   C:\Documents and Settings\Dela Family\Cookies\dela_family@zedo[2].txt
   C:\Documents and Settings\LocalService\Cookies\system@thebestporn[1].txt

Trojan.Net-MSV/VPS
   HKCR\MSVPS.MSVPSApp
   HKCR\MSVPS.MSVPSApp\CLSID
   HKCR\MSVPS.MSVPSApp\CurVer

Desktop Hijacker.AboutYourPrivacy
   C:\Documents and Settings\Dela Family\Favorites\Error Cleaner.url
   C:\Documents and Settings\Dela Family\Favorites\Privacy Protector.url
   C:\Documents and Settings\Dela Family\Favorites\Spyware&Malware Protection.url

BearShare File Sharing Client
   C:\PROGRAM FILES\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{1E89B178-81A0-4E8A-893A-5F93B20F80EE}\RP456\A0265805.LNK

Malware.VirusBurster-Install
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{1E89B178-81A0-4E8A-893A-5F93B20F80EE}\RP433\A0231723.EXE

Adware.Vundo-Variant/Small-A
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{1E89B178-81A0-4E8A-893A-5F93B20F80EE}\RP509\A0330449.DLL

Adware.Vundo-Variant
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{1E89B178-81A0-4E8A-893A-5F93B20F80EE}\RP509\A0330457.DLL

Adware.Vundo Variant/Rel
   C:\WINDOWS\SYSTEM32\MCRH.TMP
Logged

Broni


    Mastermind
  • Kraków my love :)
    • Thanked: 614
    • Computer Help Forum
  • Computer: Specs
  • Experience: Experienced
  • OS: Windows 8
Re: PLEASE HELP trojandownloader.xs and god knows what else
« Reply #1 on: April 13, 2008, 06:48:02 PM »
1, Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

2. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.
Logged
Pages: [1]   Go Up
« previous next »