Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 [2]  All   Go Down

Author Topic: Help needed with infection......please!  (Read 13679 times)

0 Members and 1 Guest are viewing this topic.

wildbjk

    Topic Starter


    Greenhorn

    Re: Help needed with infection......please!
    « Reply #15 on: May 27, 2009, 08:45:37 AM »
    Before answering your question about how my computer is running now (it seems to be fine), I ran a complete scan of the whole computer with my AVG 8.5 and learned that AVG just this morning found and successfully moved to the virus vault 11 infections and a bunch of tracking cookies.    See list below.

    I have just changed my IE settings to block all cookies and accept only those I have allowed by exception.  Maybe that will take care of the tracking cookie problem but is there something I can do prevent picking up these infections?  AVG says everything is up to date and working.

    I will wait for your response before doing anything else and I've not yet followed your last instruction to uninstall ComboFix.  Let me know if you still want me to do that uninstall right now. 

    Thanks alot, I appreciate it.    wildbjk.

    INFECTIONS:

    "C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP16\A0001001.sys";"Trojan horse Pakes.DPC";"Moved to Virus Vault"

    "C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP16\A0001002.dll";"Trojan horse Rootkit-Pakes.A";"Moved to Virus Vault"

    "C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP16\A0001003.dll";"Trojan horse Generic13.ATOC";"Moved to Virus Vault"

    "C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP16\A0001004.dll";"Trojan horse Generic13.ATOB";"Moved to Virus Vault"

    "C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP16\A0001026.dll";"Trojan horse Agent2.IBE";"Moved to Virus Vault"

    "C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP16\A0001027.dll";"Trojan horse Agent2.IBE";"Moved to Virus Vault"

    "C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP16\A0001029.exe";"Trojan horse SHeur2.AGJH";"Moved to Virus Vault"

    "C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP16\A0001030.exe";"Trojan horse Agent2.IBG";"Moved to Virus Vault"

    "C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP16\A0001031.exe";"Trojan horse Small.BKI";"Moved to Virus Vault"

    "C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP17\A0001228.exe";"Trojan horse Small.BKI";"Moved to Virus Vault"

    "C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP17\A0001229.dll";"Trojan horse Downloader.Generic8.AOLC";"Moved to Virus Vault"

    TRACKING COOKIES:

    "C:\Documents and Settings\Jim\Cookies\[email protected][2].txt";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\[email protected][2].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\[email protected][2].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@advertising[2].txt";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@advertising[2].txt:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@advertising[2].txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@advertising[2].txt:\advertising.com.1dfa2206";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@advertising[2].txt:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@advertising[2].txt:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@advertising[2].txt:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@atdmt[2].txt";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@atdmt[2].txt:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@atdmt[2].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\[email protected][2].txt";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\[email protected][2].txt:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@doubleclick[1].txt";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@doubleclick[1].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\[email protected][1].txt";"Found Tracking cookie.2o7";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\[email protected][1].txt:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@questionmarket[2].txt";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@questionmarket[2].txt:\questionmarket.com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@questionmarket[2].txt:\questionmarket.com.4dd5e426";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@serving-sys[1].txt";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@serving-sys[1].txt:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@serving-sys[1].txt:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@serving-sys[1].txt:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@serving-sys[1].txt:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@serving-sys[1].txt:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@serving-sys[1].txt:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@tacoda[2].txt";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@tacoda[2].txt:\tacoda.net.27341d57";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@tacoda[2].txt:\tacoda.net.4366831a";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@tacoda[2].txt:\tacoda.net.5935e89";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@tacoda[2].txt:\tacoda.net.c4fe2ebb";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@tacoda[2].txt:\tacoda.net.ed9c50d1";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@trafficmp[2].txt";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@trafficmp[2].txt:\trafficmp.com.a00e30b4";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@tribalfusion[2].txt";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@tribalfusion[2].txt:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@zedo[2].txt";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
    "C:\Documents and Settings\Jim\Cookies\jim@zedo[2].txt:\zedo.com.27f1639b";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
    Logged

    evilfantasy

    • Malware Removal Specialist
    • Moderator


      • Genius
    • Calm like a bomb
      • Thanked: 493
    • Experience: Experienced
    • OS: Windows 11
    Re: Help needed with infection......please!
    « Reply #16 on: May 27, 2009, 10:38:37 AM »
    Nothing found by AVG is actually a threat.

    Set a New Restore Point to prevent possible reinfection from an old one
    Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
    • Go to Start > Programs > Accessories > System Tools and click System Restore
    • Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
    • The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Next go to Start > Run and type Cleanmgr
    • Click OK
    • Click the More Options Tab.
    • Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.
    You can find instructions on how to enable and re-enable system restore here:

    Windows XP System Restore Guide or Windows Vista System Restore Guide
    .
    ----------

    Use the Secunia Software Inspector to check for out of date software.
    • Click Start Now
    • Check the box next to Enable thorough system inspection.
    • Click Start
    • Allow the scan to finish and scroll down to see if any updates are needed.
    • Update anything listed.
    .
    ----------

    Go to Microsoft Windows Update and get all critical updates.

    ----------

    I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

    SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
    * Using SpywareBlaster to protect your computer from Spyware and Malware
    * If you don't know what ActiveX controls are, see here

    Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

    Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
    Logged

    wildbjk

      Topic Starter


      Greenhorn

      Re: Help needed with infection......please!
      « Reply #17 on: June 04, 2009, 11:18:57 AM »
      Evilfantasy,

      Sorry about the long delay in my reply but I just wanted to be sure my system was running properly before getting back to you.  Good news!  Everything seems to be fine with no signs of infection........fantastic!  I appreciate all your suggestions for keeping my system safe in the future. 


      Thank you very much for all your help and staying with it until the effort was successful.  I can't begin to tell you how much I appreciate what you've done.  Thank you, thank you, thank you!!!!!

      Regards,
      wildbjk
      Logged
      Pages: 1 [2]  All   Go Up
      « previous next »