My Hijack This logfile [P] - Page 2

Mak213 · 06-20-2008, 04:34 PM

Hello Thief12,

Step1 | Kaspersky Webscanner

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
  Scan Mail Bases
Click OK
Now under select a target to scan:
- Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Step2 | MBAMe

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Logs needed in next post:

Kaspersky Webscanner
MBAM

Regards,
Mak

Thief12 · 06-22-2008, 10:17 AM

Sorry for my late replay but I had almost no time to deal with the computer these past two days. Anyway, last night I started doing the Kaspersky Web Scanning, and after 5 hours (12:00) I decided to leave it running and go to sleep. At that time, at 70% scanned, it hadn't found anything. Anyway, this morning, my wife accidentally turned off the computer so I don't know how the scanning finished. She started a scan to the Critical areas alone, and it found this...

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, June 22, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, June 22, 2008 12:55:24
Records in database: 880196
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Jessenia Pagán\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Files scanned: 39399
Threat name: 5
Infected objects: 9
Suspicious objects: 0
Duration of the scan: 00:51:31

File name / Threat name / Threats count
C:\WINDOWS\system32\ddram.exe Infected: not-a-virus:NetTool.Win32.Sniffer.c 1
C:\WINDOWS\system32\ddram.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 2
C:\WINDOWS\system32\ddram.exe Infected: not-a-virus:PSWTool.Win32.PassView.162 1
C:\WINDOWS\system32\ddram.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 1
C:\WINDOWS\system32\dk\lam2.exe Infected: not-a-virus:NetTool.Win32.Sniffer.c 1
C:\WINDOWS\system32\dk\lam3.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1
C:\WINDOWS\system32\dk\lam5.exe Infected: not-a-virus:PSWTool.Win32.PassView.162 1
C:\WINDOWS\system32\wmipst.exe Infected: Backdoor.Win32.Bifrose.pqk 1

The selected area was scanned.

Thief12 · 06-22-2008, 10:18 AM

I just finished doing the MBAM scanning also...

Malwarebytes' Anti-Malware 1.18
Database version: 876

11:13:53 AM 6/22/2008
mbam-log-6-22-2008 (11-13-53).txt

Scan type: Quick Scan
Objects scanned: 45856
Time elapsed: 4 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Formerly the latter · 06-23-2008, 04:33 PM

Step1 | ComboFix Script

1. Please open Notepad

Click Start, then Run
Type "notepad.exe" in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

KillAll::

File::
C:\WINDOWS\system32\ddram.exe

Folder::
C:\WINDOWS\system32\dk

3. Then in the text file go to FILE => SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply

Step2 | ATF Cleaner

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Logs Required In Next Post
-------------------------------

ComboFix (CFScript) Log
New Hijackthis Log

06-20-2008, 04:34 PM	#11 (permalink)
Mak213 Commander Super Mod Joker Join Date: Sep 2004 Location: In Trotter's crawl space Posts: 14,353	Re: My Hijack This logfile Hello Thief12, Step1 \| Kaspersky Webscanner Please do an online scan with Kaspersky WebScanner Click on Accept You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. Step2 \| MBAMe Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Logs needed in next post: Kaspersky Webscanner MBAM Regards, Mak __________________

06-22-2008, 10:17 AM	#12 (permalink)
Thief12 Newb Techie Join Date: May 2008 Posts: 12	Kaspersky/MBAM Sorry for my late replay but I had almost no time to deal with the computer these past two days. Anyway, last night I started doing the Kaspersky Web Scanning, and after 5 hours (12:00) I decided to leave it running and go to sleep. At that time, at 70% scanned, it hadn't found anything. Anyway, this morning, my wife accidentally turned off the computer so I don't know how the scanning finished. She started a scan to the Critical areas alone, and it found this... -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Sunday, June 22, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Sunday, June 22, 2008 12:55:24 Records in database: 880196 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - Critical Areas: C:\Documents and Settings\All Users\Start Menu\Programs\Startup C:\Documents and Settings\Jessenia Pagán\Start Menu\Programs\Startup C:\Program Files C:\WINDOWS Scan statistics: Files scanned: 39399 Threat name: 5 Infected objects: 9 Suspicious objects: 0 Duration of the scan: 00:51:31 File name / Threat name / Threats count C:\WINDOWS\system32\ddram.exe Infected: not-a-virus:NetTool.Win32.Sniffer.c 1 C:\WINDOWS\system32\ddram.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 2 C:\WINDOWS\system32\ddram.exe Infected: not-a-virus:PSWTool.Win32.PassView.162 1 C:\WINDOWS\system32\ddram.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 1 C:\WINDOWS\system32\dk\lam2.exe Infected: not-a-virus:NetTool.Win32.Sniffer.c 1 C:\WINDOWS\system32\dk\lam3.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1 C:\WINDOWS\system32\dk\lam5.exe Infected: not-a-virus:PSWTool.Win32.PassView.162 1 C:\WINDOWS\system32\wmipst.exe Infected: Backdoor.Win32.Bifrose.pqk 1 The selected area was scanned.

06-22-2008, 10:18 AM	#13 (permalink)
Thief12 Newb Techie Join Date: May 2008 Posts: 12	Mbam I just finished doing the MBAM scanning also... Malwarebytes' Anti-Malware 1.18 Database version: 876 11:13:53 AM 6/22/2008 mbam-log-6-22-2008 (11-13-53).txt Scan type: Quick Scan Objects scanned: 45856 Time elapsed: 4 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

06-23-2008, 04:33 PM	#14 (permalink)
Formerly the latter Super Techie Join Date: Aug 2007 Posts: 457	Re: My Hijack This logfile Step1 \| ComboFix Script 1. Please open Notepad Click Start, then Run Type "notepad.exe" in the Run Box. 2. Now copy/paste the entire content of the codebox below into the Notepad window: Code: KillAll:: File:: C:\WINDOWS\system32\ddram.exe Folder:: C:\WINDOWS\system32\dk 3. Then in the text file go to FILE => SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES 4. Save the above as CFScript.txt 5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. http://users.pandora.be/bluepatchy/m...s/CFScript.gif 5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply Step2 \| ATF Cleaner Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. Logs Required In Next Post ------------------------------- ComboFix (CFScript) Log New Hijackthis Log

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
My Hijack Log.	AhBeng	HijackThis Logs (finished)	8	02-29-2008 08:23 AM
VERY slow email - help - hijackthis logfile	mark1413	Virus - Spyware Protection / Detection	2	02-05-2008 12:11 AM
hijack this log for me ...thanks tech forums	krazyq	HijackThis Logs (finished)	0	01-04-2008 01:32 AM
is this where i put my hijackthis logfile?	shoebox1.1	Virus - Spyware Protection / Detection	7	10-11-2007 06:29 PM
Hijack log. Help please	zinch_smug	HijackThis Logs (finished)	8	08-14-2007 08:21 AM