oceanbeach
asked on
Having trouble removing some threats
Hello Experts.
I am having trouble removing some viruses & Adware. I will upload a HJT log to ee-stuff.com.
Any help would be greatly appreciated! Thanks!
oceanbeach
I am having trouble removing some viruses & Adware. I will upload a HJT log to ee-stuff.com.
Any help would be greatly appreciated! Thanks!
oceanbeach
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
For other people's ease of use:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:24:33 AM, on 11/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\Ati2ev xx.exe
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCE S.EXE
C:\WINDOWS\system32\LEXPPS .EXE
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.e xe
C:\WINDOWS\eHome\ehSched.e xe
C:\Program Files\Common Files\LightScribe\LSSrvc.e xe
C:\WINDOWS\system32\dllhos t.exe
C:\WINDOWS\system32\wscntf y.exe
C:\WINDOWS\system32\Ati2ev xx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.ex e
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper. exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService .exe
C:\WINDOWS\eHome\ehmsas.ex e
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv .exe
C:\Program Files\Java\jre1.5.0_06\bin \jusched.e xe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Compaq_Administra tor\Deskto p\HiJackTh is.exe
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Default_Sear ch_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0 090271D4F8 8} - C:\Program Files\Yahoo!\Companion\Ins talls\cpn\ yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7 695ECA0567 0} - C:\Program Files\Yahoo!\Companion\Ins talls\cpn\ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.d ll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-2 06D7942484 F} - C:\PROGRA~1\SPYBOT~1\SDHel per.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D 4DAF1D92D4 3} - C:\Program Files\Java\jre1.5.0_06\bin \ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-3 69692D1DCB 9} - C:\WINDOWS\pchealth\helpct r\Vendors\ CN=Hewlett -Packard,L =Cupertino ,S=Ca,C=US \plugin\We bHelper.dl l
O2 - BHO: {8c9ebd99-203b-a2c8-a174-5 29753800e8 e} - {e8e00835-7925-471a-8c2a-b 30299dbe9c 8} - C:\WINDOWS\system32\ojdgcn qi.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0 090271D4F8 8} - C:\Program Files\Yahoo!\Companion\Ins talls\cpn\ yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.ex e
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheM ode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD .EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind _XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals ched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe " -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper. exe"
O4 - HKLM\..\Run: [1457c86f] rundll32.exe "C:\WINDOWS\system32\ehgul spw.dll",b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe " /background
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.5.0_06\bin \ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.5.0_06\bin \ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-5 8CAB36FD2A 2} - C:\PROGRA~1\SPYBOT~1\SDHel per.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-5 8CAB36FD2A 2} - C:\PROGRA~1\SPYBOT~1\SDHel per.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-4 62D6D54C78 9} - C:\WINDOWS\PCHEALTH\HELPCT R\Vendors\ CN=Hewlett -Packard,L =Cupertino ,S=Ca,C=US \IEButton\ support.ht m
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-4 62D6D54C78 9} - C:\WINDOWS\PCHEALTH\HELPCT R\Vendors\ CN=Hewlett -Packard,L =Cupertino ,S=Ca,C=US \IEButton\ support.ht m
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9 BD8C29F7F7 5} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C 7C580BBF70 0} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-0 0105AA9B6A E} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E 099162EEEC 5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - Winlogon Notify: iifcbbc - C:\WINDOWS\SYSTEM32\iifcbb c.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2ev xx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver \11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService .exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCE S.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.e xe
--
End of file - 7441 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:24:33 AM, on 11/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\system32\svchos
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchos
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCE
C:\WINDOWS\system32\LEXPPS
C:\WINDOWS\system32\spools
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.e
C:\WINDOWS\eHome\ehSched.e
C:\Program Files\Common Files\LightScribe\LSSrvc.e
C:\WINDOWS\system32\dllhos
C:\WINDOWS\system32\wscntf
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.ex
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService
C:\WINDOWS\eHome\ehmsas.ex
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv
C:\Program Files\Java\jre1.5.0_06\bin
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Compaq_Administra
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-2
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-3
O2 - BHO: {8c9ebd99-203b-a2c8-a174-5
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.ex
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheM
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.
O4 - HKLM\..\Run: [1457c86f] rundll32.exe "C:\WINDOWS\system32\ehgul
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-5
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-5
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-4
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-4
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-0
O16 - DPF: {644E432F-49D3-41A1-8DD5-E
O20 - Winlogon Notify: iifcbbc - C:\WINDOWS\SYSTEM32\iifcbb
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2ev
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.e
--
End of file - 7441 bytes
O4 - HKLM\..\Run: [1457c86f] rundll32.exe "C:\WINDOWS\system32\ehgul spw.dll",b
This may be suspicious. Other than that - apart from a lot of unnecessary HP services - I can't see anything else that is really harmful - someone else might though.
What problems are you experiencing?
This may be suspicious. Other than that - apart from a lot of unnecessary HP services - I can't see anything else that is really harmful - someone else might though.
What problems are you experiencing?
Apologies -
O20 - Winlogon Notify: iifcbbc - C:\WINDOWS\SYSTEM32\iifcbb c.dll
may be suspect too.
O20 - Winlogon Notify: iifcbbc - C:\WINDOWS\SYSTEM32\iifcbb
may be suspect too.
ASKER
I have uploaded a kaspersky scan...
https://filedb.experts-exchange.com/incoming/ee-stuff/5728-kaspersky_111907-1130.ziphttps://filedb.experts-exchange.com/incoming/ee-stuff/5729-ewido-report_112007-0740.zip
https://filedb.experts-exchange.com/incoming/ee-stuff/5730-hijackthis_112007-0756.zip
https://filedb.experts-exchange.com/incoming/ee-stuff/5715-SUPERAntiSpyware.txt
https://filedb.experts-exchange.com/incoming/ee-stuff/5708-hijackthis.zip
https://filedb.experts-exchange.com/incoming/ee-stuff/5709-kaspersky.zip
https://filedb.experts-exchange.com/incoming/ee-stuff/5728-kaspersky_111907-1130.ziphttps://filedb.experts-exchange.com/incoming/ee-stuff/5729-ewido-report_112007-0740.zip
https://filedb.experts-exchange.com/incoming/ee-stuff/5730-hijackthis_112007-0756.zip
https://filedb.experts-exchange.com/incoming/ee-stuff/5715-SUPERAntiSpyware.txt
https://filedb.experts-exchange.com/incoming/ee-stuff/5708-hijackthis.zip
https://filedb.experts-exchange.com/incoming/ee-stuff/5709-kaspersky.zip
Online scanners sometimes just make you aware of the malware located in certain files.
The suspect browser objects need to be deleted - SuperAntiSpyware will do this for you.
The skipped files look like logs and txt files in use by the system - rather than suspected malware.
What did the SuperAntiSpyware scan come back with?
The suspect browser objects need to be deleted - SuperAntiSpyware will do this for you.
The skipped files look like logs and txt files in use by the system - rather than suspected malware.
What did the SuperAntiSpyware scan come back with?
infected: Trojan.Win32.BHO.re
Infected: Trojan.Win32.BHO.rg
HP and Compaq files infected as well.
BHO: (very little on symantec) -- http://www.symantec.com/security_response/writeup.jsp?docid=2007-082301-4219-99&tabid=2
Infected: Trojan.Win32.BHO.rg
HP and Compaq files infected as well.
BHO: (very little on symantec) -- http://www.symantec.com/security_response/writeup.jsp?docid=2007-082301-4219-99&tabid=2
ASKER
Hi Experts,
Sorry, I missed this..."What problems are you experiencing?"
-mostly popups
I have removed many threats already, but these last ones are being difficult. The kaspersky scan is from yesterday.
I have ran SuperAntispyware and uploaded the log...
https://filedb.experts-exchange.com/incoming/ee-stuff/5728-kaspersky_111907-1130.ziphttps://filedb.experts-exchange.com/incoming/ee-stuff/5729-ewido-report_112007-0740.zip
https://filedb.experts-exchange.com/incoming/ee-stuff/5730-hijackthis_112007-0756.zip
https://filedb.experts-exchange.com/incoming/ee-stuff/5715-SUPERAntiSpyware.txt
https://filedb.experts-exchange.com/incoming/ee-stuff/5708-hijackthis.zip
https://filedb.experts-exchange.com/incoming/ee-stuff/5709-kaspersky.zip
After rebooting, I received this error:
-"Error loading C:\Windows\system32\ehguls pw.dll"
I removed the following registry value (and the error message did not reappear):
-HKLM\SOFTWARE\Microsoft\W indows\Cur rentVersio n\run\1457 c86f
Value: rundll32.exe "C:\WINDOWS\system32\ehgul spw.dll",b
I will run a full online scan at HouseCall right now.
Thanks!
oceanbeach
Sorry, I missed this..."What problems are you experiencing?"
-mostly popups
I have removed many threats already, but these last ones are being difficult. The kaspersky scan is from yesterday.
I have ran SuperAntispyware and uploaded the log...
https://filedb.experts-exchange.com/incoming/ee-stuff/5728-kaspersky_111907-1130.ziphttps://filedb.experts-exchange.com/incoming/ee-stuff/5729-ewido-report_112007-0740.zip
https://filedb.experts-exchange.com/incoming/ee-stuff/5730-hijackthis_112007-0756.zip
https://filedb.experts-exchange.com/incoming/ee-stuff/5715-SUPERAntiSpyware.txt
https://filedb.experts-exchange.com/incoming/ee-stuff/5708-hijackthis.zip
https://filedb.experts-exchange.com/incoming/ee-stuff/5709-kaspersky.zip
After rebooting, I received this error:
-"Error loading C:\Windows\system32\ehguls
I removed the following registry value (and the error message did not reappear):
-HKLM\SOFTWARE\Microsoft\W
Value: rundll32.exe "C:\WINDOWS\system32\ehgul
I will run a full online scan at HouseCall right now.
Thanks!
oceanbeach
What about
O2 - BHO: {8c9ebd99-203b-a2c8-a174-5 29753800e8 e} - {e8e00835-7925-471a-8c2a-b 30299dbe9c 8} - C:\WINDOWS\system32\ojdgcn qi.dll
?
O2 - BHO: {8c9ebd99-203b-a2c8-a174-5
?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello Experts,
Somehow, the online scan at HouseCall failed. I will run an additional scan.
Should I remove the infected dll files & the associated registry entries? Is there any place to find out if a dll file is legitimate or not?
-OB
Somehow, the online scan at HouseCall failed. I will run an additional scan.
Should I remove the infected dll files & the associated registry entries? Is there any place to find out if a dll file is legitimate or not?
-OB
Just post the ones you don;t know about - and someone can assist...
ASKER
Hi Experts,
I received an indication from HouseCall that 'Bifrose' was detected. This does not seem to be reported by any other scan I have ran. I was not able to determine what file(s) may have been infected. Any ideas on how I can confirm this infection? Is it a false positive?
The online scan at HouseCall has been problematic. I would try to run another scan if I thought it would help, but I keep having trouble with it.
Thanks!
oceanbeach
I received an indication from HouseCall that 'Bifrose' was detected. This does not seem to be reported by any other scan I have ran. I was not able to determine what file(s) may have been infected. Any ideas on how I can confirm this infection? Is it a false positive?
The online scan at HouseCall has been problematic. I would try to run another scan if I thought it would help, but I keep having trouble with it.
Thanks!
oceanbeach
Try this online scan if you are having trouble with HouseCall:
http://www.ewido.net/en/onlinescan/
Bifrose - http://www.symantec.com/security_response/writeup.jsp?docid=2004-101214-5358-99
http://www.ewido.net/en/onlinescan/
Bifrose - http://www.symantec.com/security_response/writeup.jsp?docid=2004-101214-5358-99
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello EE,
Sorry for the delay. This has taken a little longer than I had hoped, and I just had to get some other work done yesterday.
I have uploaded:
-kaspersky log (from yesterday)
-ewido log
-HJT log
"Did SUPERAntispyware removed all vundof files detected?"
-I am not sure. It did remove many infected files, but I Spybot found another infection today. Also, a Spyware Doctor scan after SuperAntiSpyware seemed to come up with several of the same items that SuperAntiSpyware indicated were removed. An additional AntiSpyware scan after the Spyware Doctor scan gave a clean result.
"You can try running another Kaspersky scan..."
-I have not done this yet, but the most recent scan looks OK, do you agree? I could rerun another one.
"Does housecall gives you a log?"
-I was not able to obtain one. The first 2 scans I did locked up the browser. The third one completed and I was able to see the results), but frooze the browser again shortly there after. I did run a Biut Defender scan yesterday that came back clean.
Thanks again for everyones help!
-OB
Sorry for the delay. This has taken a little longer than I had hoped, and I just had to get some other work done yesterday.
I have uploaded:
-kaspersky log (from yesterday)
-ewido log
-HJT log
"Did SUPERAntispyware removed all vundof files detected?"
-I am not sure. It did remove many infected files, but I Spybot found another infection today. Also, a Spyware Doctor scan after SuperAntiSpyware seemed to come up with several of the same items that SuperAntiSpyware indicated were removed. An additional AntiSpyware scan after the Spyware Doctor scan gave a clean result.
"You can try running another Kaspersky scan..."
-I have not done this yet, but the most recent scan looks OK, do you agree? I could rerun another one.
"Does housecall gives you a log?"
-I was not able to obtain one. The first 2 scans I did locked up the browser. The third one completed and I was able to see the results), but frooze the browser again shortly there after. I did run a Biut Defender scan yesterday that came back clean.
Thanks again for everyones help!
-OB
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello Experts,
I apologize for not posting sooner. I have solved my problem. I wish I could say exactly what I did, but I had to do quite a bit to clean this machine, too much to say in detail.
Thanks!
-OB
I apologize for not posting sooner. I have solved my problem. I wish I could say exactly what I did, but I had to do quite a bit to clean this machine, too much to say in detail.
Thanks!
-OB
ASKER
Experts,
This was tough. I actually fixed the problem on my own. However, the most helpful suggestion was to run SuperAntiSpyware. All other efforts were helpful as well, but I had to do a lot of other work to clean this machine.
Thanks to all that helped out. I hope everyone agrees to the point split (it was the best I could do). Let me know if anyone thinks this seems unfair. I will be more than happy to rereview anything here.
Thanks again!
-OB
This was tough. I actually fixed the problem on my own. However, the most helpful suggestion was to run SuperAntiSpyware. All other efforts were helpful as well, but I had to do a lot of other work to clean this machine.
Thanks to all that helped out. I hope everyone agrees to the point split (it was the best I could do). Let me know if anyone thinks this seems unfair. I will be more than happy to rereview anything here.
Thanks again!
-OB
No problem - apologies that the assistance wasn't spot on - malware-related problems are sometimes exceptionally hard to clean off permanently (after all that is what they are designed for!)
Thanks in any case.
Thanks in any case.
Glad to know you've resolved it, sorry you had to do a lot more on your own.
In similar cases like this, you also have the option to ask for a refund of your points.
Thank you for awarding the points! very generous of you.
Good luck, :)
In similar cases like this, you also have the option to ask for a refund of your points.
Thank you for awarding the points! very generous of you.
Good luck, :)
ASKER
https://filedb.experts-exchange.com/incoming/ee-stuff/5730-hijackthis_112007-0756.zip
https://filedb.experts-exchange.com/incoming/ee-stuff/5715-SUPERAntiSpyware.txt
https://filedb.experts-exchange.com/incoming/ee-stuff/5708-hijackthis.zip
https://filedb.experts-exchange.com/incoming/ee-stuff/5709-kaspersky.zip