AntiVirus System Pro 2009 and BankerFox.A

View previous topic View next topic Go down

AntiVirus System Pro 2009 and BankerFox.A

Post by neocoop02 on 18th August 2009, 3:26 am

I got hit hard with this and it is driving me mad. I am not the most computer savvy person in the world and desperately need help. I just bought Kaspersky and I can't even load it as it seems like the virus is blocking any attempt to install. I ran a log per your instructions and posted them below. Any help is appreciated.
Thanks

Index % of PCs with item Code Data
1 0.0% O1 ::1 localhost
2 0.0% O1 91.206.201.8 oemantivir.microsoft.com
3 0.0% O1 91.206.201.8 oemantivir.com
4 0.0% O1 91.206.201.8 oemantivir.com
68 0.0% P01 C:\WINDOWS\Explorer.EXE
69 0.0% P01 C:\WINDOWS\system32\svchost.exe
70 0.0% P01 C:\WINDOWS\system32\lsass.exe
71 0.0% P01 C:\WINDOWS\system32\winlogon.exe
72 0.0% P01 C:\WINDOWS\system32\services.exe
73 0.0% P01 C:\WINDOWS\System32\smss.exe
74 0.0% P01 C:\WINDOWS\system32\spoolsv.exe
75 0.0% P01 C:\WINDOWS\system32\ctfmon.exe
76 0.0% P01 C:\Program Files\Internet Explorer\iexplore.exe
77 0.0% P01 C:\WINDOWS\system32\wuauclt.exe
78 0.0% P01 C:\WINDOWS\system32\NOTEPAD.EXE
79 0.0% P01 C:\Program Files\iPod\bin\iPodService.exe
80 0.0% P01 C:\Program Files\iTunes\iTunesHelper.exe
81 0.0% P01 C:\Program Files\Mozilla Firefox\firefox.exe
82 0.0% P01 C:\WINDOWS\System32\hkcmd.exe
83 0.0% P01 C:\WINDOWS\System32\dllhost.exe
84 0.0% P01 C:\WINDOWS\eHome\ehSched.exe
85 0.0% P01 C:\WINDOWS\eHome\ehRecvr.exe
86 0.0% P01 C:\Windows\ehome\ehtray.exe
87 0.0% P01 C:\Windows\ehome\ehmsas.exe
88 0.0% P01 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
89 0.0% P01 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
90 0.0% P01 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
91 0.0% P01 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
92 0.0% P01 C:\WINDOWS\system32\dla\tfswctrl.exe
93 0.0% P01 C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
94 0.0% P01 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
95 0.0% P01 C:\Program Files\Digital Line Detect\DLG.exe
96 0.0% P01 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
97 0.0% P01 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
98 0.0% P01 C:\Program Files\Viewpoint\Common\ViewpointService.exe
99 0.0% P01 C:\Program Files\Apoint\Apntex.exe
100 0.0% P01 C:\Program Files\Apoint\Apoint.exe
101 0.0% P01 C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
102 0.0% P01 C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
103 0.0% P01 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
104 0.0% P01 C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
105 0.0% P01 C:\Program Files\Bonjour\mDNSResponder.exe
106 0.0% P01 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
107 0.0% P01 C:\Program Files\DellSupport\DSAgnt.exe
108 0.0% P01 C:\Program Files\Microsoft Office\Office\OSA.EXE
109 0.0% P01 C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
110 0.0% P01 C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
111 0.0% P01 C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
112 0.0% P01 C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
113 0.0% P01 C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
114 0.0% P01 C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
115 0.0% P01 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
116 0.0% P01 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
117 0.0% P01 C:\Program Files\lqhrge\yuqisysguard.exe
118 0.0% P01 C:\Documents and Settings\Rob\Desktop\winlogon.exe
119 0.0% P01 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
120 0.0% P01 C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
121 0.0% P01 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
122 0.0% P01 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
123 0.0% P01 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
124 0.0% R0 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
125 0.0% R0 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
126 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
127 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
128 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
129 0.0% R1 HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
130 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
131 0.0% R1 HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
132 0.0% R1 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
133 0.0% R1 HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
134 0.0% R1 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]

Explanation of the codes

R - Registry, StartPage/SearchPage changes

* R0 - Changed registry value
* R1 - Created registry value
* R2 - Created registry key
* R3 - Created extra registry value where only one should be

F - IniFiles, autoloading entries

* F0 - Changed inifile value
* F1 - Created inifile value
* F2 - Changed inifile value, mapped to Registry
* F3 - Created inifile value, mapped to Registry

N - Netscape/Mozilla StartPage/SearchPage changes

* N1 - Change in prefs.js of Netscape 4.x
* N2 - Change in prefs.js of Netscape 6
* N3 - Change in prefs.js of Netscape 7
* N4 - Change in prefs.js of Mozilla

O - Other, several sections which represent:

* O1 - Hijack of auto.search.msn.com with Hosts file
* O2 - Enumeration of existing MSIE BHO's
* O3 - Enumeration of existing MSIE toolbars
* O4 - Enumeration of suspicious autoloading Registry entries
* O5 - Blocking of loading Internet Options in Control Panel
* O6 - Disabling of 'Internet Options' Main tab with Policies
* O7 - Disabling of Regedit with Policies
* O8 - Extra MSIE context menu items
* O9 - Extra 'Tools' menuitems and buttons
* O10 - Breaking of Internet access by New.Net or WebHancer
* O11 - Extra options in MSIE 'Advanced' settings tab
* O12 - MSIE plugins for file extensions or MIME types
* O13 - Hijack of default URL prefixes
* O14 - Changing of IERESET.INF
* O15 - Trusted Zone Autoadd
* O16 - Download Program Files item
* O17 - Domain hijack
* O18 - Enumeration of existing protocols and filters
* O19 - User stylesheet hijack
* O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
* O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
* O22 - SharedTaskScheduler autorun Registry key
* O23 - Enumeration of NT Services
* O24 - Enumeration of ActiveX Desktop Components

neocoop02
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-08-18
OS OS : XP
Points Points : 26702
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus System Pro 2009 and BankerFox.A

Post by Doctor Inferno on 18th August 2009, 5:51 am

Hello,

Read this: [You must be registered and logged in to see this link.]

And post your HijackThis log.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104620
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus System Pro 2009 and BankerFox.A

Post by neocoop02 on 18th August 2009, 6:23 pm

I just sent you a PM as I must be confused on how to run the HijackThis Log.

Thanks

neocoop02
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-08-18
OS OS : XP
Points Points : 26702
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus System Pro 2009 and BankerFox.A

Post by Belahzur on 18th August 2009, 8:39 pm

Hello.
I think something went wrong when you run it.


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AntiVirus System Pro 2009 and BankerFox.A

Post by neocoop02 on 18th August 2009, 10:17 pm

DDS (Ver_09-07-30.01) - NTFSx86
Run by Rob at 17:10:13.17 on Tue 08/18/2009

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_09\bin\ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {F5735C15-1FB2-41FE-BA12-242757E69DDE} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_9
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [system tool] c:\program files\lqhrge\yuqisysguard.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_09\bin\jusched.exe"
mRun: []
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [system tool] c:\program files\lqhrge\yuqisysguard.exe
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_09\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: Yahoo! Blackjack - [You must be registered and logged in to see this link.]
DPF: Yahoo! Poker - [You must be registered and logged in to see this link.]
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} - [You must be registered and logged in to see this link.]
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

================= FIREFOX ===================

FF - ProfilePath - c:\documents and settings\rob\application data\mozilla\firefox\profiles\2g8cc5hh.default\
FF - plugin: c:\documents and settings\rob\application data\mozilla\firefox\profiles\2g8cc5hh.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast -
============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-08-17 21:46 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-17 17:47 75,016 a------- c:\windows\system32\isafprod.dll
2009-08-17 17:40 99,592 a------- c:\windows\system32\isafeif.dll
2009-08-17 17:40 79,424 a------- c:\windows\system32\vetredir.dll
2009-08-17 17:40 --d----- c:\program files\CA
2009-08-16 20:20 --d----- c:\program files\lqhrge
2009-08-16 11:05 252,299 a------- C:\Good The Bad and The Undead.pdf
2009-08-16 11:05 262,343 a------- C:\Feral.pdf
2009-08-16 11:05 221,724 a------- C:\executive_order_6.pdf
2009-08-16 10:54 4,197,505 a------- C:\Social Network, The.pdf
2009-08-15 10:48 248,535 a------- C:\The_Raven_by_Hannah_Shakespeare_and_Ben_Livingston_(11-20-06).pdf
2009-08-12 16:42 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-12 16:41 655,872 -------- c:\windows\system32\dllcache\mstscax.dll
2009-08-07 16:57 1,089,601 -------- c:\windows\system32\dllcache\ntprint.cat
2009-08-06 20:27 --d----- c:\windows\system32\XPSViewer
2009-08-06 20:26 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-06 20:26 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-06 20:26 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-06 20:26 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-06 20:26 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-06 20:26 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-06 20:26 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-06 20:26 --d----- C:\1fb61f18e04bc72dbb999168770a36af
2009-08-06 20:19 --d----- c:\program files\MSXML 6.0
2009-08-05 04:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll

==================== Find3M ====================

2009-08-17 20:00 880,560 a------- c:\windows\system32\drivers\vetefile.sys
2009-08-17 20:00 108,368 a------- c:\windows\system32\drivers\veteboot.sys
2009-08-05 04:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 08:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 13:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 13:55 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-10 08:42 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-07-03 12:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 12:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 12:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 12:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 12:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-07-03 12:09 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 12:09 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 12:09 1,985,536 a------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 12:09 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 12:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 12:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 12:09 386,048 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 06:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-25 03:44 724,480 a------- c:\windows\system32\lsasrv.dll
2009-06-25 03:44 298,496 a------- c:\windows\system32\kerberos.dll
2009-06-25 03:44 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 03:44 133,632 a------- c:\windows\system32\msv1_0.dll
2009-06-25 03:44 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 03:44 56,320 a------- c:\windows\system32\secur32.dll
2009-06-25 03:44 724,480 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 03:44 298,496 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 03:44 168,448 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 03:44 133,632 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 03:44 59,392 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 03:44 56,320 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-22 06:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 06:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 06:49 117,248 -------- c:\windows\system32\dllcache\mqtgsvc.exe
2009-06-22 06:49 19,968 -------- c:\windows\system32\dllcache\mqbkup.exe
2009-06-22 06:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-22 06:49 4,608 -------- c:\windows\system32\dllcache\mqsvc.exe
2009-06-22 06:48 91,776 a------- c:\windows\system32\drivers\mqac.sys
2009-06-22 06:48 91,776 -------- c:\windows\system32\dllcache\mqac.sys
2009-06-22 06:34 92,544 a------- c:\windows\system32\drivers\ksecdd.sys
2009-06-22 06:34 92,544 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 09:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-16 09:55 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 09:55 82,432 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 06:50 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 06:50 80,896 -------- c:\windows\system32\dllcache\tlntsess.exe
2009-06-12 06:50 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 06:50 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 09:21 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 09:21 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 01:32 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-10 01:32 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll
2009-06-05 02:42 655,872 a------- c:\windows\system32\mstscax.dll
2009-06-03 14:24 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 14:24 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-06-01 18:48 15,688 a------- c:\windows\system32\lsdelete.exe
2007-12-21 17:24 200,768,409 -------- C:\Black_List_2007.zip

============= FINISH: 17:11:02.73 ===============

neocoop02
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-08-18
OS OS : XP
Points Points : 26702
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus System Pro 2009 and BankerFox.A

Post by Belahzur on 19th August 2009, 12:20 am

Hello.

Please disable Ad-Watch, as it may hinder the removal of some HijackThis entries. You can re-enable it after your computer is clean. Please see here for instructions on how to disable it:

1. Right-click on the Ad-Watch icon in the system tray (located down by the system clock for most configurations)
2. Choose *Turn off Ad-Watch* from the drop menu.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\program files\lqhrge

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "system tool"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "system tool"=-


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AntiVirus System Pro 2009 and BankerFox.A

Post by neocoop02 on 19th August 2009, 12:34 am

========== FILES ==========
c:\program files\lqhrge moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\system tool deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\system tool deleted successfully.

OTM by OldTimer - Version 3.0.0.6 log created on 08182009_193202

neocoop02
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-08-18
OS OS : XP
Points Points : 26702
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus System Pro 2009 and BankerFox.A

Post by Origin on 19th August 2009, 12:35 am

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus System Pro 2009 and BankerFox.A

Post by neocoop02 on 19th August 2009, 12:57 am

Having some difficulty as the virus keeps telling me that he combofix.exe is infected and blocks it with a warning.

Now I am stuck. Is this virus this vicious?

***Update: I got it. I will attach the log.


Last edited by neocoop02 on 19th August 2009, 4:06 am; edited 1 time in total

neocoop02
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-08-18
OS OS : XP
Points Points : 26702
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus System Pro 2009 and BankerFox.A

Post by neocoop02 on 19th August 2009, 4:05 am

ComboFix 09-08-10.06 - Rob 08/18/2009 22:50.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.157 [GMT -5:00]
Running from: c:\documents and settings\Rob\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\62092b.msp
c:\windows\syssvc.exe

.
((((((((((((((((((((((((( Files Created from 2009-07-19 to 2009-08-19 )))))))))))))))))))))))))))))))
.

2009-08-19 01:03 . 2009-08-19 01:03 -------- d-----w- C:\32788R22FWJFW.4.tmp
2009-08-19 00:59 . 2009-08-19 00:59 -------- d-----w- C:\32788R22FWJFW.3.tmp
2009-08-19 00:59 . 2009-08-19 00:59 -------- d-----w- C:\32788R22FWJFW.2.tmp
2009-08-19 00:58 . 2009-08-19 00:58 -------- d-----w- C:\32788R22FWJFW.1.tmp
2009-08-19 00:32 . 2009-08-19 00:32 -------- d-----w- C:\_OTM
2009-08-18 22:58 . 2009-08-18 22:58 -------- d--h--w- c:\windows\PIF
2009-08-18 22:58 . 2009-08-18 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-18 22:36 . 2009-08-18 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-18 22:33 . 2009-08-18 22:33 -------- d-----w- C:\1fb61f18e04bc72dbb999168770a36af
2009-08-18 22:33 . 2009-08-18 22:33 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-18 02:46 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-18 02:46 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-18 02:46 . 2009-08-18 22:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-13 10:53 . 2009-08-13 10:53 -------- d-----w- c:\windows\ServicePackFiles
2009-08-12 21:41 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-08-07 01:27 . 2009-08-18 22:33 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-07 01:27 . 2009-08-07 01:27 -------- d-----w- c:\program files\MSBuild
2009-08-07 01:26 . 2009-08-07 01:26 -------- d-----w- c:\program files\Reference Assemblies
2009-08-07 01:26 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-07 01:26 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-07 01:26 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-07 01:26 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-07 01:26 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-07 01:26 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-07 01:26 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-07 01:19 . 2009-08-07 01:19 -------- d-----w- c:\program files\MSXML 6.0
2009-08-05 09:11 . 2009-08-05 09:11 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-18 22:32 . 2009-04-26 00:00 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-15 15:20 . 2005-09-26 00:05 44136 ----a-w- c:\documents and settings\Rob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:11 . 2004-08-19 20:49 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-26 21:28 . 2007-05-27 18:00 -------- d-----w- c:\docume~1\Rob\APPLIC~1\LimeWire
2009-07-17 18:55 . 2004-08-19 20:49 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 15:08 . 2004-08-19 20:50 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 19:11 . 2009-06-26 16:39 -------- d-----w- c:\docume~1\Rob\APPLIC~1\Move Networks
2009-07-03 17:09 . 2004-08-19 20:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 18:36 . 2004-08-19 20:49 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-08-19 20:49 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-08-19 20:49 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-08-19 20:49 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2004-08-19 20:49 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-08-19 20:49 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2004-08-19 20:49 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2004-08-19 20:49 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2004-08-19 20:49 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2004-08-19 20:49 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2004-08-19 20:49 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2004-08-19 20:49 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:44 . 2004-08-19 20:49 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2004-08-19 20:49 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2004-08-19 20:49 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2004-08-19 20:49 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:44 . 2004-08-19 20:49 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-08-19 20:49 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-22 11:49 . 2004-08-19 20:49 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-19 20:49 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-19 20:49 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-19 20:49 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:34 . 2004-08-19 20:49 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:55 . 2004-08-19 20:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2004-08-19 20:49 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 11:50 . 2004-08-19 20:49 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 11:50 . 2004-08-19 20:49 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2004-08-19 20:49 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2004-08-19 20:49 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2004-08-19 21:01 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:24 . 2004-08-19 20:49 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 23:48 . 2009-06-01 23:48 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-06-01 23:48 . 2009-01-29 03:26 15688 ----a-w- c:\windows\system32\lsdelete.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-15 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 49263]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 135168]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-10 520024]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

c:\documents and settings\Rob\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-10-15 155648]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-8-6 24576]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-7-11 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-11 51984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/26/2009 7:43 PM 64160]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [12/9/2008 1:37 PM 13088]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1029456]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/21/2008 4:00 PM 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-08-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 01:44]

2009-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-08-18 c:\windows\Tasks\User_Feed_Synchronization-{16DA95ED-37E1-4AA9-89CD-7F1042509C99}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\docume~1\Rob\APPLIC~1\Mozilla\Firefox\Profiles\2g8cc5hh.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\2g8cc5hh.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - .

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-18 22:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1296)
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'lsass.exe'(1548)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
.
Completion time: 2009-08-19 23:03
ComboFix-quarantined-files.txt 2009-08-19 04:02

Pre-Run: 10,780,540,928 bytes free
Post-Run: 12,061,880,320 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

196 --- E O F --- 2009-08-17 02:02

neocoop02
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-08-18
OS OS : XP
Points Points : 26702
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus System Pro 2009 and BankerFox.A

Post by neocoop02 on 19th August 2009, 4:18 am

I think this worked! You are a genius! Thank you so much! How do I donate!

neocoop02
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-08-18
OS OS : XP
Points Points : 26702
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus System Pro 2009 and BankerFox.A

Post by Belahzur on 19th August 2009, 6:47 pm

Hello.
Not done yet, one more log I want to see.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AntiVirus System Pro 2009 and BankerFox.A

Post by neocoop02 on 21st August 2009, 9:59 pm

Ad-Aware
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
ALPS Touch Pad Driver
AnswerWorks 5.0 English Runtime
AOLIcon
Apple Mobile Device Support
Apple Software Update
Bonjour
BUM
Conexant D110 MDC V.9x Modem
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Picture Studio v3.0
Dell Support Center (Support Software)
DellSupport
Digital Line Detect
GemMaster Mystic
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Internet Explorer Default Page
iTunes
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Kaspersky Anti-Virus 2009
Kaspersky Anti-Virus 2009
Macromedia Flash Player
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
mIWA
mIWCA
mLogView
mMHouse
MobileMe Control Panel
Modem Helper
Mozilla Firefox (3.0.13)
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
mToolkit
Musicmatch® Jukebox
mWlsSafe
mXML
mZConfig
NetWaiting
Otto
PowerDVD 5.5
QuickSet
QuickTime
RealPlayer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Sonic DLA
Sonic Encoders
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sony Picture Utility
Sony USB Driver
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2008 wwiiper
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebCyberCoach 3.2 Dell
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888240
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB893086
WordPerfect Office 12
Yahoo! Software Update
Yahoo! Toolbar

neocoop02
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-08-18
OS OS : XP
Points Points : 26702
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus System Pro 2009 and BankerFox.A

Post by Origin on 22nd August 2009, 5:08 pm

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • Limewire 4.18.8
  • J2SE Runtime Environment 5.0 Update 6
  • J2SE Runtime Environment 5.0 Update 9
  • Viewpoint Media Player


Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus System Pro 2009 and BankerFox.A

Post by neocoop02 on 26th August 2009, 11:28 am

Malwarebytes' Anti-Malware 1.40
Database version: 2697
Windows 5.1.2600 Service Pack 2

8/26/2009 6:27:24 AM
mbam-log-2009-08-26 (06-27-24).txt

Scan type: Quick Scan
Objects scanned: 98885
Time elapsed: 8 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f03c6151-5d0e-4675-9e4b-01910a278c1f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Rob\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

neocoop02
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-08-18
OS OS : XP
Points Points : 26702
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus System Pro 2009 and BankerFox.A

Post by Origin on 29th August 2009, 11:15 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiVirus System Pro 2009 and BankerFox.A

Post by neocoop02 on 2nd September 2009, 10:57 am

This worked! Thank you!

neocoop02
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-08-18
OS OS : XP
Points Points : 26702
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum