Help! Trojan Horse PSW.Generic7.AXHO and Clicker.zzj and De

View previous topic View next topic Go down

Help! Trojan Horse PSW.Generic7.AXHO and Clicker.zzj and Delf.nds

Post by Macy on 14th December 2009, 12:56 am

Help! I did a really stupid thing earlier today, and got myself a Trojan Horse on my laptop. I have no idea how to go about removing it. I'm freaking out a bit since I need this laptop for business.

The name of the Trojan Horse I got today is:

PSW.Generic7.AXHO

After I realized I got that, I did an update and scan with AVG and found the following two Trojan Horses also:

Delf.NDS
Clicker.ZZJ

Yikes!

AVG keeps popping up with this too:




I downloaded Hijack This and here's my log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:36:59 PM, on 12/13/2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v7.00 (7.00.6002.18005)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\msa.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\Program Files\Toshiba\SmoothView\SmoothView.exe
    C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Users\Lori\AppData\Roaming\Google\Google Talk\googletalk.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\FrostWire\FrostWire.exe
    C:\Windows\System32\qoibf.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
    C:\Users\Lori\AppData\Local\Temp\c.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Lori\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - *{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: TBSB09835 - {D97FC677-694D-4A75-AC89-A5B85C2BCFED} - C:\Program Files\IEToolbar\Bullseye Tool Bar\lw.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Bullseye Tool Bar - {6226BA26-C017-4007-928C-DE9715C6FA67} - C:\Program Files\IEToolbar\Bullseye Tool Bar\lw.dll
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [cftmon] C:\Windows\system32\qoibf.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    O4 - HKCU\..\Run: [cdloader] "C:\Users\Lori\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [googletalk] C:\Users\Lori\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Lori\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [ZagrebLand] C:\Users\Lori\AppData\Local\Temp\c.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
    O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O9 - Extra button: Red Flush - 302F9135-24F7-4C0C-9AE0-BAB9B3C2254F - C:\Microgaming\Casino\RedFlush\Casinogame.exe (HKCU)
    O9 - Extra button: Grand Mondial Casino - 60BF04B1-E019-47A2-8DD9-EA745AD77CBF - C:\Microgaming\Casino\GrandMondial\Casinogame.exe (HKCU)
    O9 - Extra button: VIP Lounge - 64FAA214-C359-4527-9CF0-257AC6726316 - C:\Microgaming\Casino\VIPLounge\Casinogame.exe (HKCU)
    O9 - Extra button: Vegas Palms Online Casino - 66111AE8-9E42-448E-B6FB-112BED934DF7 - C:\Microgaming\Casino\VegasPalms\Casinogame.exe (HKCU)
    O9 - Extra button: River Belle Casino - 78E83FBB-5820-43E6-845F-C89D1D2C26D6 - C:\Microgaming\Casino\RiverBelle\Casinogame.exe (HKCU)
    O9 - Extra button: Casino Share - 88A1D0F6-2F43-4D72-BD27-64C7F3C7DD81 - C:\Microgaming\Casino\CasinoShare\Casinogame.exe (HKCU)
    O9 - Extra button: Royal Joker Casino - 9D651E9E-0462-4D91-946D-28AA8E324B9C - C:\Microgaming\Casino\RoyalJoker\Casinogame.exe (HKCU)
    O9 - Extra button: Vegas Poker Casino - D1A87A0D-5AC3-4B52-8198-F5100C0BD100 - C:\Microgaming\Casino\VegasPoker\casinogame.exe (HKCU)
    O9 - Extra button: Platinum Play Online Casino - F27893AA-B2A6-4EDB-BE80-C8DFF72FCB5E - C:\Microgaming\Casino\PlatinumPlay\Casinogame.exe (HKCU)
    O9 - Extra button: Intertops Poker - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\IntertopsMPP\MPPoker.exe (HKCU)
    O9 - Extra button: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Lori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Lori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (file missing) (HKCU)
    O9 - Extra button: Colosseum Casino - {3063B8BA-1F15-466E-B63F-092B8A99B7A8} - C:\Microgaming\Casino\Colosseum\casinogame.exe (HKCU)
    O9 - Extra button: Vegas Country Casino - {BB83C6B7-8FF4-49B8-A30F-FA4F4140C7F1} - C:\Microgaming\Casino\VegasCountry\casinogame.exe (HKCU)
    O13 - Gopher Prefix:
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [You must be registered and logged in to see this link.]
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
    O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - [You must be registered and logged in to see this link.]
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate1ca72e66d4fa0a0) (gupdate1ca72e66d4fa0a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
    O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
    O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

    --
    End of file - 13843 bytes


Security Softwares: AVG
Version: 8.5.427
Virus database version: 270.14.106/2563
Computer Specifications:
Windows Vista Home Premium
Service Pack 2
Processor: AMD Turion(tm) 64 x2 Mobile Technology TL-58 1.90 GHz


Thank you in advance for any help you can offer.


Last edited by Macy on 14th December 2009, 1:10 am; edited 1 time in total (Reason for editing : Added more info.)

Macy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-12-13
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25773
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help! Trojan Horse PSW.Generic7.AXHO and Clicker.zzj and De

Post by Belahzur on 14th December 2009, 1:25 am

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - *{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O4 - HKCU\..\Run: [ZagrebLand] C:\Users\Lori\AppData\Local\Temp\c.exe
    O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help! Trojan Horse PSW.Generic7.AXHO and Clicker.zzj and De

Post by Macy on 14th December 2009, 2:02 am

Hi Belahzur,

Thanks so much for your quick reply, and for your help here. I really do appreciate it.

I'm doing the scan you asked me to do right now, but wanted to show you these screenshots of errors I didn't get before. My hard drive is brand new btw. Smile



And this one when I open Hijack This and try to do the "System Scan Only":



I'll post again when the Malwarebytes scan is complete.

Thanks again.. Smile


Last edited by Macy on 14th December 2009, 2:03 am; edited 1 time in total (Reason for editing : Typo correction)

Macy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-12-13
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25773
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help! Trojan Horse PSW.Generic7.AXHO and Clicker.zzj and De

Post by Macy on 14th December 2009, 2:26 am

Hi Belahzur,

Here's my MBAM Log:


    Malwarebytes' Anti-Malware 1.42
    Database version: 3356
    Windows 6.0.6002 Service Pack 2
    Internet Explorer 7.0.6002.18005

    12/13/2009 6:06:08 PM
    mbam-log-2009-12-13 (18-06-08).txt

    Scan type: Quick Scan
    Objects scanned: 96184
    Time elapsed: 7 minute(s), 36 second(s)

    Memory Processes Infected: 3
    Memory Modules Infected: 0
    Registry Keys Infected: 5
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 7
    Files Infected: 225

    Memory Processes Infected:
    C:\Windows\System32\qoibf.exe (Worm.Autorun) -> Unloaded process successfully.
    C:\Windows\msa.exe (Trojan.Agent) -> Unloaded process successfully.
    C:\Users\Lori\AppData\Local\Temp\c.exe (Trojan.Dropper) -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\ZagrebLand (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Videocan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gold VIP Club Casino (Adware.Casino) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\RealTime Gaming Software\Gold VIP Club Casino (Adware.Casino) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cftmon (Worm.Autorun) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\Gold VIP Club Casino (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\fonts (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\installed (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\temp (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\_patch (Adware.Casino) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Windows\System32\qoibf.exe (Worm.Autorun) -> Quarantined and deleted successfully.
    C:\Users\Lori\downloads\SmartDownload.exe (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Windows\ajwbh81851.exe (Adware.IEToolbar) -> Quarantined and deleted successfully.
    C:\Windows\edtbn02403.exe (Worm.Autorun) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\auslots.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\bj.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\casino.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\casino.exe (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\casino.ico (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\casino.ini (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\directsound.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\extgame.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\Gold VIP Club Casino.ico (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\Install.exe (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\lbyinst.exe (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\lobby.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\lobby.ini (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\menu.txt (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\msvcp60.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\msvcrt.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\plibc32.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\unicows.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\vpoker.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\winsound.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\zlib.dll (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\fonts\albw.ttf (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\installed\Australian Slots - Base Slots (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\installed\Australian Slots - Base Slots.ini (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\installed\Australian Slots - Year of Fortune (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\installed\Australian Slots - Year of Fortune.ini (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\installed\Blackjack - Common (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\installed\Blackjack - Common.ini (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\installed\Blackjack - Standard (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\installed\Blackjack - Standard.ini (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\installed\Extgame (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\installed\Extgame.ini (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\installed\Fonts - Latin (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\installed\Fonts - Latin.ini (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\installed\Lobby (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\installed\Lobby.ini (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\installed\packages (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\installed\Slots - Base (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\installed\Slots - Base.ini (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\installed\SmartDownload (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\installed\SmartDownload.ini (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\installed\Video Poker - Common (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\installed\Video Poker - Common.ini (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\installed\Video Poker - Jacks or Better (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\installed\Video Poker - Jacks or Better.ini (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\action_button.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\bj.en.st.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\blackjack32.en.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\card.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\cards32.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\casino.bd1.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\casino.chf.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\casino.cny.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\casino.en.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\casino.en.st.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\casino.eur.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\casino.gbp.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\casino.myr.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\casino.pen.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\casino.php.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\casino.rub.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\casino.usd.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\casino.zar.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\casino32.en.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\casino32.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\chips.bd1.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\chips.chf.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\chips.cny.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\chips.eur.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\chips.gbp.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\chips.myr.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\chips.pen.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\chips.php.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\chips.rub.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\chips.usd.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\chips.zar.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\chips32.chf.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\chips32.cny.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\chips32.eur.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\chips32.myr.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\chips32.pen.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\chips32.php.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\chips32.rub.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\chips32.usd.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\chips32.zar.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\dgcommon.en.st.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\DM-Common.en.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\DM-Common.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\DM-lote-gold-small.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\DM-Lote-gold.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\DM-lote-silver-small.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\DM-Lote-silver.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\DM-YearFortune-msg.en.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\DM-YearFortune-msg.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\DM-YearFortune.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\exit.en.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\extgame.en.st.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\history.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\lobby.en.st.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\lobby.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\logos.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\options_new.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\rings.en.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\slots.en.st.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\table.en.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\table.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\tables32.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\tbslot.en.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\vpjob.en.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\vpoker.bd1.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\vpoker.chf.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\vpoker.cny.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\vpoker.en.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\vpoker.en.st.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\vpoker.eur.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\vpoker.gbp.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\vpoker.myr.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\vpoker.pen.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\vpoker.php.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\vpoker.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\vpoker.rub.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\vpoker.usd.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\rsc\vpoker.zar.rsc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\Blackjack.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\Bust.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\cmn000.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\cmn001.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\cmn002.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\cmn003.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\cmn004.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\cmn005.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_00.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_01.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_02.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_03.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_04.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_05.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_06.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_07.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_08.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_09.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_10.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_11.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_12.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_13.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_14.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_15.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_16.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_17.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_18.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_19.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_20.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_21.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_22.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_23.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_24.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_25.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_26.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_27.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_28.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_29.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_30.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_31.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_32.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_33.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_34.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_35.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\HandScore_36.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\Insurance.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\jkp000.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\jkp001.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\PlayerWins.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\Push.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\ShoeCardSound.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\slt001.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\slt002.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\slt003.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\slt007.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\slt008.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\slt009.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\slt010.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\slt049.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\slt152.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\slt154.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\slt155.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\slt156.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\slt157.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\slt158.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\slt159.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\slt162.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\slt163.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\slt164.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\slt165.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\slt166.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\slt167.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\sltYearOfFortuneFreeLoop.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\sltYearOfFortuneGoldOfWealth.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\sltYearOfFortuneGoldOfWealthSFXLaugh.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\sltYearOfFortuneLogoSFX.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\sltYearOfFortuneOx.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\sltYearOfFortuneOxSFX.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\sltYearOfFortuneSymbolFXGong.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\vp000.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\vp001.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\vp002.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\vp003.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\vp004.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\vp006.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\vp007.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\vp008.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\vp009.wav (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\sounds\Win.ogg (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\temp\loading.html (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\_patch\package_list.ini (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\Gold VIP Club Casino\_patch\package_list.ini.crc (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Users\Lori\AppData\Local\Temp\b.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Users\Lori\AppData\Local\Temp\c.exe (Trojan.Dropper) -> Quarantined and deleted successfully.



It isn't good is it?

Thanks again for your help.

Macy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-12-13
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25773
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help! Trojan Horse PSW.Generic7.AXHO and Clicker.zzj and De

Post by Macy on 14th December 2009, 9:12 am

I just seen a popup warning from Windows Defender with a new trojan, alert level 'severe'.

Trojan Horse: Win32/Vundo.ME

Macy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-12-13
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25773
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help! Trojan Horse PSW.Generic7.AXHO and Clicker.zzj and De

Post by Belahzur on 14th December 2009, 7:20 pm

Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help! Trojan Horse PSW.Generic7.AXHO and Clicker.zzj and De

Post by Macy on 14th December 2009, 10:46 pm

DDS (Ver_09-12-01.01) - NTFSx86
Run by Lori at 14:36:12.06 on Mon 12/14/2009
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.864 [GMT -8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k nȯne
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\FastNetSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2MI7V0F\dds[1].pif

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Page_URL = [You must be registered and logged in to see this link.]
uSearch Bar =
mDefault_Page_URL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
dRun: [iinjug] RUNDLL32.EXE c:\windows\temp\msilojzb.dll,w
dRun: [Antivirus PC 2009] cmd /C cd "c:\program files\Antivirus PC 2009" && start avpc2009.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - [You must be registered and logged in to see this link.]
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: yakiyetu.dll
LSA: Notification Packages = scecli pumotozi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\lori\appdata\roaming\mozilla\firefox\profiles\lbvmfrv0.default\
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com [You must be registered and logged in to see this link.] 'allAccess');c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-27 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-27 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-27 108552]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-8-26 20352]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-27 297752]
R2 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 21504]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 fastnetsrv;fastnetsrv Service;c:\windows\system32\FastNetSrv.exe [2006-11-2 42496]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-23 7168]
S2 gupdate1ca72e66d4fa0a0;Google Update Service (gupdate1ca72e66d4fa0a0);c:\program files\google\update\GoogleUpdate.exe [2009-12-1 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 ndisdrv;ndisdrv;c:\windows\system32\ndisdrv.sys [2009-9-11 2304]
S3 winsts;winsts;c:\windows\system32\winsts.sys [2009-9-11 2304]
SUnknown vylxbxpz;vylxbxpz; [x]

=============== Created Last 30 ================

2009-12-14 22:21:28 716288 ----a-w- c:\windows\system32\drivers\uuoxdt.sys
2009-12-14 22:21:11 19968 ----a-w- C:\dens.exe
2009-12-14 22:21:07 3107947 ----a-w- c:\windows\system32\ALDQLJ.exe
2009-12-14 09:05:42 0 d-----w- c:\programdata\numitopi
2009-12-14 09:05:41 0 d-----w- c:\programdata\hopagatu
2009-12-14 09:05:41 0 d-----w- c:\programdata\bepepono
2009-12-14 09:00:36 30208 ----a-w- C:\siuhb.exe
2009-12-14 09:00:33 157696 ----a-w- C:\enhs.exe
2009-12-14 09:00:32 35328 ----a-w- C:\waees.exe
2009-12-14 09:00:31 47104 ----a-w- C:\utpo.exe
2009-12-14 09:00:27 8704 ----a-w- C:\acad.exe
2009-12-14 01:56:40 0 d-----w- c:\users\lori\appdata\roaming\Malwarebytes
2009-12-14 01:56:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-14 01:56:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-14 01:56:32 0 d-----w- c:\programdata\Malwarebytes
2009-12-14 01:56:32 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-13 21:36:18 0 d-----w- c:\program files\Trend Micro
2009-12-13 20:25:55 95744 ----a-w- c:\windows\duxc8820.exe
2009-12-13 20:25:52 90 ----a-w- c:\windows\system32\winset.ini
2009-12-13 20:25:40 132096 --sha-r- c:\windows\system32\COMMANDS.dll
2009-12-13 20:25:21 43520 ----a-w- c:\windows\eocwu3617.exe
2009-12-13 20:25:19 0 d-----w- c:\program files\IEToolbar
2009-12-13 20:25:13 93696 ----a-w- c:\windows\bukp56323.exe
2009-12-13 10:44:54 0 d-----w- c:\users\lori\appdata\roaming\FrostWire
2009-12-12 12:44:59 0 d-----w- c:\program files\SlotsJackpot
2009-12-09 23:39:55 0 d-----w- c:\program files\DoylesRoom Casino
2009-12-08 22:30:50 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-08 22:30:49 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-08 22:30:49 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-08 22:17:35 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-08 22:17:28 834048 ----a-w- c:\windows\system32\wininet.dll
2009-12-08 22:17:23 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-08 22:16:02 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-05 15:24:45 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-12-05 15:24:45 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-12-05 15:23:32 0 d-----w- c:\program files\iPod
2009-12-05 15:23:30 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-05 15:23:30 0 d-----w- c:\program files\iTunes
2009-12-05 15:22:25 0 d-----w- c:\program files\Bonjour
2009-12-05 15:21:35 0 d-----w- c:\programdata\Apple Computer
2009-12-05 15:18:52 0 d-----w- c:\programdata\Apple
2009-12-05 15:15:59 0 d-----w- c:\programdata\Real
2009-12-05 15:10:46 0 d-----w- c:\program files\common files\xing shared
2009-12-05 15:10:22 0 d-----w- c:\program files\common files\Real
2009-12-05 14:37:47 0 d-----w- c:\program files\MSECache
2009-12-05 13:46:54 0 d-----w- c:\programdata\DoylesRoom
2009-12-05 13:44:43 0 d---a-w- c:\program files\DoylesRoom
2009-12-04 05:34:52 0 d-----w- c:\program files\FileZilla
2009-12-04 04:08:13 376 ----a-w- c:\windows\ODBC.INI
2009-12-04 04:08:07 28040 ----a-w- c:\windows\system32\mdimon.dll
2009-12-04 04:06:12 0 d-----w- c:\program files\common files\L&H
2009-12-04 04:06:01 0 d-----w- c:\program files\Microsoft ActiveSync
2009-12-02 00:28:42 0 d-----w- c:\program files\common files\DivX Shared
2009-12-02 00:28:39 0 d-----w- c:\program files\DivX
2009-11-25 11:01:33 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 06:36:25 0 d-----w- c:\program files\Yamicsoft
2009-11-25 00:39:07 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 00:39:07 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-25 00:39:03 714240 ----a-w- c:\windows\system32\timedate.cpl
2009-11-22 11:22:11 0 d-----w- c:\program files\Full Tilt Poker
2009-11-20 18:31:20 0 d-----w- c:\users\lori\appdata\roaming\UB
2009-11-17 11:23:18 0 d-----w- c:\program files\Windows Portable Devices
2009-11-17 11:23:07 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-17 11:03:10 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-17 11:03:10 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-17 11:03:09 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-17 11:01:54 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-11-17 11:00:24 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-17 11:00:24 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-17 11:00:23 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

==================== Find3M ====================

2009-12-05 15:20:41 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-05 15:20:41 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-05 15:20:41 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-17 11:23:14 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-06 08:25:42 55808 ----a-w- c:\windows\system32\jmmgu.exe
2009-11-03 04:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-13 11:22:56 8192 ----a-w- c:\windows\system32\lbwhw.exe
2009-10-13 10:47:22 7168 ----a-w- c:\windows\cnjug.exe
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-20 14:58:17 60744 ----a-w- c:\users\lori\g2mdlhlpx.exe
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-09-14 09:00:30 52736 --sha-w- c:\windows\system32\pumotozi.dll
2009-09-14 09:00:30 52736 --sha-w- c:\windows\system32\yasazaki.dll
2009-08-26 10:12:42 14 --sh--r- c:\windows\system32\drivers\fbd.sys
2009-08-26 10:12:41 5 --sh--r- c:\windows\system32\drivers\taishop.sys

============= FINISH: 14:38:29.00 ===============

Macy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-12-13
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25773
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help! Trojan Horse PSW.Generic7.AXHO and Clicker.zzj and De

Post by Macy on 14th December 2009, 10:48 pm

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/26/2009 2:16:28 AM
System Uptime: 12/14/2009 2:31:39 PM (0 hours ago)

Motherboard: ATI | | SB600
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-58 | Socket M2/S1G1 | 1900/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 297 GiB total, 221.313 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AVG Free 8.5
Casino 33
Casino Share

==== End Of File ===========================

Macy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-12-13
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25773
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help! Trojan Horse PSW.Generic7.AXHO and Clicker.zzj and De

Post by Belahzur on 15th December 2009, 1:15 am

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.]

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Drivers to disable:
BtwSrv
fastnetsrv
ndisdrv
winsts
vylxbxpz

Drivers to delete:
BtwSrv
fastnetsrv
ndisdrv
winsts
vylxbxpz

Files to delete:
c:\windows\system32\drivers\uuoxdt.sys
C:\dens.exe
c:\windows\system32\ALDQLJ.exe
C:\siuhb.exe
C:\enhs.exe
C:\waees.exe
C:\utpo.exe
C:\acad.exe
c:\windows\duxc8820.exe
c:\windows\eocwu3617.exe
c:\windows\bukp56323.exe
c:\windows\system32\jmmgu.exe
c:\windows\system32\lbwhw.exe
c:\windows\cnjug.exe
c:\windows\system32\pumotozi.dll
c:\windows\system32\yasazaki.dll


Folders to delete:
c:\users\lori\appdata\roaming\FrostWire
c:\programdata\numitopi
c:\programdata\hopagatu
c:\programdata\bepepono

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help! Trojan Horse PSW.Generic7.AXHO and Clicker.zzj and De

Post by Macy on 15th December 2009, 1:48 am

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "BtwSrv" disabled successfully.
Driver "fastnetsrv" disabled successfully.
Driver "ndisdrv" disabled successfully.
Driver "winsts" disabled successfully.

Error: could not open driver "vylxbxpz"
Disablement of driver "vylxbxpz" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Driver "BtwSrv" deleted successfully.
Driver "fastnetsrv" deleted successfully.
Driver "ndisdrv" deleted successfully.
Driver "winsts" deleted successfully.

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\vylxbxpz" not found!
Deletion of driver "vylxbxpz" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "c:\windows\system32\drivers\uuoxdt.sys"
Deletion of file "c:\windows\system32\drivers\uuoxdt.sys" failed!
Status: 0xc0000001 (STATUS_UNSUCCESSFUL)


Error: file "C:\dens.exe" not found!
Deletion of file "C:\dens.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\windows\system32\ALDQLJ.exe" deleted successfully.
File "C:\siuhb.exe" deleted successfully.
File "C:\enhs.exe" deleted successfully.
File "C:\waees.exe" deleted successfully.
File "C:\utpo.exe" deleted successfully.
File "C:\acad.exe" deleted successfully.
File "c:\windows\duxc8820.exe" deleted successfully.

Error: file "c:\windows\eocwu3617.exe" not found!
Deletion of file "c:\windows\eocwu3617.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\windows\bukp56323.exe" deleted successfully.
File "c:\windows\system32\jmmgu.exe" deleted successfully.
File "c:\windows\system32\lbwhw.exe" deleted successfully.
File "c:\windows\cnjug.exe" deleted successfully.

Error: file "c:\windows\system32\pumotozi.dll" not found!
Deletion of file "c:\windows\system32\pumotozi.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\yasazaki.dll" not found!
Deletion of file "c:\windows\system32\yasazaki.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Folder "c:\users\lori\appdata\roaming\FrostWire" deleted successfully.
Folder "c:\programdata\numitopi" deleted successfully.
Folder "c:\programdata\hopagatu" deleted successfully.
Folder "c:\programdata\bepepono" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Macy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-12-13
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25773
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help! Trojan Horse PSW.Generic7.AXHO and Clicker.zzj and De

Post by Belahzur on 15th December 2009, 8:26 pm

Think we need to go deeper.

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help! Trojan Horse PSW.Generic7.AXHO and Clicker.zzj and De

Post by Macy on 15th December 2009, 8:48 pm

Hi Belahzur,

Should I continue even though I'm getting this message.


WARNING!!! Gmer has found system modification, which might have been caused by RootKit activity.

Do you want to fully scan your system?



Macy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-12-13
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25773
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help! Trojan Horse PSW.Generic7.AXHO and Clicker.zzj and De

Post by Macy on 15th December 2009, 9:10 pm

Ok, I tried to run GMER twice. First in regular mode and after it started to scan it unexpectedly halted. I ended up with the blue screen of death. I restarted in Safe Mode and tried to run it again. Again it halted. I tried to start it again and I got the blue screen of death.

I can't seem to run Gmer. Any other suggestions?

Would the System Restore Cd get rid of this stuff or not?

Macy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-12-13
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25773
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help! Trojan Horse PSW.Generic7.AXHO and Clicker.zzj and De

Post by Macy on 15th December 2009, 9:13 pm

Here's what it said in the 'Windows Recovered from an unexpeted Shutdown popups.

1st Blue screen of death recovery:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 1000008e
BCP1: C0000005
BCP2: 81C87D45
BCP3: A21D0A54
BCP4: 00000000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini121509-01.dmp
C:\Users\Lori\AppData\Local\Temp\WER-63211-0.sysdata.xml
C:\Users\Lori\AppData\Local\Temp\WER44BC.tmp.version.txt

Read our privacy statement:
[You must be registered and logged in to see this link.]

--------------------------------------------------
2nd Blue screen of death recovery:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 1000008e
BCP1: C0000005
BCP2: 81C83D45
BCP3: 9C398A54
BCP4: 00000000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini121509-02.dmp
C:\Users\Lori\AppData\Local\Temp\WER-58874-0.sysdata.xml
C:\Users\Lori\AppData\Local\Temp\WER2931.tmp.version.txt

Macy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-12-13
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25773
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help! Trojan Horse PSW.Generic7.AXHO and Clicker.zzj and De

Post by Macy on 15th December 2009, 9:17 pm


Macy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-12-13
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25773
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help! Trojan Horse PSW.Generic7.AXHO and Clicker.zzj and De

Post by Belahzur on 15th December 2009, 11:49 pm

Hello.

Delete GMER and re-download/run it, see if it works.

This time, if GMER shows that warning message again, select no.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help! Trojan Horse PSW.Generic7.AXHO and Clicker.zzj and De

Post by Macy on 16th December 2009, 9:46 am

I can't run Gmer. I've deleted the copy on my desktop and redownloaded it several times. I've tried in regular mode and in Safe Mode. Everytime I start Gmer, I get the same warning message as the first time... I click "no" like you said. Then I click the arrow to the right and scan, like you said. It gets going for a couple of minutes and then the program stops unexpectedly and will not resume. I can only close it then.








Any other ideas? Smile

Macy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-12-13
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25773
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help! Trojan Horse PSW.Generic7.AXHO and Clicker.zzj and De

Post by Belahzur on 16th December 2009, 2:11 pm

I figured something like this would happen.

First of all, that patched system file isn't helping, and one of those services we had the avenger get rid of, has backdoor capabilities. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS).

Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help! Trojan Horse PSW.Generic7.AXHO and Clicker.zzj and De

Post by Macy on 16th December 2009, 6:08 pm

Hi Belahzur,

First, thank you very much for the time you've taken trying to help me sort this out. I really appreciate your last post. Although it's rather scary, it's good to know and I'll do exactly what you said. I do have a few questions though.

Should I worry much that the other two computers that are on this wireless network I have at home might have been infected by my laptop? Should I run any of your nifty programs on my desktop to make sure it's not infected by the same thing passed on by the laptop through the wireless network?

Are you pretty sure a format will really wipe it all out? This same laptop had major virus/trojan issues about 6 months ago and my restore CD from Toshiba didn't get rid of it. Even though I chose the format option. I ended up getting a new hard drive.

Can you tell me the best way to format? I don't trust to do it only by using the restore cd now, since that didn't get rid of it all the last time. Is it just "Fomat C:" ? Or are there any other paremeters, values, etc., that I need to include with that?

Lastly, I think I'm finally done with this Free Anti-virus crap. I'd like to get the best anti-virus protection I can now, and that means I'm going to stop beinga cheapskate and buy it. Can you tell me, in your opinion, what you think is the best anti-virus program to get? (Regardless of price) I've heard some say nod32. I've never used that before, I've only used Norton in the past. What would you recommend?

That's it for now. Thanks again so very much for all your time and help. It is very much appreciated.

Macy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-12-13
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25773
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help! Trojan Horse PSW.Generic7.AXHO and Clicker.zzj and De

Post by Macy on 16th December 2009, 6:50 pm

P.S. I'm not very confident in the reovery cd since earlier this year after using it, then taking the laptop to a shop since it didn't load all the software right, I found out there still was some hȋdden start-up virus like program on the system.

So, if I do end up having to use my Toshiba Rocovery CD to do my format, is there some program you have here that we can fun afterwards to make sure all of the nasty trojans are gone?

Macy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-12-13
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25773
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help! Trojan Horse PSW.Generic7.AXHO and Clicker.zzj and De

Post by Belahzur on 16th December 2009, 9:58 pm

The restore CD is likely to be a repair CD, not an actual CD for installing Windows from, you may need to buy one. Most PC shops are pushing XP out and giving out Vista DVD's.

I wouldn't recommend Norton to save my life, takes up too much resources. I would probably go with the premium version of Avira if I had to choose.

After a format, basic protection is all you should need really.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help! Trojan Horse PSW.Generic7.AXHO and Clicker.zzj and De

Post by Macy on 16th December 2009, 10:13 pm

Hi Belahzur,

Thank you very much.
You've been very helpful and supportive. Smile

Macy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-12-13
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25773
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help! Trojan Horse PSW.Generic7.AXHO and Clicker.zzj and De

Post by Macy on 31st December 2009, 10:03 am

Hi again...

I finally got to formatting my hard drive using the Toshiba System Restore CD's and just got that done tonight.

Do you have any nifty instructions for me that I could do to make sure there's nothing still lurking on my system, or in a startup file hȋdden? I'm not a computer whiz and I'd hate to think that maybe I didn't wipe everything as well as I should have, and trouble was still on the laptop.

Macy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-12-13
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25773
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help! Trojan Horse PSW.Generic7.AXHO and Clicker.zzj and De

Post by Belahzur on 31st December 2009, 4:22 pm

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum