OMG Wtf BBQ

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Re: OMG Wtf BBQ

Post by Dr Jay on Sat Feb 06, 2010 7:17 pm

Please run [You must be registered and logged in to see this link.] online scan.

  • Click the big green Scan now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Once the scan is completed, please hit the notepad icon next to the text Export to:
  • Save it to a convenient location such as your Desktop
  • Post the contents of the ActiveScan.txt in your next reply


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Mon Feb 08, 2010 3:14 am

;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-02-07 19:13:52
PROTECTIONS: 1
MALWARE: 34
SUSPECTS: 3
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\low\student@casalemedia[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@casalemedia[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\low\student@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\low\student@atdmt[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@247realmedia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@247realmedia[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\low\student@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@mediaplex[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\low\student@com[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@statcounter[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\low\student@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\low\student@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@burstnet[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@burstnet[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@bs.serving-sys[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@[You must be registered and logged in to see this link.]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@server.iad.liveperson[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\low\student@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@advertising[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@statse.webtrendslive[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@statse.webtrendslive[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@overture[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\low\student@realmedia[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\low\student@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@zedo[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@target[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@atwola[2].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No c:\users\alex\appdata\roaming\microsoft\windows\cookies\alex@ads.addynamix[1].txt
00954094 Rootkit/Bagle.UV Virus/Worm Yes 2 Yes No c:\windows\system32\drivers\uti5otu4.sys
01196325 Cookie/Enhance TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\low\student@enhance[2].txt
01196325 Cookie/Enhance TrackingCookie No 0 Yes No c:\users\student\appdata\roaming\microsoft\windows\cookies\student@enhance[1].txt
01692698 Generic Malware Virus/Trojan No 0 Yes No c:\users\student\appdata\locallow\macromedia\shockwave player\xtras\download\thegroovealliance\3dgroovextrav181\groove.x32
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\qoobox\quarantine\c\windows\system32\h8srtmybfmwddov.dll.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\qoobox\quarantine\c\windows\system32\h8srtvidlhmeeot.dll.vir
05886270 Adware/SystemGuard2009 Adware No 0 Yes No c:\qoobox\quarantine\c\windows\system32\h8srtxwisbtqvxc.dll.vir
05898765 Trj/Nabload.DPS Virus/Trojan No 0 Yes No c:\combofix\catchme.tmp
05898765 Trj/Nabload.DPS Virus/Trojan No 0 Yes No c:\combofix\catchme.cfxxe
05898765 Trj/Nabload.DPS Virus/Trojan No 0 No No c:\users\alex\desktop\cf.rar[cf\combofix.exe][32788r22fwjfw\catchme.cfxxe]
05898765 Trj/Nabload.DPS Virus/Trojan No 0 No No c:\users\alex\desktop\cf\combofix.exe[32788r22fwjfw\catchme.cfxxe]
05898765 Trj/Nabload.DPS Virus/Trojan No 0 No No c:\$recycle.bin\s-1-5-21-2477132465-1982460745-463720481-1000\$r7z6h5a.exe[32788r22fwjfw\catchme.cfxxe]
05898765 Trj/Nabload.DPS Virus/Trojan No 0 No No c:\users\student\desktop\cf.rar[cf\combofix.exe][32788r22fwjfw\catchme.cfxxe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\program files\corel\dvd moviefactory for toshiba\dvd moviefactory\sqplus.dll
No c:\users\student\doctorweb\quarantine\$rwtnjz0.exe
No c:\users\student\doctorweb\quarantine\63329bdcd00
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28798
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on Mon Feb 08, 2010 3:31 am

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


To remove all of the tools we used and the files and folders they created, please do the following:
Please download [You must be registered and logged in to see this link.] by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


==

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Restricted on Mon Feb 08, 2010 4:00 am

Results of screen317's Security Check version 0.99.1
Windows Vista Service Pack 2 (UAC is enabled)
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET Online Scanner v3
PC Tools Firewall Plus 6.0
WMIC entry does not exist for antivirus; attempting automatic update.
Avira updated!
``````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 17
Adobe Flash Player 10
Adobe Reader 9.1
``````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Restricted
Intermediate
Intermediate

Posts Posts : 158
Joined Joined : 2009-06-11
OS OS : Win7 Ultimate 32-bit
Protection Protection : Avira
Points Points : 28798
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OMG Wtf BBQ

Post by Dr Jay on Mon Feb 08, 2010 3:19 pm

Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

=======

All clean. Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum