eksplorasi.exe appearing on my computer

View previous topic View next topic Go down

Solved eksplorasi.exe appearing on my computer

Post by xiiaoboy on Tue Aug 12, 2008 11:21 am

hellos ;D
my computer had this double folders keep appearing on 'my documents' . i had this virus previously as well , but this time , this virus came from my camera when i wanted to extract pictures out of it. But i don't remember plugging in my camera before i had this virus , so here's the LogFile.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:48 PM, on 8/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\ED\System32\smss.exe
C:\WINDOWS\ED\system32\winlogon.exe
C:\WINDOWS\ED\system32\services.exe
C:\WINDOWS\ED\system32\lsass.exe
C:\WINDOWS\ED\system32\svchost.exe
C:\WINDOWS\ED\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ED\Explorer.exe
C:\WINDOWS\ED\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\ED\system32\igfxtray.exe
C:\WINDOWS\ED\system32\hkcmd.exe
C:\WINDOWS\ED\system32\igfxpers.exe
C:\WINDOWS\ED\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\ED\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\ED\system32\ctfmon.exe
C:\Documents and Settings\edward\Local Settings\Application Data\winlogon.exe
C:\Documents and Settings\edward\Local Settings\Application Data\services.exe
C:\Documents and Settings\edward\Local Settings\Application Data\lsass.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\ED\system32\wuauclt.exe
C:\Documents and Settings\edward\Desktop\GeekPolice.exe
C:\WINDOWS\ED\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\ED\eksplorasi.exe"
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\ED\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\ED\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\ED\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\ED\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\ED\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\ED\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ED\ShellNew\bronstab.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\ED\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\edward\Local Settings\Application Data\smss.exe"
O4 - HKUS\S-1-5-18\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\smss.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\smss.exe" (User 'Default user')
O4 - S-1-5-20 Startup: Empty.pif = ? (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: Empty.pif = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Empty.pif = ? (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Startup: Empty.pif = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\ED\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\ED\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs:
O23 - Service: 40AA701A - Unknown owner - C:\WINDOWS\ED\system32\DE952BE.EXE (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 6451 bytes


Hope you could help me ;DD
thanks ;]

xiiaoboy
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2008-04-23
Points Points : 31480
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: eksplorasi.exe appearing on my computer

Post by Belahzur on Tue Aug 12, 2008 11:56 am

Hello and welcome to GP.
We have alot of cleaning to do.

First, open Hijack This.
Select Do a system scan only
Tick the boxes next to these lines.

F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\ED\eksplorasi.exe"
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ED\ShellNew\bronstab.exe"
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\edward\Local Settings\Application Data\smss.exe"
O4 - HKUS\S-1-5-18\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\smss.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\smss.exe" (User 'Default user')
O4 - S-1-5-20 Startup: Empty.pif = ? (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: Empty.pif = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Empty.pif = ? (User 'Default user')
O4 - Startup: Empty.pif = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O20 - AppInit_DLLs:
O23 - Service: 40AA701A - Unknown owner - C:\WINDOWS\ED\system32\DE952BE.EXE (file missing)


Close all other browsers and windows.
Press Fix checked.
===

Next, download this file, [You must be registered and logged in to see this link.]

Do not run it just yet.

Please download [You must be registered and logged in to see this link.] and save it as it's originally named, next to ComboFix.exe.



Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, it will ask you whether or not to continue with the malware scan. Select Yes, and post the resultant log.

Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved eksplorasi.exe appearing on my computer

Post by xiiaoboy on Tue Aug 12, 2008 3:23 pm

alrights.
Here is the ComboFix LogFile ;DD

ComboFix 08-08-11.01 - edward 2008-08-12 23:15:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1658 [GMT -7:00]
Running from: C:\Documents and Settings\edward\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\edward\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\edward\Local Settings\Application Data\inetinfo.exe
C:\Documents and Settings\edward\Local Settings\Application Data\lsass.exe
C:\Documents and Settings\edward\Local Settings\Application Data\services.exe
C:\Documents and Settings\edward\Local Settings\Application Data\winlogon.exe
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\inetinfo.exe
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\lsass.exe
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\services.exe
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\winlogon.exe
C:\WINDOWS\ED\system32\98EB1DD8.DLL

.
((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))
.

2008-08-12 13:06 . 2008-08-12 13:06 d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-12 13:06 . 2008-08-12 13:06 d-------- C:\Program Files\Adobe Media Player
2008-08-10 20:34 . 2004-04-23 22:43 374,752 --a------ C:\WINDOWS\ED\system32\WUSBGXP.sys
2008-08-10 20:34 . 2004-01-07 17:04 339,488 --a------ C:\WINDOWS\ED\system32\WUSB20XP.sys
2008-08-10 20:34 . 2005-10-17 19:50 245,376 --a------ C:\WINDOWS\ED\system32\rt2500usb.sys
2008-08-10 20:34 . 2008-08-10 20:34 20,747 --a------ C:\WINDOWS\ED\system32\drivers\AegisP.sys
2008-08-10 20:34 . 2005-02-01 18:18 17,992 --a------ C:\WINDOWS\ED\system32\bcm42rly.sys
2008-08-10 20:34 . 2004-04-23 22:43 9,254 --a------ C:\WINDOWS\ED\system32\WUSB54GV2.inf
2008-08-10 20:34 . 2004-02-03 19:13 8,090 --a------ C:\WINDOWS\ED\system32\WUSB54G.cat
2008-08-10 20:34 . 2005-11-03 01:11 8,022 --a------ C:\WINDOWS\ED\system32\rt2500usb.cat
2008-08-10 20:33 . 2008-08-10 20:33 1,811 --a------ C:\WINDOWS\ED\system32\WLAN.INI
2008-08-09 10:55 . 2008-08-09 10:55 d-------- C:\Documents and Settings\edward\Application Data\Nexon
2008-08-08 09:21 . 2008-08-08 09:21 d-------- C:\Documents and Settings\Administrator.EDWARD-27207B25
2008-08-08 08:11 . 2008-08-08 08:11 d--h----- C:\WINDOWS\ED\PIF
2008-08-08 08:00 . 2004-08-03 08:01 25,856 --a------ C:\WINDOWS\ED\system32\drivers\usbprint.sys
2008-08-08 07:11 . 2008-08-08 07:13 d-------- C:\Documents and Settings\edward\Application Data\uTorrent
2008-08-08 07:07 . 2004-08-03 08:08 26,496 --a--c--- C:\WINDOWS\ED\system32\dllcache\usbstor.sys
2008-08-08 04:37 . 2008-08-08 06:38 d-------- C:\Documents and Settings\All Users.ED\Application Data\Spybot - Search & Destroy
2008-08-08 04:36 . 2008-08-12 19:24 d-------- C:\Documents and Settings\edward\Tracing
2008-08-08 04:19 . 2006-11-12 23:02 288,768 --------- C:\WINDOWS\ED\system32\rhttpaa.dll
2008-08-08 04:19 . 2006-11-12 23:02 116,736 --------- C:\WINDOWS\ED\system32\aaclient.dll
2008-08-08 04:19 . 2006-11-12 23:02 36,352 --------- C:\WINDOWS\ED\system32\tsgqec.dll
2008-08-08 02:27 . 2008-08-08 02:27 268 --ah----- C:\sqmdata19.sqm
2008-08-08 02:27 . 2008-08-08 02:27 244 --ah----- C:\sqmnoopt19.sqm
2008-08-08 02:14 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\ED\system32\drivers\bthport.sys
2008-08-08 02:14 . 2008-06-13 06:10 272,128 -----c--- C:\WINDOWS\ED\system32\dllcache\bthport.sys
2008-08-08 02:06 . 2008-08-08 04:19 d--h----- C:\WINDOWS\ED\$hf_mig$
2008-08-07 20:13 . 2008-08-07 20:13 268 --ah----- C:\sqmdata18.sqm
2008-08-07 20:13 . 2008-08-07 20:13 244 --ah----- C:\sqmnoopt18.sqm
2008-08-07 11:38 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\ED\system32\GTW32N50.dll
2008-08-07 11:38 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\ED\system32\GTNDIS3.VXD
2008-08-07 11:38 . 2005-02-01 18:18 17,992 --a------ C:\WINDOWS\ED\system32\drivers\bcm42rly.sys
2008-08-07 11:38 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\ED\system32\GTNDIS5.sys
2008-08-07 10:39 . 2008-08-07 10:39 268 --ah----- C:\sqmdata17.sqm
2008-08-07 10:39 . 2008-08-07 10:39 244 --ah----- C:\sqmnoopt17.sqm
2008-08-07 10:32 . 2008-08-07 10:32 268 --ah----- C:\sqmdata16.sqm
2008-08-07 10:32 . 2008-08-07 10:32 244 --ah----- C:\sqmnoopt16.sqm
2008-08-07 10:29 . 2008-08-07 10:29 268 --ah----- C:\sqmdata15.sqm
2008-08-07 10:29 . 2008-08-07 10:29 244 --ah----- C:\sqmnoopt15.sqm
2008-08-07 10:28 . 2008-08-07 10:28 d-------- C:\WINDOWS\ED\system32\Atheros_L2
2008-08-07 10:25 . 2008-08-07 10:25 268 --ah----- C:\sqmdata14.sqm
2008-08-07 10:25 . 2008-08-07 10:25 244 --ah----- C:\sqmnoopt14.sqm
2008-08-07 10:10 . 2007-07-30 04:19 43,352 --a------ C:\WINDOWS\ED\system32\wups2.dll
2008-08-07 10:10 . 2007-07-30 04:18 34,136 --a------ C:\WINDOWS\ED\system32\wucltui.dll.mui
2008-08-07 10:10 . 2007-07-30 04:19 25,944 --a------ C:\WINDOWS\ED\system32\wuaucpl.cpl.mui
2008-08-07 10:10 . 2007-07-30 04:19 25,944 --a------ C:\WINDOWS\ED\system32\wuapi.dll.mui
2008-08-07 10:10 . 2007-07-30 04:18 20,312 --a------ C:\WINDOWS\ED\system32\wuaueng.dll.mui
2008-08-07 09:45 . 1998-10-29 01:45 306,688 --a------ C:\WINDOWS\ED\IsUninst.exe
2008-08-07 09:45 . 2004-08-03 08:08 142,976 --a------ C:\WINDOWS\ED\system32\drivers\usbport.sys
2008-08-07 09:45 . 2004-08-03 08:08 142,976 --a--c--- C:\WINDOWS\ED\system32\dllcache\usbport.sys
2008-08-07 09:45 . 2008-08-07 09:45 268 --ah----- C:\sqmdata13.sqm
2008-08-07 09:45 . 2008-08-07 09:45 244 --ah----- C:\sqmnoopt13.sqm
2008-08-07 09:38 . 2008-08-07 09:38 268 --ah----- C:\sqmdata12.sqm
2008-08-07 09:38 . 2008-08-07 09:38 244 --ah----- C:\sqmnoopt12.sqm
2008-08-07 09:31 . 2008-08-07 09:31 268 --ah----- C:\sqmdata11.sqm
2008-08-07 09:31 . 2008-08-07 09:31 244 --ah----- C:\sqmnoopt11.sqm
2008-08-07 09:19 . 2008-08-07 09:19 268 --ah----- C:\sqmdata10.sqm
2008-08-07 09:19 . 2008-08-07 09:19 244 --ah----- C:\sqmnoopt10.sqm
2008-08-07 05:36 . 2008-08-07 05:36 268 --ah----- C:\sqmdata09.sqm
2008-08-07 05:36 . 2008-08-07 05:36 244 --ah----- C:\sqmnoopt09.sqm
2008-08-07 05:23 . 2008-08-07 05:23 268 --ah----- C:\sqmdata08.sqm
2008-08-07 05:23 . 2008-08-07 05:23 244 --ah----- C:\sqmnoopt08.sqm
2008-08-07 05:21 . 2004-08-04 05:00 13,463,552 --a--c--- C:\WINDOWS\ED\system32\dllcache\hwxjpn.dll
2008-08-07 05:20 . 2004-08-04 05:00 811,064 --a------ C:\WINDOWS\ED\system32\imjp81k.dll
2008-08-07 05:18 . 2008-08-07 05:18 d-------- C:\Documents and Settings\All Users.ED\Application Data\Messenger Plus!
2008-08-07 05:17 . 2004-08-04 05:00 177,698 --a--c--- C:\WINDOWS\ED\system32\dllcache\c_10003.nls
2008-08-07 05:17 . 2004-08-04 05:00 177,698 --a------ C:\WINDOWS\ED\system32\c_10003.nls
2008-08-07 05:17 . 2004-08-04 05:00 162,850 --a--c--- C:\WINDOWS\ED\system32\dllcache\c_10001.nls
2008-08-07 05:17 . 2004-08-04 05:00 162,850 --a------ C:\WINDOWS\ED\system32\c_10001.nls
2008-08-07 05:17 . 2008-08-07 05:17 268 --ah----- C:\sqmdata07.sqm
2008-08-07 05:17 . 2008-08-07 05:17 244 --ah----- C:\sqmnoopt07.sqm
2008-08-07 05:11 . 2008-08-07 05:11 385 --a------ C:\WINDOWS\ED\ODBC.INI
2008-08-07 05:10 . 2008-08-08 09:10 d-------- C:\WINDOWS\ED\ShellNew
2008-08-07 05:09 . 2008-08-07 05:09 d-------- C:\Documents and Settings\edward\Application Data\Microsoft Web Folders
2008-08-07 05:05 . 2008-08-07 05:05 268 --ah----- C:\sqmdata06.sqm
2008-08-07 05:05 . 2008-08-07 05:05 244 --ah----- C:\sqmnoopt06.sqm
2008-08-07 05:04 . 2008-08-12 22:13 d-------- C:\Documents and Settings\edward\Application Data\Hamachi
2008-08-07 05:03 . 2003-03-18 14:20 1,060,864 --a------ C:\WINDOWS\ED\system32\MFC71.dll
2008-08-07 05:03 . 2003-03-18 13:14 499,712 --a------ C:\WINDOWS\ED\system32\MSVCP71.dll
2008-08-07 05:03 . 2003-02-20 21:42 348,160 --a------ C:\WINDOWS\ED\system32\MSVCR71.dll
2008-08-07 05:03 . 2008-08-08 06:39 25,280 --a------ C:\WINDOWS\ED\system32\drivers\hamachi.sys
2008-08-07 05:01 . 2008-08-08 09:06 d-------- C:\Documents and Settings\edward\Application Data\Comodo
2008-08-07 05:01 . 2008-08-07 10:31 249,592 --a------ C:\WINDOWS\ED\system32\cssdll32.dll
2008-08-07 04:48 . 2008-08-07 04:48 940,794 --a------ C:\WINDOWS\ED\system32\LoopyMusic.wav
2008-08-07 04:48 . 2008-08-07 04:48 146,650 --a------ C:\WINDOWS\ED\system32\BuzzingBee.wav
2008-08-07 04:47 . 2007-04-15 21:50 172,032 --a------ C:\WINDOWS\ED\system32\igfxres.dll
2008-08-07 04:45 . 2008-08-07 04:45 d-------- C:\WINDOWS\ED\system32\Lang
2008-08-07 04:43 . 2005-03-15 23:23 13,696 -ra------ C:\WINDOWS\ED\system32\drivers\BIOS.sys
2008-08-07 04:42 . 2008-08-07 04:42 d-------- C:\Program Files\Java
2008-08-07 04:42 . 2008-06-09 11:32 73,728 --a------ C:\WINDOWS\ED\system32\javacpl.cpl
2008-08-07 04:41 . 2008-08-07 04:41 d-------- C:\Program Files\Alcohol Soft
2008-08-07 04:39 . 2008-08-07 04:39 d-------- C:\Documents and Settings\All Users.ED\Application Data\FreeRIP
2008-08-07 04:39 . 2008-08-07 04:39 715,248 --a------ C:\WINDOWS\ED\system32\drivers\sptd.sys
2008-08-07 04:38 . 2008-08-07 04:38 d-------- C:\Documents and Settings\edward\Application Data\iMesh
2008-08-07 04:38 . 2007-11-22 07:00 483,328 --a------ C:\WINDOWS\ED\system32\actskn45.ocx
2008-08-07 04:34 . 2008-08-07 04:34 552 --a------ C:\WINDOWS\ED\system32\d3d8caps.dat
2008-08-07 04:33 . 2008-08-07 04:33 d-------- C:\4435dbcb90e6a567cf7e6579cb
2008-08-07 04:32 . 2008-08-07 04:32 d-------- C:\WINDOWS\ED\system32\LogFiles
2008-08-07 04:32 . 2008-08-07 04:33 d-------- C:\WINDOWS\ED\system32\drivers\UMDF
2008-08-07 04:32 . 2008-08-07 04:33 d-------- C:\78df8c4f1b89827f50
2008-08-07 04:32 . 2006-09-25 02:58 23,856 --a------ C:\WINDOWS\ED\system32\spupdsvc.exe
2008-08-07 03:54 . 2008-08-07 03:54 13,646 --a------ C:\WINDOWS\ED\system32\wpa.bak
2008-08-06 22:27 . 2008-08-06 22:27 d--hs---- C:\Documents and Settings\edward\UserData
2008-08-06 22:25 . 2008-08-06 22:25 d-------- C:\Documents and Settings\edward\Application Data\LG Electronics
2008-08-06 22:10 . 2008-08-06 22:10 d-------- C:\Documents and Settings\edward\Application Data\InstallShield
2008-08-06 16:02 . 2004-08-03 15:59 57,472 --a------ C:\WINDOWS\ED\system32\drivers\redbook.sys
2008-08-06 16:02 . 2001-08-17 06:59 3,072 --a------ C:\WINDOWS\ED\system32\drivers\audstub.sys
2008-08-06 16:01 . 2004-08-03 09:56 74,240 --a------ C:\WINDOWS\ED\system32\usbui.dll
2008-08-06 16:01 . 2004-08-03 09:56 74,240 --a--c--- C:\WINDOWS\ED\system32\dllcache\usbui.dll
2008-08-06 02:22 . 2008-08-08 06:39 d-------- C:\Program Files\Hamachi
2008-08-05 05:07 . 2008-08-08 09:06 d-------- C:\Program Files\COMODO
2008-08-05 04:45 . 2008-08-05 04:45 d-------- C:\Program Files\Common Files\Java
2008-08-03 07:28 . 2008-08-03 07:28 d-------- C:\Program Files\Alwil Software
2008-08-01 02:35 . 2008-08-01 02:35 d-------- C:\Documents and Settings\Administrator
2008-07-31 09:38 . 2008-07-31 09:38 268 --ah----- C:\sqmdata05.sqm
2008-07-31 09:38 . 2008-07-31 09:38 172 --ah----- C:\sqmnoopt05.sqm
2008-07-31 06:07 . 2008-08-03 22:33 d-------- C:\Program Files\Yahoo!
2008-07-31 06:07 . 2008-07-31 06:07 d-------- C:\Program Files\CCleaner
2008-07-31 05:48 . 2008-07-31 05:48 268 --ah----- C:\sqmdata04.sqm
2008-07-31 05:48 . 2008-07-31 05:48 244 --ah----- C:\sqmnoopt04.sqm
2008-07-31 05:44 . 2008-08-04 01:21 d-------- C:\Program Files\CleanUp!
2008-07-31 05:42 . 2008-07-31 05:42 d-------- C:\VundoFix Backups
2008-07-31 05:15 . 2008-08-08 04:38 d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-31 04:48 . 2008-07-31 04:48 268 --ah----- C:\sqmdata03.sqm
2008-07-31 04:48 . 2008-07-31 04:48 244 --ah----- C:\sqmnoopt03.sqm

xiiaoboy
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2008-04-23
Points Points : 31480
# Likes # Likes : 0

View user profile

Back to top Go down

Solved eksplorasi.exe appearing on my computer

Post by xiiaoboy on Tue Aug 12, 2008 3:24 pm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-11 03:34 --------- d-----w C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2008-08-07 12:09 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-07 12:05 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-07 12:04 --------- d-----w C:\Program Files\Garena
2008-08-07 11:46 315,392 ----a-w C:\WINDOWS\ED\HideWin.exe
2008-08-07 11:39 --------- d-----w C:\Program Files\FreeRIP3
2008-08-07 11:37 --------- d-----w C:\Program Files\Freecorder
2008-08-07 11:37 --------- d-----w C:\Program Files\Free WMA to MP3 Converter
2008-08-07 11:36 --------- d-----w C:\Program Files\Freecorder Toolbar
2008-08-07 05:11 --------- d-----w C:\Program Files\LG PC Suite 2
2008-08-04 05:32 --------- d-----w C:\Program Files\Google
2008-07-31 11:40 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-07-07 14:57 --------- d-----w C:\Program Files\Gravity
2008-07-07 05:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-07 05:28 --------- d-----w C:\Program Files\LG Electronics
2008-07-06 16:50 --------- d-----w C:\Program Files\EPSON
2008-07-06 16:29 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-05 03:24 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-07-05 02:14 --------- d-----w C:\Program Files\Free Download Manager
2008-07-03 15:08 --------- d-----w C:\Program Files\iMesh Applications
2008-07-03 15:08 --------- d-----w C:\Program Files\Conduit
2008-07-03 14:43 --------- d-----w C:\Program Files\uTorrent
2008-07-03 14:38 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-02 15:31 --------- d-----w C:\Program Files\Windows Live
2008-07-02 15:30 --------- d-----w C:\Program Files\Lavalys
2008-07-02 15:30 --------- d-----w C:\Program Files\danny_kay1710
2008-07-02 13:39 --------- d-----w C:\Program Files\Realtek
2008-07-02 13:38 --------- d-----w C:\Program Files\Driver
2008-07-02 13:37 --------- d-----w C:\Program Files\Intel
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\ED\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\ED\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\ED\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\ED\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2008-04-15 20:06 1524760]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2008-04-15 20:06 1524760 --a------ C:\Program Files\Freecorder\tbFree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2008-04-15 20:06 1524760]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2008-04-15 20:06 1524760]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 00:20 222080]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-07 00:34 3739672]
"ctfmon.exe"="C:\WINDOWS\ED\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-09 13:27 144784]
"IgfxTray"="C:\WINDOWS\ED\system32\igfxtray.exe" [2007-04-15 21:51 135168]
"HotKeysCmds"="C:\WINDOWS\ED\system32\hkcmd.exe" [2007-04-15 21:51 155648]
"Persistence"="C:\WINDOWS\ED\system32\igfxpers.exe" [2007-04-15 21:51 131072]
"IMJPMIG8.1"="C:\WINDOWS\ED\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 05:00 208952]
"PHIME2002ASync"="C:\WINDOWS\ED\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\ED\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 07:38 78008]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 03:30 16855552 C:\WINDOWS\ED\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-10-10 20:04 1826816 C:\WINDOWS\ED\SkyTel.exe]

C:\Documents and Settings\edward\Start Menu\Programs\Startup\
Adobe Media Player.lnk - C:\Program Files\Adobe Media Player\Adobe Media Player.exe [2008-08-12 13:06:19 260096]

C:\Documents and Settings\All Users.ED\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 13:05:56 65588]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableCMD"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\ED\system32\drivers\aswSP.sys [2008-07-19 07:35]
R1 BIOS;BIOS;C:\WINDOWS\ED\system32\drivers\BIOS.sys [2005-03-15 23:23]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\ED\system32\DRIVERS\aswFsBlk.sys [2008-07-19 07:37]
R2 WUSB54Gv42SVC;WUSB54Gv42SVC;C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54Gv42.exe []
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\ED\system32\DRIVERS\cmdguard.sys []
S1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\ED\system32\DRIVERS\cmdhlp.sys []
S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\ED\system32\DRIVERS\l251x86.sys [2007-07-03 03:33]
S4 40AA701A;40AA701A;C:\WINDOWS\ED\system32\DE952BE.EXE []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ef9a876-6553-11dd-bce9-001c1067e942}]
\Shell\Auto\command - auto.exe
\Shell\AutoRun\command - C:\WINDOWS\ED\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ef9a877-6553-11dd-bce9-001c1067e942}]
\Shell\Auto\command - G:\auto.exe
\Shell\AutoRun\command - C:\WINDOWS\ED\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-COMODO SafeSurf - C:\Program Files\COMODO\SafeSurf\cssurf.exe
HKLM-Run-COMODO Firewall Pro - C:\Program Files\COMODO\Firewall\cfp.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-08-12 23:16:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-12 23:17:30
ComboFix-quarantined-files.txt 2008-08-13 06:17:29

Pre-Run: 86,232,031,232 bytes free
Post-Run: 86,273,249,280 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\ED
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\ED="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

277 --- E O F --- 2008-08-08 09:06:45

xiiaoboy
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2008-04-23
Points Points : 31480
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: eksplorasi.exe appearing on my computer

Post by Belahzur on Tue Aug 12, 2008 3:44 pm

That's one messy log. Afraid

Now open a new notepad file.
Input this into the notepad file:

File::
C:\sqmdata19.sqm
C:\sqmnoopt19.sqm
C:\sqmdata18.sqm
C:\sqmnoopt18.sqm
C:\sqmdata17.sqm
C:\sqmnoopt17.sqm
C:\sqmdata16.sqm
C:\sqmnoopt16.sqm
C:\sqmdata15.sqm
C:\sqmnoopt15.sqm
C:\sqmdata14.sqm
C:\sqmnoopt14.sqm
C:\sqmdata13.sqm
C:\sqmnoopt13.sqm
C:\sqmdata12.sqm
C:\sqmnoopt12.sqm
C:\sqmdata11.sqm
C:\sqmnoopt11.sqm
C:\sqmdata10.sqm
C:\sqmnoopt10.sqm
C:\sqmdata09.sqm
C:\sqmnoopt09.sqm
C:\sqmdata08.sqm
C:\sqmnoopt08.sqm
C:\sqmdata07.sqm
C:\sqmnoopt07.sqm
C:\sqmdata06.sqm
C:\sqmnoopt06.sqm
C:\sqmdata05.sqm
C:\sqmnoopt05.sqm
C:\sqmdata04.sqm
C:\sqmnoopt04.sqm
C:\sqmdata03.sqm
C:\sqmnoopt03.sqm
C:\sqmdata02.sqm
C:\sqmnoopt02.sqm
C:\sqmdata01.sqm
C:\sqmnoopt01.sqm
C:\sqmdata.sqm
C:\sqmnoopt.sqm

Folder::
C:\4435dbcb90e6a567cf7e6579cb
C:\78df8c4f1b89827f50
C:\VundoFix Backups

Driver::
40AA701A

Registry::
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableCMD"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ef9a876-6553-11dd-bce9-001c1067e942}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ef9a877-6553-11dd-bce9-001c1067e942}]

Save this as CFScript.txt, save it to your desktop also.
Then drag CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved eksplorasi.exe appearing on my computer

Post by xiiaoboy on Wed Aug 13, 2008 7:08 am

oh , very messy? LOL .
alrights. here's the new LogFile.

ComboFix 08-08-12.01 - edward 2008-08-13 15:01:37.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1645 [GMT -7:00]
Running from: C:\Documents and Settings\edward\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\edward\Desktop\CFscript.txt
* Created a new restore point

FILE ::
C:\sqmdata.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\sqmnoopt19.sqm
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\4435dbcb90e6a567cf7e6579cb
C:\4435dbcb90e6a567cf7e6579cb\update\update.exe
C:\4435dbcb90e6a567cf7e6579cb\update\updspapi.dll
C:\78df8c4f1b89827f50
C:\78df8c4f1b89827f50\update\update.exe
C:\DOCUME~1\edward\LOCALS~1\Temp\tmp2.tmp
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\sqmnoopt19.sqm
C:\VundoFix Backups

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_40AA701A
-------\Service_40AA701A


((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))
.

2008-08-12 13:06 . 2008-08-12 13:06 d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-12 13:06 . 2008-08-12 13:06 d-------- C:\Program Files\Adobe Media Player
2008-08-10 20:34 . 2004-04-23 22:43 374,752 --a------ C:\WINDOWS\ED\system32\WUSBGXP.sys
2008-08-10 20:34 . 2004-01-07 17:04 339,488 --a------ C:\WINDOWS\ED\system32\WUSB20XP.sys
2008-08-10 20:34 . 2005-10-17 19:50 245,376 --a------ C:\WINDOWS\ED\system32\rt2500usb.sys
2008-08-10 20:34 . 2008-08-10 20:34 20,747 --a------ C:\WINDOWS\ED\system32\drivers\AegisP.sys
2008-08-10 20:34 . 2005-02-01 18:18 17,992 --a------ C:\WINDOWS\ED\system32\bcm42rly.sys
2008-08-10 20:34 . 2004-04-23 22:43 9,254 --a------ C:\WINDOWS\ED\system32\WUSB54GV2.inf
2008-08-10 20:34 . 2004-02-03 19:13 8,090 --a------ C:\WINDOWS\ED\system32\WUSB54G.cat
2008-08-10 20:34 . 2005-11-03 01:11 8,022 --a------ C:\WINDOWS\ED\system32\rt2500usb.cat
2008-08-10 20:33 . 2008-08-10 20:33 1,811 --a------ C:\WINDOWS\ED\system32\WLAN.INI
2008-08-09 10:55 . 2008-08-09 10:55 d-------- C:\Documents and Settings\edward\Application Data\Nexon
2008-08-08 09:21 . 2008-08-08 09:21 d-------- C:\Documents and Settings\Administrator.EDWARD-27207B25
2008-08-08 08:11 . 2008-08-08 08:11 d--h----- C:\WINDOWS\ED\PIF
2008-08-08 08:00 . 2004-08-03 08:01 25,856 --a------ C:\WINDOWS\ED\system32\drivers\usbprint.sys
2008-08-08 07:11 . 2008-08-08 07:13 d-------- C:\Documents and Settings\edward\Application Data\uTorrent
2008-08-08 07:07 . 2004-08-03 08:08 26,496 --a--c--- C:\WINDOWS\ED\system32\dllcache\usbstor.sys
2008-08-08 04:37 . 2008-08-08 06:38 d-------- C:\Documents and Settings\All Users.ED\Application Data\Spybot - Search & Destroy
2008-08-08 04:36 . 2008-08-13 12:54 d-------- C:\Documents and Settings\edward\Tracing
2008-08-08 04:19 . 2006-11-12 23:02 288,768 --------- C:\WINDOWS\ED\system32\rhttpaa.dll
2008-08-08 04:19 . 2006-11-12 23:02 116,736 --------- C:\WINDOWS\ED\system32\aaclient.dll
2008-08-08 04:19 . 2006-11-12 23:02 36,352 --------- C:\WINDOWS\ED\system32\tsgqec.dll
2008-08-08 02:14 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\ED\system32\drivers\bthport.sys
2008-08-08 02:14 . 2008-06-13 06:10 272,128 -----c--- C:\WINDOWS\ED\system32\dllcache\bthport.sys
2008-08-08 02:06 . 2008-08-08 04:19 d--h----- C:\WINDOWS\ED\$hf_mig$
2008-08-07 11:38 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\ED\system32\GTW32N50.dll
2008-08-07 11:38 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\ED\system32\GTNDIS3.VXD
2008-08-07 11:38 . 2005-02-01 18:18 17,992 --a------ C:\WINDOWS\ED\system32\drivers\bcm42rly.sys
2008-08-07 11:38 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\ED\system32\GTNDIS5.sys
2008-08-07 10:28 . 2008-08-07 10:28 d-------- C:\WINDOWS\ED\system32\Atheros_L2
2008-08-07 10:10 . 2007-07-30 04:19 43,352 --a------ C:\WINDOWS\ED\system32\wups2.dll
2008-08-07 10:10 . 2007-07-30 04:18 34,136 --a------ C:\WINDOWS\ED\system32\wucltui.dll.mui
2008-08-07 10:10 . 2007-07-30 04:19 25,944 --a------ C:\WINDOWS\ED\system32\wuaucpl.cpl.mui
2008-08-07 10:10 . 2007-07-30 04:19 25,944 --a------ C:\WINDOWS\ED\system32\wuapi.dll.mui
2008-08-07 10:10 . 2007-07-30 04:18 20,312 --a------ C:\WINDOWS\ED\system32\wuaueng.dll.mui
2008-08-07 09:45 . 1998-10-29 01:45 306,688 --a------ C:\WINDOWS\ED\IsUninst.exe
2008-08-07 09:45 . 2004-08-03 08:08 142,976 --a------ C:\WINDOWS\ED\system32\drivers\usbport.sys
2008-08-07 09:45 . 2004-08-03 08:08 142,976 --a--c--- C:\WINDOWS\ED\system32\dllcache\usbport.sys
2008-08-07 05:21 . 2004-08-04 05:00 13,463,552 --a--c--- C:\WINDOWS\ED\system32\dllcache\hwxjpn.dll
2008-08-07 05:20 . 2004-08-04 05:00 811,064 --a------ C:\WINDOWS\ED\system32\imjp81k.dll
2008-08-07 05:18 . 2008-08-07 05:18 d-------- C:\Documents and Settings\All Users.ED\Application Data\Messenger Plus!
2008-08-07 05:17 . 2004-08-04 05:00 177,698 --a--c--- C:\WINDOWS\ED\system32\dllcache\c_10003.nls
2008-08-07 05:17 . 2004-08-04 05:00 177,698 --a------ C:\WINDOWS\ED\system32\c_10003.nls
2008-08-07 05:17 . 2004-08-04 05:00 162,850 --a--c--- C:\WINDOWS\ED\system32\dllcache\c_10001.nls
2008-08-07 05:17 . 2004-08-04 05:00 162,850 --a------ C:\WINDOWS\ED\system32\c_10001.nls
2008-08-07 05:11 . 2008-08-07 05:11 385 --a------ C:\WINDOWS\ED\ODBC.INI
2008-08-07 05:10 . 2008-08-08 09:10 d-------- C:\WINDOWS\ED\ShellNew
2008-08-07 05:09 . 2008-08-07 05:09 d-------- C:\Documents and Settings\edward\Application Data\Microsoft Web Folders
2008-08-07 05:04 . 2008-08-13 00:59 d-------- C:\Documents and Settings\edward\Application Data\Hamachi
2008-08-07 05:03 . 2003-03-18 14:20 1,060,864 --a------ C:\WINDOWS\ED\system32\MFC71.dll
2008-08-07 05:03 . 2003-03-18 13:14 499,712 --a------ C:\WINDOWS\ED\system32\MSVCP71.dll
2008-08-07 05:03 . 2003-02-20 21:42 348,160 --a------ C:\WINDOWS\ED\system32\MSVCR71.dll
2008-08-07 05:03 . 2008-08-08 06:39 25,280 --a------ C:\WINDOWS\ED\system32\drivers\hamachi.sys
2008-08-07 05:01 . 2008-08-08 09:06 d-------- C:\Documents and Settings\edward\Application Data\Comodo
2008-08-07 05:01 . 2008-08-07 10:31 249,592 --a------ C:\WINDOWS\ED\system32\cssdll32.dll
2008-08-07 04:48 . 2008-08-07 04:48 940,794 --a------ C:\WINDOWS\ED\system32\LoopyMusic.wav
2008-08-07 04:48 . 2008-08-07 04:48 146,650 --a------ C:\WINDOWS\ED\system32\BuzzingBee.wav
2008-08-07 04:47 . 2007-04-15 21:50 172,032 --a------ C:\WINDOWS\ED\system32\igfxres.dll
2008-08-07 04:45 . 2008-08-07 04:45 d-------- C:\WINDOWS\ED\system32\Lang
2008-08-07 04:43 . 2005-03-15 23:23 13,696 -ra------ C:\WINDOWS\ED\system32\drivers\BIOS.sys
2008-08-07 04:42 . 2008-08-07 04:42 d-------- C:\Program Files\Java
2008-08-07 04:42 . 2008-06-09 11:32 73,728 --a------ C:\WINDOWS\ED\system32\javacpl.cpl
2008-08-07 04:41 . 2008-08-07 04:41 d-------- C:\Program Files\Alcohol Soft
2008-08-07 04:39 . 2008-08-07 04:39 d-------- C:\Documents and Settings\All Users.ED\Application Data\FreeRIP
2008-08-07 04:39 . 2008-08-07 04:39 715,248 --a------ C:\WINDOWS\ED\system32\drivers\sptd.sys
2008-08-07 04:38 . 2008-08-07 04:38 d-------- C:\Documents and Settings\edward\Application Data\iMesh
2008-08-07 04:38 . 2007-11-22 07:00 483,328 --a------ C:\WINDOWS\ED\system32\actskn45.ocx
2008-08-07 04:34 . 2008-08-07 04:34 552 --a------ C:\WINDOWS\ED\system32\d3d8caps.dat
2008-08-07 04:32 . 2008-08-07 04:32 d-------- C:\WINDOWS\ED\system32\LogFiles
2008-08-07 04:32 . 2008-08-07 04:33 d-------- C:\WINDOWS\ED\system32\drivers\UMDF
2008-08-07 04:32 . 2006-09-25 02:58 23,856 --a------ C:\WINDOWS\ED\system32\spupdsvc.exe
2008-08-07 03:54 . 2008-08-07 03:54 13,646 --a------ C:\WINDOWS\ED\system32\wpa.bak
2008-08-06 22:27 . 2008-08-06 22:27 d--hs---- C:\Documents and Settings\edward\UserData
2008-08-06 22:25 . 2008-08-06 22:25 d-------- C:\Documents and Settings\edward\Application Data\LG Electronics
2008-08-06 22:10 . 2008-08-06 22:10 d-------- C:\Documents and Settings\edward\Application Data\InstallShield
2008-08-06 16:02 . 2004-08-03 15:59 57,472 --a------ C:\WINDOWS\ED\system32\drivers\redbook.sys
2008-08-06 16:02 . 2001-08-17 06:59 3,072 --a------ C:\WINDOWS\ED\system32\drivers\audstub.sys
2008-08-06 16:01 . 2004-08-03 09:56 74,240 --a------ C:\WINDOWS\ED\system32\usbui.dll
2008-08-06 16:01 . 2004-08-03 09:56 74,240 --a--c--- C:\WINDOWS\ED\system32\dllcache\usbui.dll
2008-08-06 02:22 . 2008-08-08 06:39 d-------- C:\Program Files\Hamachi
2008-08-05 05:07 . 2008-08-08 09:06 d-------- C:\Program Files\COMODO
2008-08-05 04:45 . 2008-08-05 04:45 d-------- C:\Program Files\Common Files\Java
2008-08-03 07:28 . 2008-08-03 07:28 d-------- C:\Program Files\Alwil Software
2008-08-01 02:35 . 2008-08-01 02:35 d-------- C:\Documents and Settings\Administrator
2008-07-31 06:07 . 2008-08-03 22:33 d-------- C:\Program Files\Yahoo!
2008-07-31 06:07 . 2008-07-31 06:07 d-------- C:\Program Files\CCleaner
2008-07-31 05:44 . 2008-08-04 01:21 d-------- C:\Program Files\CleanUp!
2008-07-31 05:15 . 2008-08-08 04:38 d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-31 04:39 . 2008-08-08 03:38 268 --ah----- C:\sqmdata00.sqm
2008-07-31 04:39 . 2008-08-08 03:38 244 --ah----- C:\sqmnoopt00.sqm
2008-07-25 10:12 . 2008-07-25 10:12 d-------- C:\Program Files\Common Files\Adobe
2008-07-23 09:17 . 2008-07-23 09:17 d-------- C:\Program Files\Common Files\MainConcept
2008-07-23 08:30 . 2008-07-23 08:30 d-------- C:\Program Files\MSXML 6.0
2008-07-23 08:30 . 2008-07-23 08:30 d-------- C:\Program Files\Common Files\Nokia
2008-07-23 08:21 . 2008-07-23 08:21 d-------- C:\Program Files\SimpleCenter
2008-07-23 08:21 . 2008-07-23 08:21 d-------- C:\Program Files\Common Files\i4j_jres
2008-07-23 08:20 . 2008-07-23 08:20 d-------- C:\Program Files\PC Connectivity Solution
2008-07-23 08:20 . 2008-07-23 08:20 d-------- C:\Program Files\DIFX
2008-07-23 08:20 . 2008-07-23 08:20 d-------- C:\Program Files\Common Files\PCSuite
2008-07-23 08:19 . 2008-08-03 22:31 d-------- C:\Program Files\Nokia

xiiaoboy
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2008-04-23
Points Points : 31480
# Likes # Likes : 0

View user profile

Back to top Go down

Solved eksplorasi.exe appearing on my computer

Post by xiiaoboy on Wed Aug 13, 2008 7:09 am

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-11 03:34 --------- d-----w C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2008-08-07 12:09 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-07 12:05 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-07 12:04 --------- d-----w C:\Program Files\Garena
2008-08-07 11:46 315,392 ----a-w C:\WINDOWS\ED\HideWin.exe
2008-08-07 11:39 --------- d-----w C:\Program Files\FreeRIP3
2008-08-07 11:37 --------- d-----w C:\Program Files\Freecorder
2008-08-07 11:37 --------- d-----w C:\Program Files\Free WMA to MP3 Converter
2008-08-07 11:36 --------- d-----w C:\Program Files\Freecorder Toolbar
2008-08-07 05:11 --------- d-----w C:\Program Files\LG PC Suite 2
2008-08-04 05:32 --------- d-----w C:\Program Files\Google
2008-07-31 11:40 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-07-07 14:57 --------- d-----w C:\Program Files\Gravity
2008-07-07 05:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-07 05:28 --------- d-----w C:\Program Files\LG Electronics
2008-07-06 16:50 --------- d-----w C:\Program Files\EPSON
2008-07-06 16:29 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-05 03:24 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-07-05 02:14 --------- d-----w C:\Program Files\Free Download Manager
2008-07-03 15:08 --------- d-----w C:\Program Files\iMesh Applications
2008-07-03 15:08 --------- d-----w C:\Program Files\Conduit
2008-07-03 14:43 --------- d-----w C:\Program Files\uTorrent
2008-07-03 14:38 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-02 15:31 --------- d-----w C:\Program Files\Windows Live
2008-07-02 15:30 --------- d-----w C:\Program Files\Lavalys
2008-07-02 15:30 --------- d-----w C:\Program Files\danny_kay1710
2008-07-02 13:39 --------- d-----w C:\Program Files\Realtek
2008-07-02 13:38 --------- d-----w C:\Program Files\Driver
2008-07-02 13:37 --------- d-----w C:\Program Files\Intel
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\ED\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\ED\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\ED\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\ED\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\ED\erdnt\subs\ERDNT.EXE
+ 2008-08-13 22:04:02 16,384 ----atw C:\WINDOWS\ED\Temp\Perflib_Perfdata_64c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2008-04-15 20:06 1524760]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2008-04-15 20:06 1524760 --a------ C:\Program Files\Freecorder\tbFree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2008-04-15 20:06 1524760]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2008-04-15 20:06 1524760]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 00:20 222080]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-07 00:34 3739672]
"ctfmon.exe"="C:\WINDOWS\ED\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-09 13:27 144784]
"IgfxTray"="C:\WINDOWS\ED\system32\igfxtray.exe" [2007-04-15 21:51 135168]
"HotKeysCmds"="C:\WINDOWS\ED\system32\hkcmd.exe" [2007-04-15 21:51 155648]
"Persistence"="C:\WINDOWS\ED\system32\igfxpers.exe" [2007-04-15 21:51 131072]
"IMJPMIG8.1"="C:\WINDOWS\ED\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 05:00 208952]
"PHIME2002ASync"="C:\WINDOWS\ED\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\ED\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 03:30 16855552 C:\WINDOWS\ED\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-10-10 20:04 1826816 C:\WINDOWS\ED\SkyTel.exe]

C:\Documents and Settings\edward\Start Menu\Programs\Startup\
Adobe Media Player.lnk - C:\Program Files\Adobe Media Player\Adobe Media Player.exe [2008-08-12 13:06:19 260096]

C:\Documents and Settings\All Users.ED\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 13:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\ED\system32\drivers\aswSP.sys [2008-07-19 07:35]
R1 BIOS;BIOS;C:\WINDOWS\ED\system32\drivers\BIOS.sys [2005-03-15 23:23]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\ED\system32\DRIVERS\aswFsBlk.sys [2008-07-19 07:37]
R2 WUSB54Gv42SVC;WUSB54Gv42SVC;C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54Gv42.exe []
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\ED\system32\DRIVERS\cmdguard.sys []
S1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\ED\system32\DRIVERS\cmdhlp.sys []
S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\ED\system32\DRIVERS\l251x86.sys [2007-07-03 03:33]

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-08-13 15:04:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\ED\system32\igfxsrvc.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
.
**************************************************************************
.
Completion time: 2008-08-13 15:05:52 - machine was rebooted [edward]
ComboFix-quarantined-files.txt 2008-08-13 22:05:50
ComboFix2.txt 2008-08-13 06:17:31

Pre-Run: 86,167,990,272 bytes free
Post-Run: 86,194,429,952 bytes free

324 --- E O F --- 2008-08-08 09:06:45

xiiaoboy
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2008-04-23
Points Points : 31480
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: eksplorasi.exe appearing on my computer

Post by Belahzur on Wed Aug 13, 2008 11:51 am

Looks good.
Next, click Start > Run
Type in:

ComboFix /u
Press enter. (note the space between the x and /)

Then, delete these files:
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm
===

Your log shows you have Malwarebytes Anti-malware already on your system.
* Update Malwarebytes Anti-malware.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log with a fresh copy of HijackThis log.
===
Also let me know how the machine is doing? better than before we started cleaning?

Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved eksplorasi.exe appearing on my computer

Post by xiiaoboy on Wed Aug 13, 2008 2:01 pm

alright .
Here is the MBAM LogFile.

Malwarebytes' Anti-Malware 1.24
Database version: 1047
Windows 5.1.2600 Service Pack 2

09:47:09 2008-08-13
mbam-log-8-13-2008 (09-47-09).txt

Scan type: Quick Scan
Objects scanned: 49798
Time elapsed: 3 minute(s), 1 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
C:\Documents and Settings\edward\Local Settings\Application Data\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.
C:\Documents and Settings\edward\Local Settings\Application Data\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.
C:\Documents and Settings\edward\Local Settings\Application Data\services.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.
C:\Documents and Settings\edward\Local Settings\Application Data\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tok-cirrhatus (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\edward\Local Settings\Application Data\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\edward\Local Settings\Application Data\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\services.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\edward\Local Settings\Application Data\services.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\smss.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\edward\Local Settings\Application Data\smss.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\edward\Local Settings\Application Data\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


And Here is the HijackThis LogFile.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49, on 2008-08-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\ED\System32\smss.exe
C:\WINDOWS\ED\system32\winlogon.exe
C:\WINDOWS\ED\system32\services.exe
C:\WINDOWS\ED\system32\lsass.exe
C:\WINDOWS\ED\system32\svchost.exe
C:\WINDOWS\ED\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ED\Explorer.exe
C:\WINDOWS\ED\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\ED\system32\igfxtray.exe
C:\WINDOWS\ED\system32\hkcmd.exe
C:\WINDOWS\ED\system32\igfxpers.exe
C:\WINDOWS\ED\RTHDCPL.EXE
C:\WINDOWS\ED\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\ED\system32\ctfmon.exe
C:\Documents and Settings\edward\Local Settings\Application Data\winlogon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Documents and Settings\edward\Local Settings\Application Data\services.exe
C:\Documents and Settings\edward\Local Settings\Application Data\lsass.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\ED\system32\wuauclt.exe
C:\WINDOWS\ED\system32\NOTEPAD.EXE
C:\WINDOWS\ED\system32\NOTEPAD.EXE
C:\Documents and Settings\edward\Desktop\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\ED\eksplorasi.exe"
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\ED\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\ED\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\ED\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\ED\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\ED\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\ED\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ED\ShellNew\bronstab.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\ED\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\edward\Local Settings\Application Data\smss.exe"
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Startup: Empty.pif = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\ED\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\ED\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 5877 bytes

it just somehow comes back all and all.
and my computer keep restarting when i tried to come into this forum D;
what could have happened?
Thanks ;D

xiiaoboy
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2008-04-23
Points Points : 31480
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: eksplorasi.exe appearing on my computer

Post by Belahzur on Wed Aug 13, 2008 2:06 pm

You didn't use system restore did you?
Please re-run combofix again. (without the CFScript, just run it normally)

O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ED\ShellNew\bronstab.exe"

bronstab.exe is an email worm, if you opened the same email, this is probably how the infection returned. Try not to open emails that look out of character.

Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved eksplorasi.exe appearing on my computer

Post by xiiaoboy on Wed Aug 13, 2008 2:25 pm

Use system restore point?
nope , i did not even used it once before.
Oh yeah . i had 8000 plus mails in my inbox.
I have deleted all of them anyway ;DD
Alright , Here is the new clean LogFile For both MBAM and HijackThis.

MBAM LogFile...

Malwarebytes' Anti-Malware 1.24
Database version: 1047
Windows 5.1.2600 Service Pack 2

22:21:21 2008-08-13
mbam-log-8-13-2008 (22-21-21).txt

Scan type: Quick Scan
Objects scanned: 49459
Time elapsed: 2 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\edward\Local Settings\Application Data\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\edward\Local Settings\Application Data\smss.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


HijackThis LogFile ..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21, on 2008-08-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\ED\System32\smss.exe
C:\WINDOWS\ED\system32\winlogon.exe
C:\WINDOWS\ED\system32\services.exe
C:\WINDOWS\ED\system32\lsass.exe
C:\WINDOWS\ED\system32\svchost.exe
C:\WINDOWS\ED\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ED\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\ED\system32\igfxtray.exe
C:\WINDOWS\ED\system32\hkcmd.exe
C:\WINDOWS\ED\system32\igfxpers.exe
C:\WINDOWS\ED\RTHDCPL.EXE
C:\WINDOWS\ED\system32\igfxsrvc.exe
C:\WINDOWS\ED\system32\ctfmon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\ED\explorer.exe
C:\WINDOWS\ED\system32\NOTEPAD.EXE
C:\Documents and Settings\edward\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\ED\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\ED\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\ED\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\ED\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\ED\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\ED\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\ED\system32\ctfmon.exe
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\ED\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\ED\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 4914 bytes

oh yeah , so are there still backdoors viruses or infections on my computer?
i had run the combofix as well , do i need to post it as well?

xiiaoboy
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2008-04-23
Points Points : 31480
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: eksplorasi.exe appearing on my computer

Post by Belahzur on Wed Aug 13, 2008 2:26 pm

Yes.
I need to see what files exist again.

Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved eksplorasi.exe appearing on my computer

Post by xiiaoboy on Wed Aug 13, 2008 2:32 pm

oh okay.
Here is the ComboFix LogFile.

ComboFix 08-08-12.01 - edward 2008-08-13 22:15:49.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1616 [GMT 8:00]
Running from: C:\Documents and Settings\edward\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\edward\Local Settings\Application Data\inetinfo.exe
C:\Documents and Settings\edward\Local Settings\Application Data\lsass.exe
C:\Documents and Settings\edward\Local Settings\Application Data\services.exe
C:\Documents and Settings\edward\Local Settings\Application Data\winlogon.exe
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\inetinfo.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))
.

2008-08-14 11:14 . 2008-08-14 11:14 d-------- C:\Documents and Settings\edward\Application Data\Malwarebytes
2008-08-14 11:14 . 2008-08-14 11:14 d-------- C:\Documents and Settings\All Users.ED\Application Data\Malwarebytes
2008-08-14 11:14 . 2008-07-31 11:07 38,472 --a------ C:\WINDOWS\ED\system32\drivers\mbamswissarmy.sys
2008-08-14 11:14 . 2008-07-31 11:07 17,144 --a------ C:\WINDOWS\ED\system32\drivers\mbam.sys
2008-08-13 04:06 . 2008-08-13 04:06 d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-13 04:06 . 2008-08-13 04:06 d-------- C:\Program Files\Adobe Media Player
2008-08-11 11:34 . 2004-04-24 13:43 374,752 --a------ C:\WINDOWS\ED\system32\WUSBGXP.sys
2008-08-11 11:34 . 2004-01-08 08:04 339,488 --a------ C:\WINDOWS\ED\system32\WUSB20XP.sys
2008-08-11 11:34 . 2005-10-18 10:50 245,376 --a------ C:\WINDOWS\ED\system32\rt2500usb.sys
2008-08-11 11:34 . 2008-08-11 11:34 20,747 --a------ C:\WINDOWS\ED\system32\drivers\AegisP.sys
2008-08-11 11:34 . 2005-02-02 09:18 17,992 --a------ C:\WINDOWS\ED\system32\bcm42rly.sys
2008-08-11 11:34 . 2004-04-24 13:43 9,254 --a------ C:\WINDOWS\ED\system32\WUSB54GV2.inf
2008-08-11 11:34 . 2004-02-04 10:13 8,090 --a------ C:\WINDOWS\ED\system32\WUSB54G.cat
2008-08-11 11:34 . 2005-11-03 16:11 8,022 --a------ C:\WINDOWS\ED\system32\rt2500usb.cat
2008-08-11 11:33 . 2008-08-11 11:33 1,811 --a------ C:\WINDOWS\ED\system32\WLAN.INI
2008-08-10 01:55 . 2008-08-10 01:55 d-------- C:\Documents and Settings\edward\Application Data\Nexon
2008-08-09 00:21 . 2008-08-09 00:21 d-------- C:\Documents and Settings\Administrator.EDWARD-27207B25
2008-08-08 23:11 . 2008-08-08 23:11 d--h----- C:\WINDOWS\ED\PIF
2008-08-08 23:00 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\ED\system32\drivers\usbprint.sys
2008-08-08 22:11 . 2008-08-08 22:13 d-------- C:\Documents and Settings\edward\Application Data\uTorrent
2008-08-08 22:07 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\ED\system32\dllcache\usbstor.sys
2008-08-08 19:37 . 2008-08-08 21:38 d-------- C:\Documents and Settings\All Users.ED\Application Data\Spybot - Search & Destroy
2008-08-08 19:36 . 2008-08-13 22:02 d-------- C:\Documents and Settings\edward\Tracing
2008-08-08 19:19 . 2006-11-13 14:02 288,768 --------- C:\WINDOWS\ED\system32\rhttpaa.dll
2008-08-08 19:19 . 2006-11-13 14:02 116,736 --------- C:\WINDOWS\ED\system32\aaclient.dll
2008-08-08 19:19 . 2006-11-13 14:02 36,352 --------- C:\WINDOWS\ED\system32\tsgqec.dll
2008-08-08 17:14 . 2008-06-13 21:10 272,128 --------- C:\WINDOWS\ED\system32\drivers\bthport.sys
2008-08-08 17:14 . 2008-06-13 21:10 272,128 -----c--- C:\WINDOWS\ED\system32\dllcache\bthport.sys
2008-08-08 17:06 . 2008-08-08 19:19 d--h----- C:\WINDOWS\ED\$hf_mig$
2008-08-08 02:38 . 2003-10-14 06:30 94,208 --a------ C:\WINDOWS\ED\system32\GTW32N50.dll
2008-08-08 02:38 . 2003-09-26 14:28 31,930 --a------ C:\WINDOWS\ED\system32\GTNDIS3.VXD
2008-08-08 02:38 . 2005-02-02 09:18 17,992 --a------ C:\WINDOWS\ED\system32\drivers\bcm42rly.sys
2008-08-08 02:38 . 2003-09-26 13:15 15,872 --a------ C:\WINDOWS\ED\system32\GTNDIS5.sys
2008-08-08 01:28 . 2008-08-08 01:28 d-------- C:\WINDOWS\ED\system32\Atheros_L2
2008-08-08 01:10 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\ED\system32\wups2.dll
2008-08-08 01:10 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\ED\system32\wucltui.dll.mui
2008-08-08 01:10 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\ED\system32\wuaucpl.cpl.mui
2008-08-08 01:10 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\ED\system32\wuapi.dll.mui
2008-08-08 01:10 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\ED\system32\wuaueng.dll.mui
2008-08-08 00:45 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\ED\IsUninst.exe
2008-08-08 00:45 . 2004-08-03 23:08 142,976 --a------ C:\WINDOWS\ED\system32\drivers\usbport.sys
2008-08-08 00:45 . 2004-08-03 23:08 142,976 --a--c--- C:\WINDOWS\ED\system32\dllcache\usbport.sys
2008-08-07 20:21 . 2004-08-04 20:00 13,463,552 --a--c--- C:\WINDOWS\ED\system32\dllcache\hwxjpn.dll
2008-08-07 20:20 . 2004-08-04 20:00 811,064 --a------ C:\WINDOWS\ED\system32\imjp81k.dll
2008-08-07 20:18 . 2008-08-07 20:18 d-------- C:\Documents and Settings\All Users.ED\Application Data\Messenger Plus!
2008-08-07 20:17 . 2004-08-04 20:00 177,698 --a--c--- C:\WINDOWS\ED\system32\dllcache\c_10003.nls
2008-08-07 20:17 . 2004-08-04 20:00 177,698 --a------ C:\WINDOWS\ED\system32\c_10003.nls
2008-08-07 20:17 . 2004-08-04 20:00 162,850 --a--c--- C:\WINDOWS\ED\system32\dllcache\c_10001.nls
2008-08-07 20:17 . 2004-08-04 20:00 162,850 --a------ C:\WINDOWS\ED\system32\c_10001.nls
2008-08-07 20:11 . 2008-08-07 20:11 385 --a------ C:\WINDOWS\ED\ODBC.INI
2008-08-07 20:10 . 2008-08-09 00:10 d-------- C:\WINDOWS\ED\ShellNew
2008-08-07 20:09 . 2008-08-07 20:09 d-------- C:\Documents and Settings\edward\Application Data\Microsoft Web Folders
2008-08-07 20:04 . 2008-08-14 11:14 d-------- C:\Documents and Settings\edward\Application Data\Hamachi
2008-08-07 20:03 . 2003-03-19 05:20 1,060,864 --a------ C:\WINDOWS\ED\system32\MFC71.dll
2008-08-07 20:03 . 2003-03-19 04:14 499,712 --a------ C:\WINDOWS\ED\system32\MSVCP71.dll
2008-08-07 20:03 . 2003-02-21 12:42 348,160 --a------ C:\WINDOWS\ED\system32\MSVCR71.dll
2008-08-07 20:03 . 2008-08-08 21:39 25,280 --a------ C:\WINDOWS\ED\system32\drivers\hamachi.sys
2008-08-07 20:01 . 2008-08-09 00:06 d-------- C:\Documents and Settings\edward\Application Data\Comodo
2008-08-07 20:01 . 2008-08-08 01:31 249,592 --a------ C:\WINDOWS\ED\system32\cssdll32.dll
2008-08-07 19:48 . 2008-08-07 19:48 940,794 --a------ C:\WINDOWS\ED\system32\LoopyMusic.wav
2008-08-07 19:48 . 2008-08-07 19:48 146,650 --a------ C:\WINDOWS\ED\system32\BuzzingBee.wav
2008-08-07 19:47 . 2007-04-16 12:50 172,032 --a------ C:\WINDOWS\ED\system32\igfxres.dll
2008-08-07 19:45 . 2008-08-07 19:45 d-------- C:\WINDOWS\ED\system32\Lang
2008-08-07 19:43 . 2005-03-16 14:23 13,696 -ra------ C:\WINDOWS\ED\system32\drivers\BIOS.sys
2008-08-07 19:42 . 2008-08-07 19:42 d-------- C:\Program Files\Java
2008-08-07 19:42 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\ED\system32\javacpl.cpl
2008-08-07 19:41 . 2008-08-07 19:41 d-------- C:\Program Files\Alcohol Soft
2008-08-07 19:39 . 2008-08-07 19:39 d-------- C:\Documents and Settings\All Users.ED\Application Data\FreeRIP
2008-08-07 19:39 . 2008-08-07 19:39 715,248 --a------ C:\WINDOWS\ED\system32\drivers\sptd.sys
2008-08-07 19:38 . 2008-08-07 19:38 d-------- C:\Documents and Settings\edward\Application Data\iMesh
2008-08-07 19:38 . 2007-11-22 22:00 483,328 --a------ C:\WINDOWS\ED\system32\actskn45.ocx
2008-08-07 19:34 . 2008-08-07 19:34 552 --a------ C:\WINDOWS\ED\system32\d3d8caps.dat
2008-08-07 19:32 . 2008-08-07 19:32 d-------- C:\WINDOWS\ED\system32\LogFiles
2008-08-07 19:32 . 2008-08-07 19:33 d-------- C:\WINDOWS\ED\system32\drivers\UMDF
2008-08-07 19:32 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\ED\system32\spupdsvc.exe
2008-08-07 18:54 . 2008-08-07 18:54 13,646 --a------ C:\WINDOWS\ED\system32\wpa.bak
2008-08-07 13:27 . 2008-08-14 06:46 d--hs---- C:\Documents and Settings\edward\UserData
2008-08-07 13:25 . 2008-08-07 13:25 d-------- C:\Documents and Settings\edward\Application Data\LG Electronics
2008-08-07 13:10 . 2008-08-07 13:10 d-------- C:\Documents and Settings\edward\Application Data\InstallShield
2008-08-07 07:02 . 2004-08-04 06:59 57,472 --a------ C:\WINDOWS\ED\system32\drivers\redbook.sys
2008-08-07 07:02 . 2001-08-17 21:59 3,072 --a------ C:\WINDOWS\ED\system32\drivers\audstub.sys
2008-08-07 07:01 . 2004-08-04 00:56 74,240 --a------ C:\WINDOWS\ED\system32\usbui.dll
2008-08-07 07:01 . 2004-08-04 00:56 74,240 --a--c--- C:\WINDOWS\ED\system32\dllcache\usbui.dll
2008-08-06 17:22 . 2008-08-08 21:39 d-------- C:\Program Files\Hamachi
2008-08-05 20:07 . 2008-08-09 00:06 d-------- C:\Program Files\COMODO
2008-08-05 19:45 . 2008-08-05 19:45 d-------- C:\Program Files\Common Files\Java
2008-08-03 22:28 . 2008-08-03 22:28 d-------- C:\Program Files\Alwil Software
2008-08-01 17:35 . 2008-08-01 17:35 d-------- C:\Documents and Settings\Administrator
2008-07-31 21:07 . 2008-08-04 13:33 d-------- C:\Program Files\Yahoo!
2008-07-31 21:07 . 2008-07-31 21:07 d-------- C:\Program Files\CCleaner
2008-07-31 20:44 . 2008-08-14 06:41 d-------- C:\Program Files\CleanUp!
2008-07-31 20:15 . 2008-08-08 19:38 d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-26 01:12 . 2008-07-26 01:12 d-------- C:\Program Files\Common Files\Adobe
2008-07-24 00:17 . 2008-07-24 00:17 d-------- C:\Program Files\Common Files\MainConcept
2008-07-23 23:30 . 2008-07-23 23:30 d-------- C:\Program Files\MSXML 6.0
2008-07-23 23:30 . 2008-07-23 23:30 d-------- C:\Program Files\Common Files\Nokia
2008-07-23 23:21 . 2008-07-23 23:21 d-------- C:\Program Files\SimpleCenter
2008-07-23 23:21 . 2008-07-23 23:21 d-------- C:\Program Files\Common Files\i4j_jres
2008-07-23 23:20 . 2008-07-23 23:20 d-------- C:\Program Files\PC Connectivity Solution
2008-07-23 23:20 . 2008-07-23 23:20 d-------- C:\Program Files\DIFX
2008-07-23 23:20 . 2008-07-23 23:20 d-------- C:\Program Files\Common Files\PCSuite
2008-07-23 23:19 . 2008-08-04 13:31 d-------- C:\Program Files\Nokia

xiiaoboy
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2008-04-23
Points Points : 31480
# Likes # Likes : 0

View user profile

Back to top Go down

Solved eksplorasi.exe appearing on my computer

Post by xiiaoboy on Wed Aug 13, 2008 2:32 pm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 03:14 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-11 03:34 --------- d-----w C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2008-08-07 12:09 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-07 12:05 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-07 12:04 --------- d-----w C:\Program Files\Garena
2008-08-07 11:46 315,392 ----a-w C:\WINDOWS\ED\HideWin.exe
2008-08-07 11:39 --------- d-----w C:\Program Files\FreeRIP3
2008-08-07 11:37 --------- d-----w C:\Program Files\Freecorder
2008-08-07 11:37 --------- d-----w C:\Program Files\Free WMA to MP3 Converter
2008-08-07 11:36 --------- d-----w C:\Program Files\Freecorder Toolbar
2008-08-07 05:11 --------- d-----w C:\Program Files\LG PC Suite 2
2008-08-04 05:32 --------- d-----w C:\Program Files\Google
2008-07-07 14:57 --------- d-----w C:\Program Files\Gravity
2008-07-07 05:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-07 05:28 --------- d-----w C:\Program Files\LG Electronics
2008-07-06 16:50 --------- d-----w C:\Program Files\EPSON
2008-07-06 16:29 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-05 03:24 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-07-05 02:14 --------- d-----w C:\Program Files\Free Download Manager
2008-07-03 15:08 --------- d-----w C:\Program Files\iMesh Applications
2008-07-03 15:08 --------- d-----w C:\Program Files\Conduit
2008-07-03 14:43 --------- d-----w C:\Program Files\uTorrent
2008-07-03 14:38 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-02 15:31 --------- d-----w C:\Program Files\Windows Live
2008-07-02 15:30 --------- d-----w C:\Program Files\Lavalys
2008-07-02 15:30 --------- d-----w C:\Program Files\danny_kay1710
2008-07-02 13:39 --------- d-----w C:\Program Files\Realtek
2008-07-02 13:38 --------- d-----w C:\Program Files\Driver
2008-07-02 13:37 --------- d-----w C:\Program Files\Intel
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\ED\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\ED\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\ED\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\ED\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2008-04-16 11:06 1524760]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2008-04-16 11:06 1524760 --a------ C:\Program Files\Freecorder\tbFree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2008-04-16 11:06 1524760]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2008-04-16 11:06 1524760]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 15:20 222080]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-07 15:34 3739672]
"ctfmon.exe"="C:\WINDOWS\ED\system32\ctfmon.exe" [2004-08-04 20:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"IgfxTray"="C:\WINDOWS\ED\system32\igfxtray.exe" [2007-04-16 12:51 135168]
"HotKeysCmds"="C:\WINDOWS\ED\system32\hkcmd.exe" [2007-04-16 12:51 155648]
"Persistence"="C:\WINDOWS\ED\system32\igfxpers.exe" [2007-04-16 12:51 131072]
"IMJPMIG8.1"="C:\WINDOWS\ED\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 20:00 208952]
"PHIME2002ASync"="C:\WINDOWS\ED\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168]
"PHIME2002A"="C:\WINDOWS\ED\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 18:30 16855552 C:\WINDOWS\ED\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-10-11 11:04 1826816 C:\WINDOWS\ED\SkyTel.exe]

C:\Documents and Settings\edward\Start Menu\Programs\Startup\
Adobe Media Player.lnk - C:\Program Files\Adobe Media Player\Adobe Media Player.exe [2008-08-13 04:06:19 260096]

C:\Documents and Settings\All Users.ED\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 04:05:56 65588]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableCMD"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\ED\system32\drivers\aswSP.sys [2008-07-19 22:35]
R1 BIOS;BIOS;C:\WINDOWS\ED\system32\drivers\BIOS.sys [2005-03-16 14:23]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\ED\system32\DRIVERS\aswFsBlk.sys [2008-07-19 22:37]
R2 WUSB54Gv42SVC;WUSB54Gv42SVC;C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54Gv42.exe []
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\ED\system32\DRIVERS\cmdguard.sys []
S1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\ED\system32\DRIVERS\cmdhlp.sys []
S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\ED\system32\DRIVERS\l251x86.sys [2007-07-03 18:33]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-COMODO SafeSurf - C:\Program Files\COMODO\SafeSurf\cssurf.exe
HKLM-Run-COMODO Firewall Pro - C:\Program Files\COMODO\Firewall\cfp.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-08-13 22:17:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-13 22:17:37
ComboFix-quarantined-files.txt 2008-08-13 14:17:35

Pre-Run: 86,321,741,824 bytes free
Post-Run: 86,314,074,112 bytes free

231 --- E O F --- 2008-08-08 09:06:45

xiiaoboy
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2008-04-23
Points Points : 31480
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: eksplorasi.exe appearing on my computer

Post by Belahzur on Wed Aug 13, 2008 2:41 pm

The infection is gone again. Hooray!
I don't know what caused it to come back, but it's the same infection which probably means whatever you did last time you got this infection, you did again.
I don't know caused it, but you need to be careful or you are going to get this infection again and again.

I also need to know if you plugged in any USB drives, because if you did, they are likely to be infected as well.

Next, open a new notepad file.
Input this into the notepad file:

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoFolderOptions"=-

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableCMD"=-

Save this as fix.reg, and save it to your desktop.
Double click fix.reg and merge it with the registry.
Select yes at the prompt.

Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved eksplorasi.exe appearing on my computer

Post by xiiaoboy on Wed Aug 13, 2008 3:22 pm

hahas!
thanks for all your help ;DD
erm , i am currently connecting linksys wireless-G to my computer only.
other than that nothing is plugged onto it.
So i just double click the fix.reg that you told me to do?
alrights , it's done already.
By the way , if the virus is gone , why do i still see double folders left behind in 'my documents' ? o.O ..

once again thanks for you help ;] Cheers Mate

xiiaoboy
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2008-04-23
Points Points : 31480
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: eksplorasi.exe appearing on my computer

Post by Belahzur on Wed Aug 13, 2008 3:24 pm

The fix.reg just took out some restrictions the malware set to stop us from removing it.

Can you post a screenshot about the folders? I don't quite understand what you mean.

Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved eksplorasi.exe appearing on my computer

Post by xiiaoboy on Wed Aug 13, 2008 3:52 pm

oh okay. ahahs.
erm , i deleted all of them already.
but i can roughly tell you what it looks like.
E.G.

I click 'My Documents' and i saw all the applications and folders over there.
I had this 'My Receieved Files' folder , so when i double click it , it went inside and i saw that there is another 'My Received Files' folder. But when i double click it , it lead me to the same folder with 'Folders' option ON.
And i've checked the size of the file , it's 41.0kb.
This size is the same as the eksplorasi.exe when i search it through my computer and found out that it was a hidden files.
It not only put in 'extra files' in 'my documents' , all the 'extra files' are also an .exe file.
So i was guessing that the eksplorasi.exe had changed the name of the 'extra files' to the same name of the folder that i had. Not knowing it , if i double click one of the 'extra folders' again. The whole virus of eksplorasi.exe would act up again. Coming along with the rest of the virus that you told me to delete off the Hijackthis.exe .
yeah. so this is what had exactly happened to my computer.

I've got this virus ever since i search yahoo and wanted to 'download' this thing through mediafire but it made my computer restarted straight away. After that , double folders just appear. Ever since that day , i'm very irritated by this virus ._.
oh well.
Anyway thanks for you help ;DDDD
Wonder who made this virus -.- ..

xiiaoboy
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2008-04-23
Points Points : 31480
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: eksplorasi.exe appearing on my computer

Post by Belahzur on Wed Aug 13, 2008 3:59 pm

Well delete the extra files/folders, they are malware.

"with 'Folders' option ON."

The reg fix I had you do turned them back on, the malware set a policy "NoFolderOptions"

"Wonder who made this virus -.- .."

We'll never know. Malware writers use victims machines to host malware on, kinda like a proxy so they can never be found.

I take it the machine it okay now?

Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: eksplorasi.exe appearing on my computer

Post by Belahzur on Wed Aug 13, 2008 4:01 pm

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we at SWI are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

Hopefully this should take care of your problems! Good luck. Big Grin

Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved eksplorasi.exe appearing on my computer

Post by xiiaoboy on Wed Aug 13, 2008 4:13 pm

[You must be registered and logged in to see this link.] wrote:
The reg fix I had you do turned them back on, the malware set a policy "NoFolderOptions"

Erm , what you meant by turned them back on? o.O ...

xiiaoboy
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2008-04-23
Points Points : 31480
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: eksplorasi.exe appearing on my computer

Post by Belahzur on Wed Aug 13, 2008 4:15 pm

[You must be registered and logged in to see this link.]

Malware sets policies to stop us removing the virus, MBAM picked up the NoFolderOptions policy key if you look back through the MBAM log.

Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved eksplorasi.exe appearing on my computer

Post by xiiaoboy on Wed Aug 13, 2008 4:20 pm

alrights , thanks for you help ;DD
Is Combofix counted as an Anti-virus Program as well?
Oh .. i had this comodo firewall.
Is it better than the rest that you've mentioned?
And spywareblaster is also an firewall right?
o,o i don't know which to install ;x

okay , this had helped me alot already.
thanks for your big help ;]

xiiaoboy
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2008-04-23
Points Points : 31480
# Likes # Likes : 0

View user profile

Back to top Go down

Solved eksplorasi.exe appearing on my computer

Post by xiiaoboy on Wed Aug 13, 2008 4:22 pm

So you're saying that the malware had actually made the computer with the NoFolderOptions? That's terrible ;x
No wonder the options have been disabled.
Okay. i will look out for this as well ;D

xiiaoboy
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2008-04-23
Points Points : 31480
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: eksplorasi.exe appearing on my computer

Post by Belahzur on Wed Aug 13, 2008 4:27 pm

Combofix is not a firewall, nor is it ment to be used without supervision, combofix is extremely powerful and if used incorrectly has the power to trash your machine.

I've never used Comodo, so I have no idea. But I'd say you'd be better off using it to help keep infections out.

Spywareblaster is just basically an anti spyware, but spyware blaster puts over 5000 entries into your host file, this prevents you visiting sites that are known to be full of malware.

Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved eksplorasi.exe appearing on my computer

Post by xiiaoboy on Thu Aug 14, 2008 9:58 am

oh , trash my whole computer?
hahas. alrights then , i will look out for that as well ;DD
Alas , thanks for you big big help!
I will come back here if i have any problems Cheesy Grin (sparkly

xiiaoboy
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2008-04-23
Points Points : 31480
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: eksplorasi.exe appearing on my computer

Post by Jerry Parnell on Thu Aug 14, 2008 10:57 pm

Yes, the comodo firewall will do just fine.

Jerry Parnell
Leader
Leader

Posts Posts : 670
Joined Joined : 2008-08-04
Gender Gender : Male
OS OS : Windows Vista Home Basic
Points Points : 30714
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum