Trojan Gen 2, Super Fortress

View previous topic View next topic Go down

Trojan Gen 2, Super Fortress

Post by janeld on 27th May 2012, 10:49 am

Have had this Trojan appear on my computer, it has taken over.
First of all it disabled Symantec Endpoint and Uniblue , a screen appeared for a programme called Super fortress, I managed to get Symantec again but every time I try to download updates or the OTL programme you want me to scan with, Symantec tells me its infected, the quarantine box is full and I cant delete anything in it.It tels me the files infected are windows installer.
I tried to get into Symantec in safemode but there it tells me the Antivirus and antispyware is not functioning properly and it wont conect to live update.
I ran Malwarebyes,anti spyware in safemode, and whilst it found the trojan it hasnt deleted it.
Help would be really appreciated,Thankyou,,Jane

My computer is XP

janeld
Novice
Novice

Posts Posts : 30
Joined Joined : 2010-05-06
Gender Gender : Female
OS OS : XP home edition, service pack 3
Protection Protection : Symantec Endpoint, Malwarebytes, superantispyware
Points Points : 24455
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Gen 2, Super Fortress

Post by Superdave on 28th May 2012, 1:15 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
***********************************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
**************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download [You must be registered and logged in to see this link.]
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from [You must be registered and logged in to see this link.]
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
**********************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Gen 2, Super Fortress

Post by janeld on 28th May 2012, 5:07 pm

Results of screen317's Security Check version 0.99.39
Windows XP Service Pack 3 x86 (UAC is disabled!)
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java(TM) 6 Update 22
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader 9 Adobe Reader out of date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 7%
[/u]````````````````````End of Log``````````````````````[/u]
results from security check

janeld
Novice
Novice

Posts Posts : 30
Joined Joined : 2010-05-06
Gender Gender : Female
OS OS : XP home edition, service pack 3
Protection Protection : Symantec Endpoint, Malwarebytes, superantispyware
Points Points : 24455
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Gen 2, Super Fortress

Post by janeld on 29th May 2012, 1:14 pm

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 05/29/2012 at 02:02 PM

Application Version : 5.0.1150

Core Rules Database Version : 8650
Trace Rules Database Version: 6462

Scan type : Complete Scan
Total Scan Time : 00:54:01

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 534
Memory threats detected : 0
Registry items scanned : 34131
Registry threats detected : 0
File items scanned : 43660
File threats detected : 53

Adware.Tracking Cookie
C:\Documents and Settings\Jane\Cookies\NZU979QP.txt [ /atdmt.com ]
C:\Documents and Settings\Jane\Cookies\OWW2G9DU.txt [ /tribalfusion.com ]
C:\Documents and Settings\Jane\Cookies\67FEFAW6.txt [ /www.virginmedia.com ]
C:\Documents and Settings\Jane\Cookies\A5B7ZV45.txt [ /revsci.net ]
C:\Documents and Settings\Jane\Cookies\WK4175NZ.txt [ /statcounter.com ]
C:\Documents and Settings\Jane\Cookies\IARTICDM.txt [ /bs.serving-sys.com ]
C:\Documents and Settings\Jane\Cookies\EZ9BJL9A.txt [ /media6degrees.com ]
C:\Documents and Settings\Jane\Cookies\MG073Y2W.txt [ /serving-sys.com ]
C:\Documents and Settings\Jane\Cookies\I3T1RF7N.txt [ /advertising.com ]
C:\Documents and Settings\Jane\Cookies\V9C231XN.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Jane\Cookies\QV2XB1QQ.txt [ /virginmedia.com ]
C:\Documents and Settings\Jane\Cookies\QV8AQX4E.txt [ /ads.bleepingcomputer.com ]
C:\Documents and Settings\Jane\Cookies\F7Q60LX4.txt [ /collective-media.net ]
C:\Documents and Settings\Jane\Cookies\BC8KBD4N.txt [ /at.atwola.com ]
C:\Documents and Settings\Jane\Cookies\GNFV3G5Y.txt [ /interclick.com ]
C:\Documents and Settings\Jane\Cookies\KC11H76V.txt [ /da.virginmedia.com ]
C:\Documents and Settings\Jane\Cookies\RKKY5FBE.txt [ /www.virginmedia.com ]
C:\Documents and Settings\Jane\Cookies\RKHW0O64.txt [ /invitemedia.com ]
C:\Documents and Settings\Jane\Cookies\FZPZDU13.txt [ /kontera.com ]
C:\Documents and Settings\Jane\Cookies\CR2B3YZY.txt [ /atdmt.combing.com ]
C:\Documents and Settings\Jane\Cookies\TI7NATUJ.txt [ /ads.pubmatic.com ]
C:\Documents and Settings\Jane\Cookies\I54I2IY5.txt [ /tacoda.net ]
C:\Documents and Settings\Jane\Cookies\NC0XY04K.txt [ /tacoda.at.atwola.com ]
C:\Documents and Settings\Jane\Cookies\TBZVANWP.txt [ /ar.atwola.com ]
C:\Documents and Settings\Jane\Cookies\VTAMOTDX.txt [ /lucidmedia.com ]
C:\Documents and Settings\Jane\Cookies\6J3242FO.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\Jane\Cookies\NVZYBZYM.txt [ /liveperson.net ]
C:\Documents and Settings\Jane\Cookies\NHGULSWY.txt [ /da.virginmedia.com ]
C:\Documents and Settings\Jane\Cookies\BJDBCD5T.txt [ /doubleclick.net ]
C:\DOCUMENTS AND SETTINGS\ROBERT\Cookies\NVYBINMF.txt [ Cookie:robert@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\ROBERT\Cookies\171UHM2C.txt [ Cookie:robert@da.virginmedia.com/virginmedia/vmmsu/ ]
C:\DOCUMENTS AND SETTINGS\ROBERT\Cookies\CUO7B3G7.txt [ Cookie:robert@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\ROBERT\Cookies\KOFTJU9K.txt [ Cookie:robert@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\ROBERT\Cookies\87P6UQGX.txt [ Cookie:robert@[You must be registered and logged in to see this link.] ]
C:\DOCUMENTS AND SETTINGS\ROBERT\Cookies\NUACCM7Q.txt [ Cookie:robert@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\ROBERT\Cookies\5YQSZ6KX.txt [ Cookie:robert@yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\ROBERT\Cookies\0U392BFB.txt [ Cookie:robert@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\ROBERT\Cookies\R9W13PML.txt [ Cookie:robert@statcounter.com/ ]
C:\DOCUMENTS AND SETTINGS\ROBERT\Cookies\ACHWRTH1.txt [ Cookie:robert@serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\ROBERT\Cookies\DV9EYJ6L.txt [ Cookie:robert@tacoda.at.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\ROBERT\Cookies\684RIPOL.txt [ Cookie:robert@mediaplex.com/ ]
C:\DOCUMENTS AND SETTINGS\ROBERT\Cookies\6J3XY7GV.txt [ Cookie:robert@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\ROBERT\Cookies\SS251TQE.txt [ Cookie:robert@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\ROBERT\Cookies\MCD84DRT.txt [ Cookie:robert@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\ROBERT\Cookies\3TS67R34.txt [ Cookie:robert@tacoda.net/ ]
C:\DOCUMENTS AND SETTINGS\ROBERT\Cookies\EWBDEQPJ.txt [ Cookie:robert@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\ROBERT\Cookies\AMZDPDEH.txt [ Cookie:robert@virginmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\ROBERT\Cookies\VH07MHWB.txt [ Cookie:robert@ad.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\ROBERT\Cookies\4L7BFDX0.txt [ Cookie:robert@da.virginmedia.com/virginmedia/ ]
C:\DOCUMENTS AND SETTINGS\ROBERT\Cookies\NM2TTA0V.txt [ Cookie:robert@[You must be registered and logged in to see this link.] ]
C:\DOCUMENTS AND SETTINGS\ROBERT\Cookies\EKTMWSDO.txt [ Cookie:robert@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\ROBERT\Cookies\7WMNNCJZ.txt [ Cookie:robert@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\ROBERT\Cookies\59022558.txt [ Cookie:robert@ar.atwola.com/ ]
ComboFix 12-05-28.05 - Jane 28/05/2012 21:02:05.1.2 - x86
Running from: c:\documents and settings\Jane\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Jane\Application Data\alot
c:\documents and settings\Jane\WINDOWS
c:\windows\system32\Cache
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-28 )))))))))))))))))))))))))))))))
.
.
2012-05-28 17:10 . 2012-05-28 17:10 -------- d-----w- c:\documents and settings\Jane\Application Data\SUPERAntiSpyware.com
2012-05-28 17:09 . 2012-05-28 17:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-28 17:09 . 2012-05-28 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-05-25 15:05 . 2012-05-25 18:01 -------- d-----w- c:\program files\Common Files\Win
2012-05-25 15:05 . 2012-05-25 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D561D2000485B2000125A6D151FC4E
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-25 15:15 . 2010-11-02 19:14 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-05-25 15:15 . 2010-11-02 19:14 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-05-05 10:04 . 2012-03-30 11:46 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 10:04 . 2011-06-05 21:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:26 . 2010-07-20 14:09 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:23 . 2010-07-20 14:11 1871360 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:42 . 2010-02-16 12:12 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 14:56 . 2010-12-01 20:21 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 10:58 . 2010-07-20 14:11 919552 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:58 . 2010-07-20 14:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 10:58 . 2010-07-20 14:07 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:08 . 2010-07-20 14:11 178176 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:08 . 2008-04-14 04:41 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:30 . 2010-07-20 14:07 385024 ----a-w- c:\windows\system32\html.iec
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-07-20 . A02BF7E8C036A2A8587F70A038922449 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWPersistentQueuedReporting"="c:\program files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE" [2011-07-27 434080]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 102400]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 1505144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"KB976002-v5"="advpack.dll" [2010-07-20 128512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2010-07-20 128512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-11-3 113664]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2010-11-2 128000]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2010-07-20 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 10:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
2010-07-20 14:13 293376 ----a-w- c:\windows\system32\browserchoice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 11:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 DumpDrv;Crash Dump Driver; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-03 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-11-18 23888]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-03 135664]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2010-07-20 14848]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-06-27 44432]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 106104]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 10:04]
.
2011-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-03 09:29]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-03 09:29]
.
2010-12-29 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2009-11-05 20:45]
.
2012-05-28 c:\windows\Tasks\User_Feed_Synchronization-{7D2B2E6A-71B3-43B2-818C-2F4292596157}.job
- c:\windows\system32\msfeedssync.exe [2001-08-23 14:17]
.
2012-05-28 c:\windows\Tasks\User_Feed_Synchronization-{894FBD1E-CC10-494D-B09D-D489BF99234C}.job
- c:\windows\system32\msfeedssync.exe [2001-08-23 14:17]
.
2012-05-28 c:\windows\Tasks\User_Feed_Synchronization-{F698ED31-0ED0-4A16-BA3F-DAC39931E6F1}.job
- c:\windows\system32\msfeedssync.exe [2001-08-23 14:17]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Notify-RailNotification - (no file)
SafeBoot-Wdf01000.sys
SafeBoot-Symantec Antvirus
MSConfigStartUp-RMSmartCache - c:\program files\Research Machines\RMSmartCacheClient.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-05-28 21:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(796)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2712)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-05-28 21:12:46
ComboFix-quarantined-files.txt 2012-05-28 20:12
.
Pre-Run: 110,731,370,496 bytes free
Post-Run: 111,022,968,832 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - F031EAF00DE2DDBAFAB80C53C948E4CB

janeld
Novice
Novice

Posts Posts : 30
Joined Joined : 2010-05-06
Gender Gender : Female
OS OS : XP home edition, service pack 3
Protection Protection : Symantec Endpoint, Malwarebytes, superantispyware
Points Points : 24455
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Gen 2, Super Fortress

Post by Superdave on 29th May 2012, 7:37 pm

It would appear that you don't have any active AV program on your computer now. Please download MicroSoft Security Essentials from the link below and install it until we get this all sorted out.

[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
*****************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First [You must be registered and logged in to see this link.]

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the [You must be registered and logged in to see this link.].

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download [You must be registered and logged in to see this link.] and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: [You must be registered and logged in to see this link.] adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
****************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

[You must be registered and logged in to see this link.]

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

    • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Gen 2, Super Fortress

Post by janeld on 30th May 2012, 7:55 am

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: F2F4F000
Module End: F2F67000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7B13000
Module End: F7B15000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAlertResumeThread
Address: 865807E8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwAlertThread
Address: 86586F40
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwAllocateVirtualMemory
Address: 86579008
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwConnectPort
Address: 85F60238
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateMutant
Address: 865C5748
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThread
Address: 866EC4D8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwFreeVirtualMemory
Address: 865D56D0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwImpersonateAnonymousToken
Address: 86573F10
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwImpersonateThread
Address: 86573FD0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwMapViewOfSection
Address: 865122E0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenEvent
Address: 865C5710
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcessToken
Address: 8657A0D8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThreadToken
Address: 85E9C2B0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwProtectVirtualMemory
Address: F76F06B0
Driver Base: F76EB000
Driver End: F76F9000
Driver Name: \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys

Function Name: ZwResumeThread
Address: 86741740
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetContextThread
Address: 85E9C278
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetInformationProcess
Address: 8655EE08
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetInformationThread
Address: 865CB600
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSuspendProcess
Address: 8651BF00
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSuspendThread
Address: 865CB580
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: 86533088
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateThread
Address: 865C2838
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwUnmapViewOfSection
Address: 8655EED8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwWriteVirtualMemory
Address: 85E877B8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\0B4C130F.TMP
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\AF19DB24.TMP
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\EACBFFDF.TMP
Status: Access denied

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied


janeld
Novice
Novice

Posts Posts : 30
Joined Joined : 2010-05-06
Gender Gender : Female
OS OS : XP home edition, service pack 3
Protection Protection : Symantec Endpoint, Malwarebytes, superantispyware
Points Points : 24455
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Gen 2, Super Fortress

Post by Superdave on 30th May 2012, 6:17 pm

What's the status with your AV now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Gen 2, Super Fortress

Post by janeld on 30th May 2012, 10:02 pm

I had to disable Symantec to load the microsoft security, If I enable symantec now, it says it is working ok .Do you want me to enable symantec before I do this scan for you ?

janeld
Novice
Novice

Posts Posts : 30
Joined Joined : 2010-05-06
Gender Gender : Female
OS OS : XP home edition, service pack 3
Protection Protection : Symantec Endpoint, Malwarebytes, superantispyware
Points Points : 24455
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Gen 2, Super Fortress

Post by Superdave on 30th May 2012, 10:25 pm

I had to disable Symantec to load the microsoft security, If I enable symantec now, it says it is working ok .Do you want me to enable symantec before I do this scan for you ?
Ok. You were able to get Symantec working. You can uninstall MSE. It won't be necessary to disable the AV to run that last scan.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Gen 2, Super Fortress

Post by janeld on 31st May 2012, 8:49 am

C:\Documents and Settings\Jane\Desktop\freefileviewer_2_1283.exe a variant of Win32/InstallIQ application
C:\Documents and Settings\Robert\Application Data\Uniblue\PowerSuite\_temp\ub.exe Win32/SpeedUpMyPC application
C:\Documents and Settings\Robert\Local Settings\Temporary Internet Files\Content.IE5\L29KO5H3\index-functions[2].js Win32/RegistryBooster application
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe Win32/SpeedUpMyPC application
C:\Program Files\Uniblue\SpeedUpMyPC\spnotifier.exe Win32/SpeedUpMyPC application
C:\Program Files\Uniblue\SpeedUpMyPC\sp_move_serial.exe Win32/SpeedUpMyPC application
C:\Program Files\Uniblue\SpeedUpMyPC\sp_ubm.exe Win32/SpeedUpMyPC application
C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe Win32/SpeedUpMyPC application
C:\RECYCLER\S-1-5-21-1417001333-616249376-1177238915-1008\Dc3.exe multiple threats
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP288\A0054454.exe multiple threats
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP288\A0054474.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP288\A0054475.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP288\A0054476.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP288\A0054477.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP288\A0054478.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP288\A0054479.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP288\A0054543.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP288\A0054544.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP288\A0054545.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP288\A0054546.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056699.exe multiple threats
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056719.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056720.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056721.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056722.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056723.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056724.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056788.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056789.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056790.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056791.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056855.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056856.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056857.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056858.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056859.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056860.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056924.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056925.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056926.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056927.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057091.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057092.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057093.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057094.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057095.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057236.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057237.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057238.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057239.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057240.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057369.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057370.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057371.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057372.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057373.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057410.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057411.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057412.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057413.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057419.exe multiple threats
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058698.exe multiple threats
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058718.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058719.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058720.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058721.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058722.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058726.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058786.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058787.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058788.exe Win32/SpeedUpMyPC application
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058789.exe Win32/SpeedUpMyPC application

janeld
Novice
Novice

Posts Posts : 30
Joined Joined : 2010-05-06
Gender Gender : Female
OS OS : XP home edition, service pack 3
Protection Protection : Symantec Endpoint, Malwarebytes, superantispyware
Points Points : 24455
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Gen 2, Super Fortress

Post by Superdave on 31st May 2012, 7:32 pm

Please run ESET again. None of those infections were cured.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Gen 2, Super Fortress

Post by janeld on 31st May 2012, 7:53 pm

On Eset, I clicked the box scan archives, Do I need to click the one to remove infected files as well?

janeld
Novice
Novice

Posts Posts : 30
Joined Joined : 2010-05-06
Gender Gender : Female
OS OS : XP home edition, service pack 3
Protection Protection : Symantec Endpoint, Malwarebytes, superantispyware
Points Points : 24455
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Gen 2, Super Fortress

Post by Superdave on 31st May 2012, 10:49 pm

[You must be registered and logged in to see this link.] wrote:On Eset, I clicked the box scan archives, Do I need to click the one to remove infected files as well?

Yes, please

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Gen 2, Super Fortress

Post by janeld on 1st June 2012, 6:24 pm

im away on holiday at the moment... wil get back to you when im home, thanks for your help!

janeld
Novice
Novice

Posts Posts : 30
Joined Joined : 2010-05-06
Gender Gender : Female
OS OS : XP home edition, service pack 3
Protection Protection : Symantec Endpoint, Malwarebytes, superantispyware
Points Points : 24455
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Gen 2, Super Fortress

Post by janeld on 6th June 2012, 8:29 am

C:\Documents and Settings\Robert\Application Data\Uniblue\PowerSuite\_temp\ub.exe Win32/SpeedUpMyPC application deleted - quarantined
C:\Documents and Settings\Robert\Local Settings\Temporary Internet Files\Content.IE5\L29KO5H3\index-functions[2].js Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\Program Files\Uniblue\SpeedUpMyPC\spnotifier.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\Program Files\Uniblue\SpeedUpMyPC\sp_move_serial.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\Program Files\Uniblue\SpeedUpMyPC\sp_ubm.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-1417001333-616249376-1177238915-1008\Dc3.exe multiple threats deleted - quarantined
C:\RECYCLER\S-1-5-21-1417001333-616249376-1177238915-1008\Dc7.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP288\A0054454.exe multiple threats deleted - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP288\A0054474.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP288\A0054475.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP288\A0054476.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP288\A0054477.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP288\A0054478.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP288\A0054479.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP288\A0054543.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP288\A0054544.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP288\A0054545.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP288\A0054546.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056699.exe multiple threats deleted - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056719.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056720.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056721.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056722.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056723.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056724.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056788.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056789.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056790.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056791.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056855.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056856.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056857.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056858.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056859.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056860.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056924.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056925.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056926.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP291\A0056927.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057091.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057092.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057093.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057094.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057095.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057236.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057237.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057238.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057239.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057240.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057369.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057370.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057371.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057372.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057373.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057410.exe Win32/SpeedUpMyPC application deleted - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057411.exe Win32/SpeedUpMyPC application deleted - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057412.exe Win32/SpeedUpMyPC application deleted - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057413.exe Win32/SpeedUpMyPC application deleted - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP292\A0057419.exe multiple threats deleted - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058698.exe multiple threats deleted - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058718.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058719.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058720.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058721.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058722.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058726.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058786.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058787.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058788.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058789.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058950.exe Win32/SpeedUpMyPC application deleted - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058951.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058952.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058953.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058954.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058955.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058956.exe multiple threats deleted - quarantined
C:\System Volume Information\_restore{F4C3A475-093E-4208-A04F-74CA95B57F9D}\RP300\A0058957.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined

janeld
Novice
Novice

Posts Posts : 30
Joined Joined : 2010-05-06
Gender Gender : Female
OS OS : XP home edition, service pack 3
Protection Protection : Symantec Endpoint, Malwarebytes, superantispyware
Points Points : 24455
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Gen 2, Super Fortress

Post by Superdave on 6th June 2012, 7:10 pm

That looks good. How's your computer running now?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Gen 2, Super Fortress

Post by janeld on 7th June 2012, 8:20 am

It all seems to be running normal, thankyou so much for your help I couldnt have done it without you,
Best Wishes,
Jane

janeld
Novice
Novice

Posts Posts : 30
Joined Joined : 2010-05-06
Gender Gender : Female
OS OS : XP home edition, service pack 3
Protection Protection : Symantec Endpoint, Malwarebytes, superantispyware
Points Points : 24455
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Gen 2, Super Fortress

Post by Superdave on 7th June 2012, 10:13 pm

Thank you. We should do some cleanup before you go.

To uninstall ComboFix


  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall




(Note: Make sure there's a space between the word ComboFix and the forward-slash.)


  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

**************************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
************************************************
Go to [You must be registered and logged in to see this link.] and get all critical updates.

----------

I suggest using [You must be registered and logged in to see this link.]. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

[You must be registered and logged in to see this link.]- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* [You must be registered and logged in to see this link.] from Spyware and Malware
* If you don't know what ActiveX controls are, see [You must be registered and logged in to see this link.]

Protect yourself against spyware using the Immunize feature in [You must be registered and logged in to see this link.] Guide: [You must be registered and logged in to see this link.] to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. [You must be registered and logged in to see this link.]

Check out [You must be registered and logged in to see this link.] for tips and free tools to help keep you safe in the future.

Also see [You must be registered and logged in to see this link.] for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Gen 2, Super Fortress

Post by janeld on 8th June 2012, 11:21 am

All done, thanks again,
dont think its a problem just a strange glitch, but everytime my husband logs in to his user account, the icons on his desk top have been lined up down the edge and are not at the top where he likes to put them?any ideas/

janeld
Novice
Novice

Posts Posts : 30
Joined Joined : 2010-05-06
Gender Gender : Female
OS OS : XP home edition, service pack 3
Protection Protection : Symantec Endpoint, Malwarebytes, superantispyware
Points Points : 24455
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Gen 2, Super Fortress

Post by Superdave on 8th June 2012, 7:25 pm

You're welcome. Perhaps a new account should be created. If that works you can delete the old account. Sometimes, accounts get corrupted.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum