lop problem

View previous topic View next topic Go down

Re: lop problem

Post by tinkerman on 24th February 2009, 10:32 pm

i wasnt aware of any lop problem on my pc before discovering my sisters problems.. by your help i deleted and get rid of kryptik.GH trojan last week but yesterday while deep through scan with my antivirus it found and deleted 51 kryptik.GH, kyrptik.DQ, kryptikGF and this kind of kryptik stuff that i hate to see.. but other than that there were no big problems just i realised sometimes (including trying to install 7zip just couple of minutes before) when i open explorer or mozilla i am getting an annoying advertisement from LINK REMOVED i hadn't been aware any kind of threat other than that i mentioned.. do you think am i safe now? and after resulting my situation may you give me some information about my sisters pc situation please ( just note that i just could followed the half of the steps and the final thing that i did on that pc was lop s&d option 2 step..)

just a note: i am now downloading Java update 12 but havent finished yet..

tinkerman
Intermediate
Intermediate

Posts Posts : 109
Joined Joined : 2009-02-11
Gender Gender : Male
OS OS : windows xp with sp3
Points Points : 29259
# Likes # Likes : 0

View user profile

Back to top Go down

Re: lop problem

Post by tinkerman on 24th February 2009, 10:51 pm

hello again are you gone? here i have finalised your instructions here is javaRA log of MY machine:


JavaRa 1.12 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Feb 25 00:49:03 2009

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.

tinkerman
Intermediate
Intermediate

Posts Posts : 109
Joined Joined : 2009-02-11
Gender Gender : Male
OS OS : windows xp with sp3
Points Points : 29259
# Likes # Likes : 0

View user profile

Back to top Go down

Re: lop problem

Post by Belahzur on 24th February 2009, 11:04 pm

Hello.
That popup your getting, is it just from certain websites? do you get it if you go to Google?

Can I ask, are you experiencing Google hijack problems?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: lop problem

Post by tinkerman on 24th February 2009, 11:14 pm

no i dont get any popup when i go to google.. i just sometimes get this popup but i don't know when as a certain..

i really appreciate the invaluable support that you are giving me since the first day we met, and i look forward to hearing from you.. i think you are getting some rest as you deserve more than anyone else..

i just supplicate that you review all we had done to night in both pc's.. and would i demand too much if i want the informaiton about last situations of my machine, and sisters machine respectively? and i am curious abput should i try to connect to internet from my sisters machine tomorrow to get help from you?
i hope to get detailed info tomorrow and
I' wish you the best..

tinkerman
Intermediate
Intermediate

Posts Posts : 109
Joined Joined : 2009-02-11
Gender Gender : Male
OS OS : windows xp with sp3
Points Points : 29259
# Likes # Likes : 0

View user profile

Back to top Go down

Re: lop problem

Post by Belahzur on 24th February 2009, 11:17 pm

Your sisters machine should be fine to connect to the net assuming your careful and don't visit any bad sites until I get online.
Lets get an updated Lop S&D log.

Download [You must be registered and logged in to see this link.]

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: lop problem

Post by tinkerman on 25th February 2009, 2:46 pm

hello again my precious friend, firstly i am tracking your instructions for MY machine and when you'll confirm that i am completly clean and safe i'll go to my sisters machine and follow your instructions.. i hope this way will help you to work easier..

Here i start with MY machine..

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.86GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.0
USER : Owner ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)
C:\ (Local Disk) - NTFS - Total:55 Go (Free:39 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - FAT32 - Total:149 Go (Free:76 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 25.02.2009|16:40 )

--------------------\\ Listing folders in APPLIC~1

[25.02.2009|16:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Babylon
[21.02.2009|16:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\KONAMI
[29.12.2008|01:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[24.11.2008|20:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[11.11.2008|08:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[11.11.2008|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[19.01.2009|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\qs
[21.01.2009|13:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
[14.11.2008|22:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sports Interactive
[20.01.2009|14:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[11.11.2008|18:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[0|Dosya] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bayt
[13|Dizin] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bayt boŸ

[10.11.2008|20:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[0|Dosya] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bayt
[3|Dizin] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bayt boŸ

[19.01.2009|19:24] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|Dosya] C:\DOCUME~1\LOCALS~1\APPLIC~1\bayt
[3|Dizin] C:\DOCUME~1\LOCALS~1\APPLIC~1\bayt boŸ

[15.11.2008|15:06] C:\DOCUME~1\Moiz\APPLIC~1\Adobe
[18.12.2008|22:59] C:\DOCUME~1\Moiz\APPLIC~1\Babylon
[09.01.2009|23:55] C:\DOCUME~1\Moiz\APPLIC~1\DivX
[15.11.2008|15:05] C:\DOCUME~1\Moiz\APPLIC~1\Identities
[15.11.2008|15:11] C:\DOCUME~1\Moiz\APPLIC~1\Macromedia
[28.12.2008|22:06] C:\DOCUME~1\Moiz\APPLIC~1\Microsoft
[15.11.2008|15:05] C:\DOCUME~1\Moiz\APPLIC~1\Windows Desktop Search
[22.02.2009|00:49] C:\DOCUME~1\Moiz\APPLIC~1\Windows Search
[0|Dosya] C:\DOCUME~1\Moiz\APPLIC~1\bayt
[10|Dizin] C:\DOCUME~1\Moiz\APPLIC~1\bayt boŸ

[10.11.2008|20:38] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|Dosya] C:\DOCUME~1\NETWOR~1\APPLIC~1\bayt
[3|Dizin] C:\DOCUME~1\NETWOR~1\APPLIC~1\bayt boŸ

[11.11.2008|13:22] C:\DOCUME~1\Owner\APPLIC~1\Adobe
[19.01.2009|16:46] C:\DOCUME~1\Owner\APPLIC~1\Babylon
[12.11.2008|11:38] C:\DOCUME~1\Owner\APPLIC~1\BSplayer
[12.11.2008|11:31] C:\DOCUME~1\Owner\APPLIC~1\BSplayer Pro
[10.11.2008|20:39] C:\DOCUME~1\Owner\APPLIC~1\Identities
[11.11.2008|14:35] C:\DOCUME~1\Owner\APPLIC~1\Macromedia
[11.11.2008|17:35] C:\DOCUME~1\Owner\APPLIC~1\Media Player Classic
[17.12.2008|20:54] C:\DOCUME~1\Owner\APPLIC~1\Microsoft
[11.11.2008|19:39] C:\DOCUME~1\Owner\APPLIC~1\Mozilla
[14.11.2008|22:49] C:\DOCUME~1\Owner\APPLIC~1\Sports Interactive
[11.11.2008|19:24] C:\DOCUME~1\Owner\APPLIC~1\Sun
[11.11.2008|19:39] C:\DOCUME~1\Owner\APPLIC~1\Thunderbird
[11.11.2008|11:30] C:\DOCUME~1\Owner\APPLIC~1\Windows Desktop Search
[12.11.2008|19:07] C:\DOCUME~1\Owner\APPLIC~1\Windows Search
[11.02.2009|11:53] C:\DOCUME~1\Owner\APPLIC~1\WinRAR
[0|Dosya] C:\DOCUME~1\Owner\APPLIC~1\bayt
[17|Dizin] C:\DOCUME~1\Owner\APPLIC~1\bayt boŸ

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[25.02.2009 16:10][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04.08.2004 16:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[24.02.2009|23:49] C:\Program Files\7-Zip
[18.12.2008|18:28] C:\Program Files\Babylon
[24.02.2009|23:42] C:\Program Files\Common Files
[10.11.2008|20:32] C:\Program Files\ComPlus Applications
[08.02.2009|22:09] C:\Program Files\ESET
[10.11.2008|22:11] C:\Program Files\Foxit Software
[11.11.2008|08:57] C:\Program Files\Google
[11.11.2008|12:16] C:\Program Files\InstallShield Installation Information
[02.02.2009|20:47] C:\Program Files\Internet Explorer
[25.02.2009|00:41] C:\Program Files\Java
[11.11.2008|09:03] C:\Program Files\K-Lite Codec Pack
[21.02.2009|16:11] C:\Program Files\KONAMI
[10.11.2008|20:35] C:\Program Files\microsoft frontpage
[11.11.2008|09:45] C:\Program Files\Microsoft Office
[11.11.2008|11:20] C:\Program Files\Microsoft Silverlight
[11.11.2008|09:45] C:\Program Files\Microsoft Visual Studio
[11.11.2008|09:45] C:\Program Files\Microsoft Works
[10.11.2008|20:33] C:\Program Files\Movie Maker
[25.02.2009|01:10] C:\Program Files\Mozilla Firefox
[10.11.2008|20:31] C:\Program Files\MSN Gaming Zone
[10.11.2008|22:12] C:\Program Files\mtu
[11.11.2008|09:01] C:\Program Files\Nero
[10.11.2008|20:33] C:\Program Files\NetMeeting
[10.11.2008|20:33] C:\Program Files\Online Services
[10.11.2008|22:13] C:\Program Files\OpenOffice.org 2.3
[10.11.2008|20:33] C:\Program Files\Outlook Express
[11.11.2008|08:57] C:\Program Files\Picasa2
[24.02.2009|23:43] C:\Program Files\QuickSnooker
[22.01.2009|11:00] C:\Program Files\Steam
[20.01.2009|12:16] C:\Program Files\Trend Micro
[10.11.2008|20:39] C:\Program Files\Uninstall Information
[12.11.2008|11:31] C:\Program Files\Webteh
[20.01.2009|13:35] C:\Program Files\Winamp
[11.11.2008|11:30] C:\Program Files\Windows Desktop Search
[11.11.2008|08:58] C:\Program Files\Windows Live
[11.11.2008|11:22] C:\Program Files\Windows Media Connect 2
[11.11.2008|11:22] C:\Program Files\Windows Media Player
[10.11.2008|20:31] C:\Program Files\Windows NT
[10.11.2008|20:33] C:\Program Files\WindowsUpdate
[11.02.2009|11:44] C:\Program Files\WinRAR
[10.11.2008|20:35] C:\Program Files\xerox
[0|Dosya] C:\Program Files\bayt
[43|Dizin] C:\Program Files\bayt boŸ

--------------------\\ Listing Folders in C:\Program Files\Common Files

[11.11.2008|09:45] C:\Program Files\Common Files\DESIGNER
[11.11.2008|12:15] C:\Program Files\Common Files\InstallShield
[11.11.2008|10:03] C:\Program Files\Common Files\Microsoft Shared
[10.11.2008|20:33] C:\Program Files\Common Files\MSSoap
[11.11.2008|09:00] C:\Program Files\Common Files\Nero
[10.11.2008|22:18] C:\Program Files\Common Files\ODBC
[10.11.2008|20:33] C:\Program Files\Common Files\Services
[10.11.2008|22:18] C:\Program Files\Common Files\SpeechEngines
[10.11.2008|22:22] C:\Program Files\Common Files\System
[0|Dosya] C:\Program Files\Common Files\bayt
[11|Dizin] C:\Program Files\Common Files\bayt boŸ

--------------------\\ Process

( 38 Processes )

iexplore.exe ~ [PID:528]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-02-25 16:41:28
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
disk error: C:\WINDOWS\System32\
please note that you need administrator rights to perform deep scan

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Owner\Recent\CRACK ve SERIAL.lnk


[F:1007][D:27]-> C:\DOCUME~1\Owner\LOCALS~1\Temp
[F:100][D:0]-> C:\DOCUME~1\Owner\Cookies
[F:7569][D:8]-> C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 25.02.2009|16:42 - Option : [1]

--------------------\\ Scan completed at 16:42:07

tinkerman
Intermediate
Intermediate

Posts Posts : 109
Joined Joined : 2009-02-11
Gender Gender : Male
OS OS : windows xp with sp3
Points Points : 29259
# Likes # Likes : 0

View user profile

Back to top Go down

Re: lop problem

Post by Belahzur on 25th February 2009, 3:22 pm

Hello.
I think we can wrap this up now.
Nothing showing up in LOP S&D.
I think the popups maybe something hiding from us, hopefully this will get it.

Once MBAM is done, I'll flag you as clean if the report isn't too bad.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: lop problem

Post by tinkerman on 25th February 2009, 3:56 pm

hello again.. i couldn't update the program it says ''update failed, make sure you are connected to the internet and your firewall is set to allow Malwarebytes' Anti Malware to acess the internet'' should i proceed ignoring this?

tinkerman
Intermediate
Intermediate

Posts Posts : 109
Joined Joined : 2009-02-11
Gender Gender : Male
OS OS : windows xp with sp3
Points Points : 29259
# Likes # Likes : 0

View user profile

Back to top Go down

Re: lop problem

Post by Belahzur on 25th February 2009, 3:57 pm

Yes. See what the scan finds.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: lop problem

Post by tinkerman on 25th February 2009, 4:09 pm

process done.. what was those 16 infected files?

Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 3

25.02.2009 18:02:04
mbam-log-2009-02-25 (18-02-04).txt

Scan type: Quick Scan
Objects scanned: 64048
Time elapsed: 3 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\coolplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gaopdxhjuoethw.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxaollvqhr.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxdgmwqkih.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxdlpalyno.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxfwxwhkly.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxjdbqptxe.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxlldllole.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxlrdltowy.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxlyappakx.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxpvuueuhd.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxsapynkly.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxtymctqon.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxvwiltlog.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxwtmjctni.sys (Trojan.Agent) -> Quarantined and deleted successfully.

tinkerman
Intermediate
Intermediate

Posts Posts : 109
Joined Joined : 2009-02-11
Gender Gender : Male
OS OS : windows xp with sp3
Points Points : 29259
# Likes # Likes : 0

View user profile

Back to top Go down

Re: lop problem

Post by Belahzur on 25th February 2009, 4:11 pm

It's a DNS hijacker rootkit.
Can you post a new DDS log please? I wasn't expecting this.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: lop problem

Post by tinkerman on 25th February 2009, 4:17 pm

i am wondering and upset about how could i smudged this much trouble by just a simple use of internet, and wondering who and what the intruder can gain by us:(


DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 18:13:12,71 on 25.02.2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1254.90.1055.18.2046.1589 [GMT 2:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\Problem Çözümleme Artıkları\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = libpxy.cc.yildiz.edu.tr:81
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [Babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [NodLogin] c:\program files\eset\nodlogin.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\progra~1\balang~1\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Microsoft Excel'e &Ver - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\imon.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\dk994s4c.default\
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\dk994s4c.default\extensions\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}\components\FFAlert.dll
FF - component: c:\program files\mozilla firefox\components\iamfamous.dll

============= SERVICES / DRIVERS ===============

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-2-8 15424]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2009-2-8 552064]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Dönüştürücüsü;c:\windows\system32\drivers\ADM8511.SYS [2008-11-10 20160]

=============== Created Last 30 ================

2009-02-25 17:51 --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-02-25 17:51 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-25 17:51 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-25 17:51 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-25 17:51 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-25 16:40 --d----- C:\Lop SD
2009-02-25 00:41 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-25 00:41 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-21 16:24 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-02-21 16:15 --d----- c:\docume~1\alluse~1\applic~1\KONAMI
2009-02-21 16:11 --d----- c:\program files\KONAMI
2009-02-15 17:59 a-dshr-- C:\autorun.inf
2009-02-08 21:09 6,604 a------- c:\windows\system32\d3d9caps.dat
2009-02-08 21:07 512,096 a------- c:\windows\system32\drivers\amon.sys
2009-02-08 21:07 298,104 a------- c:\windows\system32\imon.dll
2009-02-08 21:07 15,424 a------- c:\windows\system32\drivers\nod32drv.sys
2009-02-02 20:45 230 a------- c:\windows\system32\spupdsvc.inf
2009-01-29 01:08 4 a------- c:\windows\system32\gaopdxcounter

==================== Find3M ====================

2009-02-25 00:09 413,744 a------- c:\windows\system32\perfh01F.dat
2009-02-25 00:09 82,292 a------- c:\windows\system32\perfc01F.dat

============= FINISH: 18:13:30,79 ===============

tinkerman
Intermediate
Intermediate

Posts Posts : 109
Joined Joined : 2009-02-11
Gender Gender : Male
OS OS : windows xp with sp3
Points Points : 29259
# Likes # Likes : 0

View user profile

Back to top Go down

Re: lop problem

Post by Belahzur on 25th February 2009, 4:19 pm

Hello.
See if you still get the Firefox popups now.

If you do, we'll go at it full force. I know the rootkit is present, we can blast it down.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: lop problem

Post by tinkerman on 25th February 2009, 4:27 pm

what should i do now? i do not always get popup i sometimes randomly got it ( i am not getting any since last night..)

today i experienced a strange thing before you got online i left the machine for narly 5 minutes and when i came back i can move the mouse cursor freely but cant click on anything, machine vision and keybord was frozen i could just move my mouse cursor and forced to turn off the power button but i sense this is not a big problem.. and is nothing to do with the problems you're solving..

tinkerman
Intermediate
Intermediate

Posts Posts : 109
Joined Joined : 2009-02-11
Gender Gender : Male
OS OS : windows xp with sp3
Points Points : 29259
# Likes # Likes : 0

View user profile

Back to top Go down

Re: lop problem

Post by Belahzur on 25th February 2009, 4:32 pm

Hmm.
Okay, if there's no problems left and the keyboard and mouse still work, then I think we can say were done.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: lop problem

Post by tinkerman on 25th February 2009, 4:38 pm

thank you very very much, you are the best!!!: Hooray! just want to know that how can i protect myself for future problems?

and after that can we start to work on my sisters machine? if you confirm so i will make a brief statement about situation of her machine and the problems we encounter yesterday and the differencies between yesterday and today..

tinkerman
Intermediate
Intermediate

Posts Posts : 109
Joined Joined : 2009-02-11
Gender Gender : Male
OS OS : windows xp with sp3
Points Points : 29259
# Likes # Likes : 0

View user profile

Back to top Go down

Re: lop problem

Post by Belahzur on 25th February 2009, 4:42 pm

Hello.
Power down this machine and leave it off, stop any malware getting back on.

Then go onto your sisters machine, and I'll post a prevention speech at the end when where done with her machine.
Please open a new topic as well, this topic is getting too long for me to keep up with.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: lop problem

Post by tinkerman on 25th February 2009, 5:34 pm

hi again .. i did everything that you say except '' stop any malware getting back on'' part.. i couldnt understand hat you mean there i just closed my machine and working on her machine now.. i created a new topic called multiple infections and posted a message waiting for your reply..

tinkerman
Intermediate
Intermediate

Posts Posts : 109
Joined Joined : 2009-02-11
Gender Gender : Male
OS OS : windows xp with sp3
Points Points : 29259
# Likes # Likes : 0

View user profile

Back to top Go down

Re: lop problem

Post by Belahzur on 25th February 2009, 5:36 pm

I have repsonded to your new thread.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum