Page 1 of 2 1 2 LastLast
Results 1 to 15 of 24

Thread: TrojanDownloader.Win32.Siboco (Virus)

  1. #1
    Join Date
    Sep 2004
    Location
    Ajax
    Posts
    432
    Device(s)
    Ericsson T28W
    Carrier(s)
    Rogers
    Feedback Score
    0

    Question TrojanDownloader.Win32.Siboco (Virus)

    Hello:
    Can any one tell me how to remove this virus from my computer. It creating so much trouble for me, everytime I check my computer i found strange thing like files named under THUMBS.DB or DESKTOP.INI, Everytime I run a BT and close the application its tell me for a UNKNOWN OPRATION please send report to Microsoft and stuff.

    After submiting the report, I learned I have this virus in my system.

    Can anyone help.
    Hass

  2. #2
    Join Date
    Sep 2003
    Posts
    10,881
    Carrier(s)
    Sprint
    Feedback Score
    0
    I thought those files were regular files in Windows?

    What Antivirus program are you using? Is it updated? Did you do a spyware scan?
    Anything below this statement isn't part of the post I just made.
    Past Phones: Nokia 3390, 6010, 6133, 5310, X2-02
    Motorola v635, SLVR, v300
    ATT Fuze, HTC Evo 3D
    Samsung Galaxy 4G

  3. #3
    Join Date
    Sep 2004
    Location
    Ajax
    Posts
    432
    Device(s)
    Ericsson T28W
    Carrier(s)
    Rogers
    Feedback Score
    0

    Hi

    Those are not the normal files. Because they were not there before.

    I ve been using AVG Free Edition but fully updated ver.
    Microsoft Anti Spy Fully updated Ver
    Yahoo Anti Spy

    Nothing is detecting this trojon.

    And I just deleted those files and I just checked it after restarting my laptop they are back in the same folders.

    I also did the spyscan nothing detected in that as well

  4. #4
    Join Date
    May 2003
    Location
    Scarborough
    Posts
    12,249
    Carrier(s)
    Fido
    Feedback Score
    0

  5. #5
    Join Date
    Aug 2003
    Location
    GTA / ON
    Posts
    826
    Device(s)
    Nokia 6300
    Carrier(s)
    1. Fido
    Feedback Score
    0

    Re: TrojanDownloader.Win32.Siboco (Virus)

    Originally posted by hass20194
    Hello:
    Can any one tell me how to remove this virus from my computer. It creating so much trouble for me, everytime I check my computer i found strange thing like files named under THUMBS.DB or DESKTOP.INI, Everytime I run a BT and close the application its tell me for a UNKNOWN OPRATION please send report to Microsoft and stuff.

    After submiting the report, I learned I have this virus in my system.

    Can anyone help.
    Hass
    THUMBS.DB and DESKTOP.INI are regular windows files, usually under C:\ but if you have some pictures on your desktop and you view them, windows creates thumbs.db. desktop.ini has similar purpose too...

    you can close the thumb option with MS`s TweakUI.

    and BeaverLiquor gave you an information how to get rid off the virus
    Nikon D200+Grip, Tamron 17-50mm, Nikon 35mm F/2, Nikon 85mm f/1.8, Nikon SB800, Manfrotto 190+RC482, 4 GB Sandisk Ultra CFII
    Soylu.CA - My Portfolio @ Flickr
    Items for SALE - HoFo FeedBack ++ Heatware Feedback ++

  6. #6
    Join Date
    Sep 2004
    Location
    Ajax
    Posts
    432
    Device(s)
    Ericsson T28W
    Carrier(s)
    Rogers
    Feedback Score
    0

    Still there

    Hello:
    Thanks for your help.
    I went to that URL and did an online scan, found no virus in the machine at all but did detect 25 spy programme. I remove them from the computer and finished the scaning.

    I was hoping that this virus will be gone but when I checked it was still there.

    I clicked on my BT folder did some work there when I closed it crashed the system again and when I sent the report to microsoft report came again with this the same message.

    The problem likely caused by
    TrojanDownloader.Win32.Siboco

    What do I do now?
    Please help!

  7. #7
    Join Date
    Sep 2004
    Location
    Ajax
    Posts
    432
    Device(s)
    Ericsson T28W
    Carrier(s)
    Rogers
    Feedback Score
    0

    any help

    this virus is still in my laptop and keep crasing the system

  8. #8
    Join Date
    Oct 2004
    Location
    chicago
    Posts
    754
    Carrier(s)
    cingular
    Feedback Score
    0
    Wirelessly posted (ct 56 or 3300: NokiaN-GageQD/2.0 (04.10) SymbianOS/6.1 Series60/1.2 Profile/MIDP-1.0 Configuration/CLDC-1.0)

    Reformat

  9. #9
    Join Date
    Aug 2003
    Location
    GTA / ON
    Posts
    826
    Device(s)
    Nokia 6300
    Carrier(s)
    1. Fido
    Feedback Score
    0
    Originally posted by bigr5026
    Wirelessly posted (ct 56 or 3300: NokiaN-GageQD/2.0 (04.10) SymbianOS/6.1 Series60/1.2 Profile/MIDP-1.0 Configuration/CLDC-1.0)

    Reformat
    LAST option i do, reformatting is not a real solution.

    you can get an antivirus program (something decent, like Panda, or maybe norton 2005) and after update the definition, go to safe mode and turn off the restore point, and scan your pc.

  10. #10
    Join Date
    Sep 2004
    Location
    Ajax
    Posts
    432
    Device(s)
    Ericsson T28W
    Carrier(s)
    Rogers
    Feedback Score
    0

    after scan

    hi again:
    I did scan my laptop with norton 2005. No files detected.
    I clicked on my BT Folder did some work and when I close the Bt it crashed the system again and the same message

    Errer likely caused by

    TrojanDownloader.Win32.Siboco

    I have no idea what to do any more.

    any one of you guys ?
    what do you think I should do ?

    Hass

  11. #11
    Join Date
    Aug 2003
    Location
    GTA / ON
    Posts
    826
    Device(s)
    Nokia 6300
    Carrier(s)
    1. Fido
    Feedback Score
    0
    alright,

    have you scanned with
    1 - Adaware,
    2 - SpyBot
    3 - HijackThis

    if yes, scan it again and post the log files here.

    and tell us what is the last definition u are using with each one, also on Norton.

  12. #12
    Join Date
    Feb 2005
    Posts
    19
    Device(s)
    Nokia 6680
    Carrier(s)
    Cingular
    Feedback Score
    0

    Re: after scan

    Originally posted by hass20194
    hi again:
    I did scan my laptop with norton 2005. No files detected.
    I clicked on my BT Folder did some work and when I close the Bt it crashed the system again and the same message

    Errer likely caused by

    TrojanDownloader.Win32.Siboco

    I have no idea what to do any more.

    any one of you guys ?
    what do you think I should do ?

    Hass
    Here is an *exhaustive* set of instructions for removal:

    http://forum.grisoft.cz/freeforum/re...7725,backpage=

    Also, here is a torum thread specific to removing siboco:

    http://www.cybertechhelp.com/forums/...ad.php?t=70602

    Don't make any plans, looks lke you've got your work cut out for you ;-(

  13. #13
    Join Date
    Sep 2004
    Location
    Ajax
    Posts
    432
    Device(s)
    Ericsson T28W
    Carrier(s)
    Rogers
    Feedback Score
    0

    After All Scans

    Hello:
    I did scanned my laptop with all the SW.
    Followed all the directions based from the URL's mentioned above.

    The Trojon is still in the system and crash the BT.
    Creats DB and INI files ni diffrent folders.

    I will post the log file right now.

    HI JACK LOG FILE

  14. #14
    Join Date
    Sep 2004
    Location
    Ajax
    Posts
    432
    Device(s)
    Ericsson T28W
    Carrier(s)
    Rogers
    Feedback Score
    0

    Angry LOG FILES

    HIJACKTHIS LOG FILE
    ================================================== =================
    Log was analyzed using KRC HijackThis Analyzer - Updated on 3/2/05
    Get updates at http://www.greyknight17.com/download.htm#programs

    ***Security Programs Detected***

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

    /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC]

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft

    AntiSpyware\gcasServ.exe"

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~

    ~

    Logfile of HijackThis v1.99.1
    Scan saved at 12:48:20 AM, on 3/19/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

    http://g.msn.com/0SEENUS/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

    http://g.msn.com/0SEENUS/SAOS01
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://www.google.ca/
    R0 - HKLM\Software\Microsoft\Internet

    Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet

    Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

    http://windowsupdate.microsoft.com/
    R0 - HKCU\Software\Microsoft\Internet

    Explorer\Toolbar,LinksFolderName =
    O2 - BHO: - {341BEC2D-901F-4732-B4C3-23334B2874F8} -

    C:\WINDOWS\lbbho.dll
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\12Ltmoh.exe
    O4 - HKLM\..\Run: [DataLayer]

    C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication]

    C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
    O8 - Extra context menu item: &WordWeb... -

    res://C:\WINDOWS\wweb32.dll/lookup.html
    O9 - Extra button: (no name) -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: (no name) -

    {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall

    Control) -

    http://housecall-beta.trendmicro.com...ll/xscan60.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

    Advantage Validation Tool) -

    http://go.microsoft.com/fwlink/?link...67&clcid=0x409
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -

    http://software-dl.real.com/3136b8be...ip/RdxIE601.ca

    b
    O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control)

    - http://player.bugs.co.kr/install/mv/XTools.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

    (MsnMessengerSetupDownloadControl Class) -

    http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -

    http://us.dl1.yimg.com/download.yaho.../suite/yautoco

    mplete.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control

    4.5) - http://chat.msn.com/bin/msnchat45.cab
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT,

    s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. -

    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service

    (default)) - Analog Devices, Inc. - C:\Program Files\Analog

    Devices\SoundMAX\SMAgent.exe


    End of KRC HijackThis Analyzer Log.
    ================================================== =================

    =
    ************************************************** ****************

    AD AWARE LOG

    Ad-Aware SE Build 1.05
    Logfile Created on:Saturday, March 19, 2005 12:28:05 AM
    Created with Ad-Aware SE Personal, free for private use.
    Using definitions file:SE1R33 16.03.2005
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »

    References detected during the scan:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    180Solutions(TAC index:6):1 total references
    BargainBuddy(TAC index:8):3 total references
    IBIS Toolbar(TAC index:5):5 total references
    Marketscore(Netsetter)(TAC index:7):2 total references
    Possible Browser Hijack attempt(TAC index:3):3 total references
    Tracking Cookie(TAC index:3):39 total references
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Ad-Aware SE Settings
    ===========================
    Set : Search for negligible risk entries
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep-scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan my Hosts file

    Extended Ad-Aware SE Settings
    ===========================
    Set : Unload recognized processes & modules during scan
    Set : Scan registry for all users instead of current user only
    Set : Always try to unload modules before deletion
    Set : During removal, unload Explorer and IE if necessary
    Set : Let Windows remove files in use at next reboot
    Set : Delete quarantined objects after restoring
    Set : Include basic Ad-Aware settings in log file
    Set : Include additional Ad-Aware settings in log file
    Set : Include reference summary in log file
    Set : Include alternate data stream details in log file
    Set : Play sound at scan completion if scan locates critical

    objects


    3-19-2005 12:28:05 AM - Scan started. (Full System Scan)

    Listing running processes
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ProcessID : 988
    ThreadCreationTime : 3-19-2005 4:41:50 AM
    BasePriority : Normal


    #:2 [csrss.exe]
    FilePath : \??\C:\windows\system32\
    ProcessID : 1060
    ThreadCreationTime : 3-19-2005 4:41:52 AM
    BasePriority : Normal


    #:3 [winlogon.exe]
    FilePath : \??\C:\windows\system32\
    ProcessID : 1100
    ThreadCreationTime : 3-19-2005 4:42:01 AM
    BasePriority : High


    #:4 [services.exe]
    FilePath : C:\windows\system32\
    ProcessID : 1144
    ThreadCreationTime : 3-19-2005 4:42:01 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Services and Controller app
    InternalName : services.exe
    LegalCopyright : © Microsoft Corporation. All rights

    reserved.
    OriginalFilename : services.exe

    #:5 [lsass.exe]
    FilePath : C:\windows\system32\
    ProcessID : 1156
    ThreadCreationTime : 3-19-2005 4:42:02 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    LegalCopyright : © Microsoft Corporation. All rights

    reserved.
    OriginalFilename : lsass.exe

    #:6 [svchost.exe]
    FilePath : C:\windows\system32\
    ProcessID : 1304
    ThreadCreationTime : 3-19-2005 4:42:02 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights

    reserved.
    OriginalFilename : svchost.exe

    #:7 [svchost.exe]
    FilePath : C:\windows\system32\
    ProcessID : 1360
    ThreadCreationTime : 3-19-2005 4:42:03 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights

    reserved.
    OriginalFilename : svchost.exe

    #:8 [svchost.exe]
    FilePath : C:\windows\System32\
    ProcessID : 1400
    ThreadCreationTime : 3-19-2005 4:42:03 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights

    reserved.
    OriginalFilename : svchost.exe

    #:9 [svchost.exe]
    FilePath : C:\windows\System32\
    ProcessID : 1444
    ThreadCreationTime : 3-19-2005 4:42:03 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights

    reserved.
    OriginalFilename : svchost.exe

    #:10 [svchost.exe]
    FilePath : C:\windows\System32\
    ProcessID : 1636
    ThreadCreationTime : 3-19-2005 4:42:04 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights

    reserved.
    OriginalFilename : svchost.exe

    #:11 [spoolsv.exe]
    FilePath : C:\windows\system32\
    ProcessID : 1944
    ThreadCreationTime : 3-19-2005 4:42:05 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    LegalCopyright : © Microsoft Corporation. All rights

    reserved.
    OriginalFilename : spoolsv.exe

    #:12 [ati2evxx.exe]
    FilePath : C:\windows\System32\
    ProcessID : 2040
    ThreadCreationTime : 3-19-2005 4:42:05 AM
    BasePriority : Normal


    #:13 [avgamsvr.exe]
    FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
    ProcessID : 144
    ThreadCreationTime : 3-19-2005 4:42:05 AM
    BasePriority : Normal
    FileVersion : 7,1,0,307
    ProductVersion : 7.1.0.307
    ProductName : AVG Anti-Virus System
    CompanyName : GRISOFT, s.r.o.
    FileDescription : AVG Alert Manager
    InternalName : avgamsvr
    LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
    OriginalFilename : avgamsvr.EXE

    #:14 [avgupsvc.exe]
    FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
    ProcessID : 188
    ThreadCreationTime : 3-19-2005 4:42:05 AM
    BasePriority : Normal
    FileVersion : 7,1,0,285
    ProductVersion : 7.1.0.285
    ProductName : AVG 7.0 Anti-Virus System
    CompanyName : GRISOFT, s.r.o.
    FileDescription : AVG Update Service
    InternalName : avgupsvc
    LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
    OriginalFilename : avgupdsvc.EXE

    #:15 [btwdins.exe]
    FilePath : C:\Program Files\WIDCOMM\Bluetooth

    Software\bin\
    ProcessID : 220
    ThreadCreationTime : 3-19-2005 4:42:05 AM
    BasePriority : Normal
    FileVersion : 1.4.2 Build 10
    ProductVersion : 1.4.2 Build 10
    ProductName : Bluetooth Software 1.4.2 Build 10
    CompanyName : WIDCOMM, Inc.
    FileDescription : Bluetooth Support Server
    InternalName : BTWDIns
    LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003.
    OriginalFilename : BTWDIns.EXE

    #:16 [dvdramsv.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 276
    ThreadCreationTime : 3-19-2005 4:42:05 AM
    BasePriority : Normal
    FileVersion : 2, 0, 5, 0
    ProductVersion : 2, 0, 5, 0
    CompanyName : Matsushita Electric Industrial Co., Ltd.
    FileDescription : Service of RAMAsst for Windows XP
    LegalCopyright : Copyright (C) Matsushita Electric

    Industrial Co., Ltd. 2002
    OriginalFilename : DVDRAMSV.EXE

    #:17 [smagent.exe]
    FilePath : C:\Program Files\Analog Devices\SoundMAX\
    ProcessID : 480
    ThreadCreationTime : 3-19-2005 4:42:06 AM
    BasePriority : Normal
    FileVersion : 3, 2, 5, 0
    ProductVersion : 3, 2, 5, 0
    ProductName : SoundMAX service agent
    CompanyName : Analog Devices, Inc.
    FileDescription : SoundMAX service agent component
    InternalName : SMAgent
    LegalCopyright : Copyright © 2002
    OriginalFilename : SMAgent.exe

    #:18 [svchost.exe]
    FilePath : C:\windows\System32\
    ProcessID : 528
    ThreadCreationTime : 3-19-2005 4:42:06 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights

    reserved.
    OriginalFilename : svchost.exe

    #:19 [wdfmgr.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 552
    ThreadCreationTime : 3-19-2005 4:42:06 AM
    BasePriority : Normal
    FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
    ProductVersion : 5.2.3790.1230
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Windows User Mode Driver Manager
    InternalName : WdfMgr
    LegalCopyright : © Microsoft Corporation. All rights

    reserved.
    OriginalFilename : WdfMgr.exe

    #:20 [apoint.exe]
    FilePath : C:\Program Files\Apoint2K\
    ProcessID : 1860
    ThreadCreationTime : 3-19-2005 4:42:10 AM
    BasePriority : Normal
    FileVersion : 6.0.1.159
    ProductVersion : 6.0.1.159
    ProductName : Alps Pointing-device Driver
    CompanyName : Alps Electric Co., Ltd.
    FileDescription : Alps Pointing-device Driver
    InternalName : Alps Pointing-device Driver
    LegalCopyright : Copyright (C) 1999-2002 Alps Electric Co.,

    Ltd.
    OriginalFilename : Apoint.exe

    #:21 [alg.exe]
    FilePath : C:\windows\System32\
    ProcessID : 1964
    ThreadCreationTime : 3-19-2005 4:42:10 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Application Layer Gateway Service
    InternalName : ALG.exe
    LegalCopyright : © Microsoft Corporation. All rights

    reserved.
    OriginalFilename : ALG.exe

    #:22 [atiptaxx.exe]
    FilePath : C:\Program Files\ATI Technologies\ATI

    Control Panel\
    ProcessID : 1516
    ThreadCreationTime : 3-19-2005 4:42:10 AM
    BasePriority : Normal
    FileVersion : 6.14.10.4023
    ProductVersion : 6.14.10.4023
    ProductName : ATI Desktop Component
    CompanyName : ATI Technologies, Inc.
    FileDescription : ATI Desktop Control Panel
    InternalName : Atiptaxx.exe
    LegalCopyright : Copyright (C) 1998-2002 ATI Technologies

    Inc.
    OriginalFilename : Atiptaxx.exe

    #:23 [datala~1.exe]
    FilePath : C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\
    ProcessID : 380
    ThreadCreationTime : 3-19-2005 4:42:10 AM
    BasePriority : Normal
    FileVersion : 6, 2, 60, 3
    ProductVersion : 5, 0
    ProductName : Nokia PC Suite
    CompanyName : Nokia Mobile Phones Ltd.
    FileDescription : DataLayer 2.0 Module
    InternalName : DataLayer 2.0
    LegalCopyright : Copyright (c) 2004. Nokia. All rights

    reserved.
    OriginalFilename : DataLayer.exe

    #:24 [trayap~1.exe]
    FilePath : C:\PROGRA~1\Nokia\NOKIAP~1\
    ProcessID : 412
    ThreadCreationTime : 3-19-2005 4:42:10 AM
    BasePriority : Normal
    FileVersion : 6, 2, 26, 2
    ProductVersion : 6, 0, 26, 0
    ProductName : Nokia Tray Application
    FileDescription : Nokia Tray Application
    InternalName : Nokia Tray Application
    LegalCopyright : Copyright © 2001 - 2004 Nokia. All Rights

    Reserved.
    OriginalFilename : TrayApplication.EXE

    #:25 [realsched.exe]
    FilePath : C:\Program Files\Common

    Files\Real\Update_OB\
    ProcessID : 660
    ThreadCreationTime : 3-19-2005 4:42:10 AM
    BasePriority : Normal
    FileVersion : 0.1.0.3208
    ProductVersion : 0.1.0.3208
    ProductName : RealPlayer (32-bit)
    CompanyName : RealNetworks, Inc.
    FileDescription : RealNetworks Scheduler
    InternalName : schedapp
    LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
    LegalTrademarks : RealAudio(tm) is a trademark of

    RealNetworks, Inc.
    OriginalFilename : realsched.exe

    #:26 [jusched.exe]
    FilePath : C:\Program Files\Java\j2re1.4.2_05\bin\
    ProcessID : 316
    ThreadCreationTime : 3-19-2005 4:42:10 AM
    BasePriority : Normal


    #:27 [avgcc.exe]
    FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
    ProcessID : 1512
    ThreadCreationTime : 3-19-2005 4:42:10 AM
    BasePriority : Normal
    FileVersion : 7,1,0,307
    ProductVersion : 7.1.0.307
    ProductName : AVG Anti-Virus System
    CompanyName : GRISOFT, s.r.o.
    FileDescription : AVG Control Center
    InternalName : AvgCC
    LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
    OriginalFilename : AvgCC.EXE

    #:28 [avgemc.exe]
    FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
    ProcessID : 1576
    ThreadCreationTime : 3-19-2005 4:42:11 AM
    BasePriority : Normal
    FileVersion : 7,1,0,307
    ProductVersion : 7.1.0.307
    ProductName : AVG Anti-Virus System
    CompanyName : GRISOFT, s.r.o.
    FileDescription : AVG E-Mail Scanner
    InternalName : avgemc
    LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
    OriginalFilename : avgemc.exe

    #:29 [gcasserv.exe]
    FilePath : C:\Program Files\Microsoft AntiSpyware\
    ProcessID : 1620
    ThreadCreationTime : 3-19-2005 4:42:11 AM
    BasePriority : Idle
    FileVersion : 1.00.0509
    ProductVersion : 1.00.0509
    ProductName : Microsoft AntiSpyware (Beta 1)
    CompanyName : Microsoft Corporation
    FileDescription : Microsoft AntiSpyware Service
    InternalName : gcasServ
    LegalCopyright : Copyright © 2004-2005 Microsoft

    Corporation. All rights reserved.
    LegalTrademarks : Microsoft® and Windows® are registered

    trademarks of Microsoft Corporation. SpyNet(tm) is a trademark of

    Microsoft Corporation.
    OriginalFilename : gcasServ.exe

    #:30 [qttask.exe]
    FilePath : C:\Program Files\QuickTime\
    ProcessID : 1504
    ThreadCreationTime : 3-19-2005 4:42:11 AM
    BasePriority : Normal
    FileVersion : 6.5.1
    ProductVersion : QuickTime 6.5.1
    ProductName : QuickTime
    CompanyName : Apple Computer, Inc.
    InternalName : QuickTime Task
    LegalCopyright : © Apple Computer, Inc. 2001-2004
    OriginalFilename : QTTask.exe

    #:31 [msnmsgr.exe]
    FilePath : C:\Program Files\MSN Messenger\
    ProcessID : 1704
    ThreadCreationTime : 3-19-2005 4:42:11 AM
    BasePriority : Normal
    FileVersion : 7.0.0425
    ProductVersion : 7.0.0425
    ProductName : MSN Messenger
    CompanyName : Microsoft Corporation
    FileDescription : MSN Messenger
    InternalName : msnmsgr
    LegalCopyright : Copyright (c) Microsoft Corporation

    1997-2004
    LegalTrademarks : Microsoft(R) is a registered trademark of

    Microsoft Corporation in the U.S. and/or other countries.
    OriginalFilename : msnmsgr.exe

    #:32 [servic~1.exe]
    FilePath : C:\PROGRA~1\COMMON~1\PCSuite\Services\
    ProcessID : 1748
    ThreadCreationTime : 3-19-2005 4:42:11 AM
    BasePriority : Normal
    FileVersion : 6, 2, 8, 0
    ProductVersion : 6.0
    ProductName : Nokia Connectivity Library
    CompanyName : Nokia.
    FileDescription : ServiceLayer Module
    InternalName : ServiceLayer
    LegalCopyright : Copyright © 2002-2004 Nokia. All Rights

    Reserved.
    OriginalFilename : ServiceLayer.exe

    #:33 [bttray.exe]
    FilePath : C:\Program Files\WIDCOMM\Bluetooth

    Software\
    ProcessID : 1764
    ThreadCreationTime : 3-19-2005 4:42:11 AM
    BasePriority : Normal
    FileVersion : 1.4.2 Build 10
    ProductVersion : 1.4.2 Build 10
    ProductName : Bluetooth Software 1.4.2 Build 10
    CompanyName : WIDCOMM, Inc.
    FileDescription : Bluetooth Tray Application
    InternalName : BTTray
    LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003.
    OriginalFilename : BTTray.exe

    #:34 [ramasst.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1800
    ThreadCreationTime : 3-19-2005 4:42:11 AM
    BasePriority : Normal
    FileVersion : 1, 0, 8, 0
    ProductVersion : 1, 0, 8, 0
    CompanyName : Matsushita Electric Industrial Co., Ltd.
    FileDescription : CD Burning of Windows XP disabling tool

    for DVD MULTI Drive
    LegalCopyright : Copyright (C) Matsushita Electric

    Industrial Co., Ltd. 2002
    OriginalFilename : RAMASST.EXE

    #:35 [gcasdtserv.exe]
    FilePath : C:\Program Files\Microsoft AntiSpyware\
    ProcessID : 2184
    ThreadCreationTime : 3-19-2005 4:42:12 AM
    BasePriority : Normal
    FileVersion : 1.00.0509
    ProductVersion : 1.00.0509
    ProductName : Microsoft AntiSpyware (Beta 1)
    CompanyName : Microsoft Corporation
    FileDescription : Microsoft AntiSpyware Data Service
    InternalName : gcasDtServ
    LegalCopyright : Copyright © 2004-2005 Microsoft

    Corporation. All rights reserved.
    LegalTrademarks : Microsoft® and Windows® are registered

    trademarks of Microsoft Corporation. SpyNet(tm) is a trademark of

    Microsoft Corporation.
    OriginalFilename : gcasDtServ.exe

    #:36 [apntex.exe]
    FilePath : C:\Program Files\Apoint2K\
    ProcessID : 2192
    ThreadCreationTime : 3-19-2005 4:42:13 AM
    BasePriority : Normal
    FileVersion : 5.0.1.13
    ProductVersion : 5.0.1.13
    ProductName : Alps Pointing-device Driver for Windows

    NT/2000
    CompanyName : Alps Electric Co., Ltd.
    FileDescription : Alps Pointing-device Driver for Windows

    NT/2000
    InternalName : Alps Pointing-device Driver for Windows

    NT/2000
    LegalCopyright : Copyright (C) 1998-2001 Alps Electric Co.,

    Ltd.
    OriginalFilename : ApntEx.exe

    #:37 [btstac~1.exe]
    FilePath : C:\PROGRA~1\WIDCOMM\BLUETO~1\
    ProcessID : 2792
    ThreadCreationTime : 3-19-2005 4:42:17 AM
    BasePriority : Normal
    FileVersion : 1.4.2 Build 10
    ProductVersion : 1.4.2 Build 10
    ProductName : Bluetooth Software 1.4.2 Build 10
    CompanyName : WIDCOMM, Inc.
    FileDescription : Bluetooth Stack COM Server
    InternalName : BTStackServer
    LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003.
    OriginalFilename : BTStackServer.exe

    #:38 [iexplore.exe]
    FilePath : C:\Program Files\Internet Explorer\
    ProcessID : 3304
    ThreadCreationTime : 3-19-2005 4:43:37 AM
    BasePriority : Normal
    FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 6.00.2900.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Internet Explorer
    InternalName : iexplore
    LegalCopyright : © Microsoft Corporation. All rights

    reserved.
    OriginalFilename : IEXPLORE.EXE

    #:39 [explorer.exe]
    FilePath : C:\windows\
    ProcessID : 1252
    ThreadCreationTime : 3-19-2005 5:19:00 AM
    BasePriority : Normal
    FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 6.00.2900.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    LegalCopyright : © Microsoft Corporation. All rights

    reserved.
    OriginalFilename : EXPLORER.EXE

    #:40 [ad-aware.exe]
    FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
    ProcessID : 1988
    ThreadCreationTime : 3-19-2005 5:27:44 AM
    BasePriority : Normal
    FileVersion : 6.2.0.206
    ProductVersion : VI.Second Edition
    ProductName : Lavasoft Ad-Aware SE
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-Aware SE Core application
    InternalName : Ad-Aware.exe
    LegalCopyright : Copyright © Lavasoft Sweden
    OriginalFilename : Ad-Aware.exe
    Comments : All Rights Reserved

    #:41 [hh.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 2452
    ThreadCreationTime : 3-19-2005 5:27:44 AM
    BasePriority : Normal
    FileVersion : 5.2.3790.1159 (dnsrv.040209-1620)
    ProductVersion : 5.2.3790.1159
    ProductName : HTML Help
    CompanyName : Microsoft Corporation
    FileDescription : Microsoft® HTML Help Executable
    InternalName : HH 1.41
    LegalCopyright : © Microsoft Corporation. All rights

    reserved.
    OriginalFilename : HH.exe

    Memory scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 0


    Started registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Registry Scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 0


    Started deep registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Possible Browser Hijack attempt :

    {E6A3C1E2-F792-483E-9133-596215172BE9}

    (http://runonce.msn.com/setacceptlang.cab)

    Possible Browser Hijack attempt Object Recognized!
    Type : Regkey
    Data :
    Category : Vulnerability
    Comment : Possible Browser Hijack attempt :

    http://runonce.msn.com/setacceptlang.cab
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Code Store

    Database\Distribution Units\{E6A3C1E2-F792-483E-9133-596215172BE9}

    Possible Browser Hijack attempt Object Recognized!
    Type : RegValue
    Data :
    Category : Vulnerability
    Comment : Possible Browser Hijack attempt :

    http://runonce.msn.com/setacceptlang.cab
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Code Store

    Database\Distribution Units\{E6A3C1E2-F792-483E-9133-596215172BE9}
    Value : SystemComponent

    Possible Browser Hijack attempt Object Recognized!
    Type : RegValue
    Data :
    Category : Vulnerability
    Comment : Possible Browser Hijack attempt :

    http://runonce.msn.com/setacceptlang.cab
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Code Store

    Database\Distribution Units\{E6A3C1E2-F792-483E-9133-596215172BE9}
    Value : Installer

    Deep registry scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 3
    Objects found so far: 3


    Started Tracking Cookie scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][1].txt
    Category : Data Miner
    Comment : Hits:1
    Value : Cookie:[email protected]/
    Expires : 3-15-2005 12:59:22 PM
    LastSync : Hits:1
    UseCount : 0
    Hits : 1

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][1].txt
    Category : Data Miner
    Comment : Hits:1
    Value : Cookie:[email protected]/
    Expires : 12-31-2029 7:00:00 PM
    LastSync : Hits:1
    UseCount : 0
    Hits : 1

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][1].txt
    Category : Data Miner
    Comment : Hits:6
    Value : Cookie:[email protected]/
    Expires : 3-15-2010 7:00:10 PM
    LastSync : Hits:6
    UseCount : 0
    Hits : 6

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][1].txt
    Category : Data Miner
    Comment : Hits:3
    Value :

    Cookie:[email protected]/adrevolver/
    Expires : 11-21-2007 10:46:06 PM
    LastSync : Hits:3
    UseCount : 0
    Hits : 3

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected]ag[2].txt
    Category : Data Miner
    Comment : Hits:8
    Value : Cookie:[email protected]/
    Expires : 4-15-2005 6:24:42 PM
    LastSync : Hits:8
    UseCount : 0
    Hits : 8

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][1].txt
    Category : Data Miner
    Comment : Hits:3
    Value : Cookie:[email protected]/
    Expires : 12-31-2037 7:00:00 PM
    LastSync : Hits:3
    UseCount : 0
    Hits : 3

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][1].txt
    Category : Data Miner
    Comment : Hits:1
    Value : Cookie:[email protected]/
    Expires : 3-8-2015 8:00:50 AM
    LastSync : Hits:1
    UseCount : 0
    Hits : 1

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][1].txt
    Category : Data Miner
    Comment : Hits:1
    Value : Cookie:[email protected]/
    Expires : 5-6-2006 12:47:34 PM
    LastSync : Hits:1
    UseCount : 0
    Hits : 1

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][2].txt
    Category : Data Miner
    Comment : Hits:2
    Value : Cookie:[email protected]/
    Expires : 3-10-2005 8:48:18 PM
    LastSync : Hits:2
    UseCount : 0
    Hits : 2

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][1].txt
    Category : Data Miner
    Comment : Hits:1
    Value : Cookie:[email protected]/cgi-bin
    Expires : 1-18-2009 6:00:00 PM
    LastSync : Hits:1
    UseCount : 0
    Hits : 1

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][2].txt
    Category : Data Miner
    Comment : Hits:2
    Value : Cookie:[email protected]/
    Expires : 12-31-2010 7:00:00 PM
    LastSync : Hits:2
    UseCount : 0
    Hits : 2

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][2].txt
    Category : Data Miner
    Comment : Hits:3
    Value : Cookie:[email protected]/
    Expires : 3-15-2010 5:15:10 PM
    LastSync : Hits:3
    UseCount : 0
    Hits : 3

    Tracking cookie scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 12
    Objects found so far: 15



    Deep scanning and examining files (C
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][2].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Same\Local

    Settings\Temp\Cookies\[email protected][2].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected]ead[2].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Same\Local

    Settings\Temp\Cookies\[email protected][2].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][1].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Same\Local

    Settings\Temp\Cookies\[email protected][1].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][2].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Same\Local

    Settings\Temp\Cookies\[email protected][2].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][1].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Same\Local

    Settings\Temp\Cookies\[email protected][1].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected]racker[1].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Same\Local

    Settings\Temp\Cookies\[email protected][1].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected]racker[2].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Same\Local

    Settings\Temp\Cookies\[email protected][2].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected]racker[1].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Same\Local

    Settings\Temp\Cookies\[email protected][1].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected]metrics[1].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Same\Local

    Settings\Temp\Cookies\[email protected][1].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][1].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Same\Local

    Settings\Temp\Cookies\[email protected][1].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected]ox[2].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Same\Local

    Settings\Temp\Cookies\[email protected][2].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected]ox[1].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Same\Local

    Settings\Temp\Cookies\[email protected][1].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][2].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Same\Local

    Settings\Temp\Cookies\[email protected][2].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][1].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Same\Local

    Settings\Temp\Cookies\[email protected][1].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][1].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Same\Local

    Settings\Temp\Cookies\[email protected][1].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][1].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Same\Local

    Settings\Temp\Cookies\[email protected][1].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][2].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Same\Local

    Settings\Temp\Cookies\[email protected][2].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][1].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Same\Local

    Settings\Temp\Cookies\[email protected][1].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][1].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Same\Local

    Settings\Temp\Cookies\[email protected][1].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected]rtising[2].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Same\Local

    Settings\Temp\Cookies\[email protected][2].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][2].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Same\Local

    Settings\Temp\Cookies\[email protected][2].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][2].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Same\Local

    Settings\Temp\Cookies\[email protected][2].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][1].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Same\Local

    Settings\Temp\Cookies\[email protected][1].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][1].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Same\Local

    Settings\Temp\Cookies\[email protected][1].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][1].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Same\Local

    Settings\Temp\Cookies\[email protected][1].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected]rver[1].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Same\Local

    Settings\Temp\Cookies\[email protected][1].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [email protected][2].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Same\Local

    Settings\Temp\Cookies\[email protected][2].txt

    180Solutions Object Recognized!
    Type : File
    Data : Del1E.tmp
    Category : Data Miner
    Comment :
    Object : C:\Documents and Settings\Same\Local

    Settings\Temp\
    FileVersion : 5, 12, 0, 13
    ProductVersion : 5, 12, 0, 13
    ProductName : Search Assistant
    CompanyName : 180solutions, Inc.
    FileDescription : Search Assistant
    LegalCopyright : Copyright © 2004, 180solutions Inc.


    IBIS Toolbar Object Recognized!
    Type : File
    Data : ~31219.tmp
    Category : Data Miner
    Comment :
    Object : C:\Documents and Settings\Same\Local

    Settings\Temp\



    BargainBuddy Object Recognized!
    Type : File
    Data : A0066350.dll
    Category : Malware
    Comment :
    Object : C:\System Volume

    Information\_restore{16FC5873-7EDB-4D63-B667-D5E1939DF0E6}\RP256\
    FileVersion : 2, 0, 0, 16
    ProductVersion : 2, 0, 0, 16
    ProductName : nls.dll Module
    CompanyName : eXact Advertising
    FileDescription : nls.dll Module
    InternalName : nls.dll
    LegalCopyright : Copyright © 2003, 2004. eXact Advertising,

    LLC. All Rights Reserved.
    OriginalFilename : nls.dll


    BargainBuddy Object Recognized!
    Type : File
    Data : A0066352.dll
    Category : Malware
    Comment :
    Object : C:\System Volume

    Information\_restore{16FC5873-7EDB-4D63-B667-D5E1939DF0E6}\RP256\
    FileVersion : 2, 0, 0, 16
    ProductVersion : 2, 0, 0, 16
    ProductName : cbdll Module
    CompanyName : eXact Advertising
    FileDescription : cb.dll Module
    InternalName : cb.dll
    LegalCopyright : Copyright © 2003, 2004. eXact Advertising,

    LLC. All Rights Reserved.
    OriginalFilename : cb.dll


    Marketscore(Netsetter) Object Recognized!
    Type : File
    Data : A0066354.exe
    Category : Data Miner
    Comment :
    Object : C:\System Volume

    Information\_restore{16FC5873-7EDB-4D63-B667-D5E1939DF0E6}\RP256\
    FileVersion : 1.3.4.246 (Build 246)
    ProductVersion : 1.3.4.246 (Build 246)
    ProductName : Marketscore Internet Accelerator

    (OSSProxy)
    CompanyName : Marketscore
    FileDescription : Marketscore Internet Accelerator
    InternalName : OSSProxy
    LegalCopyright : Copyright © 2001-2004
    OriginalFilename : ossproxy.exe


    Marketscore(Netsetter) Object Recognized!
    Type : File
    Data : A0066355.dll
    Category : Data Miner
    Comment :
    Object : C:\System Volume

    Information\_restore{16FC5873-7EDB-4D63-B667-D5E1939DF0E6}\RP256\
    FileVersion : 1.3.4.203 (Build 203)
    ProductVersion : 1.3.4.203 (Build 203)
    ProductName : Marketscore Internet Accelerator

    (OSSProxy)
    CompanyName : Marketscore
    FileDescription : Marketscore Internet Accelerator
    InternalName : OSSProxy
    LegalCopyright : Copyright © 2001-2003
    OriginalFilename : ossproxy.exe


    BargainBuddy Object Recognized!
    Type : File
    Data : A0066358.exe
    Category : Malware
    Comment :
    Object : C:\System Volume

    Information\_restore{16FC5873-7EDB-4D63-B667-D5E1939DF0E6}\RP256\
    FileVersion : 1, 0, 0, 5
    ProductVersion : 1, 0, 0, 5
    ProductName : Download Module
    CompanyName : eXact Advertising
    FileDescription : Download Module
    InternalName : Download Utility
    LegalCopyright : Copyright © 2003, 2004. eXact Advertising,

    LLC. All Rights Reserved.
    OriginalFilename : exdl.exe


    Disk Scan Result for C:\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 49


    Scanning Hosts file......
    Hosts file location:"C:\windows\system32\drivers\etc\hosts".
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»

    »»»»»»»»»

    Hosts file scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    1 entries scanned.
    New critical objects:0
    Objects found so far: 49




    Performing conditional scans...
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    IBIS Toolbar Object Recognized!
    Type : Regkey
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object :

    software\microsoft\windows\currentversion\installe r\userdata\sto

    IBIS Toolbar Object Recognized!
    Type : RegValue
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object :

    software\microsoft\windows\currentversion\installe r\userdata\sto
    Value : C

    IBIS Toolbar Object Recognized!
    Type : RegValue
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object :

    software\microsoft\windows\currentversion\explorer
    Value : ServerProc

    IBIS Toolbar Object Recognized!
    Type : RegValue
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object :

    software\microsoft\windows\currentversion\installe r\userdata
    Value : TUID

    Conditional scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 4
    Objects found so far: 53

    12:42:05 AM Scan Complete

    Summary Of This Scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Total scanning time:00:14:00.38
    Objects scanned:101657
    Objects identified:53
    Objects ignored:0
    New critical objects:53


    ************************************************** ************

  15. #15
    Join Date
    Sep 2004
    Location
    Ajax
    Posts
    432
    Device(s)
    Ericsson T28W
    Carrier(s)
    Rogers
    Feedback Score
    0

    Any Help

    Those are the log files after scanning everything

    Any Help
    The Trojon is still in the system!!!

Page 1 of 2 1 2 LastLast

Bookmarks