New Poly Win32 [For ScottyM]

Reply
1 2

Join Date: Feb 2006
Posts: 19
Reputation: ScottyM is an unknown quantity at this point 
Solved Threads: 0
ScottyM ScottyM is offline Offline
Newbie Poster

Re: New Poly Win32

 
0
  #1
Feb 25th, 2006
I got this virus (I think I named it correctly) and I cant figure out how to get rid of it. I did a "Hijack this" scan and here are the results. Can ANYONE PLEASE tell me what to do know. Which files to delete, etc....
Many thanks!!
Scott

ps: I have all the software I need to rid myself of this (I read the earlier posts about this virus), but I cant seem to get it to work AND I can't get my computer to boot in safe-mode so I can run the last "cleaner".
HELP......... :-)


Logfile of HijackThis v1.99.1
Scan saved at 1:41:04 PM, on 2/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\AVWinNT\AVWUPSRV.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\cisvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\mcafee.com\agent\McDash.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Documents and Settings\Scott Yaffee\Desktop\System Utilities\Spizz\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = DO I MAKE YOU HORNY BABY? YEAH...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WeatherBug\Weather.exe (HKCU)
O12 - Plugin for .bmp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/s...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/h...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/active...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/s...,26/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/i...703/mcfscan.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVWinNT\AVWUPSRV.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

my email is happyhead64@yahoo.com.

thanks again!
Scott in Atlanta, GA
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 1,542
Reputation: tayspen is on a distinguished road 
Solved Threads: 98
Team Colleague
tayspen's Avatar
tayspen tayspen is offline Offline
<Insert title here>

Re: New Poly Win32 [For ScottyM]

 
0
  #2
Feb 26th, 2006
Foolow these instructions. THen post a new log.

http://help.lockergnome.com/lofivers...hp/t40356.html
Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes

Member - Alliance of Security Analysis Professionals - Since 2006
Reply With Quote Quick reply to this message  
Join Date: Feb 2006
Posts: 19
Reputation: ScottyM is an unknown quantity at this point 
Solved Threads: 0
ScottyM ScottyM is offline Offline
Newbie Poster

Re: New Poly Win32 [For ScottyM]

 
0
  #3
Mar 1st, 2006
Here's the "hijackthis" log:

Logfile of HijackThis v1.99.1
Scan saved at 4:30:07 PM, on 3/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AVWinNT\AVWUPSRV.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Scott Yaffee\Desktop\System Utilities\Spizz\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = DO I MAKE YOU HORNY BABY? YEAH...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WeatherBug\Weather.exe (HKCU)
O12 - Plugin for .bmp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...03/mcfscan.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVWinNT\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



And here's the ewido scan report:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:22:48 PM, 3/1/2006
+ Report-Checksum: F20F82B9

+ Scan result:

:mozilla.10:C:\Documents and Settings\Scott Yaffee\Application Data\Thunderbird\Profiles\s27mrlam.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick.zip/scott yaffee@ln.doubleclick[1].txt -> TrackingCookie.Doubleclick : Error during cleaning
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Enliven.zip/scott yaffee@ads.enliven[1].txt -> TrackingCookie.Enliven : Error during cleaning
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Enliven1.zip/scott yaffee@ads.enliven[1].txt -> TrackingCookie.Enliven : Error during cleaning
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Enliven2.zip/scott yaffee@ads.enliven[1].txt -> TrackingCookie.Enliven : Error during cleaning
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer16.zip/scott yaffee@questionmarket[1].txt -> TrackingCookie.Questionmarket : Error during cleaning
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer25.zip/scott yaffee@2o7[2].txt -> TrackingCookie.2o7 : Error during cleaning
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer25.zip/scott yaffee@ad-flow[2].txt -> TrackingCookie.Ad-flow : Error during cleaning
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer25.zip/scott yaffee@com[1].txt -> TrackingCookie.Com : Error during cleaning
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer28.zip/scott yaffee@edge.ru4[1].txt -> TrackingCookie.Ru4 : Error during cleaning
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer28.zip/scott yaffee@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Error during cleaning
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer28.zip/scott yaffee@trafficmp[1].txt -> TrackingCookie.Trafficmp : Error during cleaning
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer32.zip/scott yaffee@questionmarket[2].txt -> TrackingCookie.Questionmarket : Error during cleaning
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer32.zip/scott yaffee@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Error during cleaning
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer32.zip/scott yaffee@trafficmp[1].txt -> TrackingCookie.Trafficmp : Error during cleaning
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer36.zip/scott yaffee@2o7[1].txt -> TrackingCookie.2o7 : Error during cleaning
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer36.zip/scott yaffee@com[2].txt -> TrackingCookie.Com : Error during cleaning
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer36.zip/scott yaffee@overture[2].txt -> TrackingCookie.Overture : Error during cleaning
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer36.zip/scott yaffee@questionmarket[2].txt -> TrackingCookie.Questionmarket : Error during cleaning
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer36.zip/scott yaffee@zedo[2].txt -> TrackingCookie.Zedo : Error during cleaning
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer40.zip/scott yaffee@questionmarket[1].txt -> TrackingCookie.Questionmarket : Error during cleaning
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer40.zip/scott yaffee@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Error during cleaning
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer45.zip/scott yaffee@com[1].txt -> TrackingCookie.Com : Error during cleaning
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer45.zip/scott yaffee@download.com[2].txt -> TrackingCookie.Com : Error during cleaning
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer8.zip/scott yaffee@questionmarket[1].txt -> TrackingCookie.Questionmarket : Error during cleaning
:mozilla.9:C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.Doubleclick : Error during cleaning
:mozilla.10:C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.Atdmt : Error during cleaning
:mozilla.17:C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.Fastclick : Error during cleaning
:mozilla.20:C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.21:C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.22:C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.Valueclick : Error during cleaning
:mozilla.23:C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.Valueclick : Error during cleaning
:mozilla.27:C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.Mediaplex : Error during cleaning
:mozilla.28:C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.Mediaplex : Error during cleaning


::Report End


Please advise my next move.
Thanks in advance,
ScottyM, Atlanta, GA
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 1,542
Reputation: tayspen is on a distinguished road 
Solved Threads: 98
Team Colleague
tayspen's Avatar
tayspen tayspen is offline Offline
<Insert title here>

Re: New Poly Win32 [For ScottyM]

 
0
  #4
Mar 1st, 2006
Ok, there were alot of errors during that cleaning . Have HJT clean the following

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WeatherBug\Weather.exe (HKCU)

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
Then get the trial of spysweeper - http://www.webroot.com/consumer/prod...de=af1&rc=3599

And have it scan and delete whatever it finds. For info on how on to use, visit here - http://www.toughadmin.com/slideshow....=Removing&i=21.

Then post a new log.
Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes

Member - Alliance of Security Analysis Professionals - Since 2006
Reply With Quote Quick reply to this message  
Join Date: Feb 2006
Posts: 244
Reputation: D3m3nt3d is an unknown quantity at this point 
Solved Threads: 13
D3m3nt3d's Avatar
D3m3nt3d D3m3nt3d is offline Offline
Posting Whiz in Training

Re: New Poly Win32 [For ScottyM]

 
0
  #5
Mar 1st, 2006
Hey tayspen Just a heads up, no need to remove the 023 line in the HijackThis scan - it's a bug in the program
Proud Member of ASAP (Alliance of Security Analysis Professionals)
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 1,542
Reputation: tayspen is on a distinguished road 
Solved Threads: 98
Team Colleague
tayspen's Avatar
tayspen tayspen is offline Offline
<Insert title here>

Re: New Poly Win32 [For ScottyM]

 
0
  #6
Mar 1st, 2006
Oh, Dont know that. Well I learned somthing today .
Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes

Member - Alliance of Security Analysis Professionals - Since 2006
Reply With Quote Quick reply to this message  
Join Date: Feb 2006
Posts: 19
Reputation: ScottyM is an unknown quantity at this point 
Solved Threads: 0
ScottyM ScottyM is offline Offline
Newbie Poster

Re: New Poly Win32 [For ScottyM]

 
0
  #7
Mar 3rd, 2006
Yes, the errors came up when the utility asked me if I wanted to delete the Spybot logs (?) since they were embedded. I didnt quite understand what that meant, but I chose not to delete them since I use Spybot regularly and felt the logs were no threat. I'm running Webroot utility now and will post the log shortly.
Thanks.
Reply With Quote Quick reply to this message  
Join Date: Feb 2006
Posts: 19
Reputation: ScottyM is an unknown quantity at this point 
Solved Threads: 0
ScottyM ScottyM is offline Offline
Newbie Poster

Re: New Poly Win32 [For ScottyM]

 
0
  #8
Mar 3rd, 2006
Ok, here is the scan from Webroot Spy Sweeper:

********
11:21 AM: | Start of Session, Friday, March 03, 2006 |
11:21 AM: Spy Sweeper started
11:21 AM: Sweep initiated using definitions version 625
11:21 AM: Starting Memory Sweep
11:36 AM: Memory Sweep Complete, Elapsed Time: 00:14:46
11:36 AM: Starting Registry Sweep
11:38 AM: Registry Sweep Complete, Elapsed Time:00:01:42
11:38 AM: Starting Cookie Sweep
11:38 AM: Found Spy Cookie: adjuggler cookie
11:38 AM: scott yaffee@rotator.adjuggler[1].txt (ID = 2071)
11:38 AM: Found Spy Cookie: myaffiliateprogram.com cookie
11:38 AM: scott yaffee@www.myaffiliateprogram[2].txt (ID = 3032)
11:38 AM: Cookie Sweep Complete, Elapsed Time: 00:00:02
11:38 AM: Starting File Sweep
1:14 PM: File Sweep Complete, Elapsed Time: 01:36:07
1:14 PM: Full Sweep has completed. Elapsed time 01:52:45
1:14 PM: Traces Found: 2
1:40 PM: Removal process initiated
1:40 PM: Quarantining All Traces: adjuggler cookie
1:40 PM: Quarantining All Traces: myaffiliateprogram.com cookie
1:40 PM: Removal process completed. Elapsed time 00:00:01
********
11:20 AM: | Start of Session, Friday, March 03, 2006 |
11:20 AM: Spy Sweeper started
11:21 AM: Your spyware definitions have been updated.
11:21 AM: | End of Session, Friday, March 03, 2006 |



and here's the new scan from HJT:

Logfile of HijackThis v1.99.1
Scan saved at 1:45:12 PM, on 3/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AVWinNT\AVWUPSRV.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\System32\cisvc.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Documents and Settings\Scott Yaffee\Desktop\System Utilities\Spizz\HijackThis.exe
C:\Documents and Settings\Scott Yaffee\Desktop\System Utilities\Spizz\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = DO I MAKE YOU HORNY BABY? YEAH...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll (file missing)
O12 - Plugin for .bmp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...03/mcfscan.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVWinNT\AVWUPSRV.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Please advise my next move, if any.
And thanks for the help.
Scott in Atlanta, GA
Reply With Quote Quick reply to this message  
Join Date: Feb 2006
Posts: 244
Reputation: D3m3nt3d is an unknown quantity at this point 
Solved Threads: 13
D3m3nt3d's Avatar
D3m3nt3d D3m3nt3d is offline Offline
Posting Whiz in Training

Re: New Poly Win32 [For ScottyM]

 
0
  #9
Mar 3rd, 2006
Originally Posted by tayspen
Oh, Dont know that. Well I learned somthing today .
Maybe I should elaborate on what I was saying. In this particular case, the user appeared to have already uninstalled Ewido, so the files were indeed missing. But since there is a bug in HijackThis with the 023 lines, it wouldnt hurt to ask the user to verify the files are indeed gone.

Also, ScottyM - you appear to have McAffee, Antivir, and Avast! AV Services running. To avoid conflicts, you should pick one Antivirus and uninstall the other two.
Proud Member of ASAP (Alliance of Security Analysis Professionals)
Reply With Quote Quick reply to this message  
Join Date: Feb 2006
Posts: 19
Reputation: ScottyM is an unknown quantity at this point 
Solved Threads: 0
ScottyM ScottyM is offline Offline
Newbie Poster

Re: New Poly Win32 [For ScottyM]

 
0
  #10
Mar 4th, 2006
Yes, I uninstalled Ewido after I ran the scan, as well as Webroot Spy Sweeper.
I'm perplexed. The only anti-vir softwared that I have running is McAfee. The others are just on my computer since I was having probs with McAfee, but they have not been installed nor am I running them (at least to my knowledge, I am not running anything but Mcafee). I just have them "in case" McAfee gives me more problems (something was disabling Mcafee and I had to keep downloading and installing it over and over. Thats what led me to believe that I had a virus disabling my McAfee, so I d/l'd Avast (HUGE MISTAKE-CRAPPY SOFTWARE) and AntiVir (havent usedthis one yet, just have the file sitting here waiting to be installed.)
So, have I gotten rid of this New Poly Win virus yet or is there something else I have to do?
Scott
Reply With Quote Quick reply to this message  
Reply
1 2

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



Tag cloud for Viruses, Spyware and other Nasties
adobe adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china combofix commercial commercials conficker connect control crosssitescripting cyber cybercrime ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus rootkit sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec threat trojan unwanted update usa virus viruses vista volume warning windows worm yahoo zero-day
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC