 |  |  |  |  |  |  |  |
Finally, how to remove the d8t.biz Explorer hijack, FOREVER!
 |
This is intended for anyone who has been plagued by the practically impossible-to-remove d8t.biz spyware. If your browser homepage and searchpage have been hijacked by the address “http://s1di.d8t.biz/index.php?aid=20038� or any other address containing 'd8t.biz' then this is for you. This spyware is highly malicious- even if it is detected by various virus and spyware checkers, it repeatedly regenerates and the problem persists. I’ve had this on my computer for nearly 2 weeks now and only just got rid of it today. Here we go...
1. Download Hijack This from “http://www.spywareinfo.com/~merijn/f...ackthis.zip�
Run it, and get it to fix all references ending in sp.html; this is achieved by ticking the boxes alongside the appropriate lines and then clicking ‘fix checked’.
Also fix the following line…
O2 - BHO: (no name) - {random code} - C:\WINDOWS\System32\[suspicious].dll
N.B. The [suspicious].dll represents the .dll file name that will differ every time. It is the last entry that begins with O2, i.e. the next entry is usually O3…msdxm.ocx
2. Download and install “FINDnFIX.exe� from
[http://downloads.subratam.org/FINDnFIX.exe]
Run the "!LOG!.bat" file. This creates a file called “log.txt� – do not close this yet.
Scroll down the log- near the top of the page should be the following…
�C:\WINDOWS\System32\[suspicious].DLL +++ File read error
C:\WINDOWS\System32\[suspicious].DLL +++ File read error�
This .dll is the malicious spyware file that needs to be removed.
3. Open notepad.exe from the Start Menu> Accessories menu
Open the file "MOVEit.bat" which is located in the C:\FINDnFIX\Keys1 Subfolder
The file will open as text file.
Delete the instruction line which begins “REM…�
Copy and paste the following line in its place (without the “�)…
�move %WinDir%\System32\[suspicious].DLL %SystemDrive%\junkxxx\[suspicious].DLL�
Replace [suspicious] with the .dll file name discovered in log.txt
Save the file and close notepad.
4. Get ready to restart your computer.
In the same folder, run "FIX.bat"
You will be prompted by popup alert box that your computer will restart in 15 seconds.
5. Once the computer has restarted, open the C:\FINDnFIX\ main folder.
Run the "RESTORE.bat" file. This creates a new file called “log1.txt�
There should now be no mention of the suspicious .dll file that was discovered in log.txt
6. Open the FINDnFIX\Files2 subfolder.
Run "ZIPZAP.bat"
This will clean the rest of the bad files and make copies in the same folder as “junkxxx.zip�
Your email client will open, along with an email instruction but ignore this and close it.
7. When this is finished, restart your computer.
Delete the entire 'FINDnFIX' folder from C:\
Make sure the C:\junkxxx folder was deleted (it will have been by the clean-up process, but just check anyway)
8. Your computer should now be totally free of the annoying spware!
9. To prevent other such infections, read the following article “Why did I get infected�:
http://www.wilderssecurity.com/showthread.php?t=27971
I recommend installing SpywareBlaster & SpywareGuard; both links are on this page. In addition, it is well worth installing a firewall: I recommend ZoneAlarm which is available here: http://www.zonelabs.com/store/conten...ku_list_za.jsp
1. Download Hijack This from “http://www.spywareinfo.com/~merijn/f...ackthis.zip�
Run it, and get it to fix all references ending in sp.html; this is achieved by ticking the boxes alongside the appropriate lines and then clicking ‘fix checked’.
Also fix the following line…
O2 - BHO: (no name) - {random code} - C:\WINDOWS\System32\[suspicious].dll
N.B. The [suspicious].dll represents the .dll file name that will differ every time. It is the last entry that begins with O2, i.e. the next entry is usually O3…msdxm.ocx
2. Download and install “FINDnFIX.exe� from
[http://downloads.subratam.org/FINDnFIX.exe]
Run the "!LOG!.bat" file. This creates a file called “log.txt� – do not close this yet.
Scroll down the log- near the top of the page should be the following…
�C:\WINDOWS\System32\[suspicious].DLL +++ File read error
C:\WINDOWS\System32\[suspicious].DLL +++ File read error�
This .dll is the malicious spyware file that needs to be removed.
3. Open notepad.exe from the Start Menu> Accessories menu
Open the file "MOVEit.bat" which is located in the C:\FINDnFIX\Keys1 Subfolder
The file will open as text file.
Delete the instruction line which begins “REM…�
Copy and paste the following line in its place (without the “�)…
�move %WinDir%\System32\[suspicious].DLL %SystemDrive%\junkxxx\[suspicious].DLL�
Replace [suspicious] with the .dll file name discovered in log.txt
Save the file and close notepad.
4. Get ready to restart your computer.
In the same folder, run "FIX.bat"
You will be prompted by popup alert box that your computer will restart in 15 seconds.
5. Once the computer has restarted, open the C:\FINDnFIX\ main folder.
Run the "RESTORE.bat" file. This creates a new file called “log1.txt�
There should now be no mention of the suspicious .dll file that was discovered in log.txt
6. Open the FINDnFIX\Files2 subfolder.
Run "ZIPZAP.bat"
This will clean the rest of the bad files and make copies in the same folder as “junkxxx.zip�
Your email client will open, along with an email instruction but ignore this and close it.
7. When this is finished, restart your computer.
Delete the entire 'FINDnFIX' folder from C:\
Make sure the C:\junkxxx folder was deleted (it will have been by the clean-up process, but just check anyway)
8. Your computer should now be totally free of the annoying spware!
9. To prevent other such infections, read the following article “Why did I get infected�:
http://www.wilderssecurity.com/showthread.php?t=27971
I recommend installing SpywareBlaster & SpywareGuard; both links are on this page. In addition, it is well worth installing a firewall: I recommend ZoneAlarm which is available here: http://www.zonelabs.com/store/conten...ku_list_za.jsp
I followed all your instructions but diagnosis from xsoftyspy is still such as my last post... 
So I launched hjt and attached related log : it seems the DLL in O2 tag disappear but pb still remains....
what do you think??
Again... Notepad.exe seems disappeared....
---------------------
Logfile of HijackThis v1.97.7
Scan saved at 19.38.49, on 07/07/04
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\Compaq\COMPAQ~2\hibserv.exe
C:\WINDOWS\system32\acstp\icserv.exe
C:\WINDOWS\system32\acstp\wake_up.exe
C:\Program Files\Microsoft SQL Server\MSSQL$GCPM\Binn\sqlservr.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\sdpasvc.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\RSA Security\Web PassPort\Plug-In\system\sdtray.exe
C:\Program Files\RSA Security\Web PassPort\Plug-In\System\sdlss.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\RTE\RTEGPRS.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
c:\program files\acnu\acnupdatersvc.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\XoftSpy\XoftSpy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;<local>
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.92 www.security.kolla.de
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.94 www.spychecker.com
O1 - Hosts: 127.0.0.95 www.spychecker.com
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O1 - Hosts: 127.0.0.99 www.spyware.co.uk
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray
O4 - HKLM\..\Run: [eSupInit] "C:\Program Files\Support.com\bin\eSupCmd.exe" -inituser
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\RSA Security\Web PassPort\Plug-In\system\sdtray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Common Files\RTE\RTEGPRS.exe"
O4 - HKCU\..\Run: [aauclient] C:\Program Files\ACNU\ACNUpdater.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BlackICE Agent.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...175.0872222222
O16 - DPF: {FE507B78-691A-4DAA-BE3D-793C86592506} (SDWAPI.clsWAPI) - https://mylearning.accenture.com/codebase/SDWAPI.cab
So I launched hjt and attached related log : it seems the DLL in O2 tag disappear but pb still remains....
what do you think??
Again... Notepad.exe seems disappeared....
---------------------
Logfile of HijackThis v1.97.7
Scan saved at 19.38.49, on 07/07/04
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\Compaq\COMPAQ~2\hibserv.exe
C:\WINDOWS\system32\acstp\icserv.exe
C:\WINDOWS\system32\acstp\wake_up.exe
C:\Program Files\Microsoft SQL Server\MSSQL$GCPM\Binn\sqlservr.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\sdpasvc.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\RSA Security\Web PassPort\Plug-In\system\sdtray.exe
C:\Program Files\RSA Security\Web PassPort\Plug-In\System\sdlss.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\RTE\RTEGPRS.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
c:\program files\acnu\acnupdatersvc.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\XoftSpy\XoftSpy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;<local>
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.92 www.security.kolla.de
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.94 www.spychecker.com
O1 - Hosts: 127.0.0.95 www.spychecker.com
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O1 - Hosts: 127.0.0.99 www.spyware.co.uk
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray
O4 - HKLM\..\Run: [eSupInit] "C:\Program Files\Support.com\bin\eSupCmd.exe" -inituser
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\RSA Security\Web PassPort\Plug-In\system\sdtray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Common Files\RTE\RTEGPRS.exe"
O4 - HKCU\..\Run: [aauclient] C:\Program Files\ACNU\ACNUpdater.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BlackICE Agent.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...175.0872222222
O16 - DPF: {FE507B78-691A-4DAA-BE3D-793C86592506} (SDWAPI.clsWAPI) - https://mylearning.accenture.com/codebase/SDWAPI.cab
Hello,
While I yeild to Crunchie and other HTJ log experts, I can see that you have a problem with the C:\windows\System32\drivers\etc\hosts file.
Inside hosts, you should have one entry:
127.0.0.1 localhost
(This is for the IP stack local configuring)
Christian
While I yeild to Crunchie and other HTJ log experts, I can see that you have a problem with the C:\windows\System32\drivers\etc\hosts file.
Inside hosts, you should have one entry:
127.0.0.1 localhost
(This is for the IP stack local configuring)
Christian
•
•
Join Date: Feb 2004
Posts: 9,982
Reputation: 
Solved Threads: 753
You may want to go here to read about xoftspy, it's a bit of a scam.
http://www.spywarewarrior.com/rogue_anti-spyware.htm
You might try this:
Download the Hoster from here: http://members.aol.com/toadbee/hoster.zip
Press 'Restore Original Hosts' and press 'OK'
Exit Program.
http://www.spywarewarrior.com/rogue_anti-spyware.htm
You might try this:
Download the Hoster from here: http://members.aol.com/toadbee/hoster.zip
Press 'Restore Original Hosts' and press 'OK'
Exit Program.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Gentlemen,
further details...
I performed ad-ware 6 (trial versione) scanning too...
It identified 10 objects (infected).....
Attached an interesting section form ad-ware log..... I hope it'll be useful..
Deep scanning and examining files (C
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Cydoor Object recognized!
Type : File
Data : cd_clint.dll
Category : Data Miner
Comment :
Object : C:\Documents and Settings\firstname.lastname\Local Settings\Temp\
FileSize : 122 KB
FileVersion : 3, 2, 1, 6
ProductVersion : 3, 2, 1, 6
Copyright : Copyright
FileDescription : cd_clint
InternalName : cd_clint
OriginalFilename : cd_clint.dll
ProductName : cd_clint
Created on : 14/04/04 10.30.28
Last accessed : 08/07/04 10.36.56
Last modified : 31/07/03 12.02.00
scam.noadware.net Object recognized!
Type : File
Data : noadware.exe
Category : Malware
Comment :
Object : C:\Program Files\NoAdware\
FileSize : 1568 KB
FileVersion : 2.01
ProductVersion : 2.01
Copyright : Copyright (C) 2003
CompanyName : NoAdware (http://www.noadware.net)
FileDescription : NoAdware Application
InternalName : NoAdware
OriginalFilename : NoAdware.EXE
ProductName : NoAdware Application
Created on : 09/03/04 16.28.32
Last accessed : 08/07/04 09.48.58
Last modified : 09/03/04 16.28.32
iSearch Toolbar Object recognized!
Type : File
Data : a0085893.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{1804B3F2-954F-4FEE-9122-D8DAEB2CC386}\RP106\
FileSize : 400 KB
FileVersion : 1, 0, 0, 4
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2004. All rights reserved.
CompanyName : iDownload.com
FileDescription : iSearch Toolbar
InternalName : iSearch Toolbar
OriginalFilename : toolbar.dll
ProductName : iSearch Toolbar
Created on : 17/03/04 14.56.02
Last accessed : 08/07/04 10.41.56
Last modified : 17/03/04 14.56.02
Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 3
Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
30 entries scanned.
New objects :0
Objects found so far: 3
Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
scam.noadware.net Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : SOFTWARE\NoAdware
scam.noadware.net Object recognized!
Type : Folder
Category : Malware
Comment :
Object : c:\program files\NoAdware
scam.noadware.net Object recognized!
Type : File
Data : noadware.lnk
Category : Malware
Comment :
Object : c:\documents and settings\firstname.lastname\desktop\
Created on : 07/07/04 09.07.42
Last accessed : 08/07/04 10.54.00
Last modified : 07/07/04 09.07.42
scam.noadware.net Object recognized!
Type : File
Data : logs
Category : Malware
Comment :
Object : c:\program files\noadware\
Created on : 07/07/04 09.07.43
Last accessed : 08/07/04 09.50.22
Last modified : 07/07/04 09.07.43
scam.noadware.net Object recognized!
Type : File
Data : noadware_061904_v201.na
Category : Malware
Comment :
Object : c:\program files\noadware\
FileSize : 343 KB
Created on : 07/07/04 09.07.59
Last accessed : 08/07/04 10.54.00
Last modified : 07/07/04 09.08.01
scam.noadware.net Object recognized!
Type : File
Data : unins000.dat
Category : Malware
Comment :
Object : c:\program files\noadware\
FileSize : 1 KB
Created on : 07/07/04 09.07.42
Last accessed : 08/07/04 10.54.00
Last modified : 07/07/04 09.07.42
scam.noadware.net Object recognized!
Type : File
Data : unins000.exe
Category : Malware
Comment :
Object : c:\program files\noadware\
FileSize : 74 KB
FileVersion : 51.9.0.0
ProductVersion :
Copyright : Copyright (C) 1997-2003 Jordan Russell
CompanyName : Jordan Russell
FileDescription : Inno Setup Uninstaller
Created on : 28/11/03 03.00.00
Last accessed : 08/07/04 10.54.00
Last modified : 28/11/03 03.00.00
Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 7
Objects found so far: 10
11.54.00 Scan complete
Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00.26.45.309
Objects scanned :159744
Objects identified :10
Objects ignored :0
New objects :10
further details...
I performed ad-ware 6 (trial versione) scanning too...
It identified 10 objects (infected).....
Attached an interesting section form ad-ware log..... I hope it'll be useful..
Deep scanning and examining files (C
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Cydoor Object recognized!
Type : File
Data : cd_clint.dll
Category : Data Miner
Comment :
Object : C:\Documents and Settings\firstname.lastname\Local Settings\Temp\
FileSize : 122 KB
FileVersion : 3, 2, 1, 6
ProductVersion : 3, 2, 1, 6
Copyright : Copyright
FileDescription : cd_clint
InternalName : cd_clint
OriginalFilename : cd_clint.dll
ProductName : cd_clint
Created on : 14/04/04 10.30.28
Last accessed : 08/07/04 10.36.56
Last modified : 31/07/03 12.02.00
scam.noadware.net Object recognized!
Type : File
Data : noadware.exe
Category : Malware
Comment :
Object : C:\Program Files\NoAdware\
FileSize : 1568 KB
FileVersion : 2.01
ProductVersion : 2.01
Copyright : Copyright (C) 2003
CompanyName : NoAdware (http://www.noadware.net)
FileDescription : NoAdware Application
InternalName : NoAdware
OriginalFilename : NoAdware.EXE
ProductName : NoAdware Application
Created on : 09/03/04 16.28.32
Last accessed : 08/07/04 09.48.58
Last modified : 09/03/04 16.28.32
iSearch Toolbar Object recognized!
Type : File
Data : a0085893.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{1804B3F2-954F-4FEE-9122-D8DAEB2CC386}\RP106\
FileSize : 400 KB
FileVersion : 1, 0, 0, 4
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2004. All rights reserved.
CompanyName : iDownload.com
FileDescription : iSearch Toolbar
InternalName : iSearch Toolbar
OriginalFilename : toolbar.dll
ProductName : iSearch Toolbar
Created on : 17/03/04 14.56.02
Last accessed : 08/07/04 10.41.56
Last modified : 17/03/04 14.56.02
Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 3
Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
30 entries scanned.
New objects :0
Objects found so far: 3
Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
scam.noadware.net Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : SOFTWARE\NoAdware
scam.noadware.net Object recognized!
Type : Folder
Category : Malware
Comment :
Object : c:\program files\NoAdware
scam.noadware.net Object recognized!
Type : File
Data : noadware.lnk
Category : Malware
Comment :
Object : c:\documents and settings\firstname.lastname\desktop\
Created on : 07/07/04 09.07.42
Last accessed : 08/07/04 10.54.00
Last modified : 07/07/04 09.07.42
scam.noadware.net Object recognized!
Type : File
Data : logs
Category : Malware
Comment :
Object : c:\program files\noadware\
Created on : 07/07/04 09.07.43
Last accessed : 08/07/04 09.50.22
Last modified : 07/07/04 09.07.43
scam.noadware.net Object recognized!
Type : File
Data : noadware_061904_v201.na
Category : Malware
Comment :
Object : c:\program files\noadware\
FileSize : 343 KB
Created on : 07/07/04 09.07.59
Last accessed : 08/07/04 10.54.00
Last modified : 07/07/04 09.08.01
scam.noadware.net Object recognized!
Type : File
Data : unins000.dat
Category : Malware
Comment :
Object : c:\program files\noadware\
FileSize : 1 KB
Created on : 07/07/04 09.07.42
Last accessed : 08/07/04 10.54.00
Last modified : 07/07/04 09.07.42
scam.noadware.net Object recognized!
Type : File
Data : unins000.exe
Category : Malware
Comment :
Object : c:\program files\noadware\
FileSize : 74 KB
FileVersion : 51.9.0.0
ProductVersion :
Copyright : Copyright (C) 1997-2003 Jordan Russell
CompanyName : Jordan Russell
FileDescription : Inno Setup Uninstaller
Created on : 28/11/03 03.00.00
Last accessed : 08/07/04 10.54.00
Last modified : 28/11/03 03.00.00
Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 7
Objects found so far: 10
11.54.00 Scan complete
Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00.26.45.309
Objects scanned :159744
Objects identified :10
Objects ignored :0
New objects :10
|
Similar Threads
- Links not working in web sites using Internet Explorer 6.0 (Viruses, Spyware and other Nasties)
- please help me remove winfix. here is my log file from Hijack this (Viruses, Spyware and other Nasties)
- Another about:blank hijack (Viruses, Spyware and other Nasties)
- Internet Explorer Changed/ can't update spybot (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Missing BRIDGE.dll on Windows startup
- Next Thread: i need help with my hijack.log
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio backtoschoolspeech bar blackhat botnet botnets china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia email europe exam facebook fake fancheckvirus gaming gtaiv gumblar halloween hijack internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm zeroday
