Yesterday I had some serious problem with Adware.Agent.BN and fake error messages. (Well I had a virus so maybe not so fake)
Spyware Doctor could find and remove Adware.Agent.BN but everytime I restarted it would come back.
So I downloaded Malwarebytes' Anti-Malware, turned off Spyware Doctor and did a full scan. After that I've had no more problems. Here is the log file in Swedish.
Malwarebytes' Anti-Malware 1.17
Databasversion: 846
05:32:22 2008-06-16
mbam-log-6-16-2008 (05-32-09).txt
Skanningstyp: Fullständig skanning (C:\|D:\|E:\|)
Antal skannade objekt: 203062
Förfluten tid: 58 minute(s), 20 second(s)
Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 5
Infekterade registernycklar: 15
Infekterade registervärden: 7
Infekterade registerdataposter: 15
Infekterade mappar: 6
Infekterade filer: 20
Infekterade minnesprocesser:
(Inga illasinnade poster hittades)
Infekterade minnesmoduler:
C:\WINDOWS\system32\nnnnlKeb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yrqjsbkn.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ddcBSLBR.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\xkefqtgs.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\rnopbfgt.dll (Trojan.FakeAlert) -> No action taken.
Infekterade registernycklar:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c776c10e-6990-4822-b322-1f5bc3b631b4} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c776c10e-6990-4822-b322-1f5bc3b631b4} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Adsl Software Limited (Rogue.MalWarrior) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1d6931f4-6f48-424c-ad55-3d3aa5ea2bf8} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d6931f4-6f48-424c-ad55-3d3aa5ea2bf8} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcbslbr (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7ab8444a-68e8-4834-a9cb-b87ebf40e0c1} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{82cb8960-d26a-49d2-b4ca-af01b48c7873} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2a3887c1-2299-45ae-8750-5968e1ebf343} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e409066c-9de5-4e24-be7b-6e7fa51009c8} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e409066c-9de5-4e24-be7b-6e7fa51009c8} (Trojan.FakeAlert) -> No action taken.
Infekterade registervärden:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\30ada67f (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe (Rogue.MalWarrior) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1d6931f4-6f48-424c-ad55-3d3aa5ea2bf8} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\xkefqtgs (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82cb8960-d26a-49d2-b4ca-af01b48c7873} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\rnopbfgt (Trojan.FakeAlert) -> No action taken.
Infekterade registerdataposter:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\nnnnlkeb -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\nnnnlkeb -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55715-770-6590602-22565) -> No action taken.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowNetPlaces (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
Infekterade mappar:
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\BASE (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\DELETED (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\SAVED (Rogue.MalWarrior) -> No action taken.
Infekterade filer:
C:\WINDOWS\system32\nnnnlKeb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\beKlnnnn.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\beKlnnnn.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yrqjsbkn.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nkbsjqry.ini (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe (Rogue.MalWarrior) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080616001139093.log (Rogue.MalWarrior) -> No action taken.
C:\WINDOWS\system32\ddcBSLBR.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\xkefqtgs.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\rtsplgob.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\rnopbfgt.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\pebgkxwq.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\kvsdpfeagep.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Kristoffer\Skrivbord\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Kristoffer\Skrivbord\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Kristoffer\Skrivbord\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Kristoffer\Favoriter\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Kristoffer\Favoriter\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Kristoffer\Favoriter\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.