4
Contributors
9
Replies
10
Views
8 Years
Discussion Span
Last Post by Bawb
0

HELP !!!

How do I remove TrojanDownloader:BAT/Ftper.gen ???

Thanx ... Bawb.

Begin with the instructions HERE and post back here with the requested logs. How do you know that you have this infection?

We need all info on the computer also, operating system, anti-virus program, firewall, what tools have you all ready tried? If you have logs from those please post them.
Judy

0

Begin with the instructions HERE and post back here with the requested logs. How do you know that you have this infection?

We need all info on the computer also, operating system, anti-virus program, firewall, what tools have you all ready tried? If you have logs from those please post them.
Judy

Hi Judy ..... here goes...

Windows Live One Care Safety Scanner

Unable to Clean

TrojanDownloader:BAT/Ftper.gen

This threat is classified as a Trojan - Downloader. A downloader trojan accesses remote websites in an attempt to download and install malicious or potentially unwanted software. Some downloader trojans target specific files on remote websites while others may target a specific URL that points to a website containing exploit code that may allow the site to automatically download and software or malicious code on vulnerable systems. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.


MalwareBytes Anti-Malware Log

Malwarebytes' Anti-Malware 1.42
Database version: 3304
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/6/2009 2:43:54 PM
mbam-log-2009-12-06 (14-43-54).txt

Scan type: Full Scan (C:\|)
Objects scanned: 177845
Time elapsed: 44 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ESET Online Scanner Log

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=8efe055df3a54846b98cd34916369e88
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-12-06 09:29:30
# local_time=2009-12-06 01:29:30 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 2285888 2285888 0 0
# compatibility_mode=1024 16777215 100 0 29585852 29585852 0 0
# compatibility_mode=3584 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=50134
# found=1
# cleaned=0
# scan_time=3090
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts45.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=8efe055df3a54846b98cd34916369e88
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-12-06 06:50:15
# local_time=2009-12-06 10:50:15 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 2322420 2322420 0 0
# compatibility_mode=1024 16777215 100 0 29622384 29622384 0 0
# compatibility_mode=3584 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=83
# found=0
# cleaned=0
# scan_time=208
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=8efe055df3a54846b98cd34916369e88
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-12-06 07:59:58
# local_time=2009-12-06 11:59:58 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 2326586 2326586 0 0
# compatibility_mode=1024 16777215 100 0 29626550 29626550 0 0
# compatibility_mode=3584 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=5045
# found=0
# cleaned=0
# scan_time=221
esets_scanner_update returned -1 esets_gle=53251
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=8efe055df3a54846b98cd34916369e88
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-12-06 09:40:21
# local_time=2009-12-06 01:40:22 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 2326896 2326896 0 0
# compatibility_mode=1024 16777215 100 0 29626860 29626860 0 0
# compatibility_mode=3584 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=50156
# found=0
# cleaned=0
# scan_time=5936


DDS Scan Log 1


DDS (Ver_09-12-01.01) - NTFSx86
Run by Robert Ruzyski at 17:12:51.26 on Sun 12/06/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.100 [GMT -8:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\BellCanada\McciTrayApp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Robert Ruzyski.BOSSHOSS\My Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://sympatico.msn.ca/default.aspx?lang=en-ca
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Page_URL = hxxp://sympatico.msn.ca/default.aspx?lang=en-ca
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {6714ADBD-C6C1-42A8-BD84-9C9339059421} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.1.0.19\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{fd58aa30-0af9-0661-e95c-dc273e45e7df}
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {10000000-1000-1000-1000-100000000000} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [Window Washer] c:\program files\webroot\washer\wwDisp.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [Index Washer] c:\program files\webroot\washer\WashIdx.exe "Robert Ruzyski"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Microsoft Works Portfolio] c:\program files\microsoft works\WksSb.exe /AllUsers
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [BellCanada_McciTrayApp] c:\program files\bellcanada\McciTrayApp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: &Search - ?p=ZUman000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-12-06 08:33:38 0 d-----w- c:\program files\ESET
2009-11-20 03:30:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-20 03:30:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-20 03:30:06 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-18 07:22:20 0 d-----w- c:\docume~1\robert~1.bos\applic~1\ezLife
2009-11-18 07:21:37 0 d-----w- c:\docume~1\robert~1.bos\applic~1\Messenger
2009-11-18 07:21:29 0 d-----w- c:\program files\ezLife
2009-11-16 08:42:54 286720 ----a-w- c:\windows\system32\chcxiqgi.dll
2009-11-11 19:54:36 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Fighters

==================== Find3M ====================

2009-10-29 19:48:09 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 19:48:07 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-19 07:41:13 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-19 07:41:13 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-19 07:41:13 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-19 07:41:13 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-01-25 14:53:26 4757 ----a-w- c:\program files\INSTALL.LOG
2008-05-09 05:37:34 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050820080509\index.dat

============= FINISH: 17:13:54.76 ===============


DDS Scan Log 2

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/1/2008 1:09:18 AM
System Uptime: 12/6/2009 10:37:11 AM (7 hours ago)

Motherboard: Dell Computer Corp. | |
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Microprocessor | 2386/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 97.443 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_1229&SUBSYS_01451028&REV_10\4&19FD8D60&0&60F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_1229&SUBSYS_01451028&REV_10\4&19FD8D60&0&60F0
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.7
CCleaner
Conexant D850 56K V.9x DFVc Modem
Critical Update for Windows Media Player 11 (KB959772)
ECO Bar
Efficient Networks SpeedStream DSL
EmailStripper 2.2
ESET Online Scanner v3
Google Photos Screensaver
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
ieSpell
Internet Check-Up
IrfanView (remove only)
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Lexmark Supplies Monitor
Lexmark Z25-Z35
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Mihov Image Resizer 1.1 (remove only)
Mozilla Firefox (3.0.4)
MSN
MSXML 6.0 Parser (KB933579)
Norton AntiVirus
NVIDIA Display Driver
Picasa 2
Registry Mechanic
Revo Uninstaller 1.75
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Spy Sweeper
Spybot - Search & Destroy
Sympatico / MSN Toolbar
The Weather Channel Toolbar
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Window Washer
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
Works Suite OS Pack
Works Synchronization
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

12/5/2009 5:51:46 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
12/5/2009 4:26:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVG Anti-Rootkit AvgArCln
12/5/2009 11:17:01 AM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
12/5/2009 1:31:13 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/5/2009 1:04:59 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

==== End Of File ===========================


Thank you ..... Bawb.

0

Can you tell me exactly WHERE the Windows Live One Care Safety Scanner told you this trojan was located, it should have given you that information also.
ESET was run first and it removed an item in quarantine of Spybot but of course didn't locate a trojan, as it mainly looks for viruses. MBA-M didn't find anything. You have a Norton program on there, have you done any scans with that? If not please update it and do a full scan with it also.
Have you had any other symptoms or indications of an infection other than this scan telling you this?
One thing you need to do is turn off Spybot TeaTimer as it can interfere with any fixes tried.

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer
Try your Norton program and let me know what it finds.

0

can you tell me exactly where the windows live one care safety scanner told you this trojan was located, it should have given you that information also.

c:\windows\system32\i

eset was run first and it removed an item in quarantine of spybot but of course didn't locate a trojan, as it mainly looks for viruses. Mba-m didn't find anything. You have a norton program on there, have you done any scans with that? If not please update it and do a full scan with it also.

I have done many, updated, full system, norton scans, with system restore on, and off, with no results.

have you had any other symptoms or indications of an infection other than this scan telling you this?
Yes .... Slow / Poor Response and Performance !!!

Also. on Add / Remove Programs, I removed "EZLife Browser Enhancer" and "Performance Solution JPKMarketing", which I never solicited

one thing you need to do is turn off spybot teatimer as it can interfere with any fixes tried.

* run spybot-s&d in advanced mode

DONE

* if it is not already set to do this, go to the mode menu
select
advanced mode
* on the left hand side, click on tools
* then click on the resident icon in the list
* uncheck
resident teatimer
and ok any prompts.
* restart your computer
try your norton program and let me know what it finds.

NORTON FINDS NOTHING / UPDATED / RESTORE ON / OFF

NOR DOES SPYBOT S&D OR AD-AWARE FIND ANYTHING .....

Bawb.

0

Are you having any symptoms of infection, other than this listing from the windows live one care safety scanner?
Run that again and see what it says. I am not familiar with this program but have seen other posts on other forums with this same finding without other scanners finding anything.

Edited by jholland1964: n/a

0

Hi Judy ..... here goes......
<snip>
.......Thank you ..... Bawb.

Thanks for your effort full work. Very carefully written guide. Good wishes.

Edited by PhilliePhan: Removed long quoted passage

0

Are you having any symptoms of infection, other than this listing from the windows live one care safety scanner?
Run that again and see what it says. I am not familiar with this program but have seen other posts on other forums with this same finding without other scanners finding anything.

Judy

I ran it again. Still the same message, after scanning 10% and 10 minutes into the approx 100 minute scan.

TrojanDownloader:BAT/Ftper.gen is likely infecting C:\windows\system 32\i and cannot be cleaned.

Other symptoms of possible infection:

When I shut down Windows, I usually get a message box that says a program is running, so I end it. Also, I sometimes get another message that Internet Explorer is Open, even tho I have closed all windows.

When I start up Windows, Internet Explorer is really slow to start up, sometimes just freezing. So, I cancel it with Task Manager and try it again. Usually starts on second try, but takes a while.

Also. on Add / Remove Programs, I removed "EZLife Browser Enhancer" and "Performance Solution JPKMarketing", which I never solicited

Overall computer performance and response is usually slow.

Thanx ..... Bawb.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.