Member Avatar for meshia

so i ran the scan log thing and this is what it came up with:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:41:44 PM 2/13/2007
+ Scan result:

C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\WINNT\dhp2.dll -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\upd50.tmp/ME.dll -> Adware.MediaPops : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\upd94.tmp/ME.dll -> Adware.MediaPops : Cleaned with backup (quarantined).
C:\WINNT\NDNuninstall4_50.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINNT\NDNuninstall4_80.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINNT\NDNuninstall4_88.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINNT\NDNuninstall4_94.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINNT\NDNuninstall5_20.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINNT\NDNuninstall5_40.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINNT\NDNuninstall5_48.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINNT\NDNuninstall5_64.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINNT\NDNuninstall6_10.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINNT\NDNuninstall6_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINNT\NDNuninstall6_30.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINNT\NDNuninstall7_14.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\p2psetup.exe -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\MiniBug.exe -> Adware.SuspectModule : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP733\A0758896.dll -> Backdoor.Haxdoor.ky : Cleaned with backup (quarantined).
C:\WINNT\system32\xcttgs.dll -> Backdoor.Haxdoor.ky : Error during cleaning.
[408] C:\WINNT\system32\xcttgs.dll -> Backdoor.Haxdoor.ky : Error during cleaning.
C:\Documents and Settings\Owner\Local Settings\Temp\ARTA106.exe -> Backdoor.Haxdoor.ln : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\S16J4X6F\index[1].htm -> Downloader.Agent.bx : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Desktop\Magic-Login-Final\Magic-Login-Final.exe -> Downloader.Zlob.bke : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1371315241-4271176276-1453689397-1003\Dc600.zip/Magic-Login-Final/Magic-Login-Final.exe -> Downloader.Zlob.bke : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP746\A0778937.exe -> Downloader.Zlob.bke : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\S16J4X6F\elusiive[1].htm -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-1371315241-4271176276-1453689397-1003\Dc608.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-1371315241-4271176276-1453689397-1003\Dc710.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-1371315241-4271176276-1453689397-1003\Dc780.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-1371315241-4271176276-1453689397-1003\Dc781.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-1371315241-4271176276-1453689397-1003\Dc807.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-1371315241-4271176276-1453689397-1003\Dc619.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\RECYCLER\S-1-5-21-1371315241-4271176276-1453689397-1003\Dc622.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\RECYCLER\S-1-5-21-1371315241-4271176276-1453689397-1003\Dc642.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\RECYCLER\S-1-5-21-1371315241-4271176276-1453689397-1003\Dc787.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\RECYCLER\S-1-5-21-1371315241-4271176276-1453689397-1003\Dc652.txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\RECYCLER\S-1-5-21-1371315241-4271176276-1453689397-1003\Dc644.txt -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\S-1-5-21-1371315241-4271176276-1453689397-1003\Dc761.txt -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\S-1-5-21-1371315241-4271176276-1453689397-1003\Dc647.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\S-1-5-21-1371315241-4271176276-1453689397-1003\Dc655.txt -> TrackingCookie.Com : Cleaned.
C:\RECYCLER\S-1-5-21-1371315241-4271176276-1453689397-1003\Dc677.txt -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\S-1-5-21-1371315241-4271176276-1453689397-1003\Dc707.txt -> TrackingCookie.Overture : Cleaned.
C:\RECYCLER\S-1-5-21-1371315241-4271176276-1453689397-1003\Dc624.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\RECYCLER\S-1-5-21-1371315241-4271176276-1453689397-1003\Dc719.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\RECYCLER\S-1-5-21-1371315241-4271176276-1453689397-1003\Dc721.txt -> TrackingCookie.Realmedia : Cleaned.
C:\RECYCLER\S-1-5-21-1371315241-4271176276-1453689397-1003\Dc736.txt -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\S-1-5-21-1371315241-4271176276-1453689397-1003\Dc801.txt -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\S-1-5-21-1371315241-4271176276-1453689397-1003\Dc742.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\RECYCLER\S-1-5-21-1371315241-4271176276-1453689397-1003\Dc743.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\RECYCLER\S-1-5-21-1371315241-4271176276-1453689397-1003\Dc750.txt -> TrackingCookie.Web-stat : Cleaned.
C:\RECYCLER\S-1-5-21-1371315241-4271176276-1453689397-1003\Dc617.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\S-1-5-21-1371315241-4271176276-1453689397-1003\Dc782.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\S-1-5-21-1371315241-4271176276-1453689397-1003\Dc779.txt -> TrackingCookie.Zedo : Cleaned.

::Report end

i want to get rid of everything and protect myself better in the future.
i'm using aol, windows xp, i have a gateway pc, and im using service pack #1 cuz i think #2 jacked my computer up.
thanks.

  • 3 Contributors
  • 6 Replies
  • 264 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by PhilliePhan

Recommended Answers

All 6 Replies

Member Avatar for jbennet

1. empty the quarantine/virus vault in AVG
2. empty the recyle bins of all users

Try scan again and post new log

Member Avatar for meshia

i have no idea how to do that...explain please?

Member Avatar for jbennet

In AVG antispyware go to infections menu then remove them. then empty your recyle bin too and rerun the test

Member Avatar for PhilliePhan

You have a fairly serious baddie that is protected by a rootkit. If nobody else is here able to help you clean your compy, I will try - I do not have a lot of Forum time these days....

C:\WINNT\system32\xcttgs.dll -> Backdoor.Haxdoor.ky : Error during cleaning.
[408] C:\WINNT\system32\xcttgs.dll -> Backdoor.Haxdoor.ky : Error during cleaning.

There will probably be a rootkit driver labeled xcttgs.sys in addition to the above.

Best Luck :)
PP

Member Avatar for meshia

aww your so sweet well this is what i have come up with now:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 4:28:28 PM 2/14/2007
+ Scan result:

C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP748\A0783988.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP748\A0783989.dll -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP748\A0783990.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP748\A0783991.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP748\A0783992.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP748\A0783993.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP748\A0783994.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP748\A0783995.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP748\A0783996.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP748\A0783997.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP748\A0783998.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP748\A0783999.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP748\A0784000.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP748\A0784001.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINNT\system32\xcttgs.dll -> Backdoor.Haxdoor.ky : Cleaned with backup (quarantined).
[1640] C:\WINNT\System32\xcttgs.dll -> Backdoor.Haxdoor.ky : Cleaned with backup (quarantined).
[408] C:\WINNT\system32\xcttgs.dll -> Backdoor.Haxdoor.ky : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP748\A0783987.exe -> Downloader.Zlob.bke : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end

Member Avatar for PhilliePhan

C:\WINNT\system32\xcttgs.dll -> Backdoor.Haxdoor.ky : Cleaned with backup (quarantined).
[1640] C:\WINNT\System32\xcttgs.dll -> Backdoor.Haxdoor.ky : Cleaned with backup (quarantined).
[408] C:\WINNT\system32\xcttgs.dll -> Backdoor.Haxdoor.ky : Cleaned with backup (quarantined).

It appears that AVG was able to clean that particular baddie.

Are you still having any problems? If so, we can try a few additional scans.....


Cheers :)
PP

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.