downloaded a trojan last week

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Feminvstr, Mar 16, 2005.

  1. Feminvstr

    Feminvstr Private E-2

    I have cleaned up the most part, thanks to a few good geeks:) but I cant get any sound on my computer :(

    this is one that gives me concern File C:\System Volume Information\_restore{ED1AD764-6EE8-45D8-B9BD-559926E4C6F0}\RP10\A0000260.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.


    I did a bio check, I am at a lost of what to do next does any one see anything bad with the log from ad-aware....are these just me surfing the web? or have they been placed in here by these programs
    MCAfee doesnt find anything wrong
    spybot got about 7 ad-ware things but they might be related to these cookies...can that be right?

    I reloaded my sound drivers...

    I need to find this problem my sound was working before the trojan...any suggestions ? here are program logs I ran today...

    Ad_Aware log

    TRACKING COOKIE
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    obj[0]=IECache Entry : Cookie:eek:wner@ehg-techtarget.hitbox.com/
    obj[1]=IECache Entry : Cookie:eek:wner@edge.ru4.com/
    obj[2]=IECache Entry : Cookie:eek:wner@versiontracker.com/
    obj[3]=IECache Entry : Cookie:eek:wner@stats1.clicktracks.com/
    obj[4]=IECache Entry : Cookie:eek:wner@tribalfusion.com/
    obj[5]=IECache Entry : Cookie:eek:wner@2o7.net/
    obj[6]=IECache Entry : Cookie:eek:wner@trafficmp.com/
    obj[7]=IECache Entry : Cookie:eek:wner@casalemedia.com/
    obj[8]=IECache Entry : Cookie:eek:wner@overture.com/

    mwav log!

    File C:\2020\MSWIN\51\ICON52.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpkw_setupSTUS\comp02.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\AOL Downloads\updateni_setup90\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq112.tmp infected by "Trojan-Downloader.Win32.Apropo.s" Virus. Action Taken: No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq120.tmp infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq130.tmp infected by "not-a-virus:AdWare.Apropos.f" Virus. Action Taken: No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq13A.tmp infected by "not-a-virus:AdWare.Apropos.f" Virus. Action Taken: No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq146.tmp infected by "not-a-virus:AdWare.Apropos.f" Virus. Action Taken: No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq19F.tmp infected by "not-a-virus:AdWare.WebRebates.c" Virus. Action Taken: No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq1A2.tmp infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq1AB.tmp infected by "not-a-virus:AdWare.WebRebates.c" Virus. Action Taken: No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq1AC.tmp infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq1AF.tmp infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq1B1.tmp infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq1B2.tmp infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq1BB.tmp infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq89.tmp infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq8B.tmp infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq8D.tmp infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppqBD.tmp infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppqC1.tmp infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppqCB.tmp infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppqCD.tmp infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppqD3.tmp infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppqDB.tmp infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppqDD.tmp infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppqE1.tmp infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppqEE.tmp infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
    File C:\hp\bin\win32all-146.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
    File C:\Program Files\America Online 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
    File C:\Program Files\America Online 9.0a\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
    File C:\Program Files\Broderbund\The Print Shop\Unlock\SSD\SS4DlxDl.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
    File C:\Program Files\Online Services\AOL90US\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
    File C:\System Volume Information\_restore{ED1AD764-6EE8-45D8-B9BD-559926E4C6F0}\RP10\A0000260.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.

    I have done a recent sfc\scannow then ran this Hijack log....


    Logfile of HijackThis v1.99.1
    Scan saved at 5:06:03 PM, on 3/16/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Edit by chaslang: Unrequest inline log removed

    any help would be appreciated....I need my sound :mad:

    thank you thank you in advance :D
    Kimberly
     
    Last edited by a moderator: Mar 17, 2005
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please do not post HJT log unless requested and read out sticky threads too so you learn the proper methods to post.

    Sound problems can be a load of work to resolve some time it is due to services being disable or particular registry settings. This is an issue that should be brought up in the Software or Hardware Forum. You could look at the below thread where I did fix a problem with no sound. You could have a similar problem but note some of your registry keys may be different.

    http://forums.majorgeeks.com/showthread.php?t=48938

    If you still have malware problems you need help with, here are the procedures to follow:

    To help us to best help you, please follow the steps below closely and in the order given and do not skip anything. If you have any difficulty, please post back letting us know what steps you have completed, what you found while doing the scans if anything along with details about any problems you may have encountered in completing the steps. The more details you can provide the better. Don't be afraid to ask for additional help if you don't understand something!

    - Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem:

    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
    Last edited: Mar 17, 2005

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds