I can not open my icons on my desktop

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by gahobo, Jan 1, 2005.

  1. gahobo

    gahobo Private E-2

    Can someone please read my hijack log. My parents downloaded something on there PC and now the icons on their desktop will only open if you right click on them and then click open. Here is a hijack log....

    Logfile of HijackThis v1.99.0
    Scan saved at 6:37:51 PM, on 1/1/2005
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Edit by chaslang: Unrequested, inline log deleted
     
    Last edited by a moderator: Jan 2, 2005
    gahobo, Jan 1, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to MGs!

    However we have guidelines about when and how to post HJT logs and what to do before using it.

    First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal
    If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


    After doing ALL of the above if you still have a problem:

    Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

    To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
     
    chaslang, Jan 2, 2005
    #2
  3. gahobo

    gahobo Private E-2

    Sorry i posted my Hijack log without asking. I have ran and done everythinh youasked me to. Here is what was found. In house call this was found...

    worm zerorpopup c:\windows\system\zp.dll
    troj sahagent.a c:\ windows\mmvps.exe
    troj vb.cac c:\windows\suploads.exe

    In symantec Seciruty scan this was found..

    Hacker Exposure at risk
    Windows Vulnarbility at risk
    Antivirus at risk

    The following programs has no issues..
    Ad-Aware
    CCleaner
    Spybot
    Spywareblaster
    Stinger
    CW
    Kill2me
    About
    HS

    I ran BitDefender it found this...
    C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip=>RELATED.HTM: password protected
    C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip=>sbRecovery.ini: password protected
    C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\AllInOneTelcom.zip=>nsupdate.dll: password protected
    C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\AllInOneTelcom.zip=>sbRecovery.ini: password protected
    C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISTbarQidion.zip=>qi32.dll: password protected
    C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISTbarQidion.zip=>sbRecovery.ini: password protected
    C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip=>sbRecovery.reg: password protected
    C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip=>sbRecovery.ini: password protected
    C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\eGroup.zip=>sbRecovery.reg: password protected
    C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\eGroup.zip=>sbRecovery.ini: password protected
    C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\eGroup1.zip=>sbRecovery.reg: password protected
    C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\eGroup1.zip=>sbRecovery.ini: password protected
    C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\eGroup2.zip=>sbRecovery.reg: password protected
    C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\eGroup2.zip=>sbRecovery.ini: password protected
    C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\RapidBlaster.zip=>sbRecovery.ini: password protected
    C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\Unknown.zip=>nsupd9x.inf: password protected
    C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\Unknown.zip=>sbRecovery.ini: password protected
    C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\Unknown1.zip=>NSupd9x.inf: password protected
    C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\Unknown1.zip=>sbRecovery.ini: password protected
    C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated1.zip=>RELATED.HTM: password protected
    C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated1.zip=>sbRecovery.ini: password protected
    C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\Roings.zip=>objsafe.tlb: password protected
    C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\Roings.zip=>sbRecovery.ini: password protected
    C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip=>sbRecovery.reg: password protected
    C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip=>sbRecovery.ini: password protected
    C:\WINDOWS\irmtmjaf.exe: infected with Adware.180Solutions.5.11
    C:\WINDOWS\irmtmjaf.exe: disinfection failed
    C:\WINDOWS\e2g25.exe: infected with Trojan.Downloader.Small.AB
    C:\WINDOWS\e2g25.exe: disinfection failed
    C:\DELL\wbt.dat=>WINDOWS/CLASSES.DAT: password protected
    C:\DELL\wbt.dat=>WINDOWS/HWINFO.DAT: password protected
    C:\DELL\wbt.dat=>WINDOWS/JAUTOEXP.DAT: password protected
    C:\DELL\wbt.dat=>WINDOWS/SYSTEM.DAT: password protected
    C:\DELL\wbt.dat=>WINDOWS/USER.DAT: password protected
    C:\_RESTORE\TEMP\A0025800.CPY: infected with Application.Dialer.TP
    C:\_RESTORE\TEMP\A0025800.CPY: disinfection failed.
     
    gahobo, Jan 2, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay but you did not tell me your status now. Are you still having any problems? If so, tell me your problems and follow my guidelines and post a HJT log as specified.
     
    chaslang, Jan 2, 2005
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds