altavista_traversal

Here is some info on what port 9000 has been found to be used for:

9000 tcp Netministrator, W32.Randex

9000 udp Asheron's Call - This port is used in Microsoft's massively- multiplayer game called "Asheron's Call". The game can continue to contact the player even after the player has logged out.

Do you use Altavista's search engine?

Please follow the steps below:

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps below:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

Fangy,

Your HJT log is clean. But is does not look like you ran the online scanners. Why?

Please follow the steps below.

Bitdefender online scan
RavAntivirus online scan <-- select Auto Clean then click Scan My PC
TrojanScan online scan

If that does not help, run the below:

Download this virus checker tool from Microworld Antivirus Toolkit Utility

1. Save it to a folder.
2. Reboot into safe mode
3. Double click the Mwav.exe file.(This is a stand alone tool and NOT just a virus checker......so it won't install anything)
4. Leave the all default settings accept change it to Scan All Files instead of just Program Files. Then click SCAN and when it is completed, anything found will be displayed in the lower pane.
5. Click the View Log button which will bring up the log in a Notepad window. Save the log and then upload it here (as an attachment) when you come back. Note this mwav.log file may be too large to upload as it is. You may have to compress it into a ZIP file using a program like WinZip and then upload the compressed file.

*Note* If prompted that a Virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning.

We just want to use it to try to identify anything that is bad.

 

Are you sure you ran ALL of the READ ME FIRST. I see quite a bit of files in Temp folders that should have been cleaned up by CCleaner.

Do you know what the below file is? If not,, make sure it is deleted.
C:\DOCUME~1\fangy\LOCALS~1\Temp\ypsr_setup_full_bt_uk.exe


Do you use Beat Blender? If so, the warning about Altavista_Traversal is probably a false alarm from Norton.

See:
http://translate.google.com/translate?hl=en&sl=de&u=http://wap.tutorials.de/t-153207.html&prev=/search%3Fq%3DBeat%2BBlender%2B%252Btraversal%26hl%3Den%26lr%3D

http://mellowave.com/chat/

 

The items reported by MWAV are not problems. I believe it always reports an Altnet problem.

Your HJT log showed no signs of the file associated with Poebot.E

You could look in your registry manually using regedit to double check.
Also look for c:\windows\system32\radeonfx.exe but I doubt that it is there.

 

You're welcome. Make sure you check out the steps in the below thread:

How to Protect yourself from malware!