back again

Discussion in 'Malware Help (A Specialist Will Reply)' started by phatgirlanime, Nov 30, 2005.

  1. phatgirlanime

    phatgirlanime Private E-2

    Hi, back again with a new problem. Had to reinstall windows in my computer. Now most of the time i go to a web page all these pop ups come on. I scanned it with counterspy. But it keeps happening.Here is a log of hjt.Please inform me of what I can do.thanks.
     

    Attached Files:

    phatgirlanime, Nov 30, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments. You do not even have the correct version of HJT.

    You are also running without:
    - an antivirus
    - spyware protection
    - a firewall

    Please follow the steps below:

    - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

    Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

    Downloading, Installing, and Running HijackThis

    .

    Also did you install the below:
    O4 - HKLM\..\Run: [Aqua Dock] C:\Program Files\Aqua Dock\Aqua Dock.exe

    It looks like a LOP infection to me.
     
    chaslang, Nov 30, 2005
    #2
  3. phatgirlanime

    phatgirlanime Private E-2

    hi, first of all thanks for your reply. Now I did as asked for. Step by step. And to answer your question yes I did instal aquadock. I ran 2 of the online scans. Here are the results.And also of hjt. I ran all of the programs in safe mode as well. But still having the same problem. Please help.

    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Thursday, December 01, 2005 11:19:16
    Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
    Kaspersky On-line Scanner version: 5.0.67.0
    Kaspersky Anti-Virus database last update: 1/12/2005
    Kaspersky Anti-Virus database records: 152795
    -------------------------------------------------------------------------------bitdefenderScan Settings:
    Scan using the following antivirus database: standard
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\

    Scan Statistics:
    Total number of scanned objects: 40870
    Number of viruses found: 1
    Number of infected objects: 2
    Number of suspicious objects: 0
    Duration of the scan process: 4901 sec

    Infected Object Name - Virus Name
    D:\programs\FlashFXP_v3[1].02_build_1044_Scene_Edition (www.crack.cd).zip/osk.exe Infected: Trojan-Downloader.Win32.INService.aa
    D:\programs\FlashFXP_v3[1].02_build_1044_Scene_Edition (www.crack.cd).zip Infected: Trojan-Downloader.Win32.INService.aa

    Scan process completed.


    BitDefender Online Scanner



    Scan report generated at: Thu, Dec 01, 2005 - 12:55:42





    Scan path: A:\;C:\;D:\;E:\;F:\;







    Statistics

    Time
    01:34:32

    Files
    437723

    Folders
    2294

    Boot Sectors
    5

    Archives
    8402

    Packed Files
    38304




    Results

    Identified Viruses
    3

    Infected Files
    3

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    3




    Engines Info

    Virus Definitions
    236833

    Engine build
    AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

    Scan plugins
    13

    Archive plugins
    39

    Unpack plugins
    4

    E-mail plugins
    6

    System plugins
    1




    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions


    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes




    Scanned File
    Status

    D:\programs\PROGRAMS\KAZAA_LITE\KAZAA_LITE_200_ENGLISH.EXE=>(Instyler o)=>(Instyler Module 9)
    Infected with: Trojan.Downloader.Small.AGQ

    D:\programs\PROGRAMS\KAZAA_LITE\KAZAA_LITE_200_ENGLISH.EXE=>(Instyler o)=>(Instyler Module 9)
    Disinfection failed

    D:\programs\PROGRAMS\KAZAA_LITE\KAZAA_LITE_200_ENGLISH.EXE=>(Instyler o)=>(Instyler Module 9)
    Deleted

    D:\programs\PROGRAMS\KAZAA_LITE\KAZAA_LITE_200_ENGLISH.EXE=>(Instyler o)
    Update failed

    D:\programs\PROGRAMS\SUSETUP.EXE=>(ZIP Sfx o)
    Infected with: Backdoor.Servu.4004.C

    D:\programs\PROGRAMS\SUSETUP.EXE=>(ZIP Sfx o)
    Disinfection failed

    D:\programs\PROGRAMS\SUSETUP.EXE=>(ZIP Sfx o)
    Deleted

    D:\programs\PROGRAMS\SUSETUP.EXE
    Update failed

    D:\programs\SERVU\SERV_U.ZIP=>Setup.exe=>(ZIP Sfx o)=>SERV-U32.EXE
    Infected with: Backdoor.Servu.25

    D:\programs\SERVU\SERV_U.ZIP=>Setup.exe=>(ZIP Sfx o)=>SERV-U32.EXE
    Disinfection failed

    D:\programs\SERVU\SERV_U.ZIP=>Setup.exe=>(ZIP Sfx o)=>SERV-U32.EXE
    Deleted

    D:\programs\SERVU\SERV_U.ZIP=>Setup.exe=>(ZIP Sfx o)
    Updated

    D:\programs\SERVU\SERV_U.ZIP=>Setup.exe
    Update failed
     

    Attached Files:

    phatgirlanime, Dec 1, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You did not follow the directions for installing HJT. You have it running from here:

    C:\Documents and Settings\Elizabeth Maldonado\Local Settings\Temp\wzb838\HijackThis.exe

    Please follow the directions and fix his.

    You should uninstall all aspects of Kazaa that you have. As you can see, it is a cause of some of your problems. So is the downloading of cracks.

    Manually delete the below infected files:
    D:\programs\FlashFXP_v3[1].02_build_1044_Scene_Edition (www.crack.cd).zip/osk.exe Infected: Trojan-Downloader.Win32.INService.aa
    D:\programs\FlashFXP_v3[1].02_build_1044_Scene_Edition (www.crack.cd).zip Infected: Trojan-Downloader.Win32.INService.aa


    You may want to run Kasperky and Bitdefender again to make sure all those detected items are actually gone now. Also please do not post logs in line. They are easier to read and cause less thread clutter when attached.

    I also see no signs of Microsoft Antispyware being run. Is there a reason you did not run it? It is one of the steps indicated in the READ & RUN ME.

    You should look for ServU and Kazaa in Add/Remove programs and uninstall if found.
    Also delete the below folders:
    D:\programs\SERVU
    D:\programs\PROGRAMS

    What else to you see in the D:\Programs folder?

    Your log does not show any malware issues. When and how often do popups occur and what do they say? Does it only happen on certain websites? Does it happen when you are not online and browsers are closed?
     
    Last edited: Dec 1, 2005
    chaslang, Dec 1, 2005
    #4
  5. phatgirlanime

    phatgirlanime Private E-2

    ok, first of all let me thank you. I apologize for not installing the hjt right, i thought i did. but i will do it again. Secondly, yes i did run the microsoft anti spyware program.
    I did it in safe mode. And my d/programs folder is a folder i created where i put all the important programs i have in case i need them in the future. That is in my other hard drive as you can see.It has many, many programs. Almost all in zip files. And yes the pop ups only happen in certain websites, not all. But there was one like torrentazos that oh my GOD i had like 50 all together. That i was trying to close with pop up killer but not even that. Now I have another question, is it ok to run counterspy with the lavasoft firewall together.ok. Now i will try to install the hjt correct way and post all new for you ok. once again thanks.
     
    phatgirlanime, Dec 2, 2005
    #5
  6. phatgirlanime

    phatgirlanime Private E-2

    ok I scanned with both online scans again and didnt find anything. Here are the logs
     

    Attached Files:

    phatgirlanime, Dec 2, 2005
    #6
  7. phatgirlanime

    phatgirlanime Private E-2

    here is the other one
     

    Attached Files:

    phatgirlanime, Dec 2, 2005
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    So I guess you just do no have MS Antispyware loading at startup? There are no entries in your log for it to be auto loading at startup. You do not need it if you have CounterSpy (that is if you bought CounterSpy and can get updates).

    Actually Lavasoft's firewall is really the firewall from Agnitum named Outpost. Yes you can run Counter Spy and Lavasoft's firewall together.

    Your logs are clean! Are you still having any problems? If the popups only occur at certain sites, then it is site related. Either ignore them, don't access those sites, or use a browser like Mozilla FireFox which has some builtin popup protection.
     
    chaslang, Dec 2, 2005
    #8
  9. phatgirlanime

    phatgirlanime Private E-2

    ok, thanks. Lately it has been working better. After all the scans
     
    phatgirlanime, Dec 3, 2005
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Dec 3, 2005
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds