spyware and virus problem

wcopel · Nov 21, 2005

I having a problem cleaning up my brother computer I'm posting logs please help.

Thanks a lot Here goes KASPERSKY ON-LINE SCANNER REPORT
Sunday, November 20, 2005 06:15:03
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 20/11/2005
Kaspersky Anti-Virus database records: 150964
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 53467
Number of viruses found: 10
Number of infected objects: 2680
Number of suspicious objects: 2
Duration of the scan process: 3579 sec

Infected Object Name - Virus Name
C:\counter.cab/counter.exe Infected: Trojan-Dropper.Win32.Agent.az
C:\counter.cab Infected: Trojan-Dropper.Win32.Agent.az
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite.zip/BackWeb-137903.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite.zip Suspicious: Password-protected-EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Internet Explorer\iexplore.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Internet Explorer\W2K\expinst.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Kazoo3D\Common\InteractiveStyleSelector.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Kazoo3D\Common\UnPacker\UnPacker.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\KOptimizer\PService.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Lavasoft\Ad-Aware SE Personal\unregaaw.exe Infected: Virus.Win32.Tenga.a

Edit by chaslang: Inline log removed. Please follow forum guidelines in stickies.

wcopel · Nov 21, 2005

Help Please !

chaslang · Nov 21, 2005

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

Please follow the steps below:

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

.
Do you use some kind of Fax program? If not the below is probably a trojan:

O4 - HKCU\..\Run: [winfax] C:\WINDOWS\System32\winfax.exe

wcopel · Nov 21, 2005

Thanks I will do the things said to do I will get back later. Thanks

chaslang · Nov 21, 2005

Okay! Make sure to ATTACH the HJT log.

What about my winfax question?

Log in or Sign up

spyware and virus problem

wcopel Private E-2

wcopel Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

wcopel Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member