MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: I had some viruses i want to know if they are still there
May 28, 2020, 08:43:44 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
May 28, 2020, 08:43:44 PM

Login with username, password and session length
 Featured Sites:
News
Article Writers We are looking for quality, informational articles to add to our Computer Articles
Please contact us if you are interested in submitting some....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: I had some viruses i want to know if they are still there  (Read 1975 times)
scheins
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 74


Bookmark and Share

View Profile
« on: April 24, 2006, 08:26:20 PM »

I did an AVG scan and it showed me that i had five trojans and a virus it claim to have healed two of them but i dont trust it.  they were called Trojan Horse Downloader Generic, Trojan Horse Proxy, Trojan Horse Startpage, Trojan Horse Clicker, Trojan Horse Dropper Generic.  The virus was called Klone.  I did not write exactly what it said at the end of each them.  Thank you for your help in advance.

Logfile of HijackThis v1.99.1
Scan saved at 4:21:14 PM, on 4/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Error Nuker\bin\ErrorNuker.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Shomrim\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Logged

scheins
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: April 25, 2006, 03:11:49 AM »

Hi
I dont see any signs of infections.It all seem to have been cleaned ok.Just to be on the safe side  run a full scan here with Ewido .
Logged

An Australian Member of

EDDY
scheins
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 74


Bookmark and Share

View Profile
« Reply #2 on: April 25, 2006, 04:21:19 PM »

Here is the Ewido report i did not tell it to remove the infections yet i am waiting for your response.  While i was scanning in Ewido AVG found all the viruses that i mentioned earier and more to heal.  One that kept popping up to heal was trojan horse generic.oel.  I dont trust that avg healed all the viruses like it said it did.  thank you for your help.

__________________________________________________
ewido security suite online scanner
   http://www.ewido.net
__________________________________________________


Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\Shomrim\Cookies\shomrim@doubleclick[1].txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\Shomrim\Cookies\shomrim@atdmt[1].txt
Risk: Medium

Name: TrackingCookie.Ru4
Path: C:\Documents and Settings\Shomrim\Cookies\shomrim@edge.ru4[2].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Shomrim\Cookies\shomrim@hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Shomrim\Cookies\shomrim@ehg-dig.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Shomrim\Cookies\shomrim@2o7[2].txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\Shomrim\Cookies\shomrim@anat.tacoda[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Shomrim\Cookies\shomrim@bellglobemediapublishing.122.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Documents and Settings\Shomrim\Cookies\shomrim@zedo[1].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Documents and Settings\Shomrim\Cookies\shomrim@c1.zedo[2].txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: C:\Documents and Settings\Shomrim\Cookies\shomrim@fastclick[2].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Documents and Settings\Shomrim\Cookies\shomrim@overture[2].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Documents and Settings\Shomrim\Cookies\shomrim@casalemedia[1].txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: C:\Documents and Settings\Shomrim\Cookies\shomrim@burstnet[2].txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: C:\Documents and Settings\Shomrim\Cookies\shomrim@questionmarket[1].txt
Risk: Medium

Name: TrackingCookie.Bluestreak
Path: C:\Documents and Settings\Shomrim\Cookies\shomrim@bluestreak[2].txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: C:\Documents and Settings\Shomrim\Cookies\shomrim@advertising[2].txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: C:\Documents and Settings\Shomrim\Cookies\shomrim@tribalfusion[1].txt
Risk: Medium

Name: TrackingCookie.Webtrendslive
Path: C:\Documents and Settings\Shomrim\Cookies\shomrim@statse.webtrendslive[2].txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\Shomrim\Cookies\shomrim@tacoda[2].txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: C:\Documents and Settings\Shomrim\Cookies\shomrim@statcounter[1].txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: C:\Documents and Settings\Shomrim\Cookies\shomrim@mediaplex[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Shomrim\Cookies\shomrim@meetupcom.122.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Clickbank
Path: C:\Documents and Settings\Shomrim\Cookies\shomrim@clickbank[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Shomrim\Cookies\shomrim@cbs.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: C:\Documents and Settings\Shomrim\Cookies\shomrim@adopt.specificclick[2].txt
Risk: Medium

Name: TrackingCookie.Burstbeacon
Path: C:\Documents and Settings\Shomrim\Cookies\shomrim@www.burstbeacon[2].txt
Risk: Medium

Name: Adware.Spysheriff
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq24.tmp\heur003.dll
Risk: Medium

Name: Adware.Spysheriff
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq24.tmp\Uninstall.exe
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2B.tmp
Risk: Medium

Name: TrackingCookie.Atdmt
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C.tmp
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2D.tmp
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2E.tmp
Risk: Medium

Name: TrackingCookie.Ru4
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2F.tmp
Risk: Medium

Name: TrackingCookie.Fastclick
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq30.tmp
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq31.tmp
Risk: Medium

Name: TrackingCookie.Qksrv
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq32.tmp
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq33.tmp
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp
Risk: Medium

Name: TrackingCookie.Webtrendslive
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq36.tmp
Risk: Medium

Name: TrackingCookie.Adserver
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq37.tmp
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38.tmp
Risk: Medium

Name: Hijacker.Spywad.o
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5.tmp
Risk: High

Name: TrackingCookie.2o7
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6.tmp
Risk: Medium

Name: TrackingCookie.Advertising
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9.tmp
Risk: Medium

Name: TrackingCookie.Falkag
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD.tmp
Risk: Medium

Name: TrackingCookie.Findwhat
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF.tmp
Risk: Medium

Name: TrackingCookie.Hitslink
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10.tmp
Risk: Medium

Name: TrackingCookie.Paycounter
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11.tmp
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq13.tmp
Risk: Medium

Name: TrackingCookie.s*xlist
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp
Risk: Medium

Name: TrackingCookie.s*xtracker
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15.tmp
Risk: Medium

Name: TrackingCookie.s*xtracker
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16.tmp
Risk: Medium

Name: TrackingCookie.s*xtracker
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17.tmp
Risk: Medium

Name: TrackingCookie.s*xtracker
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18.tmp
Risk: Medium

Name: TrackingCookie.s*xtracker
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19.tmp
Risk: Medium

Name: TrackingCookie.s*xtracker
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A.tmp
Risk: Medium

Name: TrackingCookie.s*xtracker
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B.tmp
Risk: Medium

Name: TrackingCookie.s*xtracker
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C.tmp
Risk: Medium

Name: TrackingCookie.s*xtracker
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D.tmp
Risk: Medium

Name: TrackingCookie.s*xtracker
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1E.tmp
Risk: Medium

Name: TrackingCookie.Statcounter
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1F.tmp
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq20.tmp
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22.tmp
Risk: Medium

Name: TrackingCookie.Valueclick
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25.tmp
Risk: Medium

Name: TrackingCookie.Webtrendslive
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq27.tmp
Risk: Medium

Name: TrackingCookie.Xxxcounter
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq29.tmp
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq39.tmp
Risk: Medium

Name: Adware.Spysheriff
Path: C:\Documents and Settings\Shomrim\Desktop\Install.exe
Risk: Medium

Name: Not-A-Virus.SpamTool.Win32.Mailbot.ad
Path: C:\System Volume Information\_restore{201BCDDD-BC4B-44BF-B83F-5DE75F1AAD2F}\RP166\A0023267.dll
Risk: High
Logged

scheins
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #3 on: April 26, 2006, 12:00:45 AM »

Yes you can get Ewido to fix all those.Its safe to remove anything that Ewido comes up with.Apart from that it all looks fine.
Logged

An Australian Member of

EDDY
scheins
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 74


Bookmark and Share

View Profile
« Reply #4 on: April 26, 2006, 06:45:09 AM »

When ewido gets rid of all that will the trojans and the virus also be gone?
Logged

scheins
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #5 on: April 26, 2006, 08:34:03 AM »

Yes it will delete the ones it has found.
Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page July 01, 2018, 04:44:49 PM