Solve : HELP WINSPYWAREPROTECT? – InterviewSolution

InterviewSolution

1.	Solve : HELP WINSPYWAREPROTECT?
Answer» I scanned again with malwarebytes malware thing and this is what I got: Code: [Select]Malwarebytes' Anti-Malware 1.23 Database version: 1002 Windows 5.1.2600 Service Pack 2 11:51:10 AM 30/07/2008 mbam-log-7-30-2008 (11-51-10).txt Scan type: Quick Scan Objects scanned: 40744 Time elapsed: 6 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) That was the quick scan. I am now startign a complete scan. Will post log in a bit...........Also, antivir keeps popping up saying I have trojans and stuff, so I move to quarantine. But Idk why it keeps popping up......Post a fresh HJT log.Alright, I've attatched a fresh HJT log and an events log from antivir. [recovering disk space -- attachment deleted by admin]The events log looks like this Code: [Select]Exported events: ਍ഀഀ 30/07/2008 12:50 [Guard] Malware found ਍ 嘀椀爀甀猀漀爀甀渀眀愀渀琀攀搀瀀爀漀最爀愀洀 ✀吀刀⼀䈀䠀伀⸀昀戀礀⸀㌀嬀琀爀漀樀愀渀崀✀ഀഀ detected in file 'C:\System Volume ਍ 䤀渀昀漀爀洀愀琀椀漀渀尀开爀攀猀琀漀爀攀笀䈀䐀㌀㠀㜀䐀㈀䌀ⴀ䘀䈀䈀㠀ⴀ㐀㌀㄀䄀ⴀ䄀㌀㄀䐀ⴀ　䌀䔀䔀㔀㜀㌀㜀㤀䔀㤀㄀紀尀刀倀㐀　尀䄀　　㄀㔀㈀　㜀⸀攀砀攀⸀ഀഀ Action performed: Move file to quarantine ਍ഀഀ 30/07/2008 12:49 [Guard] Malware found ਍ 嘀椀爀甀猀漀爀甀渀眀愀渀琀攀搀瀀爀漀最爀愀洀 ✀吀刀⼀䈀䠀伀⸀昀戀礀⸀㌀嬀琀爀漀樀愀渀崀✀ഀഀ detected in file 'C:\System Volume ਍ 䤀渀昀漀爀洀愀琀椀漀渀尀开爀攀猀琀漀爀攀笀䈀䐀㌀㠀㜀䐀㈀䌀ⴀ䘀䈀䈀㠀ⴀ㐀㌀㄀䄀ⴀ䄀㌀㄀䐀ⴀ　䌀䔀䔀㔀㜀㌀㜀㤀䔀㤀㄀紀尀䘀椀昀漀攀搀尀䄀　　㄀㐀㔀　　⸀搀氀氀⸀ഀഀ Action performed: Move file to quarantine ਍ഀഀ 30/07/2008 12:49 [Guard] Malware found ਍ 嘀椀爀甀猀漀爀甀渀眀愀渀琀攀搀瀀爀漀最爀愀洀 ✀吀刀⼀䈀䠀伀⸀昀戀礀⸀㌀嬀琀爀漀樀愀渀崀✀ഀഀ detected in file 'C:\System Volume ਍ 䤀渀昀漀爀洀愀琀椀漀渀尀开爀攀猀琀漀爀攀笀䈀䐀㌀㠀㜀䐀㈀䌀ⴀ䘀䈀䈀㠀ⴀ㐀㌀㄀䄀ⴀ䄀㌀㄀䐀ⴀ　䌀䔀䔀㔀㜀㌀㜀㤀䔀㤀㄀紀尀䘀椀昀漀攀搀尀䄀　　㄀㐀㐀㤀㤀⸀搀氀氀⸀ഀഀ Action performed: Move file to quarantine ਍ഀഀ 30/07/2008 12:49 [Guard] Malware found ਍ 嘀椀爀甀猀漀爀甀渀眀愀渀琀攀搀瀀爀漀最爀愀洀 ✀吀刀⼀䄀最攀渀琀⸀㈀㐀㠀㠀㌀㈀　嬀琀爀漀樀愀渀崀✀ഀഀ detected in file 'C:\System VThats wierd?!?!? Well, here's waht it looks like to me... Code: [Select]Exported events: 30/07/2008 12:50 [Guard] Malware found Virus or unwanted program 'TR/BHO.fby.3 [trojan]' detected in file 'C:\System Volume Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\RP40\A0015207.exe. Action performed: Move file to quarantine 30/07/2008 12:49 [Guard] Malware found Virus or unwanted program 'TR/BHO.fby.3 [trojan]' detected in file 'C:\System Volume Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\Fifoed\A0014500.dll. Action performed: Move file to quarantine 30/07/2008 12:49 [Guard] Malware found Virus or unwanted program 'TR/BHO.fby.3 [trojan]' detected in file 'C:\System Volume Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\Fifoed\A0014499.dll. Action performed: Move file to quarantine 30/07/2008 12:49 [Guard] Malware found Virus or unwanted program 'TR/Agent.2488320 [trojan]' detected in file 'C:\System Volume Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\Fifoed\A0014497.EXE. Action performed: Move file to quarantine 30/07/2008 12:21 [Guard] Malware found Virus or unwanted program 'TR/Agent.2488320 [trojan]' detected in file 'C:\Documents and Settings\User\My Documents\CE\VE5 1032\VE5_Alter_1032.EXE. Action performed: Move file to quarantine 30/07/2008 12:20 [Guard] Malware found Virus or unwanted program 'TR/Dldr.16384.D [trojan]' detected in file 'C:\Documents and Settings\User\My Documents\CE\VE5 1032\systemcallsignal.exe. Action performed: Move file to quarantine 30/07/2008 10:45 [Guard] Malware found Virus or unwanted program 'EXP/CVE-2006-4534 [exploit]' detected in file 'C:\Documents and Settings\User\My Documents\~WRD2525.tmp. Action performed: Move file to quarantine 30/07/2008 10:18 [Guard] Malware found Virus or unwanted program 'TR/Hook.Q [trojan]' detected in file 'C:\Documents and Settings\User\My Documents\DxWND\dxwnd.dll. Action performed: Move file to quarantine 30/07/2008 10:03 [Guard] Malware found Virus or unwanted program 'TR/Dldr.SecondTh.HA [trojan]' detected in file 'E:\WINDOWS\system32\lwr_bbi6008.exe. Action performed: Move file to quarantine 30/07/2008 9:31 [Guard] Malware found Virus or unwanted program 'TR/Hook.Q [trojan]' detected in file 'H:\Program Files\Maplestory\dxwnd.dll. Action performed: Move file to quarantine 30/07/2008 9:31 [Guard] Malware found Virus or unwanted program 'TR/Agent.5599232.Y [trojan]' detected in file 'H:\Program Files\Maplestory\dagonMS-2.exe. Action performed: Move file to quarantine 30/07/2008 9:29 [Guard] Malware found Virus or unwanted program 'TR/BHO.fby.3 [trojan]' detected in file 'H:\System Volume Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\RP40\A0015356.exe. Action performed: Move file to quarantine 30/07/2008 9:28 [Guard] Malware found Virus or unwanted program 'TR/Mapler.AW [trojan]' detected in file 'H:\System Volume Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\RP17\A0001526.exe. Action performed: Move file to quarantine 30/07/2008 9:28 [Guard] Malware found Virus or unwanted program 'DR/PSW.Mapler.AK.4 [dropper]' detected in file 'H:\System Volume Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\RP17\A0001522.exe. Action performed: Move file to quarantine 30/07/2008 9:27 [Guard] Malware found Virus or unwanted program 'TR/BHO.fby.3 [trojan]' detected in file 'H:\Downloads\c-setup.exe. Action performed: Move file to quarantine 30/07/2008 9:25 [Guard] Malware found Virus or unwanted program 'TR/BHO.fby.3 [trojan]' detected in file 'C:\RECYCLER\S-1-5-21-1445563323-3637782785-1872043566-1004\Dc38.exe. Action performed: Move file to quarantine 30/07/2008 9:25 [Guard] Malware found Virus or unwanted program 'TR/Dldr.16384.D [trojan]' detected in file 'C:\System Volume Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\Fifoed\A0014495.exe. Action performed: Move file to quarantine 30/07/2008 8:28 [Guard] Service started Service started. Version of service: 8.0.1.26 Version of Engine: 8.1.1.12 Version of VDF: 7.0.5.193 30/07/2008 8:27 [Scheduler] Service started The service was started. Version of service 8.0.0.16 30/07/2008 8:26 [Guard] Service stopped Service stopped. 30/07/2008 8:25 [Scheduler] Service stopped The service was stopped. 30/07/2008 8:13 [Scanner] Scan Scan ended [The scan has been done completely.]. Number of files: 5193 Number of folders: 225 Number of malware: 2 Number of errors: 0 30/07/2008 8:09 [Scanner] Malware found The file 'C:\WINDOWS\system32\hombho.dll' contained a virus or unwanted program 'TR/BHO.fby.3' [trojan] Action(s) taken: The file was moved to '48fd84a2.qua'! 30/07/2008 8:09 [Scanner] Malware found The file 'C:\WINDOWS\system32\domie.dll' contained a virus or unwanted program 'TR/BHO.fby.3' [trojan] Action(s) taken: The file was moved to '48fd8497.qua'! 30/07/2008 8:03 [Updater] Update successfully COMPLETED Update of AVIRA AntiVir Personal - Free Antivirus performed via server http://dl9.freeav.net. The update was completed successfully on 7/30/2008 8:03. 30/07/2008 8:03 [Guard] Reload engine. The Engine was reloaded. Engine Version: 8.01.01.12 VDF Version: 7.00.05.193 30/07/2008 8:01 [Scheduler] JOB started The job "Immediate Update" was started successfully. 30/07/2008 8:01 [Guard] Service started Service started. Version of service: 8.0.1.26 Version of Engine: 8.1.1.6 Version of VDF: 7.0.5.23 30/07/2008 8:01 [Scheduler] Service started The service was started. Version of service 8.0.0.16 Everything was moved to quarantine right? If so then everything is OK.Yes, it supposedly was, so should I just keep quarantining if they pop up again?? BTW, Thank you so much for all your help. I'll just complete mbam scan, thenpost log. All I have to do after hthat is defrag my EXTERNAL hard drive, then create my final restore point. Any final things I should do?SOUNDS like you have everything covered. Just be careful online and watch what you download.Ok, thanksAlright, heres the mbam log looks alright to me: Code: [Select]Malwarebytes' Anti-Malware 1.23 Database version: 1002 Windows 5.1.2600 Service Pack 2 3:13:02 PM 30/07/2008 mbam-log-7-30-2008 (15-13-02).txt Scan type: Full Scan (C:\\|E:\\|F:\\|H:\\|) Objects scanned: 205633 Time elapsed: 2 hour(s), 32 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\User\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\RP40\A0015207.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. H:\Downloads\psp_video_express.exe (Adware.Agent) -> Quarantined and deleted successfully. Now that you have a good antivirus in place that is up to date you should be in good shape.Alright, thanks for all you help-you helped me a thousand times more than the guy who I payed 180 dollars to fix my computer last time!! -Thanks a million! No problem.

Discussion

No Comment Found

Related InterviewSolutions