Solve : PLEASE HELP trojandownloader.xs and god knows what else? – InterviewSolution

InterviewSolution

1.	Solve : PLEASE HELP trojandownloader.xs and god knows what else?
Answer» I have run ccleaner, and super anti spyware attached is a copy of text from super anti spyware: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 04/13/2008 at 02:32 PM Application Version : 4.0.1154 Core Rules Database Version : 3437 Trace Rules Database Version: 1429 Scan type : CUSTOM Scan Total Scan Time : 00:45:05 Memory ITEMS SCANNED : 461 Memory threats detected : 5 Registry items scanned : 5597 Registry threats detected : 54 File items scanned : 57860 File threats detected : 125 Trojan.Vundo-Variant/F C:\WINDOWS\SYSTEM32\EFCBQNNO.DLL C:\WINDOWS\SYSTEM32\EFCBQNNO.DLL Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\efcBqnnO Trojan.Net-MGS/NMC C:\WINDOWS\MGSVFLKW.DLL C:\WINDOWS\MGSVFLKW.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#mgsvflkw [ {874F94C3-AA99-4591-B60A-59A429FBAC5A} ] Trojan.Net-QDN/NMC C:\WINDOWS\QDNKEWFA.DLL C:\WINDOWS\QDNKEWFA.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#qdnkewfa [ {755E45D1-A211-4938-A0A9-F6475DF9F95A} ] Trojan.Unclassified/Multi-Dropper (Packed) C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\DGNUTWPG\DMROVONI.EXE [oitSrSpcjn] C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\DGNUTWPG\DMROVONI.EXE C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\DGNUTWPG\DMROVONI.EXE C:\DOCUMENTS AND SETTINGS\DELA FAMILY\LOCAL SETTINGS\TEMP\EXPLOR~1.EXE.BAK Trojan.Unclassified/Multi-Dropper C:\WINDOWS\SYSTEM32\LWJGBIZU.EXE C:\WINDOWS\SYSTEM32\LWJGBIZU.EXE [gmphffdh] C:\WINDOWS\SYSTEM32\LWJGBIZU.EXE Adware.Vundo Variant HKLM\Software\Classes\CLSID\{B82F29E4-8368-4B14-9C00-5138C0D94034} HKCR\CLSID\{B82F29E4-8368-4B14-9C00-5138C0D94034} HKCR\CLSID\{B82F29E4-8368-4B14-9C00-5138C0D94034}\InprocServer32 HKCR\CLSID\{B82F29E4-8368-4B14-9C00-5138C0D94034}\InprocServer32#ThreadingModel HKLM\Software\Classes\CLSID\{D212F823-17B0-470A-832F-86D3B30EE0D1} HKCR\CLSID\{D212F823-17B0-470A-832F-86D3B30EE0D1} HKCR\CLSID\{D212F823-17B0-470A-832F-86D3B30EE0D1} HKCR\CLSID\{D212F823-17B0-470A-832F-86D3B30EE0D1}\InprocServer32 HKCR\CLSID\{D212F823-17B0-470A-832F-86D3B30EE0D1}\InprocServer32#ThreadingModel HKCR\CLSID\{D212F823-17B0-470A-832F-86D3B30EE0D1}\ProgID HKCR\CLSID\{D212F823-17B0-470A-832F-86D3B30EE0D1}\Programmable HKCR\CLSID\{D212F823-17B0-470A-832F-86D3B30EE0D1}\TypeLib HKCR\CLSID\{D212F823-17B0-470A-832F-86D3B30EE0D1}\VersionIndependentProgID C:\WINDOWS\VNBPTXLF.DLL HKLM\Software\Classes\CLSID\{DF69FC15-5D77-4679-9C27-FCD90846460F} HKCR\CLSID\{DF69FC15-5D77-4679-9C27-FCD90846460F} HKCR\CLSID\{DF69FC15-5D77-4679-9C27-FCD90846460F} HKCR\CLSID\{DF69FC15-5D77-4679-9C27-FCD90846460F}\InprocServer32 HKCR\CLSID\{DF69FC15-5D77-4679-9C27-FCD90846460F}\InprocServer32#ThreadingModel HKCR\CLSID\{DF69FC15-5D77-4679-9C27-FCD90846460F}\ProgID HKCR\CLSID\{DF69FC15-5D77-4679-9C27-FCD90846460F}\Programmable HKCR\CLSID\{DF69FC15-5D77-4679-9C27-FCD90846460F}\TypeLib HKCR\CLSID\{DF69FC15-5D77-4679-9C27-FCD90846460F}\VersionIndependentProgID C:\WINDOWS\TEMLXOPQQWM.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B82F29E4-8368-4B14-9C00-5138C0D94034} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF69FC15-5D77-4679-9C27-FCD90846460F} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{B82F29E4-8368-4B14-9C00-5138C0D94034} HKLM\Software\Microsoft\Internet Explorer\Toolbar#{D212F823-17B0-470A-832F-86D3B30EE0D1} HKCR\vnbptxlf.1 HKCR\vnbptxlf HKCR\TypeLib\{E209E7D8-8D9C-4C25-9EF2-BF7B2CC48A03} HKCR\TypeLib\{E209E7D8-8D9C-4C25-9EF2-BF7B2CC48A03}\1.0 HKCR\TypeLib\{E209E7D8-8D9C-4C25-9EF2-BF7B2CC48A03}\1.0\0 HKCR\TypeLib\{E209E7D8-8D9C-4C25-9EF2-BF7B2CC48A03}\1.0\0\win32 HKCR\TypeLib\{E209E7D8-8D9C-4C25-9EF2-BF7B2CC48A03}\1.0\FLAGS HKCR\TypeLib\{E209E7D8-8D9C-4C25-9EF2-BF7B2CC48A03}\1.0\HELPDIR HKCR\CLSID\{B82F29E4-8368-4B14-9C00-5138C0D94034} Unclassified.Unknown Origin HKLM\Software\Classes\CLSID\{CCB3638E-35AB-45B3-A96F-8D45295CA9E2} HKCR\CLSID\{CCB3638E-35AB-45B3-A96F-8D45295CA9E2} HKCR\CLSID\{CCB3638E-35AB-45B3-A96F-8D45295CA9E2} HKCR\CLSID\{CCB3638E-35AB-45B3-A96F-8D45295CA9E2}#AppID HKCR\CLSID\{CCB3638E-35AB-45B3-A96F-8D45295CA9E2}\InprocServer32 HKCR\CLSID\{CCB3638E-35AB-45B3-A96F-8D45295CA9E2}\InprocServer32#ThreadingModel HKCR\CLSID\{CCB3638E-35AB-45B3-A96F-8D45295CA9E2}\ProgID HKCR\CLSID\{CCB3638E-35AB-45B3-A96F-8D45295CA9E2}\Programmable HKCR\CLSID\{CCB3638E-35AB-45B3-A96F-8D45295CA9E2}\TypeLib HKCR\CLSID\{CCB3638E-35AB-45B3-A96F-8D45295CA9E2}\VersionIndependentProgID C:\PROGRAM FILES\HOOPAA\CHOOZTRACK.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB3638E-35AB-45B3-A96F-8D45295CA9E2} Adware.Tracking Cookie C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][3].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][3].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\dela_family[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][3].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][5].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][4].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected]amateurporn[2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][4].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][11].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][6].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][9].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][3].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][3].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][5].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][8].txt C:\Documents and Settings\Dela Family\Cookies\[emailprotected][2].txt C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt Trojan.Net-MSV/VPS HKCR\MSVPS.MSVPSApp HKCR\MSVPS.MSVPSApp\CLSID HKCR\MSVPS.MSVPSApp\CurVer Desktop Hijacker.AboutYourPrivacy C:\Documents and Settings\Dela Family\Favorites\Error Cleaner.url C:\Documents and Settings\Dela Family\Favorites\Privacy Protector.url C:\Documents and Settings\Dela Family\Favorites\Spyware&Malware Protection.url BearShare File Sharing Client C:\PROGRAM FILES\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{1E89B178-81A0-4E8A-893A-5F93B20F80EE}\RP456\A0265805.LNK Malware.VirusBurster-Install C:\SYSTEM VOLUME INFORMATION\_RESTORE{1E89B178-81A0-4E8A-893A-5F93B20F80EE}\RP433\A0231723.EXE Adware.Vundo-Variant/Small-A C:\SYSTEM VOLUME INFORMATION\_RESTORE{1E89B178-81A0-4E8A-893A-5F93B20F80EE}\RP509\A0330449.DLL Adware.Vundo-Variant C:\SYSTEM VOLUME INFORMATION\_RESTORE{1E89B178-81A0-4E8A-893A-5F93B20F80EE}\RP509\A0330457.DLL Adware.Vundo Variant/Rel C:\WINDOWS\SYSTEM32\MCRH.TMP 1, Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform FULL scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt RESTART COMPUTER! 2. Download HijackThis: http://www.snapfiles.com/get/hijackthis.html Post HijackThis log.

Discussion

No Comment Found

Related InterviewSolutions