Author Topic: Win32:trojan-gen and Win32:adware-gen? (Read 21646 times)

GoRoush · « **on:** March 03, 2007, 03:49:35 AM »

Ahhhh help, please! This virus/trojan combo is driving me bonkers.

I'm running Win XP. Here is a snippet from my Avast log:

Quote

2/24/2007 7:23:43 PM   Jill   1872   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\DOCUME~1\Jill\LOCALS~1\Temp\dtqmaxxh.exe" file.
2/24/2007 7:50:10 PM   Jill   1872   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Jill\LOCALS~1\Temp\biqgjewg.dll" file.
2/24/2007 11:26:03 PM   Jill   1788   Sign of "Win32:Winfixer-C [Tool]" has been found in "c:\windows\downloaded program files\uwfx5lp_0001_0715netinstaller.exe" file.
2/25/2007 7:24:00 PM   Jill   1896   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Jill\LOCALS~1\Temp\yrcwueyo.dll" file.
2/25/2007 7:24:18 PM   Jill   1896   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\DOCUME~1\Jill\LOCALS~1\Temp\ymvteunl.exe" file.
2/26/2007 7:24:07 PM   SYSTEM   1924   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Jill\LOCALS~1\Temp\ulndcqhk.dll" file.
2/26/2007 7:33:01 PM   SYSTEM   1924   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\DOCUME~1\Jill\LOCALS~1\Temp\panvqerx.exe" file.
2/27/2007 9:03:04 PM   Jill   1912   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\DOCUME~1\Jill\LOCALS~1\Temp\ucbmdsnm.exe" file.
2/27/2007 9:03:28 PM   Jill   1912   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Jill\LOCALS~1\Temp\nuyvvsuu.dll" file.
2/28/2007 9:19:30 PM   Jill   1920   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Jill\LOCALS~1\Temp\jkvkqxru.dll" file.
2/28/2007 9:21:09 PM   Jill   1920   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\DOCUME~1\Jill\LOCALS~1\Temp\gxjtylxd.exe" file.
3/1/2007 9:19:36 PM   SYSTEM   1912   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\DOCUME~1\Jill\LOCALS~1\Temp\aakmncfp.exe" file.
3/1/2007 9:29:37 PM   SYSTEM   1912   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Jill\LOCALS~1\Temp\bhhgtlhx.dll" file.
3/2/2007 9:19:41 PM   SYSTEM   1904   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\DOCUME~1\Jill\LOCALS~1\Temp\ghaplgwo.exe" file.
3/2/2007 9:19:50 PM   SYSTEM   1904   Sign of "Win32:BHO-BG [Trj]" has been found in "C:\DOCUME~1\Jill\LOCALS~1\Temp\ewutgvcr.dll" file.
3/2/2007 9:19:58 PM   SYSTEM   1904   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Jill\LOCALS~1\Temp\wqomjdkc.dll" file.

GoRoush · « **Reply #1 on:** March 03, 2007, 03:50:57 AM »

And here is my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 9:48:56 PM, on 3/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\WINDOWS\system32\taskswitch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MMTaskbar\MultiMon.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Pinnacle\Shared Files\Programs\PCLEScheduler.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jill\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ChrisTV Agent] "C:\Program Files\ChrisTV Lite\ChrisTV_Agent.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MultiMon Taskbar.lnk = C:\Program Files\MMTaskbar\MultiMon.exe
O4 - Global Startup: Pinnacle PCTV Scheduler.lnk = ?
O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

Any help would be appreciated! Thanks!!!

mauserme · « **Reply #2 on:** March 03, 2007, 07:48:03 AM »

Hi GoRoush. Welcome to the forum.

Is the malware avast! detected recurring? Are you getting any popups on your desktop?

I don't see anything in your hijackthis log that looks terribly suspicious. I will say if you did not have the notepad open when you ran hjt you could have Jotti or Virus Total check C:\WINDOWS\system32\NOTEPAD.EXE

http://virusscan.jotti.org/

http://www.virustotal.com/en/indexf.html

Since avast! detected Winfixer I suggest you scan with VundoFix to see if anything is found. The download and instructions are here

http://www.atribune.org/content/view/24/2/

Follow this with AVG AntiSpyware and A-Squared scans

http://free.grisoft.com/doc/20/lng/us/tpl/v5

http://www.emsisoft.com/en/software/free/

putting anything detected in quarantine.

Let us know if VundoFix removed anything or if the latter 2 programs put anything in quarantine.

EDIT:

You may want to think about whether you need AIM. It can be a problem with trojans and there are safer alternatives. And there is a newer version of Java available

http://www.filehippo.com/download_java_runtime/

GoRoush · « **Reply #3 on:** March 03, 2007, 04:21:53 PM »

Hello mauserme,

Yes, this is a recurring problem. I get multiple popups and things trying to download. I already went and "fixed" some suspicious stuff in HJT so maybe that's why it looks clean. I'm still getting the popups, though.

Thank you very much for your help. I will take all of that advice.

As for AIM, well, every single person I know is on it, so I suppose I need it, eh? I try to practice safe IMing at least.

I know how I got this malware. Bad decision! I usually keep my computer clean.

Thanks!!

mauserme · « **Reply #4 on:** March 03, 2007, 04:36:15 PM »

Quote from: GoRoush on March 03, 2007, 04:21:53 PM

As for AIM, well, every single person I know is on it, so I suppose I need it, eh?

Trillian, Gaim, or AIM Lite would work.

Can you post a screen shot of the pop ups?

FreewheelinFrank · « **Reply #5 on:** March 03, 2007, 09:51:05 PM »

Notepad.exe could just be a sign of the Gromozon rootkit infection:

http://forum.avast.com/index.php?topic=24523.0

There's a removal tool. Don't know if it still works.

Spiritsongs · « **Reply #6 on:** March 03, 2007, 09:59:53 PM »

Hi GoRoush ( Jill ? ) :

   Your HJT log did not show the presence of ANY antiSPYWARE/antiTROJAN
   program(s); is this true ? If yes, you should have these types of programs
   on your computer and I recommend the Good & FREE "AVG Antispyware"
   from www.ewido.net and/or the FREE ver of "SUPERantispyware" from
   www.superantispyware.com .

   And some Malware Experts on some antiSPYWARE Support forum(s) may
   ask you if you want the Adware Dell's "MyWayBiz" on your machine !?

   And your Sun Java is seriously outdated and should be uninstalled ASAP;
   however, the latest ver for your Win XP SP2 OS is at
   www.majorgeeks.com/download4648.html , not the site Mauserme
   recommended .

mauserme · « **Reply #7 on:** March 03, 2007, 10:48:49 PM »

Quote from: Spiritsongs on March 03, 2007, 09:59:53 PM

... however, the latest ver for your Win XP SP2 OS is at
www.majorgeeks.com/download4648.html , not the site Mauserme
recommended .

I actually can't figure out Sun's version numbering system. If you look at my FileHippo link above Environment 6 was released 12 Dec 06 while Environment 5.11 was released 25 Fed 07. The Sun Microsystem site lists 5.11 as the current version

http://www.java.com/en/download/manual.jsp

I have Environment 6 installed on my computer and several web sites have recently advised I am out of date, so I believe 5.11 is the correct version.

Edit: There is a conspicuous absence of a third party firewall in the hjt log. Sorry I didn't mention it before but you should consider installing one.

Lisandro · « **Reply #8 on:** March 03, 2007, 10:52:47 PM »

Quote from: mauserme on March 03, 2007, 10:48:49 PM

I have Environment 6 installed on my computer and several web sites have recently advised I am out of date, so I believe 5.11 is the correct version.

I have version 6 and Secunia inspector says I'm up-to-date...
http://secunia.com/software_inspector/

mauserme · « **Reply #9 on:** March 03, 2007, 10:56:27 PM »

Quote from: Tech on March 03, 2007, 10:52:47 PM

I have version 6 and Secunia inspector says I'm up-to-date...
http://secunia.com/software_inspector/

I know - that's part of what makes it confusing (to me, anyway). If you go by release date its the opposite, but then why the backwards number system?

EDIT:
I either just rolled back or just updated to 5.11 from 6, depending on your point of view. Secunia reports 5.11 as the current version too

I'm going to stick with release date.

GoRoush · « **Reply #10 on:** March 04, 2007, 02:06:04 AM »

OK. I'm going to start taking more steps, but in the meantime...

I just got a notification of a new bug on my system that I hadn't recognized before:

Quote

3/3/2007 7:49:14 PM SYSTEM 1904 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\DOCUME~1\Jill\LOCALS~1\Temp\mtmnjrrr.dll" file.

I haven't been home at all today and haven't opened any webpages. So this being new is, well, odd.

I will try to get some screenshots of the popups, but they are mostly all different...

One important question. Is it safe to go into my online banking with this infection on my computer? Thanks!

mauserme · « **Reply #11 on:** March 04, 2007, 02:27:01 AM »

Quote from: GoRoush on March 04, 2007, 02:06:04 AM

One important question. Is it safe to go into my online banking with this infection on my computer? Thanks!

I haven't had much chance to look into this but I wanted to respond while you and I are both online.

In short, no it is not safe to do any online banking if WIN32:VBStat-C [Trj] is on your computer. You may, in fact, need to change your passwords, etc. I'll do a bit more research and post again later.

EDIT: Have you had time to install a firewall?

mauserme · « **Reply #12 on:** March 04, 2007, 03:02:42 AM »

Here's some information on Win32:VBStat-C [Trj]

http://research.spysweeper.com/search.php?serialnumber=3H2OSZAJ

I still think this is related to Vundo and suggest you run VundoFix as soon as you are able. A log named C:\Vundofix.txt will be generated that can post.

After VundoFix boot into safe mode and scan with AVG Antispyware and post the results.

Then boot into normal mode, rename HijackThis.exe to HijackThat.exe and post another log.

Also, here are links for a couple free firewalls (use only one, of course)

http://www.personalfirewall.comodo.com/

http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp

GoRoush · « **Reply #13 on:** March 04, 2007, 05:24:30 AM »

OK. Ran through the steps.

Ran VundoFix before and after the safe mode steps. Log is as follows

C:\WINDOWS\system32\xbadd.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddabx.dll
C:\WINDOWS\system32\ddabx.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\kqyddisi.dll
C:\WINDOWS\SYSTEM32\kqyddisi.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\rqroppm.dll
C:\WINDOWS\SYSTEM32\rqroppm.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\vjqrdwjr.dll
C:\WINDOWS\SYSTEM32\vjqrdwjr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xbadd.bak1
C:\WINDOWS\system32\xbadd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\xbadd.bak2
C:\WINDOWS\system32\xbadd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\xbadd.ini
C:\WINDOWS\system32\xbadd.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.12

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 11:16:25 PM 3/3/2007

Listing files found while scanning....

C:\WINDOWS\SYSTEM32\fhhkj.bak1
C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\ralbgfut.dll

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\fhhkj.bak1
C:\WINDOWS\SYSTEM32\fhhkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhf.dll Has been deleted!

Performing Repairs to the registry.
Done!

GoRoush · « **Reply #14 on:** March 04, 2007, 05:32:24 AM »

I ran AVG-AntiSpyware in Safe Mode. Did not know where to find the log for this, so I am posting a screenshot of what is in quarantine.

Author Topic: Win32:trojan-gen and Win32:adware-gen? (Read 21646 times)

GoRoush

Win32:trojan-gen and Win32:adware-gen?

GoRoush

Re: Win32:trojan-gen and Win32:adware-gen?

mauserme

Re: Win32:trojan-gen and Win32:adware-gen?

GoRoush

Re: Win32:trojan-gen and Win32:adware-gen?

mauserme

Re: Win32:trojan-gen and Win32:adware-gen?

FreewheelinFrank

Re: Win32:trojan-gen and Win32:adware-gen?

Spiritsongs

Re: Win32:trojan-gen and Win32:adware-gen?

mauserme

Re: Win32:trojan-gen and Win32:adware-gen?

Lisandro

Re: Win32:trojan-gen and Win32:adware-gen?

mauserme

Re: Win32:trojan-gen and Win32:adware-gen?

GoRoush

Re: Win32:trojan-gen and Win32:adware-gen?

mauserme

Re: Win32:trojan-gen and Win32:adware-gen?

mauserme

Re: Win32:trojan-gen and Win32:adware-gen?

GoRoush

Re: Win32:trojan-gen and Win32:adware-gen?

GoRoush

Re: Win32:trojan-gen and Win32:adware-gen?