« previous next »
Pages: 1 2 3 [4]   Go Down

Author Topic: 5 Trojans keep taking me to partypoker.com Need help cleaning out  (Read 26780 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 5 Trojans keep taking me to partypoker.com Need help cleaning out
« Reply #45 on: June 21, 2007, 08:15:22 PM »
Quote
Any thoughts on NirCmd?
Hi Mauserme it is part of combofix
Logged

brenda31

  • Guest
Re: 5 Trojans keep taking me to partypoker.com Need help cleaning out
« Reply #46 on: June 21, 2007, 08:20:40 PM »

This is the second part of the avast log that i'm having trouble posting as a reply.


2007-06-18 00:58   SYSTEM   2024   Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\dshlbhhh.dll" file. 
2007-06-18 00:58   SYSTEM   2024   Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\dshlbhhh.dll" file. 
2007-06-18 02:01   SYSTEM   2024   Sign of "Win32:VB-TGS [Trj]" has been found in "C:\Documents and Settings\Brenda Mayorga\Local Settings\Temporary Internet Files\Content.IE5\Y94PKDQ7\snapsnet[1].exe" file. 
2007-06-18 02:03   SYSTEM   2024   Sign of "Win32:VB-TGS [Trj]" has been found in "C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\snapsnet.exe" file. 
2007-06-18 02:04   SYSTEM   2024   Sign of "Win32:Agent-HDR [Trj]" has been found in "C:\Documents and Settings\Brenda Mayorga\Local Settings\Temporary Internet Files\Content.IE5\V7QX137P\wr-1-2000219[1].exe\[PECompact]" file. 
2007-06-18 02:04   SYSTEM   2024   Sign of "Win32:Agent-HDR [Trj]" has been found in "C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\wr-1-2000219.exe\[PECompact]" file. 
2007-06-18 02:05   SYSTEM   2024   Sign of "Win32:VB-TGS [Trj]" has been found in "C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\snapsnet.exe" file. 
2007-06-18 02:05   SYSTEM   2024   Sign of "Win32:Agent-HDR [Trj]" has been found in "C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\wr-1-2000219.exe\[PECompact]" file. 
2007-06-18 02:06   SYSTEM   2024   Sign of "Win32:Agent-GJD [Trj]" has been found in "C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\tni32.tmp" file. 
2007-06-18 06:33   Brenda Mayorga   2532   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\Program Files\poolsv\YazzleBundle-1549.exe" file. 
2007-06-18 12:21   SYSTEM   2024   Function setifaceUpdatePackages() has failed. Return code is 0x00000003, dwRes is 00000003. 
2007-06-18 12:29   SYSTEM   2024   An error has occured while attempting to update. Please check the logs. 
2007-06-18 13:33   SYSTEM   2020   Sign of "Win32:Agent-HDR [Trj]" has been found in "C:\Documents and Settings\Brenda Mayorga\Local Settings\Temporary Internet Files\Content.IE5\LBCRWB6D\wr-1-0000077[1].exe\[UPX]" file. 
2007-06-18 13:36   SYSTEM   2020   Sign of "Win32:Agent-HDR [Trj]" has been found in "C:\Program Files\svhost\wr-1-0000077.exe\[UPX]" file. 
2007-06-18 14:00   SYSTEM   2020   Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\dshlbhhh.dll" file. 
2007-06-19 00:55   SYSTEM   2020   Sign of "Win32:VBStat-C [Trj]" has been found in "C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\sqxixlhn.dll" file. 
2007-06-19 00:56   SYSTEM   2020   Sign of "Win32:Agent-HZS [Trj]" has been found in "C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\dqgubvpq.exe" file. 
2007-06-19 01:08   Brenda Mayorga   3604   Sign of "Win32:Agent-HZS [Trj]" has been found in "C:\Documents and Settings\Brenda Mayorga\Local Settings\Temp\dqgubvpq.exe" file. 
2007-06-19 02:23   Brenda Mayorga   3604   Sign of "Win32:Agent-HDR [Trj]" has been found in "C:\Documents and Settings\Brenda Mayorga\Local Settings\Temp\wr-1-2000219.exe\[PECompact]" file. 
2007-06-19 03:43   Brenda Mayorga   3604   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP207\A0040516.exe" file. 
2007-06-19 10:48   Brenda Mayorga   3604   Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP208\A0041388.dll" file. 
2007-06-19 11:02   Brenda Mayorga   3604   Sign of "Win32:Agent-HZS [Trj]" has been found in "C:\WINDOWS\system32\fojtipub.exe" file. 
2007-06-20 01:01   SYSTEM   2032   Sign of "Win32:Agent-HZS [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP208\A0041500.EXE" file. 


What do you think we should do next?  thanks again for all the help!
Logged

mauserme

  • Guest
Re: 5 Trojans keep taking me to partypoker.com Need help cleaning out
« Reply #47 on: June 21, 2007, 08:20:44 PM »
Quote from: essexboy on June 21, 2007, 08:15:22 PM
Quote
Any thoughts on NirCmd?
Hi Mauserme it is part of combofix
duh ! 

(and thank you)
Logged

mauserme

  • Guest
Re: 5 Trojans keep taking me to partypoker.com Need help cleaning out
« Reply #48 on: June 21, 2007, 08:49:30 PM »
As far as I can tell your computer is clean at this point.  I wanted to see the avast! log to make sure nothing was occurring significantly later than the first ComboFix run since that cleaned most of the problem files.  Even though there is one file slightly after that I do not see any indication that a downloader is still at work. 

Open OTMoveIt again and click the Clean Up button.  This will remove the tools we downloaded and the malware backups.



Next, we will get rid of any remaining, possibly infected restore points and create a clean restore point:

Click Start > All Programs > Accessories > System Tools > System Restore.  Fill the radio button to Create a Restore Point and click Next.  Give the new restore point a name you will recognize if you need to find it (like Clean Point) and click Create.

Now, click Start > All Programs > Accessories > System Tools > Disk Cleanup.  Now click the More Options tab, then click Clean Up in the System Restore section and OK.



After that finishes open Internet Explorer and click Tools>Internet Options>Privacy>Advanced.  Make sure the option to reject third party cookies is checked (you may need to check Override Automatic Cookie Handling first).  Then click OK>OK.  This may help with some of the cookies you've been getting.



Finally, you should consider installing a third party firewall.  Comodo is my favorite but Zone Alarm and PC Tools Firewall are also good (all 3 are free)

http://filehippo.com/download_comodo/



Keep SuperAntiSpyware and AVG Antispyware on your computer and scan with them from time to time.  This will help keep you clean.  Spyware Blaster is also a good, passive defense against malware

http://www.javacoolsoftware.com/spywareblaster.html

This is a good time to install it while the computer is clean.

Logged

brenda31

  • Guest
Re: 5 Trojans keep taking me to partypoker.com Need help cleaning out
« Reply #49 on: June 21, 2007, 09:04:29 PM »
Should I reboot the system before we will get rid of any remaining, possibly infected restore points and create a clean restore point?  After I have clicked on cleanup it is asking I reboot the system to finish.
Logged

mauserme

  • Guest
Re: 5 Trojans keep taking me to partypoker.com Need help cleaning out
« Reply #50 on: June 21, 2007, 09:06:51 PM »
Yes, if its asking for a reboot then do that next.
Logged

brenda31

  • Guest
Re: 5 Trojans keep taking me to partypoker.com Need help cleaning out
« Reply #51 on: June 21, 2007, 09:48:16 PM »
Thank you very very much!!  YOu've been of great help!! :D :D :D
Logged

mauserme

  • Guest
Re: 5 Trojans keep taking me to partypoker.com Need help cleaning out
« Reply #52 on: June 21, 2007, 09:56:25 PM »
You're welcome. 

Let me know if there are any more problems.   :)
Logged
Pages: 1 2 3 [4]   Go Up
« previous next »