Author Topic: JS: Downloader-DO (Read 14273 times)

spg SCOTT · « **Reply #15 on:** December 30, 2009, 06:09:54 PM »

That looks promising

Are you still getting redirects after that?

MissT · « **Reply #16 on:** December 30, 2009, 06:19:17 PM »

Oh my goodness!!

i just tried googling couple of things are there was no sign of that at all - no warning from avast - nothing!!

i cant believe youve done it for me Scott - i cannot thank you enough, it was driving me round the twist and now its GONE!! Thank you so much from the bottom of my heart xxxxxx

Is there anything extra i should be running or doing to stop it happening again or am i ok? Im tempted to ask how that program (and you) fixed it but afraid it might be too technical for me to understand!

Again, THANK YOU SO MUCH for all the time and attention you gave to me.

Happy New Year to You and Yours!!

Im SO happy!!!! xxxx

spg SCOTT · « **Reply #17 on:** December 30, 2009, 06:28:58 PM »

That's very good to hear

Just to be on the safe side, I would run a scan with avast! and also take a look at MalwareBytes AntiMalware:

www.malwarebytes.org

Install it and then run a scan:

-Open MalwareBytes
-Click on the update tab
-'Check for Updates'
-Scanner tab
-'Perform quick scan' and click 'Scan'

MissT · « **Reply #18 on:** December 30, 2009, 07:12:21 PM »

hi Scott

well that was a bit weird

- i downloaded and ran malwarebytes - said it had found 44 infected files - i wanted to keep that window open while i asked you if you wanted to see the log and tell me which to delete etc etc, but my internet connection had gone and i couldnt get it back without rebooting about 3 times - think internet explorer had disappeared from my trusted sites, go figure!!

anyway - i saved a copy of the log - do you want me to post it??

spg SCOTT · « **Reply #19 on:** December 30, 2009, 07:14:33 PM »

Yes, that would be a good idea.

MissT · « **Reply #20 on:** December 30, 2009, 07:24:49 PM »

Malwarebytes' Anti-Malware 1.42
Database version: 3455
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30/12/2009 17:48:27
mbam-log-2009-12-30 (17-48-20).txt

Scan type: Quick Scan
Objects scanned: 380294
Time elapsed: 9 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 25
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{125e9d24-2428-38d2-8e23-804e3275209c} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3f2579e9-ec37-3112-9bde-d2db14e95c32} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{c1a6d8b8-93c3-4186-9dd1-13983f9f1d9b} (Adware.AdRotator) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e12688ce-9384-28e3-a041-4e1a9ce14506} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{40b2127e-cc18-37d0-43ca-afa158c64001} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3160f356-e8c3-4de2-a698-92eeeb3d3400} (Adware.AdRotator) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{98d555cc-a569-43fb-2f43-3a98ccda4b50} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BrowsingEnhancer.dll (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\AppID\Sidebar.dll (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\BrowsingEnhancer (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\adssite (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\HID_Layer (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
D:\Documents and Settings\All Users\Application Data\ZangoSA (Adware.Zango) -> No action taken.

Files Infected:
C:\WINDOWS\system32\WhoisCL.exe (Trojan.BHO) -> No action taken.
D:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat (Adware.Zango) -> No action taken.
D:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> No action taken.
D:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat (Adware.Zango) -> No action taken.
D:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEULA.mht (Adware.Zango) -> No action taken.
D:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat (Adware.Zango) -> No action taken.
D:\Documents and Settings\TRINH.TRINHS\Application Data\urlredir.cfg (Adware.AdRotator) -> No action taken.
C:\WINDOWS\system32\drivers\senekascdoyqxn.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\shell31.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\Tasks\Antispyware Scheduled Scan.job (Rogue.AntiSpyware) -> No action taken.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> No action taken.

YoKenny · « **Reply #21 on:** December 30, 2009, 07:35:09 PM »

Any relation to Mr T?

It is good to let Malwarebytes' Anti-Malware remove what it finds.

These do not look good:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.

MissT · « **Reply #22 on:** December 30, 2009, 07:40:18 PM »

Hey YoKenny!!
Nah, no relation

Dont know what the etiquette is on forums - do i wait until Scott replies since hes been grafting for me since i first posted, or are you two in cahoots (spelling??) and speak as one voice?

spg SCOTT · « **Reply #23 on:** December 30, 2009, 07:43:23 PM »

Follow YoKenny's advice, it is right

MissT · « **Reply #24 on:** December 30, 2009, 07:45:16 PM »

Ok Scott

will run the scan again since i dont seem to be able to bring up last scan to delete and then i will delete all the infected files.

then i will run avast scan

once again thanks a million

YoKenny · « **Reply #25 on:** December 30, 2009, 07:45:41 PM »

Mr. Scott is 5 hours or so ahead of me so I think we work well together.

I remember reading about the Vundo infection here and its not a nice infection.

MissT · « **Reply #26 on:** December 30, 2009, 08:06:38 PM »

Well i deleted all 44 of those nasties

Is that malwarebytes prog something i should use every now and again?

anyway, wont start irritating y'all with too many questions

you both been so helpful and friendly and i was truly a little bit nervous about posting cos ive read bits and pieces in various forums where people end up in big ol rows with each other - specially newbies!!

YoKenny ur 5 hours behind so i guess here in london we gona be in 2010 before you!! Hope its a great year for us all
bless ur generous hearts

xx

Pondus · « **Reply #27 on:** December 30, 2009, 08:08:38 PM »

even kenny runs to rescue when girls have problems..........

Quote

Is that malwarebytes prog something i should use every now and again?

jepp, recomended weekly, at least mnd

MissT · « **Reply #28 on:** December 30, 2009, 08:15:26 PM »

Lucky for Me!!

Hey Pondus! is that a man u fan all the way in norway?? Me too!!

sorry to be dim but you said "at least mnd" and i havent a clue what mnd means.......??

im thinking its really cold in london today but norway must be bbrrrrrrrrrrr!!!

spg SCOTT · « **Reply #29 on:** December 30, 2009, 08:16:59 PM »

Personally, I try and scan with both (avast! and MBAM) now and again but I often forget...so my scan regime is a little random...

I think you will find (if you haven't already) that this forum is quite friendly and helpful, we were all newbies once

Author Topic: JS: Downloader-DO (Read 14273 times)

spg SCOTT

Re: JS: Downloader-DO

MissT

Re: JS: Downloader-DO

spg SCOTT

Re: JS: Downloader-DO

MissT

Re: JS: Downloader-DO

spg SCOTT

Re: JS: Downloader-DO

MissT

Re: JS: Downloader-DO

YoKenny

Re: JS: Downloader-DO

MissT

Re: JS: Downloader-DO

spg SCOTT

Re: JS: Downloader-DO

MissT

Re: JS: Downloader-DO

YoKenny

Re: JS: Downloader-DO

MissT

Re: JS: Downloader-DO

Pondus

Re: JS: Downloader-DO

MissT

Re: JS: Downloader-DO

spg SCOTT

Re: JS: Downloader-DO