Author Topic: can't fix... please help  (Read 9236 times)

0 Members and 1 Guest are viewing this topic.

sevenblu

  • Guest
can't fix... please help
« on: August 03, 2004, 06:04:44 AM »
No matter how many times I run Avast, I keep getting the same files infected...  I tried to "fic" the problam, but Avast does not fix...  I tried to delete the files, but avast won't do that either...  Here is my log file from avast.  Please help me fix my problems.   :-X

6/18/2004 10:54:51 PM   SHAKESPEARE\Russo   2188   Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\MDOS.EXE\gamma.exe" file.  
6/18/2004 11:19:30 PM   SHAKESPEARE\Russo   2188   Sign of "Win32:Hidewnd [Trj]" has been found in "C:\MDOS.EXE\calc32.exe\[UPX]" file.  
6/18/2004 11:21:04 PM   SHAKESPEARE\Russo   2188   Sign of "Win32:Ataka" has been found in "C:\MDOS.EXE" file.  
6/18/2004 11:39:24 PM   SHAKESPEARE\Russo   2188   Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\WINDOWS\alchem.exe" file.  
6/18/2004 11:54:30 PM   SHAKESPEARE\Russo   2188   Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\WINDOWS\system32\a.exe" file.  
6/19/2004 12:03:35 AM   SHAKESPEARE\Russo   2188   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\twaintec.dll" file.  
6/19/2004 1:03:00 AM   NT AUTHORITY\SYSTEM   1052   Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\WINDOWS\alchem.exe" file.  
6/19/2004 1:20:20 AM   NT AUTHORITY\SYSTEM   1052   Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\WINDOWS\alchem.exe" file.  
6/19/2004 1:29:04 AM   NT AUTHORITY\SYSTEM   1052   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\twaintec.dll" file.  
6/19/2004 1:53:06 AM   SHAKESPEARE\Russo   3672   Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\MDOS.EXE\gamma.exe" file.  
6/19/2004 1:59:22 AM   SHAKESPEARE\Russo   3616   Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\MDOS.EXE\gamma.exe" file.  
6/19/2004 1:59:55 AM   SHAKESPEARE\Russo   3864   Sign of "Win32:Hidewnd [Trj]" has been found in "C:\MDOS.EXE\calc32.exe\[UPX]" file.  
6/19/2004 2:05:58 AM   SHAKESPEARE\Russo   2252   Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\WINDOWS\alchem.exe" file.  
7/13/2004 1:34:25 PM   NT AUTHORITY\SYSTEM   2032   Sign of "JS:ClassLoader-1" has been found in "C:\Program Files\Lavasoft\Ad-aware 6\Cache\a.class" file.  
7/13/2004 2:33:28 PM   NT AUTHORITY\SYSTEM   2032   Sign of "JS:VerifierBug" has been found in "C:\Program Files\Lavasoft\Ad-aware 6\Cache\VerifierBug.class" file.  
7/13/2004 3:28:24 PM   SHAKESPEARE\Russo   3892   Sign of "JS:ClassLoader-1" has been found in "C:\Documents and Settings\Russo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-12bbd6a1-25ef1266.zip\a.class" file.  
8/1/2004 5:09:24 PM   NT AUTHORITY\SYSTEM   2044   Sign of "Win32:Startpage-006 [Trj]" has been found in "C:\WINDOWS\System32\cdgp.dll" file.  
8/1/2004 5:09:37 PM   NT AUTHORITY\SYSTEM   2044   Sign of "Win32:Startpage-006 [Trj]" has been found in "C:\WINDOWS\System32\cdgp.dll" file.  
8/2/2004 10:55:27 AM   NT AUTHORITY\SYSTEM   2044   Sign of "Win32:Startpage-006 [Trj]" has been found in "C:\WINDOWS\System32\cdgp.dll" file.  
8/2/2004 11:03:35 AM   NT AUTHORITY\SYSTEM   2044   Sign of "JS:VerifierBug" has been found in "C:\Program Files\Lavasoft\Ad-aware 6\Cache\VerifierBug.class" file.  
8/2/2004 11:13:33 AM   NT AUTHORITY\SYSTEM   2044   Sign of "JS:Gummy [Trj]" has been found in "C:\Program Files\Lavasoft\Ad-aware 6\Cache\Gummy.class" file.  
8/2/2004 11:13:44 AM   NT AUTHORITY\SYSTEM   2044   Sign of "JS:Exploit-Bytverify-8" has been found in "C:\Program Files\Lavasoft\Ad-aware 6\Cache\Counter.class" file.  
8/2/2004 11:14:00 AM   NT AUTHORITY\SYSTEM   2044   Sign of "JS:Exploit-Bytverify-7" has been found in "C:\Program Files\Lavasoft\Ad-aware 6\Cache\VerifierBug.class" file.  
8/2/2004 11:14:13 AM   NT AUTHORITY\SYSTEM   2044   Sign of "JS:ClassLoader-7" has been found in "C:\Program Files\Lavasoft\Ad-aware 6\Cache\GetAccess.class" file.  
8/2/2004 11:14:23 AM   NT AUTHORITY\SYSTEM   2044   Sign of "JS:Exploit-Bytverify-11" has been found in "C:\Program Files\Lavasoft\Ad-aware 6\Cache\InsecureClassLoader.class" file.  
8/2/2004 1:40:16 PM   SHAKESPEARE\Russo   2272   Sign of "JS:VerifierBug" has been found in "C:\Documents and Settings\Russo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-12bbd6a1-25ef1266.zip\VerifierBug.class" file.  
8/2/2004 1:40:29 PM   SHAKESPEARE\Russo   2272   Sign of "JS:Gummy [Trj]" has been found in "C:\Documents and Settings\Russo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5000a103-599e132b.zip\Gummy.class" file.  
8/2/2004 1:40:34 PM   SHAKESPEARE\Russo   2272   Sign of "JS:ClassLoader-7" has been found in "C:\Documents and Settings\Russo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-76ba5970-5632dc7d.zip\GetAccess.class" file.  
8/2/2004 2:20:35 PM   SHAKESPEARE\Russo   2272   Sign of "Win32:Startpage-006 [Trj]" has been found in "C:\WINDOWS\Temp\trzA7.tmp" file.  
8/2/2004 4:16:48 PM   NT AUTHORITY\SYSTEM   1760   Sign of "JS:Exploit-Bytverify-8" has been found in "C:\Program Files\Lavasoft\Ad-aware 6\Cache\Counter.class" file.  
8/2/2004 4:17:37 PM   NT AUTHORITY\SYSTEM   1760   Sign of "JS:Exploit-Bytverify-7" has been found in "C:\Program Files\Lavasoft\Ad-aware 6\Cache\VerifierBug.class" file.  
8/2/2004 4:17:43 PM   NT AUTHORITY\SYSTEM   1760   Sign of "JS:Exploit-Bytverify-11" has been found in "C:\Program Files\Lavasoft\Ad-aware 6\Cache\InsecureClassLoader.class" file.  
8/2/2004 4:32:22 PM   NT AUTHORITY\SYSTEM   1760   Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\WINDOWS\system32\netsvcs.exe" file.  
8/2/2004 4:54:39 PM   SHAKESPEARE\Russo   3664   Sign of "JS:ClassLoader-1" has been found in "C:\Documents and Settings\Russo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-12bbd6a1-25ef1266.zip" file.  
8/2/2004 4:55:03 PM   SHAKESPEARE\Russo   3664   Sign of "JS:Exploit-Bytverify-8" has been found in "C:\Documents and Settings\Russo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5000a103-599e132b.zip\Counter.class" file.  
8/2/2004 4:55:16 PM   SHAKESPEARE\Russo   3664   Sign of "JS:Exploit-Bytverify-11" has been found in "C:\Documents and Settings\Russo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-76ba5970-5632dc7d.zip\InsecureClassLoader.class" file.  
8/2/2004 4:55:43 PM   SHAKESPEARE\Russo   3664   Sign of "VBS:Malware [Script]" has been found in "C:\Documents and Settings\Russo\Local Settings\Temp\sp.html" file.  
8/2/2004 5:47:34 PM   SHAKESPEARE\Russo   3664   Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\WINDOWS\system32\netsvcs.exe" file.  
8/2/2004 6:00:02 PM   NT AUTHORITY\SYSTEM   2032   Sign of "JS:Exploit-Bytverify-7" has been found in "C:\Program Files\Lavasoft\Ad-aware 6\Cache\VerifierBug.class" file.  
8/2/2004 7:17:59 PM   NT AUTHORITY\SYSTEM   148   Sign of "JS:Exploit-Bytverify-7" has been found in "C:\Program Files\Lavasoft\Ad-aware 6\Cache\VerifierBug.class" file.  
8/2/2004 9:09:18 PM   NT AUTHORITY\SYSTEM   148   Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\WINDOWS\system32\netsvcs.exe" file.  
8/2/2004 10:51:43 PM   SHAKESPEARE\Russo   520   Sign of "JS:Exploit-Bytverify-7" has been found in "C:\Documents and Settings\Russo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5000a103-599e132b.zip\VerifierBug.class" file.  
8/2/2004 10:58:31 PM   SHAKESPEARE\Russo   520   Sign of "JS:ClassLoader-7" has been found in "C:\Documents and Settings\Russo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-76ba5970-5632dc7d.zip" file.  
8/2/2004 11:34:46 PM   SHAKESPEARE\Russo   520   Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\WINDOWS\system32\netsvcs.exe" file.  
8/2/2004 11:53:50 PM   SHAKESPEARE\Russo   3640   Sign of "JS:Gummy [Trj]" has been found in "C:\Documents and Settings\Russo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5000a103-599e132b.zip" file.  

Offline MikeBCda

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2247
Re:can't fix... please help
« Reply #1 on: August 03, 2004, 07:31:24 AM »
Hi,

Sorry you'll have to wait (maybe till morning) for full help, but in the meantime we can trim that list almost in half.

Don't worry about things in the Ad-Adware/Cache folder, that's stuff that Ad-Aware already caught and "quarantined".  You might want to think about adding that folder to avast's exclusion list.

And things in the Java Cache folder might or might not be false positives, because of the oddball way Java archives things that don't meet anyone else's "packing" conventions.  But you can easily get rid of them -- just open the Java Control Panel, select the Cache tab, and empty the cache.  You can leave "Enable caching" ticked or not, it's your choice -- if you want to keep caching active, it'll just have to reload fresh copies of the applets from scratch next time it comes to them.

Best,
Mike
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 51.0
(default). 320 gig HD, 15Mb DSL, Win firewall, Avast 12.3.2280 free, SpywareBlaster, MBAM Prem., Crypto-Prevent

neal62

  • Guest
Re:can't fix... please help
« Reply #2 on: August 03, 2004, 08:01:12 AM »
What version of Windows are you running? If using Wins Me, or WinsXP do you have the system restore function disabled? ::) If the restore function is not turned off you could have this type of problem.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re:can't fix... please help
« Reply #3 on: August 03, 2004, 08:37:51 PM »
neal62
Quote
If the restore function is not turned off you could have this type of problem.
What problem? Sorry but I don't understand.
« Last Edit: August 03, 2004, 08:40:28 PM by bob3160 »
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:can't fix... please help
« Reply #4 on: August 03, 2004, 08:52:03 PM »
What version of Avast are you using?
What cps vresion?
What os?

bilemke

  • Guest
Re:can't fix... please help
« Reply #5 on: August 03, 2004, 09:30:28 PM »
WOW  :o you got adware/spyware.. My favorite thing about Avast is it picks up some of this junk where other antivirus progrmas dont.. Almost everything on that list of files is spyware..  "C:\WINDOWS\twaintec.dll" is one I very commonly run in to in fact. I work for a company that does a lot of service work home computers (and businesses). We remove a lot of spyware from home machines when they think they have a virus, they dont. Just a whole mess of spyware.

If you can download then I would advise grabbing latest Ad-Aware and deffinitions, SpyBot Search and Destroy 1.3 and you might need About:Buster from the looks of it http://www.majorgeeks.com/download4289.html

By the way, it will be easier because you are using Avast too, it will pick up a lot of the junk on its own. Delete every one of them.
You will have the best luck if you run these from safe mode of windows with the latest versions of each. It should take care of most but you have a few nasty ones that are really good at "self healing" in there. If you need more help you may want to visir forum on http://www.computercops.biz/

You might need the help anyway, as I said, some of the ones listed can be a bare to remove if you have never dealt with them before.
« Last Edit: August 03, 2004, 09:31:25 PM by bilemke »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:can't fix... please help
« Reply #6 on: August 03, 2004, 09:40:56 PM »
The list is long and I don't have the time right now to look at it, but I suggest to run HijackThis, save the log file and use my analyzer (click on the link in my signature) to see what comes up. In adition to this you also may want to follow the instructions on my page to clean your system. Good luck, and keep us informed.