Repeated alerts for same virus

[Eddy]

BarbeeGee,

you had problems, we helped you with it. we say it is harmfull and still you go there? That isn't really smart and is asking for problems You wondered where msn and yahoo came from. Well you or someone that is using your comp went there and installed things. Elves don't excist so they can't have done it.

[Eddy]

Some of them were very old.

No they are not. Your HJT log was clean and now is dirty again. So they are very new !

[BarbeeGee]

OK.... How do I find this virus?

In SafeMode I couldn't find it.  Can I just delete all the Temporary Files.  There is none named

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YXNCTK7A\UCSearch[1].CAB->UCSearch.ocx - TrojanDownloader:Win32/VB.BN -> Infected

I meant that some of the Downloaded sites 016 were very old.

[galooma]

yes  by all means one of the first things you should do is dump all your temp internet files , if you clean out all your cookies you may lose some saved passwords for your gamesites so do it with caution but this is important step in staying clean .

[BarbeeGee]

Eddy,  Sorry if I sounded like I was blaming you guys for my stupid curiosity... I wasn't, I'm just frustrated.

Here is my new log:

Logfile of HijackThis v1.97.7
Scan saved at 7:51:04 PM, on 8/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\PROGRA~1\ADELPH~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe
C:\Program Files\WinZip2\WZQKPICK.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Owner\My Documents\HIJACK\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\StopzillaBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ZILLAbar - {8FC8AE66-AC15-4C0D-9E9A-51296A0C52FA} - C:\Program Files\ISSS\ZILLAbar\ZILLAbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ADELPH~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip2\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150} (UCSearch.ucUCSearch) - http://www.armbender.com/UCSearch.CAB
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_40/QDow.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.ipswitch.com/_installs/wsftp_le/setup.exe
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://www.kungfuchess.com/activex/web665.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://c.ancestry.com/cab/ImageViewer/MFImgVwr.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://images.myfamily.net/isfiles/downloads/MrSIDI.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version6/dlhelper.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://fptest.onisak.com/software/v7/gp0/setup.exe
15F98C42E04C} (Downloader Class) - http://www.zillabar.com/toolbar/bin/dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/211/webolr/OCX/FlashAX.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-

[galooma]

is the toolbar some thing you need
O3 - Toolbar: ZILLAbar - {8FC8AE66-AC15-4C0D-9E9A-51296A0C52FA} - C:\Program Files\ISSS\ZILLAbar\ZILLAbar.dll
because these things are notorious for having extra unseen content as is incredimail i might add . if you feel comfortable now with the feel of the system then thats great . if  you want to secure yourself a little more i might suggest some spyware protection like spywareblaster and spybot SSD these are freeware and available all over the place check the links topic in general topics forum . good luck    if you want some more reassurance maybe another online scan from PANDA might find something else

[BarbeeGee]

First of all I did not go to those sites of my own free will except today for curiosity.

Virus Encyclopedia Search Results



<< Search Again

1 - 1 of 1 records match your query

VBS_KREPPER.A
Aliases: VBS/Krepper.A*, TrojanClicker.VBS.Krepper, Trj/Krepper.E
Upon execution, this Trojan opens a new Internet Explorer window with a height and width value of zero, making the said window invisible to users. It then accesses the following site using ...


Secondly, the programs you listed... are they something different than what I already have?
Stopzilla  (I think that is the Zilla toolbar)
Avast
ZoneAlarm Firewall
Ad-Aware


Also I cleaned out my temp files and that virus file doesn't appear in the new log.   Hopefully it is gone.  I'm doing another RAV scan to be sure.
Thanks.

[galooma]

the programs i mentioned SPYWAREBLASTER, and SPYBOY SSD are just to add another layer of defense to your PC . they both have resident sheilds which detect things that AVAST might struggle with and best of all is that there are no conflicts and they use very little resources. No program will do everything but the more you have the better your chances .Just remember about once a week to update them and then run them to see what they find.
keep the programs you have as they are important as well and dont forget to visit windows update regularly and get all those patches . Good Luck  

[BarbeeGee]

I got a sparkling clean report from RAV.  

BEtter that I had to do everything twice because know maybe I'll remember how when ithappens again.

Thanks for all your help:  Who Cares, Galooma, and
Eddy.

You are the best!

[yankanuk]

I also have that trojan. Does anyone know a safe way of removing it without stopping windows restore?
Thanks

[Eddy]

I also have that trojan. Does anyone know a safe way of removing it without stopping windows restore?

What tells you, you have the same trojan? NOTHING DOES! gen=generic!

Did you already have followed the things we told in this thread?

Disbaling system restore ain't a bad thing, since system restore is almost plain BS. You get a virus (or other infection) whitout knowing it. You install other things, make (setting) changes and such and then the harfull process starts. You remove it and reboot. System restore will put it back! So you are still have the problems.

Much better than system restore is using COMMON SENSE and create a regular backup.

[SUSZANNAH]

I had similar problems a while ago, when I was doing scans I had over 42000 restore files, it took well over an hour to scan, so following advice I disabled restore and it now only takes me minutes to do any scan, I would never use restore again, hope this helps  

[atp2007]

I am in an absolute panic.  I also did the turn off System Restore routine and then turned it back on after rebooting.  Once I said OK to system restore my PC totally froze, can't even turn it off!!!  I've got photos on it that I can't replace and hadn't yet gotten burn to a disc.  panicsville!!!!

[SUSZANNAH]

The clever guys will be able to help you on that, I didn't put restore back on, as I was told there was a problem with it and Microsoft were bringing a patch out for it, would rather just back up instead, I'm sure one of the boys will help you........

[whocares]

can't even turn it off!!!  

if
- CTRL ALT DEL or
- the reset button or
- pressing the power-button for 4 seconds doesn't help:

pulling the plug persuades even the most stubborn PCs to shut down..

afterwards:
- try rebooting to last known good configuration or in SafeMode (F8-Boot)
- if that doesn't help: can you boot from XP-CD and see your data then ?

and give us more info about the virus location and system/Win-info