10 infected files

[watto]

I have just done a scan with housecall and found I have the following on my computer:

REG SEEKER.D non cleanable
TROJ BRISS.B non cleanable
TROJ SMALL.EU non cleanable
JAVA BITEVER.A non cleanable
JAVA BITEVER.A non cleanable
JAVA BITEVER.A non cleanable
JAVA FEMAD.D non cleanable
JAVA BYTEVER.A-1 non cleanable
JAVA FEMAD.B non cleanable
JAVA FEMAD.B non cleanable

Here is my log

Logfile of HijackThis v1.97.7
Scan saved at 21:53:31, on 14/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PopupRemover\PopRController.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis1977\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timecomputers.com
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: (no name) - {3D2C1DA4-BCD3-4317-9548-2E08BD222FF0} - C:\PROGRA~1\POPUPR~1\POPUPS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\status.exe
O4 - HKLM\..\Run: [PopupRemoverCtrl] C:\Program Files\PopupRemover\PopRController.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\ares.exe" -h
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com
O16 - DPF: {1A9EC776-942A-4A51-8CD6-0DD9C25ED05B} - http://akamai.downloadv3.com/binarie...ce_1_EN_XP.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...010.2418287037
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{312AFC0A-71D6-4386-B2BC-D93EEA22D419}: NameServer = 80.225.252.186 80.225.252.178
O17 - HKLM\System\CS1\Services\Tcpip\..\{312AFC0A-71D6-4386-B2BC-D93EEA22D419}: NameServer = 80.225.252.186 80.225.252.178

and can you tell me which ones to delete time computers home page

Please help

[snapdragin]

Hi watto, I am not sure I understand the following. Did you mean you did not want to keep timecomputers, or that you wanted to keep it?

Quote:

Originally Posted by watto

and can you tell me which ones to delete time computers home page

There isn't anything in your log that indicates an infection. Where did housecall say these infected files were located?

Regards,

snap

[meneer]

The only reference that I found was this:

http://www3.ca.com/securityadvisor/v....aspx?ID=38878: Cleaning Briss is a snap.
The others are not at CA. Means nothing, but I would check using a different online scanner. Perhaps these java lines are false positives.

And then check this topic

[dvk01]

All the files will be in either temp folder or temp internet files or java cache so do this please

boot into safe mode by following instructions here: http://service1.symantec.com/SUPPORT...01052409420406
then as some of the files or folders you need to delete may be hidden do this:
Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.

Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

then using windows explorer go to C:\Documents and Settings\USER NAME\Local Settings\Temp and select everything in that folder and delete it

as XP will not let you delete files less than 24 hours old as it thinks it might need them please also do this

while in the temp folder, select view and select details.

then right click a blank part and select arrange icons by, and select show in groups and modified, that will give a list of all files in date order with

today at the top of the page.

select all the files/folders except the today ones and delete them all.

1) Open Control Panel
2) Click on Internet Options
3) On the General Tab, in the middle of the screen, click on Delete Files
4) You may also want to check the box "Delete all offline content"
5) Click on OK and wait for the hourglass icon to stop after it deletes the temporary internet files
6) You can now click on Delete Cookies and click OK to delete cookies that websites have placed on your hard drive

Empty Sun Java cache

go to control panel, click on cache, press clear cache

Then to get rid of the Time computer's rubbish do this

Run hijackthis, tick these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timecomputers.com
O4 - HKLM\..\Run: [SUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\status.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com


finally

Turn off system restore by following instructions here
http://service1.symantec.com/SUPPORT...01111912274039

That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable sytem restore & create a new restore point.

Read here http://www.wilderssecurity.com/showthread.php?t=27971 for info on how to tighten your security settings and how to help prevent future attacks.

& it is vital that you go here, click Scan for updates in the main frame, and download and install all CRITICAL updates recommended.

[illukka]

doesn't time computers come preloaded with supanet internet access?

i read somewhere(pcplus?) that you need to get new modem drivers to disable the supanet thing. so check your modem manufacturers website for modem software

My son wanted to know cheats for Conflict Desert Storm II......so I typed on Google....cheats for conflict desert storm II .....came up with loads of searches ....clicked on the first one and my AVG told me I had a virus Trojan one PSW.Briss.E ......ran the anti virus scan and it got rid of it for me
By the way the AVG version I have is the free one .....from Grisoft.com ...and it got rid of it ........loadsa luck xxx