[solved] newbie..help and dropper.small.AK (merged)

Re: newbie..help and dropper.small.AK (merged)

Good work Phatkid! Your log looks clean.

You can use the Disk cleanup Utility in Windows to clean out your Temp folders. DiskCleanup Utility

And don't forget to clear any old Restore Points from your System Restore (see the link for System Restore instructions I posted above)

And here are some steps to follow to help tighten your security and prevent future infection: https://www.wilderssecurity.com/showthread.php?t=27971

Regards,

snap

 

Re: newbie..help and dropper.small.AK (merged)

thanks, but i just system restored back a couple of hours as when i clicked on my computer a window opens up to install microsoft streets??
so i restarted my computer to see if that helped, then a window popped up that was unable to open certain files
so when i restored back a couple hrs, the window install thing didn't show up and the puter started without saying it couldn't or find a file..

here is the hijack this form 1024pm

Logfile of HijackThis v1.97.7
Scan saved at 12:59:13 AM, on 14/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Proantivirus Lab\Digital Patrol Scanner 5.0\update.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\MDG Customer\Local Settings\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
00000000O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\MDGCUS~1\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\"
O4 - Startup: Digital Patrol Update.lnk = C:\Program Files\Proantivirus Lab\Digital Patrol Scanner 5.0\update.exe
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{092E4EA9-DAAA-4F8C-A902-BF050FE89CCE}: NameServer = 206.47.244.53 206.47.244.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FC8364F-F2D9-4F52-984D-FEEEECDB1750}: Domain = sympatico.ca
O17 - HKLM\System\CS1\Services\Tcpip\..\{092E4EA9-DAAA-4F8C-A902-BF050FE89CCE}: NameServer = 206.47.244.53 206.47.244.105

the spot with the 0000000's is the file that was not on the 1035 hijack this, but incidently the mcafee and kaaza is back in the programs and i still can't save pics to my cd\R, nor to i get prompt when i put a blank CD in the D: drive??

hell with it i will take the puter back as it is a mess and they can deal with it, but i will try and stay on top of things better..... no more porn down load

thanks, will see you soon

any suggestions what files i can save to make reloading and instal easier

phats

 

Re: newbie..help and dropper.small.AK (merged)

well got the puter back............all better had 2 viruses, not to mention the 1 or two you cats helped me remove PLUS the trojan horse........

thanks

 

Re: newbie..help and dropper.small.AK (merged)

Hi phatkid,

Well, you did alot of work in trying to save your computer, but sometimes a fresh start is the way to go.

To help keep your computer clean, here are some steps to follow: https://www.wilderssecurity.com/showthread.php?t=27971

I will edit the title of this thread now, to reflect that the problem is 'solved',but I won't lock it in case you want to revisit it and post in it again.

Regards,

snap