Trying to help my fatherinlaw with his POS laptop
I haven't had a problem on my own PC for a couple years now, as I have almost religiously run Ad-Aware. However I've been called on to help my father-in-law, and I knew almost instantly I was in over my head. The first scan found 358 "critical objects". I crossed my fingers, cleaned them out, restarted the PC and found that we still have a number that have "re-installed". The most glaring symptom is consistent pop-up windows that say "The Best offers". The system isn't top end, but it is clearly bogged down.
I have saved the log file, but am not sure how to attach it or who to send it to. Please assist. There are 17 VX2 objects (TAC rating 10), 1 called Abetterinternet.Nail (TAC rating 5), 1 called Windows with a TAC rating of 3, and some MRU list/Tracking cookie items (12 total).
Any help would be greatly appreciated.
-
Please click "add reply" then look for "File Attachments" click browse, find the file and then press the "attach" button... then "add reply" again...
Alternativly copy and paste the contents of the text file into the reply box, however im guessing its going to be a big log.
Feel free to reply if you get stuck.
Thanks Chris Fry
0 -
Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, April 26, 2006 1:14:00 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R104 21.04.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ABetterInternet.Nail(TAC index:5):1 total references
MRU List(TAC index:0):6 total references
Tracking Cookie(TAC index:3):6 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):17 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R104 21.04.2006
Internal build : 123
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 618561 Bytes
Total size : 2031217 Bytes
Signature data size : 1993928 Bytes
Reference data size : 36777 Bytes
Signatures total : 56111
CSI Fingerprints total : 2346
CSI data size : 75346 Bytes
Target categories : 15
Target families : 877
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:24 %
Total physical memory:260076 kb
Available physical memory:62404 kb
Total page file size:2734244 kb
Available on page file:2544480 kb
Total virtual memory:2097024 kb
Available virtual memory:2044156 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
4-26-2006 1:14:00 AM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Gary Christian\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-847386435-2346120412-1781031486-1005\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-847386435-2346120412-1781031486-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-847386435-2346120412-1781031486-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-847386435-2346120412-1781031486-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 768
ThreadCreationTime : 4-26-2006 3:18:07 AM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 852
ThreadCreationTime : 4-26-2006 3:18:10 AM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 876
ThreadCreationTime : 4-26-2006 3:18:11 AM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 920
ThreadCreationTime : 4-26-2006 3:18:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 932
ThreadCreationTime : 4-26-2006 3:18:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1084
ThreadCreationTime : 4-26-2006 3:18:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1144
ThreadCreationTime : 4-26-2006 3:18:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1392
ThreadCreationTime : 4-26-2006 3:18:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1444
ThreadCreationTime : 4-26-2006 3:18:13 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1636
ThreadCreationTime : 4-26-2006 3:18:13 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 168
ThreadCreationTime : 4-26-2006 3:18:15 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 204
ThreadCreationTime : 4-26-2006 3:18:15 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:13 [atlhu32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 276
ThreadCreationTime : 4-26-2006 3:18:15 AM
BasePriority : Normal
#:14 [scsiaccess.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 396
ThreadCreationTime : 4-26-2006 3:18:16 AM
BasePriority : Normal
#:15 [winkmi.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 608
ThreadCreationTime : 4-26-2006 3:18:17 AM
BasePriority : Normal
#:16 [winkvsy.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 668
ThreadCreationTime : 4-26-2006 3:18:17 AM
BasePriority : Normal
#:17 [igfxtray.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 520
ThreadCreationTime : 4-26-2006 3:18:36 AM
BasePriority : Normal
FileVersion : 3,0,0,1132
ProductVersion : 7,0,0,1132
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
LegalCopyright : Copyright 1999-2001, Intel Corporation
OriginalFilename : IGFXTRAY.EXE
#:18 [apoint.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 528
ThreadCreationTime : 4-26-2006 3:18:36 AM
BasePriority : Normal
FileVersion : 5.5.5.109
ProductVersion : 5.5.5.109
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2001 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe
#:19 [hkserv.exe]
FilePath : C:\Program Files\Sony\HotKey Utility\
ProcessID : 472
ThreadCreationTime : 4-26-2006 3:18:36 AM
BasePriority : Normal
#:20 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1044
ThreadCreationTime : 4-26-2006 3:18:38 AM
BasePriority : Normal
FileVersion : 6.5
ProductVersion : QuickTime 6.5
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:21 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1624
ThreadCreationTime : 4-26-2006 3:18:41 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:22 [pcfmgr.exe]
FilePath : C:\Program Files\PowerPanel\Program\
ProcessID : 504
ThreadCreationTime : 4-26-2006 3:18:42 AM
BasePriority : Normal
FileVersion : 4.1.0.4
ProductVersion : 4.1.0-S007
ProductName : PowerPanel 3.0
CompanyName : Phoenix Technologies Ltd.
FileDescription : PCF Manager Local Server
InternalName : PCFMgr
LegalCopyright : Copyright © 1998, Phoenix Technologies Ltd.
LegalTrademarks : PowerPanel 3.0
OriginalFilename : PCFMgr.exe
#:23 [apntex.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 2096
ThreadCreationTime : 4-26-2006 3:18:44 AM
BasePriority : Normal
FileVersion : 5.0.1.13
ProductVersion : 5.0.1.13
ProductName : Alps Pointing-device Driver for Windows NT/2000
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000
InternalName : Alps Pointing-device Driver for Windows NT/2000
LegalCopyright : Copyright © 1998-2001 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe
#:24 [pcfmgricq.exe]
FilePath : C:\Program Files\PowerPanel\Program\
ProcessID : 2148
ThreadCreationTime : 4-26-2006 3:18:46 AM
BasePriority : Normal
FileVersion : 4.1.0.4
ProductVersion : 4.1.0-S007
ProductName : PowerPanel 3.0
CompanyName : Phoenix Technologies Ltd.
FileDescription : PCF Manager Local Server
InternalName : PCFMgr
LegalCopyright : Copyright © 1998, Phoenix Technologies Ltd.
LegalTrademarks : PowerPanel 3.0
OriginalFilename : PCFMgr.exe
0 -
#:25 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3560
ThreadCreationTime : 4-26-2006 3:59:35 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:26 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3660
ThreadCreationTime : 4-26-2006 8:06:59 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:27 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 344
ThreadCreationTime : 4-26-2006 8:13:46 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-847386435-2346120412-1781031486-1005\software\aurora
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-847386435-2346120412-1781031486-1005\software\aurora
Value : AUAc7C0u4t57D
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-847386435-2346120412-1781031486-1005\software\aurora
Value : AUI3d5OfSDist
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-847386435-2346120412-1781031486-1005\software\aurora
Value : AUI3d5OfSInst
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-847386435-2346120412-1781031486-1005\software\aurora
Value : AUs3t5icky1S
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-847386435-2346120412-1781031486-1005\software\aurora
Value : AUs3t5icky2S
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-847386435-2346120412-1781031486-1005\software\aurora
Value : AUC3u5rrentSMode
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-847386435-2346120412-1781031486-1005\software\aurora
Value : AUC3n5tFyl
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-847386435-2346120412-1781031486-1005\software\aurora
Value : AUAdC0u4t524h
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-847386435-2346120412-1781031486-1005\software\aurora
Value : AUL3a5stSSChckin
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-847386435-2346120412-1781031486-1005\software\aurora
Value : AUC1o3d5eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-847386435-2346120412-1781031486-1005\software\aurora
Value : AUT3i5m7eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-847386435-2346120412-1781031486-1005\software\aurora
Value : AUBd2y5i23
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-847386435-2346120412-1781031486-1005\software\aurora
Value : AUBd2y646
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-847386435-2346120412-1781031486-1005\software\aurora
Value : AUBd2yV3r
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-847386435-2346120412-1781031486-1005\software\aurora
Value : AUAdC0u4t57D
ABetterInternet.Nail Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe
Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
TAC Rating : 3
Category : Vulnerability
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 18
Objects found so far: 24
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 24
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : gary christian@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:gary christian@doubleclick.net/
Expires : 4-24-2009 9:10:22 PM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : gary christian@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:gary christian@atdmt.com/
Expires : 4-24-2011 5:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : gary christian@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:gary christian@2o7.net/
Expires : 4-25-2011 1:07:58 AM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : gary christian@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:gary christian@questionmarket.com/
Expires : 6-16-2007 1:10:14 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : gary christian@findwhat[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:gary christian@findwhat.com/
Expires : 12-31-2019 5:00:02 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : gary christian@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:gary christian@advertising.com/
Expires : 4-24-2011 9:27:30 PM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 30
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 30
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 30
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 31
1:30:21 AM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:16:21.171
Objects scanned:118740
Objects identified:25
Objects ignored:0
New critical objects:25
0 -
Hello Rich
To remove this infection, you should download the "VX2 Cleaner"
http://www.lavasoft.com/software/addons/vx2cleaner.shtml
Please try with this first, and let us know how you get on...
0 -
Hello RichTo remove this infection, you should download the "VX2 Cleaner"
http://www.lavasoft.com/software/addons/vx2cleaner.shtml
Please try with this first, and let us know how you get on...
Didn't work for me Steve. I get "system cleam" with the same problem. Does AdaWare have any better remover? I'm using SE 1.06.
0 -
Scitnor,
it would be best if you start a topic of your our posting a log file from a "Full Scan"
GRAFX
0 -
Rich,
Please can you try at least two if not more of these On-line scans
or download and try
TrojanHunter (Note Trojan Scanner 30 day Trial)
Reboot (ie: Re-start your PC)
Now this is going to take a few scan please follow these instructions carefully, and in the order given
Can you please go and download a plug-in (i.e.: vx2cleaner.exe) that will assist you in the cleanup of your PC. (if you have not already have done so)
After you have downloaded and installed the VX2 Plug-in as described there,
DO NOT RUN IT YET
please can you clear out your cache folder ie: temporary internet folder.
There are some free programs that you can use that will do that for you if needed like
(Note in CCleaner: go to >options > advanced > Uncheck "Only delete files in Windows Temp folders older than 48 hours"). but see CCleaner Set up
Then open Ad-Aware SE use the WebUpDate to ensure that you have the latest Definitions File
ie: (SE1R107 09.05.2006) then close Ad-Aware SE.
Now please save and close any open programs and disconnect from the internet.
(For broadband/cable users, it is recommended that you disconnect the cable connection)
Then
Please Reboot (i.e.: Re-start your PC)
Then open Ad-Aware SE but nothing else.
Please can you un-tick this option if you have it ticked
"Include negligible objects information".
To do this Open Ad-aware SE
Click “settings� (the Gear)
then Click “Tweaks“,
then click Scanning engine,
then un-tick "Include negligible objects information".
And then click the proceed button.
Now please scan doing a "Full Scan".
When the scan has finished select Next. In the Scanning Results window select the "Scan Summary" tab. tick the box next to a "target family’" you wish to remove. Click next, Click OK.
then rescan and do the same thing till you have removed all the "target family's"
Then please run the VX2 cleaner by Selecting the VX2 Cleaner plug-in and click “Run Plug-in� Select “Clean System�
Then please Reboot (i.e.: Re-start your PC)
Then after your PC has restarted please open Ad-Aware SE, but nothing else and
scan doing a "Full Scan". then and once the scan has finished mark and remove items then Reboot (i.e.: Re-start your PC)
Then re-scan doing a "Full Scan" and then post your log file here by using the Add-Reply Feature
GRAFX
0
Vous devez vous connecter pour laisser un commentaire.
Commentaires
7 commentaires