- Forums
- Security | Computer, Devices, Software and Systems
- Viruses, Spyware and Malware
- HijackThis Logs (finished)
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Trojans: motofoto- Zundo and more! T-T
- Thread starter JJL12
- Start date
- Status
- Not open for further replies.
techpro5238
In Runtime
- Messages
- 451
Try a different scan:
Please go HERE to run Panda's ActiveScan
Please go HERE to run Panda's ActiveScan
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on My Computer to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
ARG!!!!!! its not giving me any of those options... I registered and everything and it only says that: "Congratulations!
Today you are not infected.
We have not detected any protection on your PC. With Panda solutions you will be protected against more than 3 million viruses, spyware and other threats.
It is advisable to run a complete scan with ActiveScan 2.0 from time to time. This will minimize the chances of infection.
Would you like to share ActiveScan 2.0 with your friends? Just leave their email addresses. We will not save them in our database.
Email address 1:
Email address 2:
Email address 3:"
now I is very confuzzled... should I try a diffrnt one or use IE7?
Today you are not infected.
We have not detected any protection on your PC. With Panda solutions you will be protected against more than 3 million viruses, spyware and other threats.
It is advisable to run a complete scan with ActiveScan 2.0 from time to time. This will minimize the chances of infection.
Would you like to share ActiveScan 2.0 with your friends? Just leave their email addresses. We will not save them in our database.
Email address 1:
Email address 2:
Email address 3:"
now I is very confuzzled... should I try a diffrnt one or use IE7?
techpro5238
In Runtime
- Messages
- 451
Did it do the full scan? If not, lets just finish up with a scan on the PC. This will for sure work.
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Malwarebytes' Anti-Malware 1.12
Database version: 785
Scan type: Quick Scan
Objects scanned: 40196
Time elapsed: 4 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
c:\WINDOWS\system32\sqlite3.dll (Rogue.Multiple) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\system32\sqlite3.dll (Rogue.Multiple) -> Delete on reboot.
C:\Documents and Settings\Owner.YOUR-8120BE3D9C\SETUP.EXE (Trojan.Dropper) -> Quarantined and deleted successfully.
restarting now...
Database version: 785
Scan type: Quick Scan
Objects scanned: 40196
Time elapsed: 4 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
c:\WINDOWS\system32\sqlite3.dll (Rogue.Multiple) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\system32\sqlite3.dll (Rogue.Multiple) -> Delete on reboot.
C:\Documents and Settings\Owner.YOUR-8120BE3D9C\SETUP.EXE (Trojan.Dropper) -> Quarantined and deleted successfully.
restarting now...
techpro5238
In Runtime
- Messages
- 451
Was everything deleted? You rebooted and cleaned the final file?
yeah it said that and then I restarted the comp. then when before I went to sleep I had it do a full scan:
"Malwarebytes' Anti-Malware 1.12
Database version: 785
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 148527
Time elapsed: 29 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Authentic-ID\Authentic-ID Toolbar\sqlite3.dll (Rogue.Multiple) -> Quarantined and deleted successfully."
This time I was not prompted with a restart. But it was the same file that was deleted through a restart. and bdod.bin seems to be dead.
"Malwarebytes' Anti-Malware 1.12
Database version: 785
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 148527
Time elapsed: 29 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Authentic-ID\Authentic-ID Toolbar\sqlite3.dll (Rogue.Multiple) -> Quarantined and deleted successfully."
This time I was not prompted with a restart. But it was the same file that was deleted through a restart. and bdod.bin seems to be dead.
techpro5238
In Runtime
- Messages
- 451
Well, let's finish up here with your final instructions. Post up a final HJT just to make sure you are completely clean, AFTER you finish these steps.
Step1
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Step2
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
Logs Required In Next Post
-------------------------------
New Hijackthis Log
Kind Regards,
Techpro5238
Step1
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Step2
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
Logs Required In Next Post
-------------------------------
New Hijackthis Log
Kind Regards,
Techpro5238
techpro5238
In Runtime
- Messages
- 451
How is this coming?
- Status
- Not open for further replies.
Similar threads
- Replies
- 0
- Views
- 2K
- Replies
- 1
- Views
- 3K
