Help is appreciated - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Hardware > System Upgrades
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 07-31-2006, 06:54 PM   #1 (permalink)
Banned
 
Join Date: Mar 2006
Posts: 1,829
Default Help is appreciated

I ran ewido and some other spyware programs and ewido found this:

Downloader.Agent.uj

How do i get rid of that?

here is a hijackthis log:

Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\eno
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\owt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\eerht
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\ruof
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\evif
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmaal.exe"=-
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\IPSEC6.EXE
* csr.exe C:\WINDOWS\System32\CSRPU.EXE

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSRPU.EXE 51,235 2006-07-31
C:\WINDOWS\SYSTEM32\DMAAL.EXE 62,010 2004-08-04
Other suspects
Directory of C:\WINDOWS\system32
{9D5C5F24-035C-4B60-81E4-A97D46CB8A64}.exe
{A8B06415-E124-471C-B734-6DE8C4D7BB78}.exe
{B734FDF5-98E2-4AAF-9828-06F04EA559ED}.exe
{C14848E4-7716-454C-85C5-7BE3DA782E59}.exe
{6D0FD1A2-BF32-4F5C-8ABB-9421F6289723}.exe
__________________

Norcent is offline  
Old 07-31-2006, 07:56 PM   #2 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

first of all, why you in here postin it and that is not a hijackthis log, that is fixwareouts log
__________________

__________________
Osiris is offline  
Old 08-01-2006, 10:53 AM   #3 (permalink)
Banned
 
Join Date: Mar 2006
Posts: 1,829
Default

oh sorry i posted that here i guess i should check that out next time.
Norcent is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 05:30 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.