|
-
November 6th, 2009, 05:54 PM
#1
 The old "Your System is Infected" desktop take-over
Hi,
I'm running Windows XP and I'm getting the "Your System Is Infected! System has been stopped due to a serious malfuction." desktop wallpaper. When I right click and go to Display Properties, it does not allow me to change it. There are also a bunch of porn icons added to the desktop.
As per the sticky in this forum I have installed and performed the SUPERAntiSpyware scan. Desktop is now back to normal but getting some .DLL error text boxes on startup. Below are the results of the SUPERAntiSpyware scan. Thanks in advance for any help you can provide.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/07/2009 at 02:49 AM
Application Version : 4.29.1004
Core Rules Database Version : 4162
Trace Rules Database Version: 1978
Scan type : Complete Scan
Total Scan Time : 01:35:31
Memory items scanned : 426
Memory threats detected : 7
Registry items scanned : 5368
Registry threats detected : 19
File items scanned : 116756
File threats detected : 79
Trojan.Agent/Gen-FakeAlert[Calc]
C:\WINDOWS\SYSTEM32\CALC.DLL
C:\WINDOWS\SYSTEM32\CALC.DLL
[calc] C:\WINDOWS\SYSTEM32\CALC.DLL
[calc] C:\DOCUME~1\NETWOR~1\NTUSER.DLL
C:\DOCUME~1\NETWOR~1\NTUSER.DLL
C:\DOCUMENTS AND SETTINGS\DEFAULT\LOCAL SETTINGS\TEMP\RUNDLL32.DLL
Trojan.Unclassified/C00-WL/A
C:\WINDOWS\SYSTEM32\__C009AD91.DAT
C:\WINDOWS\SYSTEM32\__C009AD91.DAT
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\__c009AD91
Trojan.Agent/Gen-Bongl[L]
C:\WINDOWS\SYSTEM32\MSXM192Z.DLL
C:\WINDOWS\SYSTEM32\MSXM192Z.DLL
[ter8m] C:\WINDOWS\SYSTEM32\MSXM192Z.DLL
Trojan.Agent/Gen-Reader_S
C:\WINDOWS\SYSTEM32\READER_S.EXE
C:\WINDOWS\SYSTEM32\READER_S.EXE
C:\DOCUMENTS AND SETTINGS\DEFAULT\READER_S.EXE
C:\DOCUMENTS AND SETTINGS\DEFAULT\READER_S.EXE
[reader_s] C:\WINDOWS\SYSTEM32\READER_S.EXE
[reader_s] C:\DOCUMENTS AND SETTINGS\DEFAULT\READER_S.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#reader_s [ C:\WINDOWS\System32\reader_s.exe ]
Trojan.Dropper/Gen-NV
C:\WINDOWS\SYSTEM32\RESTORER32_A.EXE
C:\WINDOWS\SYSTEM32\RESTORER32_A.EXE
C:\DOCUMENTS AND SETTINGS\DEFAULT\RESTORER32_A.EXE
C:\DOCUMENTS AND SETTINGS\DEFAULT\RESTORER32_A.EXE
[restorer32_a] C:\WINDOWS\SYSTEM32\RESTORER32_A.EXE
[restorer32_a] C:\DOCUMENTS AND SETTINGS\DEFAULT\RESTORER32_A.EXE
C:\WINDOWS\Prefetch\RESTORER32_A.EXE-2C748582.pf
Trojan.Unclassified/C00-Installer
[A00F111D78.exe] C:\DOCUME~1\DEFAULT\LOCALS~1\TEMP\_A00F111D78.EXE
C:\DOCUME~1\DEFAULT\LOCALS~1\TEMP\_A00F111D78.EXE
C:\DOCUMENTS AND SETTINGS\DEFAULT\LOCAL SETTINGS\TEMP\_A00F111D78.EXE
Trojan.Agent/Gen
[Wallpaper] C:\WINDOWS\SYSTEM32\CRITICAL_WARNING.HTML
C:\WINDOWS\SYSTEM32\CRITICAL_WARNING.HTML
C:\WINDOWS\system32\A.TMP
C:\WINDOWS\system32\B.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT\LOCAL SETTINGS\TEMP\BNB.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT\LOCAL SETTINGS\TEMP\BNE.TMP
C:\WINDOWS\TEMP\VRT13.TMP
C:\WINDOWS\Prefetch\B.TMP-0826A2ED.pf
C:\WINDOWS\Prefetch\VRT13.TMP-0180F840.pf
Trojan.Unknown Origin
HKLM\Software\AGProtect
HKLM\Software\AGProtect#Cfg
Trojan.Media-Codec/V4
C:\Program Files\Video Add-on\ictmdl.dll
C:\Program Files\Video Add-on
Trojan.Unclassified/C00-WL
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C009AD91
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C009AD91#Asynchronous
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C009AD91#DllName
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C009AD91#Impersonate
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C009AD91#Startup
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C009AD91#Logon
Rogue.ProtectionSystem
C:\Program Files\Protection System
Adware.Tracking Cookie
.ads.pointroll.com [ C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\4e0vtbi5.Default User2\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\4e0vtbi5.Default User2\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\4e0vtbi5.Default User2\cookies.txt ]
.advertising.com [ C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\4e0vtbi5.Default User2\cookies.txt ]
.advertising.com [ C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\4e0vtbi5.Default User2\cookies.txt ]
.advertising.com [ C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\4e0vtbi5.Default User2\cookies.txt ]
.advertising.com [ C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\4e0vtbi5.Default User2\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\4e0vtbi5.Default User2\cookies.txt ]
.clicksor.com [ C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\4e0vtbi5.Default User2\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\4e0vtbi5.Default User2\cookies.txt ]
.jamster.com.au [ C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\4e0vtbi5.Default User2\cookies.txt ]
.msnportal.112.2o7.net [ C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\4e0vtbi5.Default User2\cookies.txt ]
.partygaming.122.2o7.net [ C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\4e0vtbi5.Default User2\cookies.txt ]
.partypoker.com [ C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\4e0vtbi5.Default User2\cookies.txt ]
.partypoker.com [ C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\4e0vtbi5.Default User2\cookies.txt ]
.partypoker.com [ C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\4e0vtbi5.Default User2\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\4e0vtbi5.Default User2\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\4e0vtbi5.Default User2\cookies.txt ]
.virginmoneyaustralia.122.2o7.net [ C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\4e0vtbi5.Default User2\cookies.txt ]
a.tribalfusion.com [ C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\4e0vtbi5.Default User2\cookies.txt ]
a.tribalfusion.com [ C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\4e0vtbi5.Default User2\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\4e0vtbi5.Default User2\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\4e0vtbi5.Default User2\cookies.txt ]
ad.zanox.com [ C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\4e0vtbi5.Default User2\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\4e0vtbi5.Default User2\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\4e0vtbi5.Default User2\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\4e0vtbi5.Default User2\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\4e0vtbi5.Default User2\cookies.txt ]
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@apmebf[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@mediaplex[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@serving-sys[2].txt
Trojan.Agent/Gen-FDUPX
C:\DOCUMENTS AND SETTINGS\DEFAULT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\QTFO1OJY\BOT[1].TXT
C:\WINDOWS\SYSTEM32\1E.TMP
C:\WINDOWS\Prefetch\1E.TMP-343B9247.pf
Trojan.Agent/Gen-Tmp[Hehe]
C:\WINDOWS\SYSTEM32\1D.TMP
C:\WINDOWS\Prefetch\1D.TMP-058FFBF9.pf
Trojan.Agent/Gen-NumTemp
C:\WINDOWS\SYSTEM32\5.TMP
C:\WINDOWS\SYSTEM32\6.TMP
C:\WINDOWS\SYSTEM32\9.TMP
C:\WINDOWS\Prefetch\6.TMP-3B726FB8.pf
Trojan.Agent/Gen-Dropper[Temp]
C:\WINDOWS\SYSTEM32\C.TMP
C:\WINDOWS\SYSTEM32\D.TMP
C:\WINDOWS\Prefetch\C.TMP-31A4EB53.pf
C:\WINDOWS\Prefetch\D.TMP-1D59F25F.pf
Trojan.Smitfraud Variant-Gen/Bensorty
C:\WINDOWS\SYSTEM32\U0070.DLL
Trojan.WinUpdate
C:\WINDOWS\SYSTEM32\WINUPDATE.EXE
C:\WINDOWS\Prefetch\WINUPDATE.EXE-0F50C4F5.pf
Trojan.Agent/Gen-FakeAlert
C:\WINDOWS\TEMP\VRT15.TMP
C:\WINDOWS\Prefetch\VRT15.TMP-16B447B2.pf
Trojan.Agent/Gen-SoftWin[Virut]
C:\WINDOWS\TEMP\VRT19.TMP
C:\WINDOWS\Prefetch\VRT19.TMP-05801C8F.pf
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
