Jump to content

lazark

Members
  • Content Count

    2
  • Joined

  • Last visited

About lazark

  • Rank
    Newbie
  1. lazark

    SAS, windows XP and virtumonde conflict

    and if it helps you help me, here's the log file: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/31/2009 at 07:52 PM Application Version : 4.25.1012 Core Rules Database Version : 3738 Trace Rules Database Version: 1707 Scan type : Complete Scan Total Scan Time : 00:51:01 Memory items scanned : 602 Memory threats detected : 3 Registry items scanned : 5498 Registry threats detected : 77 File items scanned : 22838 File threats detected : 18 Adware.Vundo/Variant-AdobeFake C:\WINDOWS\SYSTEM32\HVUARL.DLL C:\WINDOWS\SYSTEM32\HVUARL.DLL HKLM\Software\Classes\CLSID\{2858bad6-8c22-4655-a974-921887bd8cb8} HKCR\CLSID\{2858BAD6-8C22-4655-A974-921887BD8CB8} HKCR\CLSID\{2858BAD6-8C22-4655-A974-921887BD8CB8}\inprocserver32 HKCR\CLSID\{2858BAD6-8C22-4655-A974-921887BD8CB8}\inprocserver32#ThreadingModel C:\WINDOWS\SYSTEM32\FOVPFPGR.DLL C:\WINDOWS\SYSTEM32\OLHKTSTN.DLL C:\WINDOWS\SYSTEM32\PARGWY.DLL C:\WINDOWS\SYSTEM32\RPDRKFUG.DLL C:\WINDOWS\SYSTEM32\UVLJCKRP.DLL Trojan.Downloader-NewJuan/VM C:\WINDOWS\SYSTEM32\PPHRFS.DLL C:\WINDOWS\SYSTEM32\PPHRFS.DLL Trojan.Vundo-Variant/Packed-GEN C:\WINDOWS\SYSTEM32\DDCCRKCY.DLL C:\WINDOWS\SYSTEM32\DDCCRKCY.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{739D8074-E857-4DE0-8064-71115F3A4D3B} HKCR\CLSID\{739D8074-E857-4DE0-8064-71115F3A4D3B} HKCR\CLSID\{739D8074-E857-4DE0-8064-71115F3A4D3B}\InprocServer32 HKCR\CLSID\{739D8074-E857-4DE0-8064-71115F3A4D3B}\InprocServer32#ThreadingModel HKU\S-1-5-21-2515699666-69994545-943733920-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{739D8074-E857-4DE0-8064-71115F3A4D3B} Unclassified.Unknown Origin HKLM\Software\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C} HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32 HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\PMNKKAQJ.DLL HKLM\Software\Classes\CLSID\{c9c42510-9b21-41c1-9dcd-8382a2d07c61} HKCR\CLSID\{C9C42510-9B21-41C1-9DCD-8382A2D07C61} HKCR\CLSID\{C9C42510-9B21-41C1-9DCD-8382A2D07C61} HKCR\CLSID\{C9C42510-9B21-41C1-9DCD-8382A2D07C61}\inprocserver32 HKCR\CLSID\{C9C42510-9B21-41C1-9DCD-8382A2D07C61}\inprocserver32#ThreadingModel C:\WINDOWS\SYSTEM32\IEHELPER.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKU\S-1-5-21-2515699666-69994545-943733920-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} HKU\S-1-5-21-2515699666-69994545-943733920-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{933E7167-F302-48C8-A4E9-19C4D4C15B3B} HKU\S-1-5-21-2515699666-69994545-943733920-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c9c42510-9b21-41c1-9dcd-8382a2d07c61} HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C} Malware.LocusSoftware Inc/BestSellerAntivirus HKU\S-1-5-21-2515699666-69994545-943733920-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7A7F202E-AF91-4889-9DD5-2FE241085CC1} Adware.Vundo Variant HKU\S-1-5-21-2515699666-69994545-943733920-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5BF49A2-94F3-42BD-F434-3604812C8955} C:\SYSTEM VOLUME INFORMATION\_RESTORE{EA10BEA4-2D2C-494D-9EF3-5EC8A5B65143}\RP4\A0002181.DLL Adware.Vundo Variant/Rel HKLM\SOFTWARE\Microsoft\FCOVM HKLM\SOFTWARE\Microsoft\RemoveRP HKLM\SOFTWARE\Microsoft\MS Juan HKLM\SOFTWARE\Microsoft\MS Juan#RID HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#LTM HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#CDY HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#CNT HKLM\SOFTWARE\Microsoft\MS Juan\JKWL HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\trojan-phisher-sinowal HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\trojan-phisher-sinowal#LU HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\trojan-phisher-sinowal#CT HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\trojan-phisher-sinowal#LT HKLM\SOFTWARE\Microsoft\MS Juan\metajuan HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#LTM HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#CDY HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#CNT HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#LBL HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#MN HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg#LTM HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg#CDY HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg#CNT HKLM\SOFTWARE\Microsoft\MS Juan\profiling4 HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#LTM HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#CDY HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#CNT HKLM\SOFTWARE\Microsoft\MS Juan\superjuan HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#LTM HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#CDY HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#CNT HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#LTM HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#CDY HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#CNT HKLM\SOFTWARE\Microsoft\contim HKLM\SOFTWARE\Microsoft\contim#SysShell HKLM\SOFTWARE\Microsoft\MS Track System HKLM\SOFTWARE\Microsoft\MS Track System#Uid HKLM\SOFTWARE\Microsoft\MS Track System#Click1 HKLM\SOFTWARE\Microsoft\MS Track System#Uqs HKLM\SOFTWARE\Microsoft\rdfa HKLM\SOFTWARE\Microsoft\rdfa#F HKLM\SOFTWARE\Microsoft\rdfa#N Rogue.Component/Trace HKLM\Software\Microsoft\D8DC1437 HKLM\Software\Microsoft\D8DC1437#d8dc1437 HKLM\Software\Microsoft\D8DC1437#Version HKLM\Software\Microsoft\D8DC1437#d8dcb9b7 HKLM\Software\Microsoft\D8DC1437#d8dcd052 HKU\S-1-5-21-2515699666-69994545-943733920-1006\Software\Microsoft\CS41275 HKU\S-1-5-21-2515699666-69994545-943733920-1006\Software\Microsoft\FIAS4018 Trojan.Unknown Origin C:\MYWYXNGK.EXE C:\OKPOMQ.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{EA10BEA4-2D2C-494D-9EF3-5EC8A5B65143}\RP3\A0000083.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{EA10BEA4-2D2C-494D-9EF3-5EC8A5B65143}\RP3\A0000084.EXE Rootkit.TDSServ/Fake C:\SYSTEM VOLUME INFORMATION\_RESTORE{EA10BEA4-2D2C-494D-9EF3-5EC8A5B65143}\RP3\A0002052.SYS Rootkit.TDSServ-Trace C:\WINDOWS\SYSTEM32\TDSSKKAI.LOG C:\WINDOWS\SYSTEM32\TDSSMTVD.DAT
  2. lazark

    SAS, windows XP and virtumonde conflict

    i have the exact same problem. if you've figured out how to solve it , please post. otherwise, i guess this is just a bump. thanks
×