Jump to content
Sign in to follow this  
Followers 0
movingmalibu

log of new virus/malware

By movingmalibu, in General Questions

Recommended Posts

movingmalibu   

movingmalibu
Posted

Hello,

my computer is infected with a new virus, and I was asked by the team at Kaspersky to run superantispyware, and then post the log file.

Here is the log file.

I have not "cleaned" or fixed any of the threats detected by your software (as recommended by Kaspersky team). Please advise as to what I should do next

Best Regards

Franco

Share this post

Link to post
Share on other sites

siliconman01   

siliconman01
Posted

The SAS log file is a .txt file. Just copy and paste it directly into your forum post. If it is a really long log, you may have to break it into 2 or more posts.

Share this post

Link to post
Share on other sites

movingmalibu   

movingmalibu
Posted

Here is the log.

Thanks for any help you guys can provide

Franco

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 01/07/2009 at 06:20 PM

Application Version : 4.24.1004

Core Rules Database Version : 3699

Trace Rules Database Version: 1675

Scan type : Complete Scan

Total Scan Time : 00:26:50

Memory items scanned : 353

Memory threats detected : 0

Registry items scanned : 5319

Registry threats detected : 19

File items scanned : 19077

File threats detected : 123

MyWay Search Assistant Computers

HKLM\Software\Classes\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}

HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}

HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}

HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32

HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel

HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\Programmable

C:\PROGRAM FILES\MYWAYSA\SRCHASDE\DESRCAS.DLL

HKLM\Software\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}

HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}

HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}

HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32

HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel

HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\Programmable

HKU\S-1-5-21-2523365813-1988538056-3407220794-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75}

HKU\S-1-5-21-2523365813-1988538056-3407220794-1006\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75}

HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75}

Adware.Tracking Cookie

C:\Documents and Settings\Nadine\Cookies\nadine@atdmt[1].txt

C:\Documents and Settings\Nadine\Cookies\nadine@adserver.adtechus[1].txt

C:\Documents and Settings\Nadine\Cookies\nadine@overture[1].txt

C:\Documents and Settings\Nadine\Cookies\nadine@onlinevirus-scanner[1].txt

C:\Documents and Settings\Nadine\Cookies\nadine@protected-clicks-system[1].txt

C:\Documents and Settings\Nadine\Cookies\nadine@tribalfusion[2].txt

C:\Documents and Settings\Franco\Cookies\franco@phpmvstats[2].txt

C:\Documents and Settings\Franco\Cookies\franco@sales.liveperson[2].txt

C:\Documents and Settings\Franco\Cookies\franco@bluestreak[2].txt

C:\Documents and Settings\Franco\Cookies\franco@mediaplex[2].txt

C:\Documents and Settings\Franco\Cookies\franco@hitbox[1].txt

C:\Documents and Settings\Franco\Cookies\franco@zedo[1].txt

C:\Documents and Settings\Franco\Cookies\franco@realmedia[2].txt

C:\Documents and Settings\Franco\Cookies\franco@statse.webtrendslive[2].txt

C:\Documents and Settings\Franco\Cookies\franco@chumtv.122.2o7[1].txt

C:\Documents and Settings\Franco\Cookies\franco@msnaccountservices.112.2o7[1].txt

C:\Documents and Settings\Franco\Cookies\franco@adserver[1].txt

C:\Documents and Settings\Franco\Cookies\franco@www.meteomedia[1].txt

C:\Documents and Settings\Franco\Cookies\franco@adlegend[1].txt

C:\Documents and Settings\Franco\Cookies\franco@insightexpressai[1].txt

C:\Documents and Settings\Franco\Cookies\franco@linksynergy[2].txt

C:\Documents and Settings\Franco\Cookies\franco@optimize.indieclick[2].txt

C:\Documents and Settings\Franco\Cookies\franco@xiti[1].txt

C:\Documents and Settings\Franco\Cookies\franco@ads.mediamayhemcorp[2].txt

C:\Documents and Settings\Franco\Cookies\franco@specificclick[2].txt

C:\Documents and Settings\Franco\Cookies\franco@overture[1].txt

C:\Documents and Settings\Franco\Cookies\franco@kontera[2].txt

C:\Documents and Settings\Franco\Cookies\franco@trackersurfer[2].txt

C:\Documents and Settings\Franco\Cookies\franco@fastclick[2].txt

C:\Documents and Settings\Franco\Cookies\franco@adcentriconline[2].txt

C:\Documents and Settings\Franco\Cookies\franco@questionmarket[1].txt

C:\Documents and Settings\Franco\Cookies\franco@ads.bridgetrack[2].txt

C:\Documents and Settings\Franco\Cookies\franco@vitamine.networldmedia[1].txt

C:\Documents and Settings\Franco\Cookies\franco@ad1.clickhype[1].txt

C:\Documents and Settings\Franco\Cookies\franco@ad.yieldmanager[2].txt

C:\Documents and Settings\Franco\Cookies\franco@banner.eurogrand[1].txt

C:\Documents and Settings\Franco\Cookies\franco@adecn[1].txt

C:\Documents and Settings\Franco\Cookies\franco@ehg-yellowpages.hitbox[1].txt

C:\Documents and Settings\Franco\Cookies\franco@toplist[2].txt

C:\Documents and Settings\Franco\Cookies\franco@networldmedia[2].txt

C:\Documents and Settings\Franco\Cookies\franco@ads.bleublancrouge[1].txt

C:\Documents and Settings\Franco\Cookies\franco@ad.ieurop[1].txt

C:\Documents and Settings\Franco\Cookies\franco@atdmt[2].txt

C:\Documents and Settings\Franco\Cookies\franco@aimfar.solution.weborama[1].txt

C:\Documents and Settings\Franco\Cookies\franco@trafficmp[2].txt

C:\Documents and Settings\Franco\Cookies\franco@ads.pointroll[1].txt

C:\Documents and Settings\Franco\Cookies\franco@advertstream[2].txt

C:\Documents and Settings\Franco\Cookies\franco@partypoker[2].txt

C:\Documents and Settings\Franco\Cookies\franco@ads.bittorrent[2].txt

C:\Documents and Settings\Franco\Cookies\franco@burstnet[2].txt

C:\Documents and Settings\Franco\Cookies\franco@adcowebmedia[1].txt

C:\Documents and Settings\Franco\Cookies\franco@apmebf[1].txt

C:\Documents and Settings\Franco\Cookies\franco@adbrite[1].txt

C:\Documents and Settings\Franco\Cookies\franco@weborama[1].txt

C:\Documents and Settings\Franco\Cookies\franco@serving-sys[1].txt

C:\Documents and Settings\Franco\Cookies\franco@adserver.adreactor[1].txt

C:\Documents and Settings\Franco\Cookies\franco@travidia.112.2o7[1].txt

C:\Documents and Settings\Franco\Cookies\franco@smartadserver[1].txt

C:\Documents and Settings\Franco\Cookies\franco@ads.cnn[2].txt

C:\Documents and Settings\Franco\Cookies\franco@tribalfusion[2].txt

C:\Documents and Settings\Franco\Cookies\franco@adtech[1].txt

C:\Documents and Settings\Franco\Cookies\franco@media.adrevolver[2].txt

C:\Documents and Settings\Franco\Cookies\franco@adrevolver[2].txt

C:\Documents and Settings\Franco\Cookies\franco@ads.poweradvertising[1].txt

C:\Documents and Settings\Franco\Cookies\franco@www.entrepreneur[1].txt

C:\Documents and Settings\Franco\Cookies\franco@adrevolver[3].txt

C:\Documents and Settings\Franco\Cookies\franco@tripod[2].txt

C:\Documents and Settings\Franco\Cookies\franco@tracker.affistats[2].txt

C:\Documents and Settings\Franco\Cookies\franco@fr.classic.clickintext[2].txt

C:\Documents and Settings\Franco\Cookies\franco@canoe.112.2o7[1].txt

C:\Documents and Settings\Franco\Cookies\franco@ad.zanox[2].txt

C:\Documents and Settings\Franco\Cookies\franco@2o7[2].txt

C:\Documents and Settings\Franco\Cookies\franco@ehg-foxsports.hitbox[1].txt

C:\Documents and Settings\Franco\Cookies\franco@ads.planetactive[1].txt

C:\Documents and Settings\Franco\Cookies\franco@tradedoubler[1].txt

C:\Documents and Settings\Franco\Cookies\franco@adopt.euroclick[1].txt

C:\Documents and Settings\Franco\Cookies\franco@videoegg.adbureau[2].txt

C:\Documents and Settings\Franco\Cookies\franco@partner2profit[2].txt

C:\Documents and Settings\Franco\Cookies\franco@leeenterprises.112.2o7[1].txt

C:\Documents and Settings\Franco\Cookies\franco@247realmedia[2].txt

C:\Documents and Settings\Franco\Cookies\franco@ads.missingmethod[2].txt

C:\Documents and Settings\Franco\Cookies\franco@ads.networldmedia[1].txt

C:\Documents and Settings\Franco\Cookies\franco@advertising[2].txt

C:\Documents and Settings\Franco\Cookies\franco@bizrate[1].txt

C:\Documents and Settings\Franco\Cookies\franco@atlas.entrepreneur[1].txt

C:\Documents and Settings\Franco\Cookies\franco@bs.serving-sys[2].txt

C:\Documents and Settings\Franco\Cookies\franco@casalemedia[1].txt

C:\Documents and Settings\Franco\Cookies\franco@clickintext[2].txt

C:\Documents and Settings\Franco\Cookies\franco@clickinvideo[2].txt

C:\Documents and Settings\Franco\Cookies\franco@clicktorrent[1].txt

C:\Documents and Settings\Franco\Cookies\franco@data.coremetrics[1].txt

C:\Documents and Settings\Franco\Cookies\franco@doubleclick[2].txt

C:\Documents and Settings\Franco\Cookies\franco@ehg-ctv.hitbox[1].txt

C:\Documents and Settings\Franco\Cookies\franco@entrepreneur.122.2o7[1].txt

C:\Documents and Settings\Franco\Cookies\franco@imediablast[2].txt

C:\Documents and Settings\Franco\Cookies\franco@media6degrees[2].txt

C:\Documents and Settings\Franco\Cookies\franco@metacafe.122.2o7[1].txt

C:\Documents and Settings\Franco\Cookies\franco@monstersandcritics.advertserve[1].txt

C:\Documents and Settings\Franco\Cookies\franco@msnportal.112.2o7[1].txt

C:\Documents and Settings\Franco\Cookies\franco@myroitracking[1].txt

C:\Documents and Settings\Franco\Cookies\franco@nextag[2].txt

C:\Documents and Settings\Franco\Cookies\franco@perf.overture[1].txt

C:\Documents and Settings\Franco\Cookies\franco@revsci[2].txt

C:\Documents and Settings\Franco\Cookies\franco@serv.clicksor[1].txt

C:\Documents and Settings\Franco\Cookies\franco@statcounter[2].txt

C:\Documents and Settings\Franco\Cookies\franco@tacoda[2].txt

C:\Documents and Settings\Franco\Cookies\franco@www.hobbieselite[2].txt

C:\Documents and Settings\Franco\Cookies\franco@yadro[1].txt

C:\Documents and Settings\Nadine\Cookies\nadine@serving-sys[1].txt

C:\Documents and Settings\Nadine\Cookies\nadine@serving-sys[3].txt

C:\Documents and Settings\Sofia\Cookies\sofia@doubleclick[1].txt

C:\Documents and Settings\Sofia\Cookies\sofia@iacas.adbureau[2].txt

C:\Documents and Settings\Sofia\Cookies\sofia@adcentriconline[1].txt

C:\Documents and Settings\Sofia\Cookies\sofia@revsci[2].txt

C:\Documents and Settings\Sofia\Cookies\sofia@smartadserver[2].txt

C:\Documents and Settings\Sofia\Cookies\sofia@serving-sys[2].txt

C:\Documents and Settings\Sofia\Cookies\sofia@atdmt[2].txt

C:\Documents and Settings\Sofia\Cookies\sofia@bs.serving-sys[1].txt

C:\Documents and Settings\Sofia\Cookies\sofia@ehg-yellowpages.hitbox[1].txt

C:\Documents and Settings\Sofia\Cookies\sofia@hitbox[1].txt

C:\Documents and Settings\Sofia\Cookies\sofia@maxserving[1].txt

Trojan.Unknown Origin

HKLM\Software\xpre

HKLM\Software\xpre#execount

Rogue.Component/Trace

HKU\S-1-5-21-2523365813-1988538056-3407220794-1006\Software\Microsoft\CS41275

Adware.Vundo/Variant-EC

C:\WINDOWS\SYSTEM32\FILAWUZO.DLL

Share this post

Link to post
Share on other sites

siliconman01   

siliconman01
Posted

I recommend that you let SAS quarantine all the items it has found per your log. Is there something specific in the log that concerns you as to whether it should be quarantined? Everything shown in the log needs to be quarantined.

SAS "may" want to reboot after the quarantine. IF so, please reboot.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing General Questions
×