caldur06 Posted May 9, 2012 hey, I was told I had a trojan virus after running superantispyware (and a bunch of "warnings" popping up that I needed to "can my computer"). this is the log from the scan: SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 05/08/2012 at 11:32 PM Application Version : 5.0.1146 Core Rules Database Version : 8571 Trace Rules Database Version: 6383 Scan type : Complete Scan Total Scan Time : 00:55:48 Operating System Information Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600) Administrator Memory items scanned : 500 Memory threats detected : 1 Registry items scanned : 35832 Registry threats detected : 0 File items scanned : 15898 File threats detected : 7 Adware.Tracking Cookie C:\Documents and Settings\Owner\Cookies\NXYUADSX.txt [ /ar.atwola.com ] C:\Documents and Settings\Owner\Cookies\Y94K4BNQ.txt [ /cdn.at.atwola.com ] C:\Documents and Settings\Owner\Cookies\80XDLMZA.txt [ /at.atwola.com ] C:\Documents and Settings\Owner\Cookies\WWN6VNPL.txt [ /tacoda.at.atwola.com ] C:\Documents and Settings\Owner\Cookies\WGZG703X.txt [ /atwola.com ] C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\ANX5OORZ.txt [ Cookie:owner@adsonar.com/adserving ] Trojan.Agent/Gen-RoguePak C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\LUXXCFXJDWITC.EXE C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\LUXXCFXJDWITC.EXE I did have to stop it before it was finished. I immediately had it remove threats and restart, however, but now there are a number of items "missing" as in they do not load (or are hidden from any sort of obvious access). for instance, the desktop icons and shortcuts I normally use are gone- all of them- except that when I use the keyboard command to open my computer and switch to the desktop menu view, I can see all the same things there were before (and still open them, so I know nothing was lost). my question is... what should I do? do I start with trying to run system restore (which is missing from the accessories) or run superantispyware again? Share this post Link to post Share on other sites
throkr Posted May 9, 2012 SAS has a restore possibilty from the quarantine which you could use in the first time, rather than the system restoration (especially in Win XP ...). Share this post Link to post Share on other sites
GuiltySpark Posted May 9, 2012 Boot into Safe mode and select Administrator then run the Full scan again. Share this post Link to post Share on other sites
xCom Posted May 9, 2012 I'm no virus expert but I found your topic because you had the same virus program name as I did: LUXXCFXJDWITC.EXE . I got multiple errors stating: "A write command during the test has failed to complete. This may be due to a media or read/write error. The system generates an exception error when using a reference to an invalid system memory address" after that I got a hard drive error telling me to scan. Then all my files disappeared except for like My Computer and a few others. Also most of my start menu stuff disappeared too. None of my antivirus are even picking it up to remove it so I don't know how to get rid of it. Anyhow, I read that this thing we got has very similar symptons to a Smart HDD virus going around. It hides all your files making it seem like they were deleted. Just download unhide.exe and it will do the trick. It did for me, however I know its still on my computer because I can't do a successful system restore. and my Hijackthis program shows its still there too. Share this post Link to post Share on other sites
SAS Customer Service Posted May 9, 2012 Run this for the hidden files: http://download.bleepingcomputer.com/grinler/unhide.exe Create a support ticket if there is malware on your system that isn't being detected. Share this post Link to post Share on other sites
