wife's computer acting up (help NIOBIS)

actually, now that i think about it, about that thing that was IGNORED, on the AVG if you click on the thing that says IGNORE u can change it to delete or quaranteen and some other stuff, i think she might have just left it as ignore once and since i wasnt there when she did it, i didnt tell her otherwise, i will have her run it again an if it appears again change it to delete, instead of ignore once, that should fix the problem right?


* IT CERTIFIED

 

There's really no point in running another scan just to find one registry key. Just create the .reg file, open it, and click Yes to merge it with the registry...easy as 1, 2, 3.

 

Thanks Niobis for another successful kill. Bookmarked to check for this one at work on friday. The other users keep getting keyloggers, I run slax live in there myself..

Does it get you when a junior comes and argues with a tried and tested method to kill these nasties? Maybe a quick dose of STFU&RTFM? Auto kill applications never get 100% Only a manual "seek and destroy" is good enough to be really sure. (as I learned from parite)
Keep up the good work "obi wan".. I like that, it fits See you around.

 

ok will do, i will install a windows spoiler while im rumaging through her registry to make her computer more aerodynamic!

 

newbies,,cant live with them,,,,,cant live with them,,,,,

you have a cool screen name, like one of my favorite songs WELCOME TO JANROCKS!

janrocks you can be yoda, ill be 3CPO,,,,oh my,,,,

 

ok, but it was funny.

 

ok seriously,,,

i ran a kabersky check on my home computer, and now im getting a bunch of other stuff,,,,this is ridiculous,,,im slicing my computers throat!

here is the report:

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_2152711346_851968_72259 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{4AB22436-A57C-4174-8220-A7A111D6078D}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\Boom\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Application Data\Microsoft\Messenger\exodus125@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Application Data\Microsoft\Messenger\exodus125@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Application Data\Microsoft\Messenger\exodus125@hotmail.com\SharingMetadata\Working\database_E880_4FF1_804F_C4B2\dfsr.db Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Application Data\Microsoft\Messenger\exodus125@hotmail.com\SharingMetadata\Working\database_E880_4FF1_804F_C4B2\fsr.log Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Application Data\Microsoft\Messenger\exodus125@hotmail.com\SharingMetadata\Working\database_E880_4FF1_804F_C4B2\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Application Data\Microsoft\Messenger\exodus125@hotmail.com\SharingMetadata\Working\database_E880_4FF1_804F_C4B2\tmp.edb Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Application Data\Microsoft\Windows Live Contacts\exodus125@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Application Data\Microsoft\Windows Live Contacts\exodus125@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\History\History.IE5\MSHist012006112820061129\index.dat Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Temp\ mon010.log Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Temp\~DF7813.tmp Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Temp\~DF781E.tmp Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Temp\~DF8930.tmp Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Temp\~DF8940.tmp Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Boom\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Boom\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Met\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Met\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\northwnd.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\northwnd.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\pubs.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\pubs_log.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\MshConf\scoffset.bin.incr Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A4927DCB-FB28-4077-AE7D-6EBCF55404BE}\RP1\A0000025.dll Infected: not-virus:Hoax.Win32.Renos.gg skipped
C:\System Volume Information\_restore{A4927DCB-FB28-4077-AE7D-6EBCF55404BE}\RP2\A0000554.dll Infected: Trojan-Downloader.Win32.Zlob.aoi skipped
C:\System Volume Information\_restore{A4927DCB-FB28-4077-AE7D-6EBCF55404BE}\RP2\A0000555.exe Infected: Trojan-Downloader.Win32.Zlob.bai skipped
C:\System Volume Information\_restore{A4927DCB-FB28-4077-AE7D-6EBCF55404BE}\RP2\A0000560.exe Infected: Trojan-Downloader.Win32.Zlob.azl skipped
C:\System Volume Information\_restore{A4927DCB-FB28-4077-AE7D-6EBCF55404BE}\RP2\A0000561.exe Infected: Trojan-Downloader.Win32.Zlob.azm skipped
C:\System Volume Information\_restore{A4927DCB-FB28-4077-AE7D-6EBCF55404BE}\RP2\A0000564.exe Infected: Trojan-Downloader.Win32.Zlob.bai skipped
C:\System Volume Information\_restore{A4927DCB-FB28-4077-AE7D-6EBCF55404BE}\RP22\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{5D627473-E4EA-4484-B662-86501E256E34}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_adc.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

 

@janrocks, thanks!

Nah, not really. I just hope CiDaemon realizes that HijackThis will show us so much more. Not only do I need to know what infections might be present, I also need to know what anti-programs are running on a computer so I know what has and has not been ran. Also need to see those anti-programs so I don't request they download almost the same program. For example: if some on is running SpySweeper, I wouldn't want to request they download AVGAS unless absolutely necessary.

Even more. I also need to know if the user is running a firewall or anti-virus. Is Java up-to-date? Is Windows up-to-date?

It's just HijackThis log can tell you so much about a system, and to clean the computer, one needs to know these things.


@exodus125,

Don't get too mad mate. There's nothing to worry about. The infection(Zlob) is only in the System Restore folder. It isn't escaping to become active. Clean the System Restore folder by simply turning if off and back on.

Right click [bold]My Computer[/bold] > [bold]Properties[/bold] > [bold]System Restore tab[/bold] > check "[bold]Turn off System Restore[/bold]".
Click [bold]Apply[/bold], then [bold]OK[/bold].
Restart and turn System Restore back on.

Edit: also, exodus125, if I could ask you a favor, please edit out that spam you received via email...thank you.

 

Okay, Okay, I give up! Stop making fun of me ;( .

I agree that HjT will be much better to use... as long as you have someone who can read and decypher process lists, running services, and regestry entries in order to find something that does not belong. Hooray for the 1% solution!

And since when am I a "newbie"??!!