Are all ServicePacks and Windowsupdates applied ? Please CHECK !!Sometime ago I had a problem with my OS and after reinstalling it I can’t seem to install any windows updates, before that I had the SP2. the result is that I disabled automatic updates and if I try to update they are downloaded but never installed
What name does avast give the virus (e.g. like: “Win32:Netsky-P [Wrm]” ) ?The name is INF:AutoRun-V[trj]
Where exactly was the infected File found (full path/folder/filename, e.g. like c:\Windows\system32\virusfile.exe) ? The infected file is found in F:\autorun.inf
Now my question is if every memory stick or pen drive I insert in the USB port causes the same reaction from AVAST, even if the device has been cleaned using AVAST on another machine or even formatted, could it be some sort of false alarm? And if so who can I use memory sticks in my USB drive again, Any suggestions?
Thank you,
the problem is in a infection of the USB stick when plugging it to your PC imho… it seems to have an running autorun virus dropper on your machine… standard shiled catches the autorun.inf when writing it to a USB stick…
If I understan you correctly my machine is infecting all USB stick when inserted into it…
If so what can I do to clean it?
Recently I had an infection by a virus called virut my OS didn’t load so I had to take the machine to a lab where I was told that it was cleaned and returned to me more or less in a functioning state. Should I go back there?
Virut is very dangerous file infector… i don’t know what they did with your PC to recover your files, but we can assume, that the Virut infection is gone… btw: Virut does not drop any autoruns… you should run HiJackThis and post the log here… we’ll analyze it and tell you more
Hi,
This is the log from Hijackthis:
a-squared Anti-Malware - Version 3.5
Last update: 03/06/2008 15:48:07
Scan settings:
Objects: Memory, Traces, Cookies, C:\WINDOWS, C:\Archivos de programa
Scan archives: On
Heuristics: On
ADS Scan: On
Inicio de examen: 03/06/2008 16:19:00
c:\archivos de programa\radlight company detectado: Trace.Directory.RadLight
c:\archivos de programa\radlight company\radlight 4.0 detectado: Trace.Directory.RadLight
c:\archivos de programa\radlight company\radlight 4.0\capture detectado: Trace.Directory.RadLight
c:\windows\downloaded program files\default.inf detectado: Trace.File.iePlugin
Key: HKEY_USERS\S-1-5-21-1048142505-2451093677-520032851-1006\software\install detectado: Trace.Registry.AdClicker
C:\Documents and Settings\Bar la Plazita\Cookies\bar la plazita@atdmt[2].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar la plazita@atdmt[3].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@2o7[1].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@adserver.hispavista[1].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@adtech[1].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@adtech[2].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@advertising[1].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@advertising[3].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@atdmt[2].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@atdmt[3].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@bravenet[2].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@bs.serving-sys[2].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@com[1].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@com[2].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@doubleclick[1].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@doubleclick[2].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@doubleclick[4].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@fastclick[1].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@goclick[2].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@google.com[1].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@google.com[2].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@hitbox[1].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@hitbox[3].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@media.adrevolver[1].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@media.adrevolver[2].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@media.hotels[1].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@media.sensis.com[1].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@mediaplex[1].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@qksrv[2].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@server.iad.liveperson[1].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@serving-sys[2].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@specificclick[2].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@stat.onestat[2].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@statcounter[1].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@statcounter[3].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@statse.webtrendslive[1].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@tradedoubler[2].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@tradedoubler[3].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@webtrends.swiss[1].txt detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:76 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:244 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:277 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:278 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:316 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:365 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:376 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:377 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:378 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:408 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:438 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:492 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:493 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:494 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:504 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:505 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:519 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:533 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:546 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:547 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:548 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:549 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:611 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:612 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:613 detectado: Trace.TrackingCookie
C:\WINDOWS\Temp\DIL19.tmp detectado: Trojan-Downloader.Win32.Small.wbx
yet another log.
a-squared Anti-Malware - Version 3.5
Last update: 03/06/2008 15:48:07
Scan settings:
Objects: Memory, Traces, Cookies, C:, D:
Scan archives: On
Heuristics: On
ADS Scan: On
Inicio de examen: 03/06/2008 19:29:25
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:77 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:245 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:278 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:279 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:317 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:366 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:377 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:378 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:379 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:409 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:439 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:493 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:494 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:495 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:505 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:506 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:520 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:534 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:547 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:548 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:549 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:550 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:612 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:613 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:614 detectado: Trace.TrackingCookie
C:\RECYCLER\S-1-5-21-1202660629-823518204-725345543-500\Dh40.exe detectado: Worm.Win32.AutoRun.dxh
C:\System Volume Information_restore{2F27279E-5E99-43C1-9131-999EB1615857}\RP15\A0004582.exe detectado: Worm.Win32.AutoRun.dxh
Fin de examen: 03/06/2008 21:41:00
Tiempo de examen: 2:11:35
C:\RECYCLER\S-1-5-21-1202660629-823518204-725345543-500\Dh40.exe quarantined: Worm.Win32.AutoRun.dxh
C:\System Volume Information_restore{2F27279E-5E99-43C1-9131-999EB1615857}\RP15\A0004582.exe quarantined: Worm.Win32.AutoRun.dxh
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:77 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:245 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:278 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:279 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:317 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:366 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:377 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:378 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:379 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:409 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:439 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:493 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:494 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:495 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:505 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:506 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:520 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:534 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:547 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:548 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:549 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:550 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:612 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:613 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:614 quarantined: Trace.TrackingCookie
something related to autorun virus (Worm.Win32.AutoRun.dxh) was there… can you see any autorun.inf on your fixed drives? look to the system drive root for it… the file could be hidden by its attribute, you can unhide it or choose to show hidden files within your file manager…
Hi,
I’ve found a few autorun.inf :
one in E: where I have the Windows SP3 in process of installation.
one in Program files/microsoft office
one in Program files/hp deskjet 3320 series/win2k_xp
one in Program files/microsoft office/ORK
How do I know what to do next?
The a-squared keep scanning my computer and this is the last log I had, if the file went to quarantine last time how can it keep appearing there?
a-squared Anti-Malware - Version 3.5
Last update: 04/06/2008 1:36:02
Scan settings:
Objects: Memory, Traces, Cookies, C:, D:
Scan archives: On
Heuristics: On
ADS Scan: On
Inicio de examen: 04/06/2008 9:56:04
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:25 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:56 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:57 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:136 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:277 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:310 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:311 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:386 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:397 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:398 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:399 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:429 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:451 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:501 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:502 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:503 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:517 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:531 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:544 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:545 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:546 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:547 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:609 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:610 detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:611 detectado: Trace.TrackingCookie
C:\System Volume Information_restore{2F27279E-5E99-43C1-9131-999EB1615857}\RP16\A0004635.exe detectado: Worm.Win32.AutoRun.dxh
Fin de examen: 04/06/2008 11:52:25
Tiempo de examen: 1:56:21
C:\System Volume Information_restore{2F27279E-5E99-43C1-9131-999EB1615857}\RP16\A0004635.exe quarantined: Worm.Win32.AutoRun.dxh
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:25 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:56 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:57 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:136 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:277 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:310 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:311 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:386 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:397 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:398 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:399 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:429 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:451 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:501 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:502 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:503 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:517 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:531 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:544 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:545 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:546 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:547 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:609 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:610 quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:611 quarantined: Trace.TrackingCookie
Is it safe for me to delete the files that have been sent to quarantine? Will this mean that my machine is clean? Sorry I have no idea and would really appreciate your help.
Thanks.
Hello again,
I have done this hijackthis scan and this is the log, I believe the previous ones were not what you asked for. Please let me know if my machine is really clean:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:23:34, on 12/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Dell\QuickSet\NICCONFIGSVC.exe
C:\Archivos de programa\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Archivos de programa\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Digital Line Detect\DLG.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\Skype\Phone\Skype.exe
C:\Archivos de programa\Skype\Plugin Manager\skypePM.exe
C:\Archivos de programa\eMule\emule.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\DOCUME~1\BARLAP~1\CONFIG~1\Temp\mexe.com
C:\DOCUME~1\BARLAP~1\CONFIG~1\Temp\download.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.es/ig/dell?hl=es&client=dell-row&channel=es&ibd=3060924
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thehungersite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.es/ig/dell?hl=es&client=dell-row&channel=es&ibd=3060924
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM..\Run: [dscactivate] “C:\Archivos de programa\Dell Support Center\gs_agent\custom\dsca.exe”
O4 - HKLM..\Run: [DellSupportCenter] “C:\Archivos de programa\Dell Support Center\bin\sprtcmd.exe” /P DellSupportCenter
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU..\Run: [DellSupportCenter] “C:\Archivos de programa\Dell Support Center\bin\sprtcmd.exe” /P DellSupportCenter
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Policies\Explorer\Run: [Windows Security Tool] WinSecure.exe
O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICIO LOCAL’)
O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Servicio de red’)
O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/19.11/uploader2.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {525019DF-8282-40DC-A0E0-13C076889F66} (InstallerSf Control) - http://www.softonic.com/sinespias/installer.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202824909312
O16 - DPF: {7142BA01-8BDF-11CF-9E23-0000E8A37440} (Surround Video Control Object) - http://www.strolling.com/main/svideo.cab
O17 - HKLM\System\CCS\Services\Tcpip..{4A691AC9-013A-4590-BBD3-E3CDB7023D19}: NameServer = 217.11.96.234,217.11.108.234
O17 - HKLM\System\CS1\Services\Tcpip..{4A691AC9-013A-4590-BBD3-E3CDB7023D19}: NameServer = 217.11.96.234,217.11.108.234
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Unknown owner - C:\Archivos de programa\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Archivos de programa\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Archivos de programa\Dell Support Center\bin\sprtsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Sistema de alimentación ininterrumpida (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE