Hello,
I have a virus, undetected by Avast Free. Here is a picture :
http://img30.imageshack.us/img30/6650/sanstitrebjt.png
I can’t remove it, even with Malwarebytes.
Please help me, and sorry but i’m french.
I’m on Vista.
Are you running the latest Malwarebytes ? 1.44 database 3749
You can also try
SuperAntiSpyware 4.33.1000 http://filehippo.com/download_superantispyware/
Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26
did it work?
post the scan logs here
I was running the last version of malwarebytes and i’m downloading Superantispyware.
Here’s a picture of the certificate :
http://img641.imageshack.us/img641/4050/sanstitrecb.png
What must i do ?
I am not sure this is a virus … ???
This looks to be something with AOL mobile, is that something you have ?
have you downloaded something to your cellphone?
AOL Mobile - Mobile Applications and Cell Phones
http://mobile.aol.com/
if you look in ad/remove programs you may fiend a program with this name and uninstall ?
Here is the log :
SUPERAntiSpyware Scan Log http://www.superantispyware.comGenerated 02/17/2010 at 09:24 AM
Application Version : 4.33.1000
Core Rules Database Version : 4595
Trace Rules Database Version: 1978Scan type : Quick Scan
Total Scan Time : 00:25:11Memory items scanned : 750
Memory threats detected : 1
Registry items scanned : 528
Registry threats detected : 6
File items scanned : 22858
File threats detected : 29Trojan.Agent/Gen-Hack
C:\USERS\WOLF\LOCALS~1\APPLIC~1\MICROS~1\COMREPL.EXE
C:\USERS\WOLF\LOCALS~1\APPLIC~1\MICROS~1\COMREPL.EXE
[ClipSrv] C:\USERS\WOLF\APPDATA\LOCAL\TEMP\CLIPSRV.EXE
C:\USERS\WOLF\APPDATA\LOCAL\TEMP\CLIPSRV.EXE
[DllHst] C:\WINDOWS\DLLHST3G.EXE
C:\WINDOWS\DLLHST3G.EXE
[DllHst] C:\WINDOWS\SYSTEM\DLLHST3G.EXE
C:\WINDOWS\SYSTEM\DLLHST3G.EXE
[Cisvc] C:\USERS\WOLF\APPDATA\ROAMING\MICROS~1\CISVC.EXE
C:\USERS\WOLF\APPDATA\ROAMING\MICROS~1\CISVC.EXE
[DllHst] C:\WINDOWS\SYSTEM\DLLHST3G.EXE
[load] C:\USERS\WOLF\LOCALS~1\APPLIC~1\MICROS~1\COMREPL.EXE
C:\USERS\WOLF\APPDATA\LOCAL\MICROSOFT\COMREPL.EXE
C:\USERS\WOLF\APPDATA\LOCAL\MICROSOFT\DLLHST3G.EXE
C:\USERS\WOLF\APPDATA\LOCAL\MICROSOFT\MSTINIT.EXE
C:\USERS\WOLF\APPDATA\LOCAL\MSTINIT.EXE
C:\USERS\WOLF\APPDATA\ROAMING\CLIPSRV.EXE
C:\USERS\WOLF\APPDATA\ROAMING\MICROSOFT\CISVC.EXE
C:\USERS\WOLF\APPDATA\ROAMING\MICROSOFT\CMSTP.EXE
C:\WINDOWS\SYSTEM\SESSMGR.EXEAdware.Tracking Cookie
C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Cookies\wolf@ad.yieldmanager[1].txt
C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Cookies\wolf@apmebf[1].txt
C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Cookies\wolf@advertising[2].txt
C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Cookies\wolf@atwola[1].txt
C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Cookies\wolf@boursoramabanque.solution.weborama[2].txt
C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Cookies\wolf@content.yieldmanager[3].txt
C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Cookies\wolf@content.yieldmanager[2].txt
C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Cookies\wolf@at.atwola[1].txt
C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Cookies\wolf@tradedoubler[1].txt
C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Cookies\wolf@doubleclick[2].txt
C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Cookies\wolf@ar.atwola[2].txt
C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Cookies\wolf@insightexpressai[1].txt
C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Cookies\wolf@mediaplex[2].txt
C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Cookies\wolf@tacoda[1].txt
C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Cookies\wolf@atdmt[1].txt
C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Cookies\wolf@weborama[1].txt
I haven’t AOL, i have Orange (french).
After reboot :
It’s not over…
SUPERAntiSpyware Scan Log http://www.superantispyware.comGenerated 02/17/2010 at 10:19 AM
Application Version : 4.33.1000
Core Rules Database Version : 4595
Trace Rules Database Version: 2407Scan type : Quick Scan
Total Scan Time : 00:24:22Memory items scanned : 760
Memory threats detected : 1
Registry items scanned : 526
Registry threats detected : 5
File items scanned : 22851
File threats detected : 12Trojan.Agent/Gen-Hack
C:\USERS\WOLF\APPDATA\LOCAL\TEMP\DLLHST3G.EXE
C:\USERS\WOLF\APPDATA\LOCAL\TEMP\DLLHST3G.EXE
[DllHst] C:\USERS\WOLF\APPDATA\LOCAL\TEMP\DLLHST3G.EXE
[Mstsc] C:\USERS\WOLF\LOCALS~1\APPLIC~1\MICROS~1\MSTSC.EXE
C:\USERS\WOLF\LOCALS~1\APPLIC~1\MICROS~1\MSTSC.EXE
[IEudinit] C:\WINDOWS\SYSTEM\IEUDINIT.EXE
C:\WINDOWS\SYSTEM\IEUDINIT.EXE
[Mstsc] C:\USERS\WOLF\LOCALS~1\APPLIC~1\MICROS~1\MSTSC.EXE
[load] C:\WINDOWS\SYSTEM\SESSMGR.EXE
C:\WINDOWS\SYSTEM\SESSMGR.EXE
C:\USERS\WOLF\APPDATA\LOCAL\MICROSOFT\MSTSC.EXEAdware.Tracking Cookie
C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Cookies\wolf@advertising[2].txt
C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Cookies\wolf@boursoramabanque.solution.weborama[2].txt
C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Cookies\wolf@at.atwola[1].txt
C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Cookies\wolf@doubleclick[1].txt
C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Cookies\wolf@tacoda[2].txt
C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Cookies\wolf@atdmt[2].txt
C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Cookies\wolf@weborama[1].txt
After reboot, i will run a full scan.
SUPERAntiSpyware Scan Log http://www.superantispyware.comGenerated 02/17/2010 at 11:15 AM
Application Version : 4.33.1000
Core Rules Database Version : 4595
Trace Rules Database Version: 2407Scan type : Complete Scan
Total Scan Time : 00:43:24Memory items scanned : 769
Memory threats detected : 1
Registry items scanned : 7688
Registry threats detected : 5
File items scanned : 32156
File threats detected : 11Trojan.Agent/Gen-Hack
C:\USERS\WOLF\LOCAL SETTINGS\APPLIC~1\MICROS~1\COMREPL.EXE
C:\USERS\WOLF\LOCAL SETTINGS\APPLIC~1\MICROS~1\COMREPL.EXE
[rsvp] C:\USERS\WOLF\APPDATA\LOCAL\TEMP\RSVP.EXE
C:\USERS\WOLF\APPDATA\LOCAL\TEMP\RSVP.EXE
[DllHst] C:\WINDOWS\SYSTEM\DLLHST3G.EXE
C:\WINDOWS\SYSTEM\DLLHST3G.EXE
[ComRepl] C:\USERS\WOLF\LOCALS~1\APPLIC~1\MICROS~1\COMREPL.EXE
C:\USERS\WOLF\LOCALS~1\APPLIC~1\MICROS~1\COMREPL.EXE
[DllHst] C:\WINDOWS\SYSTEM\DLLHST3G.EXE
[load] C:\USERS\WOLF\APPDATA\LOCAL\TEMP\ESENTUTL.EXE
C:\USERS\WOLF\APPDATA\LOCAL\TEMP\ESENTUTL.EXE
C:\USERS\WOLF\APPDATA\LOCAL\MICROSOFT\COMREPL.EXEAdware.Tracking Cookie
C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Cookies\wolf@doubleclick[1].txt
C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Cookies\wolf@atdmt[2].txtTrojan.Agent/Gen-Backdoor[FakeAlert]
C:\USERS\WOLF\APPDATA\LOCAL\TEMP~TEMP\MLP209\MDM.EXE
C:\USERS\WOLF\APPDATA\LOCAL\TEMP~TEMP\MLP210\MDM.EXE
C:\Windows\Prefetch\MDM.EXE-835A3097.pf
What is [FakeAlert] ? A fake virus ?
Try this program, hold down the left ctrl key before you execute hitmanpro35.exe, this will kill a lot of your processes, the program does not remove anything until you activate the 30 day trial license. Looks like you have a worm and rogue/fake program. This program has french language http://www.surfright.nl/en/hitmanpro
What is [FakeAlert] ? A fake virus ?yes a fake/rogue security program