Virus Problem! Had Flashing Trojens In All Files

Ok here is the deal i was just on the net on a website then i heard this beeping noises i went to my computer then seen flashing red writing numbers saying Trojans then it was counting how many there were in the files there was heaps i dont get it??? what happened!!! i quickly unplugged the net then it stopped avast did pick up something BUT i didn’t get what the name was :frowning: :o

if anyone could help with the issue i just had would be much appreciated!!

Download,install, and run these programs (quick scans).Post the logs

http://filehippo.com/download_malwarebytes_anti_malware/

http://filehippo.com/download_superantispyware/

Also download HJT, choose scan and save a log file, copy/paste the notepad log

http://filehippo.com/download_hijackthis/

Hi Bluey84,
Do as micky77 suggested.
This behaviour is typical of a rogue anti malware program. These make you think your system is infected in an effort to convince you to buy the rubbish. (Don’t.)

Thanks for the help!!

i could not get malwarebytes_anti_malware to work on my computer :frowning: is there another i could use???

but here are other logs

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/15/2009 at 09:27 PM

Application Version : 4.26.1004

Core Rules Database Version : 3910
Trace Rules Database Version: 1881

Scan type : Complete Scan
Total Scan Time : 02:07:53

Memory items scanned : 356
Memory threats detected : 0
Registry items scanned : 2935
Registry threats detected : 0
File items scanned : 18414
File threats detected : 55

Adware.Tracking Cookie
C:\Documents and Settings\black r\Cookies\black r@msnportal.112.2o7[2].txt
C:\Documents and Settings\black r\Cookies\black r@doubleclick[1].txt
C:\Documents and Settings\black r\Cookies\black r@cgi-bin[2].txt
C:\Documents and Settings\black r\Cookies\black r@mediaplex[1].txt
C:\Documents and Settings\black r\Cookies\black r@serving-sys[2].txt
C:\Documents and Settings\black r\Cookies\black r@2o7[1].txt
C:\Documents and Settings\black r\Cookies\black r@apmebf[1].txt
C:\Documents and Settings\black r\Cookies\black r@atdmt[1].txt
C:\Documents and Settings\black r\Cookies\black r@bs.serving-sys[2].txt
C:\Documents and Settings\black r\Cookies\black r@overture[1].txt
media.sensis.com.au [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
media.sensis.com.au [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
media.sensis.com.au [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.sensismediasmart.com.au [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
www.trackspace.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.nextag.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.nextag.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.nextag.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.mediaonenetwork.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.focalex.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.focalex.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.dealtime.co.uk [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
jewellery-discounts.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
itxt.vibrantmedia.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.dse.findnearest.com.au [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.dse.findnearest.com.au [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.au.hwstats.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.au.hwstats.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.au.hwstats.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.au.hwstats.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.au.hwstats.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.au.hwstats.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.au.hwstats.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.au.hwstats.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.au.hwstats.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.au.hwstats.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.au.hwstats.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
primedia.us.intellitxt.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.mediafire.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.mediafire.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.mediafire.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.pamedia.com.au [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.acronymfinder.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.adultsheepfinder.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.adultsheepfinder.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gixhe3sz.default\cookies.txt ]
.adopt.hbmediapro.com [ C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\qy0h3r4n.slt\cookies.txt ]
.adopt.hbmediapro.com [ C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\qy0h3r4n.slt\cookies.txt ]
.atwola.com [ C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\qy0h3r4n.slt\cookies.txt ]
.azjmp.com [ C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\qy0h3r4n.slt\cookies.txt ]
.http.edge.vru4.com [ C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\qy0h3r4n.slt\cookies.txt ]
.shinystat.com [ C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\qy0h3r4n.slt\cookies.txt ]
ad.sensismediasmart.com.au [ C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\qy0h3r4n.slt\cookies.txt ]

Adware.180solutions/Seekmo/Zango
C:\DOCUMENTS AND SETTINGS\BLACK R\DESKTOP\SETUP.EXE
C:\SYSTEM VOLUME INFORMATION_RESTORE{C280C625-C7E1-4BFF-A57C-D40AD78D33B6}\RP18\A0005847.EXE


next one

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:20:36 PM, on 6/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Atievxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13924&l=dis
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe


End of file - 2813 bytes

[u]

some definition from avast[/u]

Detected Item Description and Information

Listed below is basic information about the detected application/process. This application may not be safe to have on your system.

Summary : Adware.180solutions/Seekmo/Zango.Process

Company : 180solutions

Description : Adware.180solutions/Seekmo/Zango.Process

Threat Level (1-10) : 1

Processes : *
SBUSA.EXE

The last items on the SAS log should be removed.

Adware.180solutions/Seekmo/Zango C:\DOCUMENTS AND SETTINGS\BLACK R\DESKTOP\SETUP.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{C280C625-C7E1-4BFF-A57C-D40AD78D33B6}\RP18\A0005847.EXE

The tracking cookies found can also be removed, they constitute a relatively minor privacy threat, and are not what caused your problem.

[/serious mode]

.adultsheepfinder.com
shows you are a true patriot. Well done, posting that! [serious mode]

There are probably entries in the HJT log, but I am not trained in the correct processing, so I’ll leave that to others. Certainly the Ask toolbar is a bit questionable.
The log looks a bit on the small side. Are you running an admin account?

Try renaming the MBAM installer file, to see if it will install. If it does, browse to the MalwareBytes folder in the program files, and rename the main executable. (Highlighted in the screenshot.) Call it anything you like, Blueys killer or whatever. Then try running it by clicking (double) on the renamed file. Hopefully you’ll be able to install, update and scan with it this way.

-= I found no serious threat in your HJT log except for:

(1) You are using Windows XP SP2… SP3 is now available via Microsoft Update… You should consider installing it…

(2) Your Firewall [Windows XP Firewall] does not support outbound protection… You should consider downloading one… Here are some of the free firewalls:

   (a) [url=http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html]Agnitum Outpost[/url]
   (b) [url=http://download.cnet.com/Online-Armor-Personal-Firewall/3000-10435_4-10426782.html?tag=mncol;pop]Online Armor[/url]
   (c) [url=http://download.cnet.com/PC-Tools-Firewall-Plus-Free-Edition/3000-10435_4-10625321.html?tag=mncol;pop]PC Tools[/url]

if you can’t install,right click on the set up file,and choose rename.Rename the file, eg moon.exe, then double click to install, then update,if this is not possible try and download the manual updates. Then navigate to C/program files/malwarebytes antimalware, locate mbam.exe, and rename this file,then double click on renamed file to launch MBAM

Sorry Tarq57,I did not read your post,I just repeated what you said

manual updates http://www.malwarebytes.org/mbam/database/mbam-rules.exe

Sorry Tarq57,I did not read your post,I just repeated what you said
No worries.

Thanks for that works now

Malwarebytes’ Anti-Malware 1.37
Database version: 2182
Windows 5.1.2600 Service Pack 2

6/15/2009 11:51:11 PM
mbam-log-2009-06-15 (23-51-11).txt

Scan type: Quick Scan
Objects scanned: 92301
Time elapsed: 45 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


also i have these poping up dont know what it means :o and Firefox is crashing !

eroor signature

BCCode : 1000000a BCP1 : 00000016 BCP2 : 00000002 BCP3 : 00000000
BCP4 : 804DBDA3 OSVer : 5_1_2600 SP : 2_0 Product : 256_1

error report contnets

C:\DOCUME~1\BLACKR~1\LOCALS~1\Temp\WERd577.dir00\Mini061609-01.dmp
C:\DOCUME~1\BLACKR~1\LOCALS~1\Temp\WERd577.dir00\sysdata.xml

outpost firewall error
drive fault

C:\Documents and Settings\All Users.WINDOWS\Application Data\Agnitum\Outpost Firewall Free\Feedback\feedback.zip

outpost logs and memorey dump nessary to investigate

http://img200.imageshack.us/img200/6329/errormessgae.jpg

http://img194.imageshack.us/img194/520/seconderorror.jpg

http://img37.imageshack.us/img37/4264/erooro3.png

http://img37.imageshack.us/img37/5569/erroo4.jpg

I’m not techy enough to know what those error messages mean.
What I’d be inclined to do (in the absence of further advice) is to try updating MBAM and SAS and run full scans with both, to be sure. (Don’t scan with both at the same time.)
The use Revo Uninstaller to uninstall the programs that are crashing/producing error reports.

(Since one of these is a firewall it is best to do this while disconnected from the net. You’ll need to have a fresh or up to date installer file to re-install these programs afterwards, and you will lose any settings/preferences/bookmarks etc. You might be able to backup your bookmarks.)

When using Revo, it will first run the programs’ own uninstaller. That uninstaller may then prompt for a restart. Don’t.
Go through the “next” button options in the Revo program. When it gets to the registry entries, be sure to expand all the “tree” entries, right down as far as they can be expanded, and only delete the bolded items.

I’ve read about (and experienced) just ticking and deleteing the unexxpanded items, which removes more than should be removed. And then borks stuff.