Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

...pc infected-help please :-)

  • 06-12-2008 11:18am
    #1
    papillon66
    Closed Accounts Posts: 62 ✭✭


    Hi guys,

    Tought that I had a virus or a bug in my computer as it was doing funny things-I did the first steps mentioned on the sticky and finaly ran the scan with panda-and yup my pc is infected-

    I have ZA(free version) and AVG(free version) but I believe their trial have runt out(not really sure as I'm a newbie and it was a friend who installed them for me)-my system windows is xp-

    Please let me know if you need anymore info-

    Thanks a lot for your help

    This is the report from Panda scan

    SUSPECTS: 2
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    Zone Alarm Security Suite 7.0.408.000 No No
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{582AB125-1403-42FB-9EFB-198690BA1496}
    00029258 application/altnet HackTools No 0 Yes No c:\program files\altnet
    00029258 application/altnet HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}
    00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\altnet
    00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\topsearch.tslink.1
    00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\clsid\{b7156514-a76c-4545-9d5b-a4e1d02c7aec}
    00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\adm.exe
    00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\altnet signing module.exe
    00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\appid\adm.exe
    00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\adm25.adm25
    00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\adm25.adm25.1
    00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\adm4.adm4
    00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\topsearch.tslink
    00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\adm4.adm4.1
    00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\topsearch.tslink
    00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\topsearch.tslink.1
    00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\adm25.adm25
    00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\adm25.adm25.1
    00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\adm4.adm4
    00064489 adware/rxtoolbar Adware No 1 Yes No hkey_local_machine\software\classes\rxresult.rxresulttracker.1
    00064489 adware/rxtoolbar Adware No 1 Yes No hkey_local_machine\software\classes\rxresult.rxresulttracker
    00064489 adware/rxtoolbar Adware No 1 Yes No HKEY_LOCAL_MACHINE\software\classes\protocols\filter\text/html\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
    00064489 adware/rxtoolbar Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}
    00112308 Application/Altnet HackTools No 0 Yes No C:\Program Files\Altnet\Download Manager\asmps.dll
    00121803 Application/Altnet HackTools No 0 Yes No C:\Documents and Settings\user\Local Settings\Temp\__unin__.exe
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@doubleclick[2].txt
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\qgpembpk.default\cookies.txt[.doubleclick.net/]
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@atdmt[2].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\qgpembpk.default\cookies.txt[.atdmt.com/]
    00141430 Application/P2PNetworking HackTools No 0 Yes No C:\Documents and Settings\user\Local Settings\Temp\p2psetup.exe
    00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\qgpembpk.default\cookies.txt[.tradedoubler.com/]
    00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@fastclick[1].txt
    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\qgpembpk.default\cookies.txt[.tribalfusion.com/]
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\qgpembpk.default\cookies.txt[.mediaplex.com/]
    00159860 Application/Psshutdown.A HackTools No 0 Yes No C:\WinampSkins.zip[EPS High-End System.wal][shutdown.exe]
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@com[1].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\qgpembpk.default\cookies.txt[ad.yieldmanager.com/]
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\qgpembpk.default\cookies.txt[ad.yieldmanager.com/]
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\qgpembpk.default\cookies.txt[ad.yieldmanager.com/]
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\qgpembpk.default\cookies.txt[ad.yieldmanager.com/]
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\qgpembpk.default\cookies.txt[ad.yieldmanager.com/]
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\qgpembpk.default\cookies.txt[ad.yieldmanager.com/]
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[1].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\qgpembpk.default\cookies.txt[ad.yieldmanager.com/]
    00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@adtech[1].txt
    00169752 application/need2find HackTools No 0 Yes No hkey_current_user\software\need2find
    00169752 application/need2find HackTools No 0 Yes No hkey_local_machine\software\need2find
    00169752 application/need2find HackTools No 0 Yes No c:\program files\need2find
    00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\qgpembpk.default\cookies.txt[.questionmarket.com/]
    00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\qgpembpk.default\cookies.txt[.questionmarket.com/]
    00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\qgpembpk.default\cookies.txt[.zedo.com/]
    00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\qgpembpk.default\cookies.txt[.zedo.com/]
    00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\qgpembpk.default\cookies.txt[.zedo.com/]
    00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\qgpembpk.default\cookies.txt[.zedo.com/]
    00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\qgpembpk.default\cookies.txt[.zedo.com/]
    03658610 Trj/Monder.AO Virus/Trojan No 1 No No C:\Program Files\eMule\Incoming\Fichier RAR\The Script - The Script 2008.rar[The Script - The Script [2008 - V0]\The Script - The Script [2008 - V0]\00 - The Script - The Script (2008).nfo.exe][The Script - The Script [2008 - V0]\The Script - The Script [2008 - V0]\00 - The Script - The Script (2008).nfo.exe][IGYDCS~1.EXE]
    03658610 Trj/Monder.AO Virus/Trojan No 1 No No C:\Program Files\eMule\Incoming\Fichier RAR\The Script - The Script 2008.rar[The Script - The Script [2008 - V0]\The Script - The Script [2008 - V0]\00 - The Script - The Script (2008).sfv.exe][The Script - The Script [2008 - V0]\The Script - The Script [2008 - V0]\00 - The Script - The Script (2008).sfv.exe][ISDXSB~1.EXE]
    03658610 Trj/Monder.AO Virus/Trojan No 1 No No C:\Program Files\eMule\Incoming\Fichier RAR\The Script - The Script 2008.rar[The Script - The Script [2008 - V0]\The Script - The Script [2008 - V0]\00 - The Script - The Script (2008).exe][The Script - The Script [2008 - V0]\The Script - The Script [2008 - V0]\00 - The Script - The Script (2008).exe][IMUQBC~1.EXE]
    03658610 Trj/Monder.AO Virus/Trojan No 1 No No C:\Program Files\eMule\Incoming\Fichier RAR\The Script - The Script 2008.rar[The Script - The Script [2008 - V0]\The Script - The Script [2008 - V0]\00 - The Script - The Script (2008).m3u.exe][The Script - The Script [2008 - V0]\The Script - The Script [2008 - V0]\00 - The Script - The Script (2008).m3u.exe][IJNMLM~1.EXE]
    03669338 Adware/Zango Adware No 0 Yes No C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
    03839851 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{1E826204-4A04-4DCA-815A-4B16EF480C2E}\RP270\A0064938.sys
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location RD
    ;===================================================================================================================================================================================
    No C:\Documents and Settings\user\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe RD
    No C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe RD
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description RD
    ;===========================================================================================================================


Advertisement