Hello,
I would appreciate your help, I will be a brief as possible.
I had a problem last month symantec showed a message that it was disabled. I scanned my computer with symantec but nothing showed. I downloaded installed and ran malwarebytes which seemed to fix the problem. I then installed AVG. I started having problems when browsing recently so I tryed updating and running Malwarebytes but it wouldn't work (as below) even in safe mode. I logged into this forum to follow guidlines but not much worked (as below). I tryed to uninstall programs to retry but something keeps changing the permissions on files. I ran Kaspersky online scan (log is at the bottom). I downloaded and installed Kaspersky, it made me remove/uninstall Symantec, Malwarebytes, avast. It provide tools to remove the files without permissions. When I scanned with kaspersky it got changed to have no permission. I uninstalled Kaspersky. I the restarted Gladiator guidelines for posting to describe the action for you...below.
I will describe the action of each item in the
"Guidelines for posting", items 1 to 7:
1-Malwarebytes: installed, updated, started "Perform Quick Scan" runs for 3 seconds, program closes, no log file. Try to reopen and get the following message "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."
2-ATF Cleaner: downloaded to desktop, select all, empty selected - message"Done Cleaning!! ATF CLEANER hes freed 210.359 MBs" - exit.
3-I performed all the tasks in this item.
4-word wrap was not checked
5-OTL: downloaded to desktop, "LOP check" "Purity check" ran for about 5-10 seconds then program closed, no log file generated.
6-Security Check317: downloaded to desktop, run, "Press any key to continue", it displays "collecting information" for about 2 seconds and then closes, no log.
7-Now I'm posting my problem.
Log from "Kaspersky online"
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, September 8, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, September 08, 2009 20:57:28
Records in database: 2761496
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area Critical areas
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\JP\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS
Scan statistics
Objects scanned 37255
Threats found 3
Infected objects found 26
Suspicious objects found 0
Scan duration 01:36:43
File name Threat Threats count
winlogon.exe\912CE804.x86.dll/winlogon.exe\912CE804.x86.dll Infected: Trojan-Spy.Win32.Agent.azpj 1
globalroot\Device\__max++>\912CE804.x86.dll/globalroot\Device\__max++>\912CE804.x86.dll Infected: Trojan-Spy.Win32.Agent.azpj 12
svchost.exe\912CE804.x86.dll/svchost.exe\912CE804.x86.dll Infected: Trojan-Spy.Win32.Agent.azpj 4
spoolsv.exe\912CE804.x86.dll/spoolsv.exe\912CE804.x86.dll Infected: Trojan-Spy.Win32.Agent.azpj 1
explorer.exe\912CE804.x86.dll/explorer.exe\912CE804.x86.dll Infected: Trojan-Spy.Win32.Agent.azpj 1
SavRoam.exe\912CE804.x86.dll/SavRoam.exe\912CE804.x86.dll Infected: Trojan-Spy.Win32.Agent.azpj 1
ccApp.exe\912CE804.x86.dll/ccApp.exe\912CE804.x86.dll Infected: Trojan-Spy.Win32.Agent.azpj 1
VPTray.exe\912CE804.x86.dll/VPTray.exe\912CE804.x86.dll Infected: Trojan-Spy.Win32.Agent.azpj 1
apdproxy.exe\912CE804.x86.dll/apdproxy.exe\912CE804.x86.dll Infected: Trojan-Spy.Win32.Agent.azpj 1
iexplore.exe\912CE804.x86.dll/iexplore.exe\912CE804.x86.dll Infected: Trojan-Spy.Win32.Agent.azpj 1
C:\Program Files\CrossLoop\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1
C:\Program Files\CrossLoop\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1
Selected area has been scanned.
I hope you can help me.
Farmboy
Full Version: infected by: Trojan-Spy.Win32.Agent.azpj - please help
The Kaspersky log shows that several Windows files have been corrupted. If this is indeed the case, then the only reocmmendation I will make is to backup any valuable data, then reformat and reinstall.
The first step will be to confirm or deny the Kasperskyt info..
Go here http://www.eset.eu/online-scanner to run an online scannner from ESET.
* Note: You will need to use Internet explorer for this scan
* Tick the box next to YES, I accept the Terms of Use.
* Click Start
* When asked, allow the activex control to install
* Click Start
* Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
* Click Scan
* Wait for the scan to finish
* Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
* Copy and paste that log as a reply to this topic
The first step will be to confirm or deny the Kasperskyt info..
Go here http://www.eset.eu/online-scanner to run an online scannner from ESET.
* Note: You will need to use Internet explorer for this scan
* Tick the box next to YES, I accept the Terms of Use.
* Click Start
* When asked, allow the activex control to install
* Click Start
* Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
* Click Scan
* Wait for the scan to finish
* Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
* Copy and paste that log as a reply to this topic
I don't know if it worked, the whole process from download to finished scanning was less than a minute. Here is the log.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=0
# version=6
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=6e157af2f3366247a9b3a53fbe5e6294
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-09-11 02:25:57
# local_time=2009-09-11 09:25:57 (-0600, Central Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=3585 63 50 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
Thanks
Farmboy
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=0
# version=6
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=6e157af2f3366247a9b3a53fbe5e6294
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-09-11 02:25:57
# local_time=2009-09-11 09:25:57 (-0600, Central Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=3585 63 50 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
Thanks
Farmboy
Hello LoPhatPhuud,
I uninstalled and reinstalled ESET online scanner in case it was my error. Turns out it ran this time. Here is the log.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=6e157af2f3366247a9b3a53fbe5e6294
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-09-11 04:40:00
# local_time=2009-09-11 11:40:00 (-0600, Central Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=3585 63 50 0 0
# scanned=48593
# found=6
# cleaned=0
# scan_time=3170
C:\Documents and Settings\JP\Application Data\Sun\Java\Deployment\cache\6.0\11\55a4ff8b-1c3cf50c Java/TrojanDownloader.OpenStream.NAC trojan 00000000000000000000000000000000 I
C:\Documents and Settings\JP\Application Data\Sun\Java\Deployment\cache\6.0\3\6edc3c83-1b90346e Java/TrojanDownloader.OpenStream.NAC trojan 00000000000000000000000000000000 I
C:\Documents and Settings\JP\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-5944ebda multiple threats 00000000000000000000000000000000 I
C:\Documents and Settings\JP\Application Data\Sun\Java\Deployment\cache\6.0\35\362cfe3-61aa3fd4 Java/TrojanDownloader.OpenStream.NAB trojan 00000000000000000000000000000000 I
C:\Documents and Settings\JP\Application Data\Sun\Java\Deployment\cache\6.0\43\65cc22eb-3757df69 Java/TrojanDownloader.OpenStream.NAB trojan 00000000000000000000000000000000 I
C:\removal\sdsetup.exe probably a variant of Win32/Spy.Agent trojan 00000000000000000000000000000000 I
hoping you can help,
Farmboy
I uninstalled and reinstalled ESET online scanner in case it was my error. Turns out it ran this time. Here is the log.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=6e157af2f3366247a9b3a53fbe5e6294
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-09-11 04:40:00
# local_time=2009-09-11 11:40:00 (-0600, Central Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=3585 63 50 0 0
# scanned=48593
# found=6
# cleaned=0
# scan_time=3170
C:\Documents and Settings\JP\Application Data\Sun\Java\Deployment\cache\6.0\11\55a4ff8b-1c3cf50c Java/TrojanDownloader.OpenStream.NAC trojan 00000000000000000000000000000000 I
C:\Documents and Settings\JP\Application Data\Sun\Java\Deployment\cache\6.0\3\6edc3c83-1b90346e Java/TrojanDownloader.OpenStream.NAC trojan 00000000000000000000000000000000 I
C:\Documents and Settings\JP\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-5944ebda multiple threats 00000000000000000000000000000000 I
C:\Documents and Settings\JP\Application Data\Sun\Java\Deployment\cache\6.0\35\362cfe3-61aa3fd4 Java/TrojanDownloader.OpenStream.NAB trojan 00000000000000000000000000000000 I
C:\Documents and Settings\JP\Application Data\Sun\Java\Deployment\cache\6.0\43\65cc22eb-3757df69 Java/TrojanDownloader.OpenStream.NAB trojan 00000000000000000000000000000000 I
C:\removal\sdsetup.exe probably a variant of Win32/Spy.Agent trojan 00000000000000000000000000000000 I
hoping you can help,
Farmboy
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Give it at least 20-30 minutes to finish if needed.
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Give it at least 20-30 minutes to finish if needed.
Hello LoPhatPhud,
Thank you for your help. After I ran the combofix.exe so many things were deleted that I couldn't log into windows...no desktop. All I would get is a blanc screen, like most of my profile was deleted.
As it turned out, I hired a computer technician whom I believe to be competent. He discovered that XP service pack 3 partially installed on my PC. He was able to reinstall XP Pro but Windows insaller was corrupt and he couldn't install some drivers. Finally he noticed some Service pack 3 files and Registry settings even though I was only at service pack 2. He uninstalled service pack 3 and installed the newest Symantec Stuff with the full coverage and it all works great.
I remember autoupdate rebooting my computer earlier in the summer and I may have stopped the intall of SP3...My fault. He believes this to be the problem.
Thanks again for your help.
Farmboy
Thank you for your help. After I ran the combofix.exe so many things were deleted that I couldn't log into windows...no desktop. All I would get is a blanc screen, like most of my profile was deleted.
As it turned out, I hired a computer technician whom I believe to be competent. He discovered that XP service pack 3 partially installed on my PC. He was able to reinstall XP Pro but Windows insaller was corrupt and he couldn't install some drivers. Finally he noticed some Service pack 3 files and Registry settings even though I was only at service pack 2. He uninstalled service pack 3 and installed the newest Symantec Stuff with the full coverage and it all works great.
I remember autoupdate rebooting my computer earlier in the summer and I may have stopped the intall of SP3...My fault. He believes this to be the problem.
Thanks again for your help.
Farmboy
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.