|
|||||||
| Other Tech News The latest community based technology news from across the globe. (If you aren't a community newsposter then use the "Submit News" section.) |
 |
|
|
Thread Tools |
Apr 20, 2004, 08:55 AM
|
#31 | ||
|
HardwareHeaven Extreme Member
|
Quote:
http://www.hardwareheaven.com/showthre...threadid=43624 Quote:
I vistied the DO not visit sites (yea i know i'm a mad man) to see if i got the bug... nothing but these site wer ofering software/freeware etc ... (then again my pc's like fort knox when it comes to secrity, and anti spyware) they offe have fine print in the licence agreement so you agree to install this stuff but few actaully read the seamingly 1,000 page readme full of mumbo jumbo... most people just click accept and move on... I've told people before the were infected/ being spyied on with this crap and they got mad at me?  wtf? 
Last edited by The_Neon_Cowboy; Apr 20, 2004 at 09:09 AM. |
||
|
|
|
Apr 20, 2004, 11:46 AM
|
#32 |
|
DriverHeaven Newbie
Join Date: Oct 2002
Posts: 6
Rep Power: 0  |
Hi all.
Try CWShredder which is can be found at wilderssecurity.com Here's a link http://www.wilderssecurity.com/showthread.php?t=14086 Should remove the problem. Hope this helps some peoples. Enjoy CjLivE Last edited by cjlive; Apr 20, 2004 at 02:23 PM. |
|
|
|
|
Apr 20, 2004, 01:36 PM
|
#33 |
|
DriverHeaven Newbie
Join Date: Jul 2002
Posts: 6
Rep Power: 0 |
SOLUTION !!!!
There seems to be a solution to the Problem.
Thr Program Pest Patrol can remove it. If you don´t want to invest in Pest Patrol, they have a manual on the page to Remove it manually. Sorry for my English, if have gotten a little lazy with speaking it in the past month. Here is the Link: http://www.pestpatrol.com/pestinfo/v...0and%20Removal |
|
|
|
|
Apr 20, 2004, 04:15 PM
|
Thread Starter
#34
|
|
|
HardwareHeaven Extreme Member
|
Quote:
|
|
|
|
|
|
Apr 20, 2004, 04:25 PM
|
Thread Starter
#35
|
|
|
HardwareHeaven Extreme Member
|
Re: SOLUTION !!!!
Quote:
|
|
|
|
|
|
Apr 20, 2004, 04:52 PM
|
#36 |
|
DriverHeaven Newbie
Join Date: Jul 2002
Posts: 6
Rep Power: 0 |
Look Here...
There seems to be another solution, which might help you,
and you don´t have to reinstall, all you need is the recovery console. Find it over here: http://computercops.biz/modules.php?...topic&p=145239 |
|
|
|
|
Apr 20, 2004, 04:57 PM
|
#37 |
|
DriverHeaven Newbie
Join Date: Jul 2002
Posts: 6
Rep Power: 0 |
New Adaware Ref. File
A new reference file (01R298 20.04.2004) is now available.
Here is a breakdown explaining what is included: Updated Items -------------------------------------------------------- BroadCastPC Claria ClearSearch ClickSpring CometSystems CoolWebSearch (4 variants) EzuLa HotBar I-LookUp istbar (4 variants) JRaun Lop.com MemoryWatcher NetRatings Rads01.Quadrogram Roings (4 variants) VirtuMonde VX2.BetterInternet Winpup32 WhenU |
|
|
|
|
Apr 20, 2004, 05:01 PM
|
Thread Starter
#38
|
|
HardwareHeaven Extreme Member
|
Tried the recovery console, it came back. That was one of the first things I did. I updated Adaware of course and same thing. IT says it needs to restart and it doesn't start up like normal and scan before loading the desktop like it normally does. All that Adaware reference file does is find an additional dll file that it can not remove. I tried in safe mode as above and it still doesn't work. It's taken Pest Patrol 30 minutes to update on High Speed DSL. So I am already a little suspicious of this program. I remember reading something about it I did not like and I can not remember off hand what it is. I am going to try that now and will report back.
|
|
|
|
|
Apr 20, 2004, 05:14 PM
|
Thread Starter
#39
|
|
HardwareHeaven Extreme Member
|
PEST PATROL = CRAP
Now I remember why I hate Pest Patrol. It gives you false positives and then says you have to pay for it in order to remove what it's "found"
So it does a search and doesn't find this VX2.BetterInternet even though that link above says it does. It is not on the listed detections at all. POS is what it is. EDIT: And get this. It doesn't add itself to your add/remove programs list AT ALL!!! Damnit the BS with spyware is frustrating me beyond belief. |
|
|
|
|
Apr 20, 2004, 05:42 PM
|
#40 |
|
DriverHeaven Newbie
Join Date: Jul 2002
Posts: 6
Rep Power: 0 |
Sorry for you :-(
Don´t get me wrong, i didn´t want to make any advertisment for that
POS  . I just fund in some newsgroups, that people were talking about it.I´m realy sorry that none of the solutions worked. I hate spyware as much as you do. BTW do you remember where you got that spyware? |
|
|
|
|
Apr 20, 2004, 05:50 PM
|
Thread Starter
#41
|
|
HardwareHeaven Extreme Member
|
I do not get spyware on my computer. I work at a computer place and a customer brought in the computer with it on there. It's a local business computer and I just told him when he came in a few minutes ago to make this a lesson for him. Do not let your kids play on a business computer with free access to every website that is available. Typical teenagers, preteenagers have no clue about such things. Kazaa, etc, adspy-virus infected trash. Use it for business only. Get a seperate computer for your kids, make them pay for repairs if they do stupid stuff like this. Then will they learn and will hopefully educated themselves.
|
|
|
|
|
Apr 20, 2004, 05:54 PM
|
#42 |
|
DriverHeaven Newbie
Join Date: Jul 2002
Posts: 6
Rep Power: 0 |
THX
I see....
If you want to have some fun, just check the lavasoft support forum. This spyware is beeing discussed all over the place there. Have a nice day. |
|
|
|
|
Apr 20, 2004, 06:18 PM
|
Thread Starter
#43
|
|
HardwareHeaven Extreme Member
|
There are a couple of us here that are working on a possible tool to remove this spyware. This is not a definite but a possibility.
|
|
|
|
|
Apr 20, 2004, 08:06 PM
|
#44 |
|
DriverHeaven Junior Member
Join Date: Sep 2003
Posts: 44
Rep Power: 0 |
Sorry if this has been asked and answered but,who made this spyware? Do they have a web site? Thanks.
|
|
|
|
|
Apr 20, 2004, 08:45 PM
|
Thread Starter
#45
|
|
HardwareHeaven Extreme Member
|
I found this today. This was done a while ago and this is why I am so picky about what I recommend for use to remove adspy-viruses.
http://news.com.com/2100-1032-5153485.html?tag=nl |
|
|
|
|
Apr 20, 2004, 08:49 PM
|
Thread Starter
#46
|
|
HardwareHeaven Extreme Member
|
THIS seems to be a working solution. If you have this, try the steps here about 2/3 of the way down.
http://www.lavasoftsupport.com/index...pic=23704&st=0 |
|
|
|
|
Apr 20, 2004, 08:51 PM
|
Thread Starter
#47
|
|
|
HardwareHeaven Extreme Member
|
Quote:
|
|
|
|
|
|
Apr 21, 2004, 02:38 AM
|
#48 |
|
DriverHeaven Senior Member
Join Date: Dec 2002
Posts: 558
Rep Power: 0 |
Well I got rid of it finally! I booted from CD and ran recovery and deleted aklui.cpy.dll & aklui.dll. All is fine, I ran adware again and it doesnt find it now. Thanks for all the help!!
|
|
|
|
|
Apr 23, 2004, 07:58 AM
|
#49 | |
|
HardwareHeaven Extreme Member
|
Quote:
I'm going to get the shivey on this verry soon will be back with alot more info tomarrow
__________________
|
|
|
|
|
|
Apr 23, 2004, 01:01 PM
|
#50 |
|
unplugged
|
"But US-based spyware companies such VX2 currently escape the jurisdiction of UK law, which creates huge privacy implications for Internet users here"
Well maybe they should get their heads out their (you know what) and create laws to catch these low life scumbags. http://news.zdnet.co.uk/internet/0,3...2103354,00.htm
__________________
|
|
|
|
|
Apr 23, 2004, 01:28 PM
|
#51 | |
|
HardwareHeaven Extreme Member
|
Quote:
alot of them ahe hideing there files now that wer hosted on thier pages. They are verrateing thier files! so the finle names invovled are subject to chage but i installed all possable verants on my machane and tracked what I could. I'll report back my finding after while. I just go through a clean formart now to the data I collected........
__________________
|
|
|
|
|
|
Apr 23, 2004, 01:35 PM
|
#52 | |
|
Banned
Join Date: May 2002
Posts: 2,092
Rep Power: 0 
|
Quote:
you probebly know that already .. just making sureThe new Spybot 1.3 rc4 now also search for VX2... |
|
|
|
|
|
Apr 23, 2004, 01:54 PM
|
#53 |
|
unplugged
|
Because of this I've installed SpywareBlaster 3.1, I really like the program and what it does- I'm telling everyone I know to get it installed and keep it updated, it could save them a lot of time and frustration.
__________________
|
|
|
|
|
Apr 23, 2004, 02:37 PM
|
#54 | |
|
Apple Fanboy?
|
uhoh… error msg when installing spybot 1.3 rc4… doesn't look good for me…
edit: running the installer again worked… computers are strange things
__________________
Chris - The Aussie Super Mod
Hardwareheaven Rules - Sig Request Thread How you can help HardwareHeaven by using Digg! Hardwareheaven Super-Moderator Quote:
|
|
|
|
|
|
Apr 24, 2004, 05:38 AM
|
#55 | |
|
HardwareHeaven Extreme Member
|
Quote:
actually it was really hard to get this with sp2... I had to disable all my security and remove all my anti adware programs.... just to get thier aplications to downloadin the first place... i'll be working on the files caged now but there are gonna be a fow oddballs in there and the file names are subjuct to chage as they are produceing verraints
__________________
|
|
|
|
|
|
Apr 24, 2004, 05:41 AM
|
Thread Starter
#56
|
|
HardwareHeaven Extreme Member
|
Neon, I do not think that is necessary now. I will have version 2 of my guide done tomorrow or Sunday the absolute latest and these issues are resolved in it.
|
|
|
|
|
Apr 24, 2004, 06:00 AM
|
#57 | |
|
HardwareHeaven Extreme Member
|
Quote:
I dunno ... They only way to fuly get rid of this bug is to FORMAT AND RE INSTALL.... To many files are anlterd and there are to many variants!!!! a scanner can possablr dectect not remove the alterd files and varians next post is the files alterd..
__________________
|
|
|
|
|
|
Apr 24, 2004, 06:01 AM
|
#58 |
|
HardwareHeaven Extreme Member
|
C:\Program Files
\Common Files\BetterInternet, Inc\ccrpftv6.ocx Created \Common Files\BetterInternet, Inc\SSubTmr.dll Created \Common Files\BetterInternet, Inc\SSubTmr6.dll Created \Common Files\BetterInternet, Inc\utils_21.dll Created \Common Files\BetterInternet, Inc\vbalIcoM6.dll Created \Common Files\BetterInternet, Inc\VbalIml6.ocx Created \Dynamic Toolbar\TAF\Cache\home.bmp Created \Dynamic Toolbar\TAF\Cache\search.bmp Created \Dynamic Toolbar\TAF\Cache\skinbutton.bmp Created \Dynamic Toolbar\TAF\Cache\taf.bmp Created \Dynamic Toolbar\TAF\Cache\TAFTB0200.rc4 Created \Lycos\Sidesearch\offline.htm Created \Lycos\Sidesearch\sidesearch1311.dll Created \Lycos\Sidesearch\Uninst.exe Created \My PanicButton\AboutMYPBTN.BMP Created \My PanicButton\CleanHistories.dll Created \My PanicButton\CookiesToSave.txt Created \My PanicButton\DeleteLockedFiles.exe Created \My PanicButton\EventFirer.ocx Created \My PanicButton\EXEs.pxt Created \My PanicButton\Help.chm Created \My PanicButton\HELPICON.ICO Created \My PanicButton\HiddenHandles.txt Created \My PanicButton\MixerControl.ocx Created \My PanicButton\MYPBTN.exe Created \My PanicButton\Plugins\1111WinRecentDocs.pgn Created \My PanicButton\Plugins\1112WinRecycleBin.pgn Created \My PanicButton\Plugins\1113WinStartRun.pgn Created \My PanicButton\Plugins\1114WinStartFindFiles.pgn Created \My PanicButton\Plugins\1115WinClipboard.pgn Created \My PanicButton\Plugins\1116WinTempFolder.pgn Created \My PanicButton\Plugins\1117WinStartFindComputers.pgn Created \My PanicButton\Plugins\1118WinPaint.pgn Created \My PanicButton\Plugins\1120WinSearchAsst.pgn Created \My PanicButton\Plugins\1121WinMediaPlayer.pgn Created \My PanicButton\Plugins\1122MediaPlayerRecURLS.pgn Created \My PanicButton\Plugins\1130WordPadMRU.pgn Created \My PanicButton\Plugins\1200IEtypedURLS.pgn Created \My PanicButton\Plugins\1201IECache.pgn Created \My PanicButton\Plugins\1202IECookies.pgn Created \My PanicButton\Plugins\1203IEHistory.pgn Created \My PanicButton\Plugins\1204IEAutoComplete.pgn Created \My PanicButton\Plugins\1205IEIndexDat.pgn Created \My PanicButton\Plugins\1301NNCache.pgn Created \My PanicButton\Plugins\1302NNCookies.pgn Created \My PanicButton\Plugins\1303NNHistory.pgn Created \My PanicButton\Plugins\1304NNURLDropDown.pgn Created \My PanicButton\Plugins\1400RealPlayer.pgn Created \My PanicButton\Plugins\1500AOLCache.pgn Created \My PanicButton\Plugins\1501AOLVisitedSites.pgn Created \My PanicButton\Plugins\1601GoogleSearchHistory.pgn Created \My PanicButton\Plugins\1701KazaaSearchDropDown.pgn Created \My PanicButton\Plugins\2000WinZipExtracted.pgn Created \My PanicButton\Plugins\2001WinZipRecentFiles.pgn Created \My PanicButton\ProgramsToDefaultOpen.txt Created \My PanicButton\psapi.dll Created \My PanicButton\SaveSuggestions.txt Created \My PanicButton\Settings.ini Created \My PanicButton\SuppressNewWindows.txt Created \My PanicButton\SystemTrayPrograms.txt Created \My PanicButton\unins000.dat Created \My PanicButton\unins000.exe Created \SpyBlocs\Alert.WAV Created \SpyBlocs\BlockedCookies.txt Created \SpyBlocs\ErrorLogFile.txt Created \SpyBlocs\ImmunizeDatabase Created \SpyBlocs\RegistrySpylist Created \SpyBlocs\rmcomtb.dat Created \SpyBlocs\rmcomtb.exe Created \SpyBlocs\SpyBlocs.exe Created \SpyBlocs\spyList Created \SpyBlocs\uninstal.log Created \Symantec\LiveUpdate\ludirloc.dat Date/time \ZeroTraceLite\NLNP075.exe Created \ZeroTraceLite\ss_IGN8_setup.exe Created \ZeroTraceLite\unins000.dat Created \ZeroTraceLite\unins000.exe Created \ZeroTraceLite\ZeroTrace.exe Created \ZeroTraceLite\ZeroTraceLite.url Created \ZeroTraceLite\ZTb02.exe Created C:\Documents and Settings All Users\Application Data\Symantec\LiveUpdate\1.Product.Inventory.LiveU pdate Date/time \All Users\Application Data\Symantec\LiveUpdate\1.Settings.LiveUpdate Date/time \All Users\Application Data\Symantec\LiveUpdate\2.Product.Inventory.LiveU pdate Date/time \All Users\Application Data\Symantec\LiveUpdate\2.Settings.LiveUpdate Date/time \All Users\Application Data\Symantec\LiveUpdate\3.Product.Inventory.LiveU pdate Date/time \All Users\Application Data\Symantec\LiveUpdate\3.Settings.LiveUpdate Date/time \All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate Date/time \All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpd ate Date/time \All Users\Application Data\Symantec\LiveUpdate\Settings.LiveUpdate Date/time \All Users\Start Menu\Programs\MSN Messenger 6.2.lnk Date/time \All Users\Start Menu\Programs\My PanicButton\My PanicButton Help.lnk Created \All Users\Start Menu\Programs\My PanicButton\My PanicButton.lnk Created \All Users\Start Menu\Programs\My PanicButton\Uninstall My PanicButton.lnk Created \All Users\Start Menu\Programs\SpyBlocs v2.0\Remove SpyBlocs v2.0.lnk Created \All Users\Start Menu\Programs\SpyBlocs v2.0\SpyBlocs v2.0.lnk Created \All Users\Start Menu\Programs\ZeroTraceLite\Uninstall ZeroTraceLite.lnk Created \All Users\Start Menu\Programs\ZeroTraceLite\ZeroTraceLite on the Web.lnk Created \LocalService\Cookies\index.dat Date/time \LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Cannot read,Date/time \LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Cannot read,Date/time \LocalService\Local Settings\desktop.ini Date/time \LocalService\Local Settings\History\History.IE5\index.dat Date/time \LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Date/time \LocalService\NTUSER.DAT Cannot read,Date/time \LocalService\ntuser.dat.LOG Cannot read,Date/time \NetworkService\Cookies\index.dat Date/time \NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Cannot read,Date/time \NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Cannot read,Date/time \NetworkService\Local Settings\desktop.ini Date/time \NetworkService\Local Settings\History\History.IE5\index.dat Date/time \NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Date/time \NetworkService\NTUSER.DAT Cannot read,Date/time \NetworkService\ntuser.dat.LOG Cannot read,Date/time \The_Neon_Cowboy\Application Data\Microsoft\Credentials\S-1-5-21-839522115-602162358-2147053123-1003\Credentials Date/time \The_Neon_Cowboy\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714 092295550497DD56F57004 Date/time \The_Neon_Cowboy\Application Data\Microsoft\CryptnetUrlCache\Content\486CC6AFD0 8942336C61FCD401C4A1D1 Created \The_Neon_Cowboy\Application Data\Microsoft\CryptnetUrlCache\Content\74BFD122C0 875EC75DBE5C6DB4C59019 Created \The_Neon_Cowboy\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B5 7B3142E455B38A6EB92015 Date/time \The_Neon_Cowboy\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F471 4092295550497DD56F57004 Date/time \The_Neon_Cowboy\Application Data\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD 08942336C61FCD401C4A1D1 Created \The_Neon_Cowboy\Application Data\Microsoft\CryptnetUrlCache\MetaData\74BFD122C 0875EC75DBE5C6DB4C59019 Created \The_Neon_Cowboy\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B 57B3142E455B38A6EB92015 Date/time \The_Neon_Cowboy\Application Data\Microsoft\Internet Explorer\Desktop.htt Date/time \The_Neon_Cowboy\Application Data\Microsoft\MSN Messenger\3968700938\ListCache.dat Date/time \The_Neon_Cowboy\Cookies\index.dat Date/time \The_Neon_Cowboy\Desktop\Imbum.com.url Created \The_Neon_Cowboy\Desktop\Installer.exe Deleted \The_Neon_Cowboy\Desktop\Lycos Sidesearch.lnk Created \The_Neon_Cowboy\Desktop\My PanicButton.lnk Created \The_Neon_Cowboy\Desktop\SaveRealBig.url Created \The_Neon_Cowboy\Favorites\¦¦¦ ???? ?? ?? ???? ¦¦¦.url Cannot read \The_Neon_Cowboy\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Contents \The_Neon_Cowboy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Cannot read,Date/time \The_Neon_Cowboy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Cannot read,Date/time \The_Neon_Cowboy\Local Settings\desktop.ini Date/time \The_Neon_Cowboy\Local Settings\History\History.IE5\index.dat Date/time \The_Neon_Cowboy\Local Settings\History\History.IE5\MSHist012002042320020 424\index.dat Date/time \The_Neon_Cowboy\Local Settings\Temp\~DFFD66.tmp Created \The_Neon_Cowboy\Local Settings\Temp\bi.dll Created \The_Neon_Cowboy\Local Settings\Temp\bi.ini Created \The_Neon_Cowboy\Local Settings\Temp\bi9.cab Created \The_Neon_Cowboy\Local Settings\Temp\bi9.inf Created \The_Neon_Cowboy\Local Settings\Temp\biini.cab Created \The_Neon_Cowboy\Local Settings\Temp\biini.inf Created \The_Neon_Cowboy\Local Settings\Temp\cidrules.dll Created \The_Neon_Cowboy\Local Settings\Temp\Cookies\index.dat Every cookie in my IE folder was read... way to many to list \The_Neon_Cowboy\Local Settings\Temp\History\History.IE5\desktop.ini Created \The_Neon_Cowboy\Local Settings\Temp\History\History.IE5\index.dat Created \The_Neon_Cowboy\Local Settings\Temp\inetadpt.dll Created \The_Neon_Cowboy\Local Settings\Temp\jinstaller142_04.exe Deleted \The_Neon_Cowboy\Local Settings\Temp\links.txt Date/time \The_Neon_Cowboy\Local Settings\Temp\monitor_kc.dat Created \The_Neon_Cowboy\Local Settings\Temp\SpOrder.dll Created \The_Neon_Cowboy\Local Settings\Temp\vmpremov.exe Deleted \The_Neon_Cowboy\Local Settings\Temp\wincore.dll Created \The_Neon_Cowboy\Local Settings\Temp\yahoo!_messenger_install.exe Deleted \The_Neon_Cowboy\Local Settings\Temp\ywreg.exe Deleted \The_Neon_Cowboy\NTUSER.DAT Cannot read,Date/time \The_Neon_Cowboy\ntuser.dat.LOG Cannot read,Date/time \The_Neon_Cowboy\ntuser.ini Date/time \The_Neon_Cowboy\Start Menu\Programs\Lycos Sidesearch.lnk Created C:\Program Files \0.log Date/time \bi.dll Created \bi.ini Created \biprep.exe Created \bootstat.dat Date/time \Debug\PASSWD.LOG Date/time \Debug\UserMode\userenv.log Date/time \Downloaded Program Files\button.inf Created \Downloaded Program Files\Imbum.inf Created \Downloaded Program Files\payload2.inf Created \Downloaded Program Files\taf.dll Created \host.dll Created \hostprep.exe Created \inf\bi9.inf Created \inf\biini.inf Created \inf\payload.inf Created \inf\payload2.inf Created \mypbutn.exe Created \Prefetch\AUPDATE.EXE-2253CB60.pf Date/time \Prefetch\BW.EXE-07458E6F.pf Created \Prefetch\CGA14100.EXE-011CA011.pf Created \Prefetch\CMD.EXE-087B4001.pf Date/time \Prefetch\IS-NA6RU.TMP-2C1968ED.pf Created \Prefetch\LUCOMS~1.EXE-02DB5950.pf Date/time \Prefetch\MPB14100.EXE-0BC79C15.pf Created \Prefetch\MYPBTN.EXE-08B91CFA.pf Created \Prefetch\MYPBUTN.EXE-27E4B854.pf Created \Prefetch\NTOSBOOT-B00DFAAD.pf Date/time \Prefetch\NTVDM.EXE-1A10A423.pf Created \Prefetch\REGSVR32.EXE-25EEFE2F.pf Date/time \Prefetch\RUNDLL32.EXE-12E27DD0.pf Created \Prefetch\RUNDLL32.EXE-3A1A584B.pf Created \Prefetch\TARGETSOFTSETUP.EXE-01D769F7.pf Created \Prefetch\TASKMGR.EXE-20256C55.pf Created \Prefetch\TUR14100.EXE-2B76E40F.pf Created \Prefetch\WSCNTFY.EXE-1B24F5EB.pf Date/time \sb_affiliate.ini Created \SchedLgU.Txt Date/time \setupapi.log Date/time \SoftwareDistribution\DataStore\DataStore.edb Cannot read,Date/time \SoftwareDistribution\DataStore\Logs\edb.chk Date/time \SoftwareDistribution\DataStore\Logs\edb.log Cannot read,Date/time \SoftwareDistribution\DataStore\Logs\tmp.edb Cannot read,Date/time \SoftwareDistribution\ReportingEvents.log Date/time \SpyBlocs_IsFirstTime.txt Created \system\rules.dat Created \system\WinStart001.EXE Created \system32\3mvx.cpy.dll Created \system32\3mvx.dll Created \system32\ATPartners.dll Created \system32\bi9.exe Created \system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp Date/time \system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Date/time \system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Date/time \system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp Date/time \system32\CatRoot2\edb.chk Date/time \system32\CatRoot2\edb.log Date/time \system32\CatRoot2\edb00001.log Deleted \system32\CatRoot2\edb00002.log Created \system32\cidrules.dll Created \system32\config\default Cannot read,Date/time \system32\config\default.LOG Cannot read,Date/time \system32\config\SAM Cannot read,Date/time \system32\config\SAM.LOG Cannot read,Date/time \system32\config\SecEvent.Evt Date/time \system32\config\SECURITY Cannot read,Date/time \system32\config\SECURITY.LOG Cannot read,Date/time \system32\config\software Cannot read,Date/time \system32\config\software.LOG Cannot read,Date/time \system32\config\system Cannot read,Date/time \system32\config\system.LOG Cannot read,Date/time \system32\drivers\etc\hosts Date/time \system32\im64.dll Created \system32\Im6um.dll Created \system32\inetadpt.dll Created \system32\Richtx32.ocx Created \system32\sporder.dll Date/time \system32\ss_msi1_setup.exe Created \system32\Tabctl32.ocx Created \system32\wbem\Logs\FrameWork.log Date/time \system32\wbem\Logs\wbemess.lo_ Date/time \system32\wbem\Logs\wbemess.log Date/time \system32\wbem\Logs\wmiprov.log Date/time \system32\wbem\Repository\$WinMgmt.CFG Date/time \system32\wbem\Repository\FS\INDEX.MAP Date/time \system32\wbem\Repository\FS\MAPPING.VER Date/time \system32\wbem\Repository\FS\MAPPING1.MAP Date/time \system32\wbem\Repository\FS\MAPPING2.MAP Date/time \system32\wbem\Repository\FS\OBJECTS.MAP Date/time \system32\wincore.dll Created \system32\winhost32.exe Created \system32\winupd.dll Created \Tasks\SA.DAT Date/time \Tasks\Symantec NetDetect.job Date/time \temp\Cookies\index.dat Created \temp\History\History.IE5\desktop.ini Created \temp\History\History.IE5\index.dat Created \temp\Temporary Internet Files\Content.IE5\7I9BRREW\desktop.ini Created \temp\Temporary Internet Files\Content.IE5\desktop.ini Created \temp\Temporary Internet Files\Content.IE5\index.dat Created \temp\Temporary Internet Files\Content.IE5\NEY4KCUH\desktop.ini Created \temp\Temporary Internet Files\Content.IE5\PCP41YJ6\desktop.ini Created \temp\Temporary Internet Files\Content.IE5\WD9F5B24\desktop.ini Created \unvise32.exe Created \wiadebug.log Date/time \wiaservc.log Date/time \WindowsUpdate.log Date/time
__________________
|
|
|
|
|
Apr 24, 2004, 06:04 AM
|
#59 |
|
HardwareHeaven Extreme Member
|
some of these are from the install some are from the adware..... all takeing useing finger print program that gives each file a hash value and records the file date.
Not to mention a batch file in my C:\ dir that ran a bit of code on every boot and a wierd named file I didn't get logged. I did a backup of my regisrty before and after It added over a 3 mb of code to my registry... thats not even counting changes! thats just what was added! I can't possable go though that much text but thats and insane amount of chages I had tired to capture all the chages made but this thing even disabled the tools I was planing on useing for that... take a look   anyone who has this bug back up any data,should format and reinstall.....and next time you get into windows load the anti spyware tools in our adware/spyware gudie as they protected my from getting this and I have to remove then and dumb down my windows secrity just to get infected..
__________________
Last edited by The_Neon_Cowboy; Apr 24, 2004 at 06:12 AM. |
|
|
|
|
Apr 24, 2004, 05:44 PM
|
Thread Starter
#60
|
|
HardwareHeaven Extreme Member
|
Nice work on that Neon. I tried doing that on my work computer and I have so much "anti" stuff on there it would not work. The computer there locks up about twice a day as it is (Failing mobo). I didn't want to make it worse not to mention the important data I have on there right now.
|
|
|
|
|
| Bookmarks |
| Thread Tools | |
|
|
