[ryanryan007]

Wow thanks alot Byteman, i appreiciate all the time and effort and help u gave me. now that this problem is resolved..how can i prevent this from happening. So far i plan on getting the comodo firewall, and upgradeding my SAS program. any other programs u suggest i install or remove? so far i have tuneup utilities 07, lavasoft ad aware, avast and now SAS. should i add more to my secruity or keep it the way it is?

ps. can i uninstall hte programs that were recently installed for the cleanup (combofix and hijackthis)?

[ryanryan007]

i just ran a full scan using my upgraded SAS..and it found "Unclassified Oreans32" :S

what do i do? its already quarantined..is that enuff?

[Byteman]

Hi, It depends on where the item was found it may have been in the already Quarantined items, ComboFix backups, etc.

Can you post the log of that scan that found it please....

[ryanryan007]

SUPERAntiSpyware Scan Log
Generated 01/18/2008 at 04:24 AM

Application Version : 3.6.1000

Core Rules Database Version : 3377
Trace Rules Database Version: 1371

Scan type : Complete Scan
Total Scan Time : 00:41:24

Memory items scanned : 496
Memory threats detected : 0
Registry items scanned : 6441
Registry threats detected : 0
File items scanned : 44574
File threats detected : 1

Unclassified.Oreans32
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS.VIR










scan 2


SUPERAntiSpyware Scan Log
Generated 01/18/2008 at 01:06 PM

Application Version : 3.6.1000

Core Rules Database Version : 3382
Trace Rules Database Version: 1376

Scan type : Complete Scan
Total Scan Time : 00:40:31

Memory items scanned : 454
Memory threats detected : 0
Registry items scanned : 6440
Registry threats detected : 0
File items scanned : 44724
File threats detected : 2

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.bridgetrack[1].txt






scan 3


SUPERAntiSpyware Scan Log
Generated 01/18/2008 at 05:45 PM

Application Version : 3.6.1000

Core Rules Database Version : 3382
Trace Rules Database Version: 1376

Scan type : Complete Scan
Total Scan Time : 00:40:55

Memory items scanned : 451
Memory threats detected : 0
Registry items scanned : 6440
Registry threats detected : 0
File items scanned : 44732
File threats detected : 1

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt

[Byteman]

Hi, Look at the location that was found in....it is the backups folder that ComboFix always makes called Qoobox

The item cannot harm anything there except that, someone could come along and restore the thing, so as a last step, we remove all ComboFix files and folders\\

But, with this tricky type of malware, I like to wait a day or two to clean up the tools as you never know what will happen.

I think it would be safe for you now to delete (there is no uninstall with ComboFix, it is a standalone tool) all ComboFix downloads, files, folders that you have.

ComboFix stores the Qoobox folder in the root of C: drive- it;s not likely that anyone would mess with it there, but if you want to delete Qoobox, do so.

The other items are harmless Cookies> you will always be finding them, there is no need for concern, your scans will remove them.

Also> you can by running Disk Cleanup, or any other temp file cleaner upper like the one I use, CleanUP!

Hijackthis does have an uninstaller in Add/Remove and you can uninstall it if you don't want it around where someone could mis-use it..... others not aware of what they are doing, certainly can cause bad things.