1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Opended EXE file and bad stuff happend

Discussion in 'Virus & Other Malware Removal' started by cheese, Oct 19, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. cheese

    cheese Thread Starter

    Joined:
    Jun 22, 2003
    Messages:
    2,563
    Well i was saving a file and i never noticed the extension, it was a exe file and i didnt notice. I scanned it with NAV first (definitions up to date), and it was fine. I double clciked it and my screen flashed, the file dissapeared, NAV Autoprotect went off, a dark maroon X was in the task bar for bout 5 seconds. Im not sure but i think ZA was closed to. So i double cliked NAV and it said autoprotect was off and error. So was email scanning. When i clicked enable my A: drive made a sound and it exited. I went to task manager and eneded a task that was like keke32 or omehting like that, cuz i dont thin ive seen it. So i clicked scan my comp, took awile be4 it started. It dodnt pick up anything. So i did the Symantec online scan and it picked up nothing. I ran hijack this and this is what i got after my scans:
    Logfile of HijackThis v1.97.3
    Scan saved at 5:16:17 PM, on 10/19/2003
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\wt\updater\wcmdmgr.exe
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\PrecisionTime\PrecisionTime.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\AIM95\aim.exe
    C:\Documents and Settings\System User\Desktop\IEXPLORE.EXE
    C:\Documents and Settings\System User\Desktop\IEXPLORE.EXE
    C:\Program Files\Common Files\Symantec Shared\NMain.exe
    C:\WINDOWS\System32\taskmgr.exe
    C:\Documents and Settings\System User\Desktop\IEXPLORE.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Documents and Settings\System User\Desktop\IEXPLORE.EXE
    C:\Documents and Settings\System User\Desktop\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/defaults/*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaults/sp/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/ymsgr/defaults/*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Companion\ycomp5_0_2_4.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\ycomp5_0_2_4.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [USSShReg] C:\WINDOWS\System32\ussshreg.exe /r
    O4 - HKLM\..\Run: [WorkFlo] D:\Install\WorkFlow.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [kekget] c:\windows\system32\keke22.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Documents and Settings\System User\Desktop\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Yahoo! Chat 1.3 - http://cs5.chat.sc5.yahoo.com/c174/chat.cab
    O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/games/clients/y/cct0_x.cab
    O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt4_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pota_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/support/chipdetect/OSInfo.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/support/chipdetect/SiSAutodetectnt.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} - http://aol.ea.com/downloads/games/common/boot_strap/iegils.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} (RRAAINAX_02.RRAAINAX) - http://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CAB
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,64/mcinsctl.cab
    O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://forumchat.compuserve.com/applets/RTCChat.cab
    O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/25320a29adda95c6af05/netzip/RdxIE601.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_0.ocx
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
    O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} (GigexCtrl ActiveX) - http://www.gigex.com/tv/igor/gigexagent.dll
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003050501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {9BB641DB-045B-42B4-BAE2-CBAAD66B0CC4} (Spotlife Composer) - http://yahoo.spotlife.net/install/composer/1.5.0.223/SLCmpser.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37865.7224884259
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0410.dll
    O16 - DPF: {A7798D6C-C6B5-4F26-9363-F7CDBBFFA607} (download Class) - http://www.gigex.com/ActiveX/vxpspeeddelivery.dll
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://www.wildtangent.com/install/wdriver/ddc/shockwave/blasterballwild/wtinst.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,11/mcgdmgr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.rightnowtech.com/sonystyle/sonystyle/rnt/rnl/java/RntX.cab
    O16 - DPF: {ECF5F2BD-C78B-4C6F-91BB-2A311FCCA4C7} (WTApp Class) - http://www.shockwave.com/content/combat_medic/CMonline.dll
    O16 - DPF: {FEC3E5A3-50F7-4B0C-97D8-01CF69DFBFC7} (Measurement Service Client) - http://ccon.madonion.com/global/msc.cab

    ***I ran spysweeper and this is the log in the next post (outa space) : ***
     
  2. cheese

    cheese Thread Starter

    Joined:
    Jun 22, 2003
    Messages:
    2,563
    ***Spysweeper***

    |··· Sunday, 19 October 2003 05:19 PM ···|
    Updating spy definitions
    Your spy definitions have been updated.
    05:20 PM Sweeping memory for active spies.
    Found: Memory-resident Spy Gator (GAIN), version 4.054
    Found: Memory-resident Spy WildTangent, version 1
    05:20 PM Memory sweep has completed.
    Found: Alexa Toolbar registry trace.
    Found: Altnet registry trace.
    Found: Altnet registry trace.
    Found: Brilliant Digital registry trace.
    Found: Brilliant Digital registry trace.
    Found: Brilliant Digital registry trace.
    Found: Delfin registry trace.
    Found: Downloadware registry trace.
    Found: EbayToolbar registry trace.
    Found: EbayToolbar registry trace.
    Found: EbayToolbar registry trace.
    Found: EbayToolbar registry trace.
    Found: EbayToolbar registry trace.
    Found: EbayToolbar registry trace.
    Found: EbayToolbar registry trace.
    Found: EbayToolbar registry trace.
    Found: EbayToolbar registry trace.
    Found: Gator (GAIN) registry trace.
    Found: Gator (GAIN) registry trace.
    Found: Gator (GAIN) registry trace.
    Found: Internet Washer registry trace.
    Found: SaveNow - WhenUSave registry trace.
    Found: SaveNow - WhenUSave registry trace.
    Found: SaveNow - WhenUSave registry trace.
    Found: VNC registry trace.
    Found: WeatherCast registry trace.
    Found: WildTangent registry trace.
    Found: WildTangent registry trace.
    Found: WildTangent registry trace.
    Found: WildTangent registry trace.
    Found: WildTangent registry trace.
    Found: WildTangent registry trace.
    Found: WildTangent registry trace.
    Found: WildTangent registry trace.
    05:21 PM Registry sweep completed.
    05:21 PM Full sweep on all local drives initiated.
    05:21 PM Now sweeping drive C:
    Found: Spy Gator (GAIN), version 4.054
    Found: Spy atdmt.com Cookie, version 1
    Found: Spy Family Sex Dialer, version 1
    Found: Spy EbayToolbar, version 1
    Found: Spy WildTangent, version 1
    Found: Gator (GAIN), version 4.054
    Found: Spy Gator (GAIN), version 4.054
    Found: WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Brilliant Digital, version
    Found: Brilliant Digital, version
    Found: Brilliant Digital, version
    Found: Spy Brilliant Digital, version
    Found: Spy Brilliant Digital, version
    Found: Spy Brilliant Digital, version
    Found: Spy Brilliant Digital, version
    Found: Spy Brilliant Digital, version
    Found: Spy EbayToolbar, version 1
    Found: Spy EbayToolbar, version 1
    Found: Spy EbayToolbar, version 1
    Found: Spy Crush, version 1
    Found: Spy Brilliant Digital, version
    Found: Spy TeenXXX (TinyBar), version 1
    Found: CommonName, version 3.3
    Found: Spy WildTangent, version 1
    Found: Spy Bullguard Popup Ad, version 3.3
    Found: WildTangent, version 1
    Found: WildTangent, version 1
    Found: WildTangent, version 1
    Found: Spy Alexa Toolbar, version 6.5
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    Found: Spy WildTangent, version 1
    05:48 PM Full Sweep has completed. Elapsed time 0 hours, 27 minutes, 30 seconds.
    Files swept: 60,592
    Spies Located: 1145
    Spy Sweeper quarantined: Alexa Toolbar
    Spy Sweeper quarantined registry traces of: Alexa Toolbar
    Spy Sweeper quarantined registry traces of: Altnet
    Spy Sweeper quarantined registry traces of: Altnet
    Spy Sweeper quarantined registry traces of: Altnet
    Spy Sweeper quarantined registry traces of: Altnet
    Spy Sweeper quarantined a cookie: atdmt.com Cookie
    Spy Sweeper quarantined: Brilliant Digital
    Spy Sweeper quarantined: Brilliant Digital
    Spy Sweeper quarantined: Brilliant Digital
    Spy Sweeper quarantined: Brilliant Digital
    Spy Sweeper quarantined: Brilliant Digital
    Spy Sweeper quarantined: Brilliant Digital
    Spy Sweeper quarantined: Brilliant Digital
    Spy Sweeper quarantined: Brilliant Digital
    Spy Sweeper quarantined: Brilliant Digital
    Spy Sweeper quarantined: Brilliant Digital
    Spy Sweeper quarantined: Brilliant Digital
    Spy Sweeper quarantined: Brilliant Digital
    Spy Sweeper quarantined: Brilliant Digital
    Spy Sweeper quarantined registry traces of: Brilliant Digital
    Spy Sweeper quarantined registry traces of: Brilliant Digital
    Spy Sweeper quarantined registry traces of: Brilliant Digital
    Spy Sweeper quarantined registry traces of: Brilliant Digital
    Spy Sweeper quarantined registry traces of: Brilliant Digital
    Spy Sweeper quarantined registry traces of: Brilliant Digital
    Spy Sweeper quarantined: Bullguard Popup Ad
    Spy Sweeper quarantined: CommonName
    Spy Sweeper quarantined: Crush
    Spy Sweeper quarantined registry traces of: Delfin
    Spy Sweeper quarantined registry traces of: Delfin
    Spy Sweeper quarantined registry traces of: Delfin
    Spy Sweeper quarantined registry traces of: Downloadware
    Spy Sweeper quarantined registry traces of: Downloadware
    Spy Sweeper quarantined registry traces of: Downloadware
    Spy Sweeper quarantined registry traces of: Downloadware
    Spy Sweeper quarantined: EbayToolbar
    Spy Sweeper quarantined: EbayToolbar
    Spy Sweeper quarantined: EbayToolbar
    Spy Sweeper quarantined: EbayToolbar
    Spy Sweeper quarantined registry traces of: EbayToolbar
    Spy Sweeper quarantined registry traces of: EbayToolbar
    Spy Sweeper quarantined registry traces of: EbayToolbar
    Spy Sweeper quarantined registry traces of: EbayToolbar
    Spy Sweeper quarantined registry traces of: EbayToolbar
    Spy Sweeper quarantined registry traces of: EbayToolbar
    Spy Sweeper quarantined registry traces of: EbayToolbar
    Spy Sweeper quarantined registry traces of: EbayToolbar
    Spy Sweeper quarantined registry traces of: EbayToolbar
    Spy Sweeper quarantined registry traces of: EbayToolbar
    Spy Sweeper quarantined registry traces of: EbayToolbar
    Spy Sweeper quarantined registry traces of: EbayToolbar
    Spy Sweeper quarantined registry traces of: EbayToolbar
    Spy Sweeper quarantined registry traces of: EbayToolbar
    Spy Sweeper quarantined registry traces of: EbayToolbar
    Spy Sweeper quarantined registry traces of: EbayToolbar
    Spy Sweeper quarantined registry traces of: EbayToolbar
    Spy Sweeper quarantined: Family Sex Dialer
    Spy Sweeper removed from memory: Gator (GAIN)
    Spy Sweeper quarantined: Gator (GAIN)
    Spy Sweeper quarantined: Gator (GAIN)
    Spy Sweeper quarantined: Gator (GAIN)
    Spy Sweeper quarantined: Gator (GAIN)
    Spy Sweeper quarantined: Gator (GAIN)
    Spy Sweeper quarantined: Gator (GAIN)
    Spy Sweeper quarantined: Gator (GAIN)
    Spy Sweeper quarantined: Gator (GAIN)
    Spy Sweeper quarantined registry traces of: Gator (GAIN)
    Spy Sweeper quarantined registry traces of: Gator (GAIN)
    Spy Sweeper quarantined registry traces of: Gator (GAIN)
    Spy Sweeper quarantined registry traces of: Gator (GAIN)
    Spy Sweeper quarantined registry traces of: Gator (GAIN)
    Spy Sweeper quarantined registry traces of: Gator (GAIN)
    Spy Sweeper quarantined registry traces of: Gator (GAIN)
    Spy Sweeper quarantined registry traces of: Gator (GAIN)
    Spy Sweeper quarantined registry traces of: Gator (GAIN)
    Spy Sweeper quarantined registry traces of: Gator (GAIN)
    Spy Sweeper quarantined registry traces of: Gator (GAIN)
    Spy Sweeper quarantined registry traces of: Gator (GAIN)
    Spy Sweeper quarantined registry traces of: Gator (GAIN)
    Spy Sweeper quarantined registry traces of: Gator (GAIN)
    Spy Sweeper quarantined registry traces of: Gator (GAIN)
    Spy Sweeper quarantined registry traces of: Gator (GAIN)
    Spy Sweeper quarantined registry traces of: Gator (GAIN)
    Spy Sweeper quarantined registry traces of: Gator (GAIN)
    Spy Sweeper quarantined registry traces of: Gator (GAIN)
    Spy Sweeper quarantined registry traces of: Internet Washer
    Spy Sweeper quarantined registry traces of: SaveNow - WhenUSave
    Spy Sweeper quarantined registry traces of: SaveNow - WhenUSave
    Spy Sweeper quarantined registry traces of: SaveNow - WhenUSave
    Spy Sweeper quarantined registry traces of: SaveNow - WhenUSave
    Spy Sweeper quarantined registry traces of: SaveNow - WhenUSave
    Spy Sweeper quarantined registry traces of: SaveNow - WhenUSave
    Spy Sweeper quarantined registry traces of: SaveNow - WhenUSave
    Spy Sweeper quarantined registry traces of: SaveNow - WhenUSave
    Spy Sweeper quarantined registry traces of: SaveNow - WhenUSave
    Spy Sweeper quarantined registry traces of: SaveNow - WhenUSave
    Spy Sweeper quarantined registry traces of: SaveNow - WhenUSave
    Spy Sweeper quarantined registry traces of: SaveNow - WhenUSave
    Spy Sweeper quarantined registry traces of: SaveNow - WhenUSave
    Spy Sweeper quarantined registry traces of: SaveNow - WhenUSave
    Spy Sweeper quarantined registry traces of: SaveNow - WhenUSave
    Spy Sweeper quarantined registry traces of: SaveNow - WhenUSave
    Spy Sweeper quarantined registry traces of: SaveNow - WhenUSave
    Spy Sweeper quarantined registry traces of: SaveNow - WhenUSave
    Spy Sweeper quarantined registry traces of: SaveNow - WhenUSave
    Spy Sweeper quarantined registry traces of: SaveNow - WhenUSave
    Spy Sweeper quarantined registry traces of: SaveNow - WhenUSave
    Spy Sweeper quarantined registry traces of: SaveNow - WhenUSave
    Spy Sweeper quarantined registry traces of: SaveNow - WhenUSave
    Spy Sweeper quarantined registry traces of: SaveNow - WhenUSave
    Spy Sweeper quarantined registry traces of: SaveNow - WhenUSave
    Spy Sweeper quarantined registry traces of: SaveNow - WhenUSave
    Spy Sweeper quarantined registry traces of: SaveNow - WhenUSave
    Spy Sweeper quarantined registry traces of: SaveNow - WhenUSave
    Spy Sweeper quarantined: TeenXXX (TinyBar)
    Spy Sweeper quarantined registry traces of: VNC
    Spy Sweeper quarantined registry traces of: VNC
    Spy Sweeper quarantined registry traces of: VNC
    Spy Sweeper quarantined registry traces of: VNC
    Spy Sweeper quarantined registry traces of: VNC
    Spy Sweeper quarantined registry traces of: VNC
    Spy Sweeper quarantined registry traces of: VNC
    Spy Sweeper quarantined registry traces of: VNC
    Spy Sweeper quarantined registry traces of: VNC
    Spy Sweeper quarantined registry traces of: VNC
    Spy Sweeper quarantined registry traces of: VNC
    Spy Sweeper quarantined registry traces of: WeatherCast
    Spy Sweeper quarantined registry traces of: WeatherCast
    Spy Sweeper quarantined registry traces of: WeatherCast
    Spy Sweeper quarantined registry traces of: WeatherCast
    Spy Sweeper quarantined registry traces of: WeatherCast
    Spy Sweeper quarantined registry traces of: WeatherCast
    Spy Sweeper quarantined registry traces of: WeatherCast
    Spy Sweeper quarantined registry traces of: WeatherCast
    Spy Sweeper quarantined registry traces of: WeatherCast
    Spy Sweeper quarantined registry traces of: WeatherCast
    Spy Sweeper quarantined registry traces of: WeatherCast
    Spy Sweeper quarantined registry traces of: WeatherCast
    Spy Sweeper quarantined registry traces of: WeatherCast
    Spy Sweeper quarantined registry traces of: WeatherCast
    Spy Sweeper quarantined registry traces of: WeatherCast
    Spy Sweeper quarantined registry traces of: WeatherCast
    Spy Sweeper quarantined registry traces of: WeatherCast
    Spy Sweeper quarantined registry traces of: WeatherCast
    Spy Sweeper quarantined registry traces of: WeatherCast
    Spy Sweeper removed from memory: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper quarantined registry traces of: WildTangent
    Spy Sweeper removed a folder: c:\program files\wildtangent\apps\gamechannel\notifications\{0x64050040101}\images
    Spy Sweeper removed a folder: c:\program files\wildtangent\apps\gamechannel\notifications\{0x64050040100}\images
    Spy Sweeper removed a folder: c:\program files\wildtangent\apps\gamechannel\notifications\{0x64050040101}
    Spy Sweeper removed a folder: c:\program files\wildtangent\apps\gamechannel\notifications\{0x64050040100}
    Spy Sweeper removed a folder: c:\program files\wildtangent\apps\gamechannel\data\html\help\images
    Spy Sweeper removed a folder: c:\program files\wildtangent\apps\gamechannel\data\html\images
    Spy Sweeper removed a folder: c:\program files\wildtangent\apps\gamechannel\data\html\help
    Spy Sweeper removed a folder: c:\program files\wildtangent\apps\gamechannel\notifications
    Spy Sweeper removed a folder: c:\windows\wt\wtupdates\wtwebdriver\files\3.2.0.007\legacy
    Spy Sweeper removed a folder: c:\windows\wt\wtupdates\wtwebdriver\files\3.1.0.037\legacy
    Spy Sweeper removed a folder: c:\windows\wt\wtupdates\wtwebdriver\files\3.0.0.173\legacy
    Spy Sweeper removed a folder: c:\windows\wt\wtupdates\wtwebdriver\files\2.2.0.100\legacy
    Spy Sweeper removed a folder: c:\program files\wildtangent\apps\gamechannel\games\legacy
    Spy Sweeper removed a folder: c:\program files\wildtangent\apps\gamechannel\data\html
    Spy Sweeper removed a folder: c:\program files\wildtangent\apps\gamechannel\data\ui
    Spy Sweeper removed a folder: c:\windows\wt\wtupdates\wtwebdriver\files\3.2.0.007
    Spy Sweeper removed a folder: c:\windows\wt\wtupdates\wtwebdriver\files\3.1.0.037
    Spy Sweeper removed a folder: c:\windows\wt\wtupdates\wtwebdriver\files\3.0.0.173
    Spy Sweeper removed a folder: c:\windows\wt\wtupdates\wtwebdriver\files\2.2.0.100
    Spy Sweeper removed a folder: c:\program files\wildtangent\lfs\system\lfsregistry
    Spy Sweeper removed a folder: c:\program files\wildtangent\apps\gamechannel\games
    Spy Sweeper removed a folder: c:\program files\wildtangent\apps\gamechannel\data
    Spy Sweeper removed a folder: c:\windows\wt\wtupdates\wtwebdriver\update_info
    Spy Sweeper removed a folder: c:\windows\wt\wtupdates\wtbgm\files\1.5.1.019
    Spy Sweeper removed a folder: c:\program files\wildtangent\apps\gamechannel
    Spy Sweeper removed a folder: c:\windows\wt\wtupdates\wtwebdriver\files
    Spy Sweeper removed a folder: c:\windows\wt\wtupdates\wtbgm\update_info
    Spy Sweeper removed a folder: c:\program files\wildtangent\lfs\download
    Spy Sweeper removed a folder: c:\program files\wildtangent\lfs\system
    Spy Sweeper removed a folder: c:\program files\wildtangent\components
    Spy Sweeper removed a folder: c:\program files\wildtangent\lfs\cache
    Spy Sweeper removed a folder: c:\program files\wildtangent\lfs\temp
    Spy Sweeper removed a folder: c:\windows\bde\movies\bethecasinosky
    Spy Sweeper removed a folder: c:\windows\wt\wtupdates\wtwebdriver
    Spy Sweeper removed a folder: c:\windows\wt\wtupdates\wtbgm\files
    Spy Sweeper removed a folder: c:\windows\bde\movies\goldenstarsky
    Spy Sweeper removed a folder: c:\windows\bde\movies\reefclub_sky
    Spy Sweeper removed a folder: c:\windows\wt\wtupdates\wtupdater
    Spy Sweeper removed a folder: c:\program files\wildtangent\apps
    Spy Sweeper removed a folder: c:\windows\bde\movies\casinosky2
    Spy Sweeper removed a folder: c:\program files\wildtangent\lfs
    Spy Sweeper removed a folder: c:\windows\bde\movies\casinosky
    Spy Sweeper removed a folder: c:\program files\precisiontime
    Spy Sweeper removed a folder: c:\windows\wt\wtupdates\wtisa
    Spy Sweeper removed a folder: c:\windows\wt\wtupdates\wtbgm
    Spy Sweeper removed a folder: c:\program files\wildtangent
    Spy Sweeper removed a folder: c:\windows\bde\movies\ds03
    Spy Sweeper removed a folder: c:\windows\wt\wtupdates
    Spy Sweeper removed a folder: c:\windows\wt\webdriver
    Spy Sweeper removed a folder: c:\windows\temp\adware
    Spy Sweeper removed a folder: c:\windows\wt\updater
    Spy Sweeper removed a folder: c:\windows\bde\movies
    Spy Sweeper removed a folder: c:\windows\bde\mskin
    Spy Sweeper removed a folder: c:\windows\bde\cache
    Spy Sweeper removed a folder: c:\windows\bde
    As you can see in that log file, there was some "porn" type things, including a dialer. (deleted some of the same traces, such as wildtanget so it could fit, alot of the same) Which came form that file i bet. It removed them all but is there any other way i can make sure its all gone? I know i have to reinstall NAV....but do you know how to make sure it all is gone? Thanx
     
  3. cheese

    cheese Thread Starter

    Joined:
    Jun 22, 2003
    Messages:
    2,563
    Ok, i tried to reisntall NAV , when the installer loads it goes for awile and then exits. Then i went to Taskmanager and that keke22.exe (exact filename) was running again! so i end taks it and its installingfine. How can i get rid of it?
     
  4. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Run Hijack This again and put a check by these. Close all browser windows and "Fix checked"

    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

    O4 - HKLM\..\Run: [kekget] c:\windows\system32\keke22.exe

    Restart your computer.

    Navigate to c:\windows\system32 and locate the keke22.exe
    file copy it then rename it to keke22.old.

    Then please surf to http://www.kaspersky.com/remoteviruschk.html
    and upload keke22.exe and see what it finds.
     
  5. cheese

    cheese Thread Starter

    Joined:
    Jun 22, 2003
    Messages:
    2,563
    Current object: keke22.exe


    keke22.exe Packed: UPX
    keke22.exe Infected: Backdoor.Optix.Pro.13

    Statistics:

    --------------------------------------------------------------------------------
    Known viruses: 75836 Updated: 20.10.2003
    File size (Kb): 333 Scan time: 00:00:01
    Speed (Kb/sec): 333 Virus bodies: 1
    Archives: 0 Packed: 1
    Folders: 0 Files: 1
    Suspicious: 0 Warnings: 0

    What do i do? Im suprised NAV didnt pick it up.

    Also there was a file called "KEKE22.EXE-0474F939.pf" that came up in search results. I have both in recycle bin just in case. What do i do?
     
  6. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Delete them.
     
  7. cheese

    cheese Thread Starter

    Joined:
    Jun 22, 2003
    Messages:
    2,563
    Wow, why couldent i think of that? I went to the symantec security page for it. I looked in the registry for those files, not there :) I did more than delete, i "windows washed shredded" it. Also when u go to google and type the name of it in, it shwos a page with the creator and stuff of it. Isint that illegal?
     
  8. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    So I assume you're set.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/173175

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice