cqcacya.exe file

Hewlett-packard / Dx 2200
August 2, 2009 at 08:13:17
Specs: Windows XP
After a scan with Hijackthis I found three suspect files, the system appears to slow down, what shall I do?
Thanks

prl


See More: cqcacya.exe file

Report •


#1
August 2, 2009 at 08:55:57

Report •

#2
August 2, 2009 at 09:14:16
Hallo jdk,
with Zonealarm I found Skim-Trim A (seem to be removed) then I made a scan with stopzilla finding Advertool (worm), ExecVariant.C (Trojan) and ExecVariant.D (Adware) they were not removed (needing registration).
Thanks for your help!

prl


Report •

#3
August 2, 2009 at 09:17:36
Download and run Kaspersky AVP tool in safe mode: http://devbuilds.kaspersky-labs.com...
Once you download and start the tool in safe mode:
# Check below options:

    * Select all the objects/places to be scanned. 

# Click Scan
# Fix what it detects
# Zip/Rar Scan log/Summary and upload it to rapidshare.com. Post download link in your next message.

Illustrated tutorial: http://img32.imageshack.us/img32/76...

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

Related Solutions

#4
August 2, 2009 at 09:27:01
Sorry jdk,
I have Avast as antivirus with Zonealarm as firewall and Spywareblaster. Do you think it's a good protection?

prl


Report •

#5
August 2, 2009 at 10:35:11
Follow Response Number 3 and post required log.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#6
August 2, 2009 at 13:12:59
Here is the link to the log file:

http://rapidshare.com/files/2629829...

Bye

prl


Report •

#7
August 2, 2009 at 15:05:10
Follow:
1) Install, update database and run full scan with Malwarebytes' Anti-Malware. Attach malwarebyte full scan log, fix anything detected.

2) Run full Scan with SuperAntispyware : http://www.superantispyware.com/dow... . Fix what it detects and post summary scan log.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#8
August 3, 2009 at 12:26:01
Hallo jdk, all done, here attached the two logs:

Malwarebytes' Anti-Malware 1.39
Versione del database: 2548
Windows 5.1.2600 Service Pack 3

03/08/2009 19.40.34
mbam-log-2009-08-03 (19-40-32).txt

Tipo di scansione: Scansione completa (C:\|I:\|J:\|L:\|)
Elementi scansionati: 290615
Tempo trascorso: 1 hour(s), 50 minute(s), 16 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 1
Elementi dato del registro infetti: 3
Cartelle infette: 0
File infetti: 3

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cqcacya (Trojan.Agent.H) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
c:\documents and settings\administrator\impostazioni locali\dati applicazioni\cqcacya.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\Desktop\Official-eMule_setup.exe (Adware.Navipromo) -> Quarantined and deleted successfully.
l:\maxtor backup\org-e0890d39598\C\documents and settings\administrator\Desktop\Official-eMule_setup.exe (Adware.Navipromo) -> Quarantined and deleted successfully.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/03/2009 at 08:57 PM

Application Version : 4.27.1000

Core Rules Database Version : 4033
Trace Rules Database Version: 1973

Scan type : Complete Scan
Total Scan Time : 01:02:42

Memory items scanned : 578
Memory threats detected : 0
Registry items scanned : 5595
Registry threats detected : 0
File items scanned : 32594
File threats detected : 40

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.mediaon[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media.intelia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tracking.publicidees[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@77tracking[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.ontecnia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.zanox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertstream[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver.aol[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@iacas.adbureau[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imrworldwide[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@clickpoint[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.payclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.addfreestats[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stopzilla[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adv.oliviero[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.stopzilla[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@zanox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@toplist[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserving.favorit-network[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.partynight[2].txt

Unclassified.SpywareBot (Not A Threat)
L:\CASA\D\DOCUMENTI\0-PIGI\PROGRAMMI\PC GESTIONE\ANTI SPYWARE\SETUP.EXE
L:\CASA\D\DOCUMENTI\0-PIGI\PROGRAMMI\PC GESTIONE\SPYWAREBOT\SPYWAREBOT.EXE
L:\CASA\HISTORY\LEVEL2\D\DOCUMENTI\0-PIGI\PROGRAMMI\PC GESTIONE\ANTI SPYWARE\SETUP.EXE
L:\CASA\HISTORY\LEVEL2\D\DOCUMENTI\0-PIGI\PROGRAMMI\PC GESTIONE\SPYWAREBOT\SPYWAREBOT.EXE
L:\DOCUMENTI\0-PIGI\PROGRAMMI\PC GESTIONE\ANTI SPYWARE\SETUP.EXE
L:\DOCUMENTI\0-PIGI\PROGRAMMI\PC GESTIONE\SPYWAREBOT\SPYWAREBOT.EXE
L:\MAXTOR BACKUP\ORG-E0890D39598\HISTORY\LEVEL2\J\DOCUMENTI\0-PIGI\PROGRAMMI\PC GESTIONE\ANTI SPYWARE\SETUP.EXE
L:\MAXTOR BACKUP\ORG-E0890D39598\HISTORY\LEVEL2\J\DOCUMENTI\0-PIGI\PROGRAMMI\PC GESTIONE\SPYWAREBOT\SPYWAREBOT.EXE
L:\PCFISSO BACK UP VECCHIO PC 2009 06\D\DOCUMENTI\0-PIGI\PROGRAMMI\PC GESTIONE\ANTI SPYWARE\SETUP.EXE
L:\PCFISSO BACK UP VECCHIO PC 2009 06\D\DOCUMENTI\0-PIGI\PROGRAMMI\PC GESTIONE\SPYWAREBOT\SPYWAREBOT.EXE

prl


Report •

#9
August 3, 2009 at 12:50:49
Update your malwarebytes database and run full scan again.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#10
August 3, 2009 at 21:22:17
Hallo jdk,
malwarebytes found and deleted still one infected file, log attached.
Next step? Many thanks.

Malwarebytes' Anti-Malware 1.40
Versione del database: 2551
Windows 5.1.2600 Service Pack 3

04/08/2009 6.16.55
mbam-log-2009-08-04 (06-16-55).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|F:\|G:\|I:\|J:\|K:\|L:\|)
Elementi scansionati: 298090
Tempo trascorso: 1 hour(s), 52 minute(s), 43 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
L:\System Volume Information\_restore{37252BDD-A81B-40D3-9CD5-1A2F17612D44}\RP66\A0022506.exe (Adware.Navipromo) -> Quarantined and deleted successfully.

prl


Report •

#11
August 3, 2009 at 21:30:57
How is your system running now? Any more malware related problems?

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#12
August 3, 2009 at 21:40:01
Now it seems ok, have we finished?
Many thanks again.

prl


Report •

#13
August 4, 2009 at 10:39:11
Hallo jdk,
only one question: with hijakthis I found this suspect:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

What do you think?
Many thanks again.

prl


Report •

#14
Report •


Ask Question