trojan 404dns

Computing.Net > Forums > Security and Virus > trojan 404dns

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

trojan 404dns

Name: chico69
Date: June 11, 2006 at 13:31:25 Pacific
OS: windows xp service pack 2
CPU/Ram: 2.00 ghz 1.00 gb of ram
Product: amd Athlon 64 processor

Comment:

mcafee virus scan is telling me that my computer is infected by the trojan 404dns and it is deleted but every 10 minutes de same message is coming back. When i open explorer i go to an anti virus site that i dont what to go. What can i do
Thanks
Chico69

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: June 11, 2006 at 14:31:43 Pacific

Reply:

If the moderator deletes this post, repost after it is deleted and state only the problem, no log untill requested please.
Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified.
Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by "Create a desktop icon" then click "Next" again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click "Finish" and it will launch Hijack This.
Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread.
Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.
Please download SmitRemFix from this link http://siri.geekstogo.com/SmitfraudFix.php Then extract the contents to your desktop.
Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing " Y " and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if "wininet.dll " is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing "Y" and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt and a second hijack this log.
Remember, if the post gets deleted post back and state only the problem.

Response Number 2

Name: chico69
Date: June 12, 2006 at 13:19:11 Pacific

Reply:

Logfile of HijackThis v1.99.1
Scan saved at 22:18:04, on 2006-06-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\CTHELPER.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
C:\Program Files\Plextor\PlexTool.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
c:\program files\mcafee.com\shared\mcinfo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: InterPay Shared Browser Helper Object - {43872F3D-F7C8-4fa6-BE94-B3C263C1E2A9} - C:\WINDOWS\System32\BhoIPay.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SuperBar - {D7EFC9B6-DD19-4746-932D-0D6ED545A2E0} - C:\Program Files\_SUPERBAR\_SUPERBAR.dll (file missing)
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [CTHelper] CTHELPER.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: PlexTools Professional.lnk = C:\Program Files\Plextor\PlexTool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0990D180-4226-4530-9777-AB82315505B9} - https://wallet.interpay.nl/Vcarddownload/oinstall.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - http://secure.ingbank.nl/download/DigiSign.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4474/mcfscan.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Chico69

Response Number 3

Name: chico69
Date: June 12, 2006 at 13:33:43 Pacific

Reply:

SmitFraudFix v2.59
Scan done at 22:26:33,43, 2006-06-12
Run from C:\Documents and Settings\Crazy-Canuks\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8dc1f789-e073-4363-b40d-07376bc5ecc5}"="articulation"
[HKEY_CLASSES_ROOT\CLSID\{8dc1f789-e073-4363-b40d-07376bc5ecc5}\InProcServer32]
@="C:\WINDOWS\system32\hzclqhc.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{8dc1f789-e073-4363-b40d-07376bc5ecc5}\InProcServer32]
@="C:\WINDOWS\system32\hzclqhc.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
Problem while deleting C:\WINDOWS\system32\atmclk.exe
Problem while deleting C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\dxole32.exe Deleted
Problem while deleting C:\WINDOWS\system32\hp???.tmp
Problem while deleting C:\WINDOWS\system32\hp????.tmp
Problem while deleting C:\WINDOWS\system32\ld????.tmp
C:\WINDOWS\system32\ot.ico Deleted
Problem while deleting C:\WINDOWS\system32\regperf.exe
C:\WINDOWS\system32\simpole.tlb Deleted
Problem while deleting C:\WINDOWS\system32\stdole3.tlb
C:\WINDOWS\system32\ts.ico Deleted
Problem while deleting C:\WINDOWS\system32\1024
C:\DOCUME~1\CRAZY-~1\FAVORI~1\Antivirus Test Online.url Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
C:\WINDOWS\system32\hzclqhc.dll -> Missing File

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8dc1f789-e073-4363-b40d-07376bc5ecc5}"="articulation"
[HKEY_CLASSES_ROOT\CLSID\{8dc1f789-e073-4363-b40d-07376bc5ecc5}\InProcServer32]
@="C:\WINDOWS\system32\hzclqhc.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{8dc1f789-e073-4363-b40d-07376bc5ecc5}\InProcServer32]
@="C:\WINDOWS\system32\hzclqhc.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Reboot
C:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp???.tmp Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
»»»»»»»»»»»»»»»»»»»»»»»» End
Chico69

Response Number 4

Name: jabuck
Date: June 12, 2006 at 20:00:39 Pacific

Reply:

Run smitfruad fix once more as follows.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the "SmitfraudFix" folder again and double-click "smitfraudfix.cmd"
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing " Y " and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if "wininet.dll " is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing "Y" and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt.
We will need a few tools.
Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ Don't run it yet
Download Ewido Security Suite then set it up this way Ewido Setup Instructions Don't run it yet
Be sure to update Ewido
Next reboot into safe mode.
I would suggest that you go to start>control panel> add/remove programs and uninstall these programs as they are known to harbor spyware:
MyWebSearch
MyWeb
Limewire
Run Hijack this from safe mode, close allwindows except HT, place a check to the left of the following items and press "fix checked":
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
Exit Hijack This
Run Ewido from safe mode and let it delete all that it finds.
Run ATF-Cleaner from safe mode. Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Post a new Hijack This log.
Then, run this free online scan from Panda
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to the desktop, then copy/paste into the text editor and post it.

Response Number 5

Name: chico69
Date: June 13, 2006 at 01:28:34 Pacific

Reply:

Thanks a lot Jabuck I relly appreciate that help
SmitFraudFix v2.59
Scan done at 10:18:41,57, 2006-06-13
Run from C:\Documents and Settings\Crazy-Canuks\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8dc1f789-e073-4363-b40d-07376bc5ecc5}"="articulation"
[HKEY_CLASSES_ROOT\CLSID\{8dc1f789-e073-4363-b40d-07376bc5ecc5}\InProcServer32]
@="C:\WINDOWS\system32\hzclqhc.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{8dc1f789-e073-4363-b40d-07376bc5ecc5}\InProcServer32]
@="C:\WINDOWS\system32\hzclqhc.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\1024\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
C:\WINDOWS\system32\hzclqhc.dll -> Missing File

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8dc1f789-e073-4363-b40d-07376bc5ecc5}"="articulation"
[HKEY_CLASSES_ROOT\CLSID\{8dc1f789-e073-4363-b40d-07376bc5ecc5}\InProcServer32]
@="C:\WINDOWS\system32\hzclqhc.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{8dc1f789-e073-4363-b40d-07376bc5ecc5}\InProcServer32]
@="C:\WINDOWS\system32\hzclqhc.dll"
»»»»»»»»»»»»»»»»»»»»»»»» End
Chico69

InCD AHEAD rollercoaster tycoon 3 patch xjis.nls download	atlas dmt cookie xjis.nls download KB898461
See More

Response Number 6

Name: chico69
Date: June 13, 2006 at 03:03:49 Pacific

Reply:

One more log
Thx again
Logfile of HijackThis v1.99.1
Scan saved at 11:57:16, on 2006-06-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: InterPay Shared Browser Helper Object - {43872F3D-F7C8-4fa6-BE94-B3C263C1E2A9} - C:\WINDOWS\System32\BhoIPay.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SuperBar - {D7EFC9B6-DD19-4746-932D-0D6ED545A2E0} - C:\Program Files\_SUPERBAR\_SUPERBAR.dll (file missing)
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: PlexTools Professional.lnk = C:\Program Files\Plextor\PlexTool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0990D180-4226-4530-9777-AB82315505B9} - https://wallet.interpay.nl/Vcarddownload/oinstall.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - http://secure.ingbank.nl/download/DigiSign.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4474/mcfscan.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Chico69

Response Number 7

Name: jabuck
Date: June 13, 2006 at 03:36:23 Pacific

Reply:

Looks a lot better, but it is best to follow up with an online scan like Panda.

Response Number 8

Name: chico69
Date: June 13, 2006 at 04:01:39 Pacific

Reply:

Hi again
It seems I still have 7 problems
Thx
Incident Status Location
Adware:Adware/EMediaCodec Not disinfected C:\Documents and Settings\Crazy-Canuks\Application Data\Mozilla\Firefox\Profiles\default.2gc\Cache\E968CB8Ad01
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Crazy-Canuks\Desktop\SmitfraudFix\Process.exe
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Distribution.dll.049
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Windows.dll.075
Adware:Adware/EMediaCodec Not disinfected C:\Program Files\Media-Codec\uninst.exe
Adware:adware/gator Not disinfected C:\WINDOWS\GatorPdpSetup.log
Adware:Adware/Twain-Tech Not disinfected C:\WINDOWS\inf\twaintec.inf
Adware:adware/ncase Not disinfected C:\WINDOWS\msbb.log

Chico69

Response Number 9

Name: jabuck
Date: June 13, 2006 at 15:42:52 Pacific

Reply:

Download killbox to your desktop from this link Killbox
Reboot into safe mode.
Run Killbox. Double-click on Killbox.exe to run it.
Put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time.
C:\WINDOWS\msbb.log
C:\WINDOWS\inf\twaintec.inf
C:\WINDOWS\GatorPdpSetup.log
C:\Program Files\Media-Codec\uninst.exe
C:\Program Files\Common Files\Totem Shared\Update\Windows.dll.075
C:\Program Files\Common Files\Totem Shared\Update\Distribution.dll.049
C:\Documents and Settings\Crazy-Canuks\Application Data\Mozilla\Firefox\Profiles\default.2gc\Cache\E968CB8Ad01

Click on the button that has the red circle with the X in the middle after you enter each file.
It will ask for confimation to delete the file.
Click Yes.
Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
While still in safe mode navigate to and delete these folders if found:
C:\Program Files\Common Files\Totem Shared
C:\Program Files\Media-Codec
Please run a new Panda scan and post the results.

Response Number 10

Name: chico69
Date: June 14, 2006 at 03:09:55 Pacific

Reply:

One more Panda scan
Incident Status Location
Adware:Adware/Twain-Tech Not disinfected C:\!KillBox\twaintec.inf
Adware:Adware/EMediaCodec Not disinfected C:\!KillBox\uninst.exe
Adware:Adware/IST.ISTBar Not disinfected C:\!KillBox\Update\Distribution.dll.049
Adware:Adware/IST.ISTBar Not disinfected C:\!KillBox\Windows.dll
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Crazy-Canuks\Application Data\Mozilla\Firefox\Profiles\default.2gc\cookies.txt[.2o7.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Crazy-Canuks\Application Data\Mozilla\Firefox\Profiles\default.2gc\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Crazy-Canuks\Application Data\Mozilla\Firefox\Profiles\default.2gc\cookies.txt[.bluestreak.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Crazy-Canuks\Application Data\Mozilla\Firefox\Profiles\default.2gc\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Crazy-Canuks\Application Data\Mozilla\Firefox\Profiles\default.2gc\cookies.txt[.xiti.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Crazy-Canuks\Application Data\Mozilla\Firefox\Profiles\default.2gc\cookies.txt[.belnk.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Crazy-Canuks\Application Data\Mozilla\Firefox\Profiles\default.2gc\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Crazy-Canuks\Application Data\Mozilla\Firefox\Profiles\default.2gc\cookies.txt[.bravenet.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Crazy-Canuks\Application Data\Mozilla\Firefox\Profiles\default.2gc\cookies.txt[.toplist.cz/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Crazy-Canuks\Application Data\Mozilla\Firefox\Profiles\default.2gc\cookies.txt[.maxserving.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Crazy-Canuks\Cookies\crazy-canuks@atdmt[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Crazy-Canuks\Cookies\crazy-canuks@bluestreak[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Crazy-Canuks\Cookies\crazy-canuks@doubleclick[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Crazy-Canuks\Cookies\crazy-canuks@tribalfusion[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Crazy-Canuks\Desktop\SmitfraudFix\Process.exe
Adware:adware/gator Not disinfected C:\WINDOWS\GatorUninstaller_cme.log
Adware:adware/ncase Not disinfected C:\WINDOWS\msbbau.dat

Chico69

Response Number 11

Name: jabuck
Date: June 14, 2006 at 03:57:26 Pacific

Reply:

Reboot into safe mode:
Go to start>run>add/remove programs>scroll down to and uninsatll these programs if found:
180 Search Assistant
180Solutions
Gator
Gain
Navigate and delete these files if found:
C:\WINDOWS\system32\msbb.exe
C:\WINDOWS\msbbau.dat
Navigate to and delete these folders if found:
C:\Program Files\ncase
C:\Program Files\180 solutions
C:\Program Files\CME
Run Ewido from safe mode.When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop.
Please reboot into normal mode and post the ewido log.

Response Number 12

Name: chico69
Date: June 14, 2006 at 15:14:27 Pacific

Reply:

thx alot lot lot

ewido anti-malware - Scan report

+ Created on: 00:11:07, 2006-06-15
+ Report-Checksum: FF334D60
+ Scan result:
:mozilla.9:C:\!KillBox\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.12:C:\!KillBox\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.15:C:\!KillBox\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\!KillBox\uninst.exe -> Downloader.Zlob.sh : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Crazy-Canuks\Application Data\Mozilla\Firefox\Profiles\default.2gc\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

::Report End
Chico69

Response Number 13

Name: jabuck
Date: June 14, 2006 at 15:28:06 Pacific

Reply:

That looks much better. Navigate to C:\!KillBox and delete the contents of that folder. Then empty the recycle bin.
Please post one more Panda scan.
Are you running better?

Response Number 14

Name: chico69
Date: June 19, 2006 at 07:57:04 Pacific

Reply:

Hi again
I was away all weekend!
My computer run now faster.From all the programs I download, is there one I should buy to complete my system. I have Mcafee antivirus, Alarm Suite firewall and i use once in a while ad-aware from Lavasoft.I even use system optimizer on top of that It seems that my system didn't detect the Trojan
Thx
Incident Status Location
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Crazy-Canuks\Cookies\crazy-canuks@tribalfusion[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Crazy-Canuks\Desktop\SmitfraudFix\Process.exe
Adware:adware/ncase Not disinfected C:\WINDOWS\msbb_kyf.dat
Chico69

Response Number 15

Name: jabuck
Date: June 20, 2006 at 14:44:52 Pacific

Reply:

You still have one baddie, ncase. Please run Hijack This>click the "open misc tools section" button> click "open uninstall manager">click save list >save >copy/paste this into your next post.

Response Number 16

Name: chico69
Date: June 20, 2006 at 15:39:18 Pacific

Reply:

1Click DVD Ripper 2.03
Ad-aware 6 Professional
Adobe Acrobat 5.0
Adobe Photoshop 7.0
Advanced System Optimizer 2.01.2
Ahead InCD
Ahead InCD EasyWrite Reader
ASUS Enhanced Display Driver
ASUS Enhanced Display Driver
ASUS SmartDoctor
ATI - Utilitaire de désinstallation du logiciel
ATI Control Panel
ATI Display Driver
Bug Doctor 3.0.3.8
Business Card Designer Plus 2000
DVD Solution
ewido anti-malware
Hijackthis 1.99.1
HijackThis 1.99.1
Hollywood FX 5.5 Additional Effects
Hollywood FX Pack 26 - Extra FX
hp officejet g series
iCD CoolBeLa
iDisk Utility for Windows
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.1_01
Java Web Start
Kaspersky On-line Scanner
LimeShop
Logitech iTouch-software
Logitech MouseWare 9.79.1
Macromedia Flash Player 8
McAfee SecurityCenter
McAfee VirusScan
Media-Codec 4.0
Microsoft Data Access Components KB870669
Microsoft Office XP Professional with FrontPage
Microsoft Office XP Standard
Mozilla Firefox (1.0.7)
Mozilla Thunderbird (1.0.2)
Nero - Burning Rom
Outlook2Mac 1.04 (Outlook 2002/XP)
Panda ActiveScan
Pinnacle Hollywood FX for Studio
PlexTools Professional V2.18
PowerDVD
PowerProducer
proDAD Heroglyph 1.0
QuickTime
RollerCoaster Tycoon® 3
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
SmartSound Quicktracks Plugin
Studio 9
Studio 9 Content CD/DVD
Studio 9.4 Patch
Unreal Tournament G.O.T.Y. Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
VIA Integrated Setup Wizard
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
Wolfenstein - Enemy Territory
ZoneAlarm Pro
Chico69

Response Number 17

Name: jabuck
Date: June 20, 2006 at 17:57:47 Pacific

Reply:

Reboot into safe mode:
Go to start>control panel>add/remove programs and uninstall these items:
Media-Codec 4.0 (spyware)
Java 2 Runtime Environment, SE v1.4.1_01 (Old java, you have updated)
LimeShop (suggest removal)
Navigate to and delete these:
C:\Program Files\Media-Codec Folder
C:\WINDOWS\msbb_kyf.dat File
Please post a new Panda log.

Response Number 18

Name: chico69
Date: June 21, 2006 at 15:35:35 Pacific

Reply:

Incident Status Location
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Crazy-Canuks\Application Data\Mozilla\Firefox\Profiles\default.2gc\cookies.txt[.2o7.net/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Crazy-Canuks\Desktop\SmitfraudFix\Process.exe

Chico69

Response Number 19

Name: jabuck
Date: June 21, 2006 at 18:50:20 Pacific

Reply:

Looks clean to me. Just cookies and the smitfruadfix tool.
You might consider installing "spywareblaster". Just do a google search for it for more info.

Response Number 20

Name: Ryan-927
Date: August 8, 2006 at 15:04:48 Pacific

Reply:

I have this same problem, so I followed the steps jabuck's listed, and now my internet goes to the correct home page. No more 404dns. I am at the step where jabucks said to update ewido, but I am unable to update it, and I dont know why. It says "failed to connect to server update.ewido.net" My internet works fine, so I dont see why I cant update. Can you help me jabuck?

Sponsored Link

Ads by Google

Virus Alert Popup!

Removal of BDS/Ruledor.j....

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: trojan 404dns

404dns trojan

Summary

www.computing.net/answers/security/404dns-trojan/19182.html

trojans everywhere

Summary

www.computing.net/answers/security/trojans-everywhere/18760.html

backdoor.trojan

Summary

www.computing.net/answers/security/backdoortrojan/265.html

From the Geek Dictionary
FLAC - Stands for Free Lossless Audio Codec FLAC is an audio format that ...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 2 Days.
Discuss in The Lounge
Poll History

Recent Posts
logging out of hotmail

computer sound wont work

Problem assigning permissions

problem with cookies

COD MW2 problem.

All Awaiting Reply

Tom's News
Guy Quits Job With Error Message

News Corp Rivals Threaten to De-list from Google

Google, Tivo Team Up to Track Ad Viewing Habits

Verizon Takes on Sprint's 3G Network (And Wins)

Atari Brings Reto Games Online for Free

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE