Ive been working the past few days to sort out a dialer problem (link 1 link 2) on my parents pc (which is running XP Pro SP 2 with all security updates, and is behind a router firewall and the XP2 firewall) - Ive been trying to cover virus, trojans, spyware and rootkits.
Ive scanned with the following programs:
MS antispyware
Adaware
Spybot 1.3 and 1.4
cwshredder
Microsoft Malicious Software Removal tool
CCleaner
Hijackthis - found one key which I deleted
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - url.exe (removed)
Ewido - deleted 1 file:
C:\WINDOWS\Downloaded Program Files\gba1305.exe -> Dialer.Generic : Cleaned with backup
AVG 7
trendmicro housecall
panda activescan - recognised the problem as a trojan, though didnt delete anything
I also deleted a "access members area.exe" file on the desktop myself, and 2 .exe files in the prefetch folder
Ive performed a rootkit scan with Rootkit Revealer, but I dont really know how to read the logs of this program - Is anyone able to understand this log and can tell me if anything is a concern?
all the programs mentioned above arent revealing any new dialer/trojan files today, but are there any other useful programs I could try? I want to be completely certain
Ive scanned with the following programs:
MS antispyware
Adaware
Spybot 1.3 and 1.4
cwshredder
Microsoft Malicious Software Removal tool
CCleaner
Hijackthis - found one key which I deleted
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - url.exe (removed)
Ewido - deleted 1 file:
C:\WINDOWS\Downloaded Program Files\gba1305.exe -> Dialer.Generic : Cleaned with backup
AVG 7
trendmicro housecall
panda activescan - recognised the problem as a trojan, though didnt delete anything
I also deleted a "access members area.exe" file on the desktop myself, and 2 .exe files in the prefetch folder
Ive performed a rootkit scan with Rootkit Revealer, but I dont really know how to read the logs of this program - Is anyone able to understand this log and can tell me if anything is a concern?
Code:
HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32* 09/07/2005 18:22 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32* 09/07/2005 18:22 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32* 09/07/2005 18:22 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32* 09/07/2005 18:22 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32* 09/07/2005 18:22 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32* 09/07/2005 18:22 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32* 09/07/2005 18:22 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32* 09/07/2005 18:22 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32* 09/07/2005 18:22 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32* 09/07/2005 18:22 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32* 09/07/2005 18:22 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32* 09/07/2005 18:22 0 bytes Key name contains embedded nulls (*)
C:\WINDOWS\Debug\UserMode\userenv.log 01/09/2005 23:32 214 bytes Hidden from Windows API.
all the programs mentioned above arent revealing any new dialer/trojan files today, but are there any other useful programs I could try? I want to be completely certain