Pages
- Contact Us

Watch out for Screen Savers – Adware.Starware

June 18, 2009 by admin · Leave a Comment
Filed under: 10 minute repair, Adware, Rogue, Trojan

Windows 5.1.2600 Service Pack 3

6/2/2009 5:54:23 PM

Scan type: Quick Scan
Objects scanned: 97907
Time elapsed: 9 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 49
Files Infected: 81

Memory Processes Infected:
(No malicious items detected)

Tags: Adware.Starware, Disabled.SecurityCenter, Rogue.Multiple, Rogue.WinAntiSpyware, Trojan, Trojan.BHO

Adware removal in 15 minutes

January 3, 2009 by admin · Leave a Comment
Filed under: Adware, Rogue

10/24/2008 1:07:42 PM

Scan type: Quick Scan
Objects scanned: 52824
Time elapsed: 15 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ed5288-f558-4f6e-8d5c-740cb6f89029} (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Tags: Adware.PopCap, Rogue.Installer, Rogue.Multiple

8.14.2008 Virus Log

December 26, 2008 by admin · Leave a Comment
Filed under: featured, Hijack, Trojan, Virus Logs

Scan type: Quick Scan
Objects scanned: 56139
Time elapsed: 5 minute(s), 23 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 4
Registry Keys Infected: 5
Registry Values Infected: 5
Registry Data Items Infected: 3
Folders Infected: 23
Files Infected: 23

Memory Processes Infected:
C:\Program Files\rhcte0j0e985\rhcte0j0e985.exe (Rogue.Multiple) -> Unloaded process successfully.
C:\WINDOWS\SYSTEM32\lphcpe0j0e985.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\SYSTEM32\pphcpe0j0e985.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\rhcte0j0e985\msvcp71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhcte0j0e985\MFC71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhcte0j0e985\MFC71ENU.DLL (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhcte0j0e985\msvcr71.dll (Rogue.Multiple) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcte0j0e985 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcte0j0e985 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc (Trojan.MyDoom) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcte0j0e985 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcpe0j0e985 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\rhcte0j0e985 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxx\Application Data\rhcte0j0e985 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxx\Application Data\rhcte0j0e985\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxx\Application Data\rhcte0j0e985\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxx\Application Data\rhcte0j0e985\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxx\Application Data\rhcte0j0e985\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxx\Application Data\rhcte0j0e985\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxx\Application Data\rhcte0j0e985\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxx\Application Data\rhcte0j0e985\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxx\Application Data\rhcte0j0e985\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxx\Application Data\rhcte0j0e985\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxx\Application Data\rhcte0j0e985\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcte0j0e985 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcte0j0e985\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcte0j0e985\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcte0j0e985\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcte0j0e985\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcte0j0e985\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcte0j0e985\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcte0j0e985\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcte0j0e985\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcte0j0e985\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhcte0j0e985\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z6Y2LGQ0\install[1].exe (Rootkit.Rustock) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\A5LJ2C7W\fg[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\521632863.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\rhcte0j0e985\rhcte0j0e985.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcte0j0e985\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcte0j0e985\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcte0j0e985\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcte0j0e985\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcte0j0e985\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcte0j0e985\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcte0j0e985\rhcte0j0e985.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcte0j0e985\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\setupapi.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\lphcpe0j0e985.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\pphcpe0j0e985.exe_old (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\pphcpe0j0e985.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxx\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxx\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxx\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxx\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxx\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

Tags: Hijack.Wallpaper, Hikack.DisplayProperties, Rogue.Antivirus, Rogue.Multiple, Rootkit.Rustock, Rouge.Multiple, Trojan.BHO, Trojan.Downloader, Trojan.Dropper, Trojan.FakeAlert, Trojan.MyDoom

Pages

Watch out for Screen Savers – Adware.Starware

Adware removal in 15 minutes

8.14.2008 Virus Log

Recent Posts

Connect with Us