How Can I Remove

lexxmd
lexxmd
in Malware talk

what can i do to remove this trojans..pls help

post-17079-1222366044_thumb.jpg

Comments

  • rootkit
    rootkit ✭✭✭

    Post here the scan log. :)

  • lexxmd
    lexxmd

    BitDefender Log File !!!!!


    Product : BitDefender Total Security 2008


    Version : BitDefender UIScanner v.11


    Log date : 16:07:16 25/09/2008


    Log path : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1222380436_1_02.xml


    Scan Paths:Path0000: C:\


    Path0001: D:\


    Path0002: E:\


    Scan Options:Scan for viruses : Yes


    Scan for adware : Yes


    Scan for spyware : Yes


    Scan for applications : Yes


    Scan for dialers : Yes


    Scan for rootkits : Yes


    Target selection options:Scan registry keys : Yes


    Scan cookies : Yes


    Scan boot sectors : Yes


    Scan memory processes : Yes


    Scan archives : Yes


    Scan runtime packers : Yes


    Scan emails : Yes


    Scan all files : Yes


    Heuristic Scan : Yes


    Scanned extensions :


    Excluded extensions :


    Target ProcessingDefault action for infected objects : Disinfect


    Default action for suspicious objects : None


    Default action for hidden objects : None


    Scan engines summaryNumber of virus signatures : 1809667


    Archive plugins : 43


    Email plugins : 6


    Scan plugins : 12


    Archive plugins : 43


    System plugins : 5


    Unpack plugins : 7


    Overall scan summaryScanned items : 357273


    Infected items : 12


    Suspicious items : 0


    Resolved items : 0


    Individual viruses found : 7


    Scanned directories : 7870


    Scanned boot sectors : 11


    Scanned archives : 13811


    Input-output errors : 58


    Scan time : 00:02:03:02


    Files per second : 48


    Scanned processes summaryScanned : 56


    Infected : 0


    Scanned registry keys summaryScanned : 371


    Infected : 0


    Scanned cookies summaryScanned : 0


    Infected : 0


    Remaining issues:Object Name Threat Name Final Status


    C:\Documents and Settings\Mohamed\Local Settings\Temp\sfsrv.exe=](ZIP Sfx o)=]4.exe Trojan.Agent.AAUX Infected (no action was possible, file was in an archive)


    C:\Documents and Settings\Mohamed\Local Settings\Temp\sfsrv.exe=](ZIP Sfx o)=]5.exe=](ZIP Sfx o)=]MSA.cpl Trojan.FakeAV.AO Infected (no action was possible, file was in an archive)


    C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP44\A0006800.exe=](ZIP Sfx o)=]MSA.cpl Trojan.FakeAV.AO Infected (no action was possible, file was in an archive)


    C:\Documents and Settings\Mohamed\Local Settings\Temp\sfsrv.exe=](ZIP Sfx o)=]0.exe Trojan.FakeAV.BH Infected (no action was possible, file was in an archive)


    C:\Documents and Settings\Mohamed\Local Settings\Temp\sfsrv.exe=](ZIP Sfx o)=]5.exe=](ZIP Sfx o)=]msa0.dat Trojan.FakeAlert.ACZ Infected (no action was possible, file was in an archive)


    C:\Documents and Settings\Mohamed\Local Settings\Temp\sfsrv.exe=](ZIP Sfx o)=]5.exe=](ZIP Sfx o)=]msa1.dat Trojan.FakeAlert.ACZ Infected (no action was possible, file was in an archive)


    C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP44\A0006800.exe=](ZIP Sfx o)=]msa0.dat Trojan.FakeAlert.ACZ Infected (no action was possible, file was in an archive)


    C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP44\A0006800.exe=](ZIP Sfx o)=]msa1.dat Trojan.FakeAlert.ACZ Infected (no action was possible, file was in an archive)


    C:\Documents and Settings\Mohamed\Local Settings\Temp\sfsrv.exe=](ZIP Sfx o)=]5.exe=](ZIP Sfx o)=]MSA.exe Trojan.FakeAlert.AEO Infected (no action was possible, file was in an archive)


    C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP44\A0006800.exe=](ZIP Sfx o)=]MSA.exe Trojan.FakeAlert.AEO Infected (no action was possible, file was in an archive)


    C:\Documents and Settings\Mohamed\Local Settings\Temp\sfsrv.exe=](ZIP Sfx o)=]2.exe Trojan.Generic.598275 Infected (no action was possible, file was in an archive)


    C:\Documents and Settings\Mohamed\Local Settings\Temp\sfsrv.exe=](ZIP Sfx o)=]3.exe Trojan.Generic.598382 Infected (no action was possible, file was in an archive)


    Resolved issues:Object Name Threat Name Final Status


    Objects that were not scanned:Object Name Reason Final Status


    C:\SWSETUP\Adobe2\US\Data1.cab=]RdrMsgENU.pdf Password-Protected No action was possible

  • rootkit
    rootkit ✭✭✭

    First of all read this: http://forum.bitdefender.com/index.php?showtopic=3575


    After this...


    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.


    http://www.atribune.org/ccount/click.php?id=1


    Double-click ATF Cleaner.exe to open it


    Under Main choose: Select all


    Then click the Empty Selected button.


    pic1atf.gif


    If you use Firefox:


    Click Firefox at the top and choose: Select All


    Click the Empty Selected button.


    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


    If you use Opera:


    Click Opera at the top and choose: Select All


    Click the Empty Selected button.


    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


    Click Exit on the Main menu to close the program.


    Do a rescan with BitDefender and come back here with the log .:)

  • lexxmd
    lexxmd

    Hi crysty2ks


    thx in advance


    here is the scan result after using ATF-Cleaner


    BitDefender Log File !!!!!


    Product : BitDefender Total Security 2008


    Version : BitDefender UIScanner v.11


    Log date : 14:48:56 26/09/2008


    Log path : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1222462136_1_02.xml


    Scan Paths:Path0000: C:\


    Path0001: D:\


    Path0002: E:\


    Scan Options:Scan for viruses : Yes


    Scan for adware : Yes


    Scan for spyware : Yes


    Scan for applications : Yes


    Scan for dialers : Yes


    Scan for rootkits : Yes


    Target selection options:Scan registry keys : Yes


    Scan cookies : Yes


    Scan boot sectors : Yes


    Scan memory processes : Yes


    Scan archives : Yes


    Scan runtime packers : Yes


    Scan emails : Yes


    Scan all files : Yes


    Heuristic Scan : Yes


    Scanned extensions :


    Excluded extensions :


    Target ProcessingDefault action for infected objects : Disinfect


    Default action for suspicious objects : None


    Default action for hidden objects : None


    Scan engines summaryNumber of virus signatures : 1815679


    Archive plugins : 43


    Email plugins : 6


    Scan plugins : 12


    Archive plugins : 43


    System plugins : 5


    Unpack plugins : 7


    Overall scan summaryScanned items : 355479


    Infected items : 4


    Suspicious items : 0


    Resolved items : 0


    Individual viruses found : 3


    Scanned directories : 7799


    Scanned boot sectors : 11


    Scanned archives : 13783


    Input-output errors : 60


    Scan time : 00:02:06:32


    Files per second : 46


    Scanned processes summaryScanned : 54


    Infected : 0


    Scanned registry keys summaryScanned : 371


    Infected : 0


    Scanned cookies summaryScanned : 0


    Infected : 0


    Remaining issues:Object Name Threat Name Final Status


    C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP44\A0006800.exe=](ZIP Sfx o)=]MSA.cpl Trojan.FakeAV.AO Infected (no action was possible, file was in an archive)


    C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP44\A0006800.exe=](ZIP Sfx o)=]msa0.dat Trojan.FakeAlert.ACZ Infected (no action was possible, file was in an archive)


    C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP44\A0006800.exe=](ZIP Sfx o)=]msa1.dat Trojan.FakeAlert.ACZ Infected (no action was possible, file was in an archive)


    C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP44\A0006800.exe=](ZIP Sfx o)=]MSA.exe Trojan.FakeAlert.AEO Infected (no action was possible, file was in an archive)


    Resolved issues:Object Name Threat Name Final Status


    Objects that were not scanned:Object Name Reason Final Status


    C:\SWSETUP\Adobe2\US\Data1.cab=]RdrMsgENU.pdf Password-Protected No action was possible

  • Theoracle117
    Theoracle117

    ok do this, go to


    Right click on My Computer, then go to Properties -> System Restore. In that tab, enable the option Disable System Restore on all drives and click Apply.


    this will delete the


    C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP44\A0006800.exe=](ZIP Sfx o)=]MSA.cpl Trojan.FakeAV.AO Infected (no action was possible, file was in an archive)


    C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP44\A0006800.exe=](ZIP Sfx o)=]msa0.dat Trojan.FakeAlert.ACZ Infected (no action was possible, file was in an archive)


    C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP44\A0006800.exe=](ZIP Sfx o)=]msa1.dat Trojan.FakeAlert.ACZ Infected (no action was possible, file was in an archive)


    C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP44\A0006800.exe=](ZIP Sfx o)=]MSA.exe Trojan.FakeAlert.AEO Infected (no action was possible, file was in an archive)


    if this is a virus:


    C:\SWSETUP\Adobe2\US\Data1.cab=]RdrMsgENU.pdf


    (and you confirmed it)


    download unlocker


    www.download.com/Unlocker/3000-2248_4-10493998.html


    and when installed right click on the Data1.cab=]RdrMsgENU.pdf file and press unlock! then you can take it from there and delete it.

  • rootkit
    rootkit ✭✭✭

    I told you to read this: http://forum.bitdefender.com/index.php?showtopic=3575


    You will "kill" the viruses from System Volume Information.

All Time Leaders

Categories

Defenders of the month - March