« previous next »
Pages: [1] 2   Go Down

Author Topic: Avira found a trojan and then found it 5 more times - TR/Dldr.FraudLoad.zkth  (Read 1097 times)

0 Members and 1 Guest are viewing this topic.

Offline pastywhitegurl

  • Sr. Member
  • ****
  • Posts: 394
  • advanced techno feeb
Avira found a trojan and then found it 5 more times - TR/Dldr.FraudLoad.zkth
« on: August 25, 2011, 12:51:52 AM »
I was just walked through the need to update a program here.
http://www.landzdown.com/computer-problems-questions-and-solutions!/what-is-flexnet-publisher-macrovision/msg146111/#new
As I was doing it, Avira alerted me to a malware detection:
Quote
The file 'C:\olddrive\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\W9QFOHU3\setup[1].exe'
contained a virus or unwanted program 'TR/Dldr.FraudLoad.zkth' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4c683df7.qua'.

Looking at the Avira logs, I discovered that it had ignored or quarantined this file 5 times previous to day starting around 4pm.

I'm not sure what to do...if it's been quarantined, why does it keep getting detected?  I was going to get rid of all the files on my old drive earlier, but was advised not to in case drivers or whatever installed there were still in use. I couldn't figure out what was safe to delete and what was not...so they are still there.

I'll start posting the logs. Here is the first one:




Logfile of random's system information tool 1.06 (written by random/random)
Run by Helena at 2011-08-24 19:43:30
Microsoft Windows XP Professional Service Pack 3
System drive C: has 271 GB (89%) free of 305 GB
Total RAM: 2047 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:50 PM, on 8/24/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\SAMSUNG\PANELMGR\SSMMGR.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\Helena\Desktop\desktopsV1.01.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Helena\Local Settings\Application Data\Skillbrains\lightshot\1.4.0.0\LightShot.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM FILES\SMILEYPAD\SMILEYPAD.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Helena\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Helena.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost #[IPv6]
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\SAMSUNG\PANELMGR\SSMMGR.EXE /autorun
O4 - HKLM\..\Run: [ImageShackUtil] C:\PROGRAM FILES\IMAGESHACK\QUICKSHOT\QUICKSHOT.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sysinternals Desktops] C:\Documents and Settings\Helena\Desktop\desktopsV1.01.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [LightShot] C:\Documents and Settings\Helena\Local Settings\Application Data\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe

--
End of file - 6949 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\update-S-1-5-21-854245398-562591055-682003330-1003.job
C:\WINDOWS\tasks\update-sys.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{FFBF49B3-58D4-4F2F-8EA6-61BFA71209C1}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]
WOT Helper - C:\Program Files\WOT\WOT.dll [2009-04-15 1290912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll [2009-04-15 1290912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-03-17 16858112]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-03-17 69632]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-11-03 281768]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-10-10 320832]
"Samsung PanelMgr"=C:\WINDOWS\SAMSUNG\PANELMGR\SSMMGR.EXE [2008-02-25 536576]
"ImageShackUtil"=C:\PROGRAM FILES\IMAGESHACK\QUICKSHOT\QUICKSHOT.EXE []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"Lexmark 2200 Series"=C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe [2004-02-13 57344]
"QuickTime Task"=C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE [2011-07-05 421888]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-05-21 13895272]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2011-05-05 1632360]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-07-06 449584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sysinternals Desktops"=C:\Documents and Settings\Helena\Desktop\desktopsV1.01.exe [2008-09-05 118824]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe []
"LightShot"=C:\Documents and Settings\Helena\Local Settings\Application Data\Skillbrains\lightshot\LightShot.exe [2010-01-02 195072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Helena\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= []
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\FileZilla FTP Client\filezilla.exe"="C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2011-08-24 17:27:08 ----A---- C:\installer_debug.txt
2011-08-24 17:26:51 ----HD---- C:\Program Files\Zero G Registry
2011-08-24 17:26:51 ----D---- C:\Program Files\FLEXnet Publisher License Server Manager
2011-08-24 03:00:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2570791$
2011-08-24 03:00:21 ----D---- C:\WINDOWS\LastGood
2011-08-23 19:33:45 ----D---- C:\Program Files\Google
2011-08-23 00:43:22 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA
2011-08-10 13:46:54 ----D---- C:\Program Files\QuickTime
2011-08-10 13:46:52 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2011-08-10 13:30:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2011-08-10 13:29:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2570222$
2011-08-10 13:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2562937$
2011-08-10 13:22:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2011-08-10 13:22:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2567680$
2011-08-06 18:35:58 ----A---- C:\WINDOWS\lexstat.ini
2011-08-06 18:35:13 ----A---- C:\WINDOWS\system32\lxbvvs.dll
2011-08-06 18:35:13 ----A---- C:\WINDOWS\system32\lxbvpwr.dll
2011-08-06 18:35:12 ----A---- C:\WINDOWS\system32\LXBVCU.DLL
2011-08-06 18:35:11 ----A---- C:\WINDOWS\system32\LEXPPS.EXE
2011-08-06 18:35:11 ----A---- C:\WINDOWS\system32\LEXPING.EXE
2011-08-06 18:35:10 ----A---- C:\WINDOWS\system32\LEXP2P32.DLL
2011-08-06 18:35:10 ----A---- C:\WINDOWS\system32\LEXBCES.EXE
2011-08-06 18:35:10 ----A---- C:\WINDOWS\system32\LEXBCE.DLL
2011-08-06 18:35:10 ----A---- C:\WINDOWS\system32\LEX2KUSB.DLL
2011-08-06 18:35:09 ----A---- C:\WINDOWS\system32\INSTMON.EXE
2011-08-06 18:35:05 ----A---- C:\WINDOWS\system32\LXBVCUR.DLL
2011-08-06 18:35:05 ----A---- C:\WINDOWS\system32\lexlmpm.dll
2011-08-06 18:34:35 ----A---- C:\WINDOWS\system32\wiafbdrv.dll
2011-08-06 18:34:24 ----A---- C:\WINDOWS\system32\LXBVUTIL.DLL
2011-08-06 18:34:24 ----A---- C:\WINDOWS\system32\lxbvscin.dll
2011-08-06 18:34:24 ----A---- C:\WINDOWS\system32\LXBVGF.DLL
2011-08-06 18:34:24 ----A---- C:\WINDOWS\system32\lxbvcoin.ini
2011-08-06 18:34:24 ----A---- C:\WINDOWS\system32\lxbvcoin.dll
2011-08-06 18:34:23 ----A---- C:\WINDOWS\system32\lxbvcinf.dll
2011-08-06 18:34:17 ----D---- C:\Program Files\Lexmark 2200 Series
2011-08-06 18:34:17 ----A---- C:\WINDOWS\system32\LXBVJSWR.DLL
2011-08-06 18:34:09 ----A---- C:\WINDOWS\uninst.exe
2011-08-06 18:33:46 ----D---- C:\Lxk2200

======List of files/folders modified in the last 1 months======

2011-08-24 19:43:20 ----D---- C:\WINDOWS\Prefetch
2011-08-24 19:17:33 ----D---- C:\WINDOWS\Temp
2011-08-24 19:02:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-08-24 19:02:28 ----D---- C:\WINDOWS\system32\drivers
2011-08-24 17:27:51 ----SHD---- C:\WINDOWS\Installer
2011-08-24 17:27:51 ----SHD---- C:\Config.Msi
2011-08-24 17:26:51 ----RD---- C:\Program Files
2011-08-24 09:56:43 ----D---- C:\Program Files\Mozilla Firefox
2011-08-24 05:15:44 ----D---- C:\WINDOWS\system32\NtmsData
2011-08-24 05:15:41 ----SHD---- C:\System Volume Information
2011-08-24 03:00:29 ----HD---- C:\WINDOWS\inf
2011-08-24 03:00:29 ----D---- C:\WINDOWS
2011-08-24 03:00:25 ----D---- C:\WINDOWS\system32
2011-08-23 19:56:29 ----SD---- C:\WINDOWS\Tasks
2011-08-23 19:30:00 ----D---- C:\WINDOWS\system32\Adobe
2011-08-23 19:30:00 ----D---- C:\Documents and Settings\Helena\Application Data\Adobe
2011-08-23 16:43:00 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-08-23 04:00:09 ----D---- C:\WINDOWS\Registration
2011-08-23 01:14:39 ----D---- C:\WINDOWS\system32\CatRoot2
2011-08-23 00:43:36 ----D---- C:\WINDOWS\Help
2011-08-23 00:43:23 ----D---- C:\Documents and Settings
2011-08-23 00:43:20 ----D---- C:\Program Files\NVIDIA Corporation
2011-08-23 00:42:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-08-23 00:41:48 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-08-20 22:40:25 ----D---- C:\Documents and Settings\Helena\Application Data\FileZilla
2011-08-12 22:53:05 ----D---- C:\Documents and Settings\Helena\Application Data\gtk-2.0
2011-08-11 01:12:37 ----D---- C:\WINDOWS\Debug
2011-08-10 20:52:17 ----D---- C:\WINDOWS\Microsoft.NET
2011-08-10 20:52:13 ----RSD---- C:\WINDOWS\assembly
2011-08-10 13:53:33 ----D---- C:\Program Files\Internet Explorer
2011-08-10 13:53:33 ----D---- C:\Program Files\Apple Software Update
2011-08-10 13:30:27 ----HD---- C:\WINDOWS\$hf_mig$
2011-08-10 13:28:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-08-10 13:28:17 ----D---- C:\WINDOWS\WinSxS
2011-08-10 13:23:12 ----A---- C:\WINDOWS\system32\MRT.exe
2011-08-10 13:22:17 ----D---- C:\WINDOWS\ie8updates
2011-08-06 18:34:57 ----D---- C:\WINDOWS\twain_32
2011-08-01 23:40:58 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2011-07-25 10:17:44 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-07-13 138192]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 RapportCerberus_29574;RapportCerberus_29574; \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys []
R1 RapportEI;RapportEI; \??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys []
R1 RapportPG;RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-07-13 66616]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-03-17 4737024]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-05-21 12753664]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-08-01 54784]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-08-01 22016]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2008-03-17 13312]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R4 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-07-13 269480]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-01-14 311296]
R2 RapportMgmtService;Rapport Management Service; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-06-22 870200]
R2 Secunia Update Agent;Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [2011-01-10 399416]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-02-03 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Secunia PSI Agent;Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [2011-01-10 993848]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-23 136176]
S4 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-23 136176]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2011-05-21 154728]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]

-----------------EOF-----------------
Logged

Offline pastywhitegurl

  • Sr. Member
  • ****
  • Posts: 394
  • advanced techno feeb
Re: Avira found a trojan and then found it 5 more times - TR/Dldr.FraudLoad.zkth
« Reply #1 on: August 25, 2011, 12:54:52 AM »
This is the only info.txt file under the rsit folder?  Seems old?

info.txt logfile of random's system information tool 1.06 2009-11-28 10:35:40

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
AFPL Ghostscript 8.51-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.51\uninstal.txt"
AFPL Ghostscript Fonts-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DebugMode Wink-->"C:\Program Files\DebugMode\Wink\uninst.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Finale NotePad 2008-->C:\Program Files\Finale NotePad 2008\uninstallNP.exe
GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Gimp Themes v1.0-->MsiExec.exe /I{833D97B9-AC16-45C1-AD44-0A32198956F8}
Gtk+ Runtime Environment 2.12.9-1-->C:\Program Files\GTK\uninst.exe
HideOutlook v1.0 (build 18)-->C:\Program Files\r2 Studios\HideOutlook\Uninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Icon Restore 1.0-->C:\WINDOWS\unins000.exe
ImageShack QuickLoad-->MsiExec.exe /I{CD522250-7AEE-4266-A821-6FB7C7018F13}
Inkscape 0.46-->C:\Program Files\Inkscape\Uninstall.exe
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
LEAD JPEG 2000 PhotoShop® Plugin-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73DC80A0-6C60-4CCF-AB99-A9C180804886}\setup.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Disc 2-->MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 8 Essentials-->MsiExec.exe /X{8C6CB33A-AA86-446C-8C4D-304A7FA51033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PDF-Viewer-->"C:\Program Files\Tracker Software\PDF Viewer\unins000.exe"
PNGGauntlet-->MsiExec.exe /X{C49E87AC-2A1B-4A11-B9F2-A75316319215}
Python 2.5 pycairo-1.4.12-->"C:\Program Files\Python25\Removepycairo.exe" -u "C:\Program Files\Python25\pycairo-wininst.log"
Python 2.5 pygobject-2.14.1-->"C:\Program Files\Python25\Removepygobject.exe" -u "C:\Program Files\Python25\pygobject-wininst.log"
Python 2.5 pygtk-2.12.1-->"C:\Program Files\Python25\Removepygtk.exe" -u "C:\Program Files\Python25\pygtk-wininst.log"
Python 2.5.2-->MsiExec.exe /I{6B976ADF-8AE8-434E-B282-A06C7F624D2F}
QuickShot 1.52-->"C:\Program Files\ImageShack\QuickShot\unins000.exe"
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9  -removeonly
Samsung ML-2510 Series-->C:\Program Files\Samsung\Samsung ML-2510 Series\Install\Setup.exe /R
Secunia PSI-->"C:\Program Files\Secunia\PSI\uninstall.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SmileyPad v2.28-->"C:\Program Files\SmileyPad\unins000.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
Sumatra PDF reader-->"C:\Program Files\SumatraPDF\uninstall.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

=====HijackThis Backups=====

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2008-10-21]

======Hosts File======

127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com
127.0.0.1   010402.com
127.0.0.1   www.032439.com
127.0.0.1   032439.com

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: LIBRARY
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001D92E14858.  The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 14090
Source Name: Dhcp
Time Written: 20090906171226.000000-300
Event Type: warning
User:

Computer Name: LIBRARY
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001D92E14858.  The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 14089
Source Name: Dhcp
Time Written: 20090906171123.000000-300
Event Type: warning
User:

Computer Name: LIBRARY
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001D92E14858.  The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 14088
Source Name: Dhcp
Time Written: 20090906170917.000000-300
Event Type: warning
User:

Computer Name: LIBRARY
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001D92E14858.  The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 14087
Source Name: Dhcp
Time Written: 20090906170503.000000-300
Event Type: warning
User:

Computer Name: LIBRARY
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001D92E14858.  The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 14086
Source Name: Dhcp
Time Written: 20090906165636.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: LIBRARY
Event Code: 88
Message:
Record Number: 9566
Source Name: UmxAgent
Time Written: 20090408225428.000000-300
Event Type:
User:

Computer Name: LIBRARY
Event Code: 88
Message:
Record Number: 9565
Source Name: UmxAgent
Time Written: 20090408225428.000000-300
Event Type:
User:

Computer Name: LIBRARY
Event Code: 88
Message:
Record Number: 9564
Source Name: UmxAgent
Time Written: 20090408121544.000000-300
Event Type:
User:

Computer Name: LIBRARY
Event Code: 88
Message:
Record Number: 9563
Source Name: UmxAgent
Time Written: 20090408121544.000000-300
Event Type:
User:

Computer Name: LIBRARY
Event Code: 88
Message:
Record Number: 9562
Source Name: UmxAgent
Time Written: 20090408121544.000000-300
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%GTK_BASEPATH%\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"GTK_BASEPATH"=C:\PROGRA~1\GTK
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
Logged

Offline pastywhitegurl

  • Sr. Member
  • ****
  • Posts: 394
  • advanced techno feeb
Re: Avira found a trojan and then found it 5 more times - TR/Dldr.FraudLoad.zkth
« Reply #2 on: August 25, 2011, 12:58:47 AM »
Forgot to mention... I haven't done anything but allow Avira to quarantine.  Running MalwareBytes scan right now, but it's not finished.


 Results of screen317's Security Check version 0.99.7 
 Windows XP Service Pack 3 
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 Avira AntiVir Personal - Free Antivirus
 Antivirus up to date! 
```````````````````````````````
Anti-malware/Other Utilities Check:
 WinPatrol 2009
 MVPS Hosts File 
 Malwarebytes' Anti-Malware   
 HijackThis 2.0.2   
 CCleaner     
 Java DB 10.5.3.0   
 Java(TM) 6 Update 26 
 Out of date Java installed!
 Adobe Flash Player 10.3.183.5 
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 WinPatrol winpatrol.exe
 Malwarebytes' Anti-Malware mbam.exe 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 BillP Studios WinPatrol winpatrol.exe 
``````````End of Log````````````
Logged

Offline pastywhitegurl

  • Sr. Member
  • ****
  • Posts: 394
  • advanced techno feeb
Re: Avira found a trojan and then found it 5 more times - TR/Dldr.FraudLoad.zkth
« Reply #3 on: August 25, 2011, 01:04:09 AM »
Avira has now flagged this malware 12 times....Please help soon. :(
Logged

Offline winchester73

  • Administrator
  • Hero Member
  • *****
  • Posts: 5123
  • Half a bubble off plumb
Re: Avira found a trojan and then found it 5 more times - TR/Dldr.FraudLoad.zkth
« Reply #4 on: August 25, 2011, 01:26:00 AM »
Quote
C:\olddrive\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\W9QFOHU3\setup[1].exe

Why not just delete your temporary internet files?
Logged
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member


Offline pastywhitegurl

  • Sr. Member
  • ****
  • Posts: 394
  • advanced techno feeb
Re: Avira found a trojan and then found it 5 more times - TR/Dldr.FraudLoad.zkth
« Reply #5 on: August 25, 2011, 01:27:38 AM »
because I'm a techno-feeb and didn't see that?

 :shock:

[edit: ok.. just did that.]

Also updated the specs/programs/extensions etc list in my sig.
Logged

Offline pastywhitegurl

  • Sr. Member
  • ****
  • Posts: 394
  • advanced techno feeb
Re: Avira found a trojan and then found it 5 more times - TR/Dldr.FraudLoad.zkth
« Reply #6 on: August 25, 2011, 01:43:44 AM »
MalwareBytes scan just completed:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7558

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/24/2011 8:42:47 PM
mbam-log-2011-08-24 (20-42-47).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 346022
Time elapsed: 1 hour(s), 35 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I seem to be good at two things.... running scans and panicking. 


What should I do next?

[PS: I could swear I just updated Java...but maybe I started to and got distracted or something.]
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Avira found a trojan and then found it 5 more times - TR/Dldr.FraudLoad.zkth
« Reply #7 on: August 25, 2011, 01:55:47 AM »
Quote
This is the only info.txt file under the rsit folder?  Seems old?

info.txt logfile of random's system information tool 1.06 2009-11-28 10:35:40

It is old.  RSIT does not create that long a second time if one exists.  To get RSIT to create a fresh info.txt, the old log has to be deleted from C:\RSIT.  That shouldn't be needed now though if Avast is no longer flagging anything.  We know your system is being kept updated. :)
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline pastywhitegurl

  • Sr. Member
  • ****
  • Posts: 394
  • advanced techno feeb
Re: Avira found a trojan and then found it 5 more times - TR/Dldr.FraudLoad.zkth
« Reply #8 on: August 25, 2011, 02:10:06 AM »
Is it safe to update Java now?

Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Avira found a trojan and then found it 5 more times - TR/Dldr.FraudLoad.zkth
« Reply #9 on: August 25, 2011, 01:36:32 PM »
Yes, although the update to Java JRE6u27 is not a security update.  The update included "improved performance and stability" and "Certification for Firefox 5".  If you have Firefox 6 installed, you will receive a notification that the Jre6u27 console is not compatible and will need to be disabled.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline pastywhitegurl

  • Sr. Member
  • ****
  • Posts: 394
  • advanced techno feeb
Re: Avira found a trojan and then found it 5 more times - TR/Dldr.FraudLoad.zkth
« Reply #10 on: August 25, 2011, 01:50:51 PM »
ah..that was it!  I didn't update because the alert post said it wasn't a security update.

Well, I updated it anyway now, but I didn't get a notice about the console.

I checked and in the advanced settings,  my Java console is set to "do not start console"

Is that enough disabling?  (That is the setting I found it at.)

I will set a clean restore point now too.
Logged

Offline pastywhitegurl

  • Sr. Member
  • ****
  • Posts: 394
  • advanced techno feeb
Re: Avira found a trojan and then found it 5 more times - TR/Dldr.FraudLoad.zkth
« Reply #11 on: August 25, 2011, 02:05:39 PM »
Just checked my extensions list and  Java Console 6.0.25  and 6.0.26 are marked as incompatible and disabled.

I created that fresh restore point and removed all others.

I ran another Avira scan and it found nothing.  I also sent the infected file to Avira via their system  to report it.  Although, it is obviously in their database, since they found it in the first place, so I'm not sure what good this does.
Logged

Offline winchester73

  • Administrator
  • Hero Member
  • *****
  • Posts: 5123
  • Half a bubble off plumb
Re: Avira found a trojan and then found it 5 more times - TR/Dldr.FraudLoad.zkth
« Reply #12 on: August 25, 2011, 02:17:10 PM »
Problem solved?
Logged
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member


Offline pastywhitegurl

  • Sr. Member
  • ****
  • Posts: 394
  • advanced techno feeb
Re: Avira found a trojan and then found it 5 more times - TR/Dldr.FraudLoad.zkth
« Reply #13 on: August 25, 2011, 04:34:53 PM »
The problem seems to be solved.  :)
Many thanks.

There hasn't been a detection since I cleared my temporary internet files.

On the Java Console  ...I have 3 instances of disabled consoles in my extensions list:

Java Console 6.0.25 
Java Console 6.0.26
Java Console 6.0.27

But no way  to remove them is offered. Do I need to uninstall them? and if so, how do I do it?

Logged

Offline winchester73

  • Administrator
  • Hero Member
  • *****
  • Posts: 5123
  • Half a bubble off plumb
Re: Avira found a trojan and then found it 5 more times - TR/Dldr.FraudLoad.zkth
« Reply #14 on: August 25, 2011, 06:00:07 PM »
Logged
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member


Pages: [1] 2   Go Up
« previous next »