Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » Help removing Email-Worm.Win32.Brontok.q please

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

Help removing Email-Worm.Win32.Brontok.q please

Reply
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 15-12-2007, 07:25 AM
Newbie
D-A-L Newbie
  
Join Date: Dec 2007
Posts: 4
GARLOCK Is a beginner here at D-A-L
Help removing Email-Worm.Win32.Brontok.q please
Hello, Could I have help with removing a worm please.
The name of the worm is Email-Worm.Win32.Brontok.q and just scanning and delete doesn't do the job as it keeps multiplying its self everywhere.

Here is info on the it: http://www.f-secure.com/v-descs/brontok_n.shtml
Seeing that it is a complex and hard to remove e-mail worm, I hope that someone could help me.

Here is my HijackThis LOG:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:22:54 PM, on 15/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6593 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 15-12-2007, 03:39 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Help removing Email-Worm.Win32.Brontok.q please
This is a complex infection that many tools have minimal or ineffective success in resolving. Let's try the following tool and see how it goes:


Download and scan with the 15 day trial version of Counterspy.

http://www.sunbelt-software.com/CounterSpy-Download.cfm
  • Install Counterspy.
  • Click on 'Spyware Scan', then click 'Updates' at the top right.
  • Once any available updates have been installed, click the 'Scan Now' button.
  • Save the report when it's finished:
    1. Once Counterspy has done scanning, the 'Scan Results' box will appear.
    2. Click on 'View Results'.
    3. Under (Recommended Action),using the drop down menus at the side of each entry found, set EVERYTHING to 'Remove'.
    4. Then click on 'Take Action'.
    5. Once everything has been removed, click on 'View Details'.
    6. Copy and Paste those details into a Word/Text document, then save it to your desktop.


Post the above results and tell us how your PC is doing.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 16-12-2007, 11:25 AM
Newbie
D-A-L Newbie
  
Join Date: Dec 2007
Posts: 4
GARLOCK Is a beginner here at D-A-L
Re: Help removing Email-Worm.Win32.Brontok.q please
I tried updating twice, but after an hour it never changed so I scanned without updating on definition 682.

Code:
Scan History Details
Start Date: 16/12/2007 8:42:09 PM
End Date: 16/12/2007 9:14:19 PM
Total Time: 32 Min 10 Sec
Detected security risks

Cookie: ATDMT.com Cookie (General)  more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\gurren-lagann\cookies\gurren-lagann@atdmt[2].txt


Cookie: BS.Serving-Sys Cookie (General)  more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\gurren-lagann\cookies\gurren-lagann@bs.serving-sys[2].txt
c:\documents and settings\gurren-lagann\cookies\gurren-lagann@serving-sys[1].txt


Cookie: BurstNet.com Cookie (General)  more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\gurren-lagann\cookies\gurren-lagann@burstnet[2].txt


Cookie: CGI-Bin Cookie (General)  more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\gurren-lagann\cookies\gurren-lagann@cgi-bin[2].txt


Cookie: DoubleClick Cookie (General)  more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\gurren-lagann\cookies\gurren-lagann@doubleclick[1].txt


Cookie: FastClick.com Cookie (General)  more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\gurren-lagann\cookies\gurren-lagann@fastclick[2].txt


Cookie: Hotbar Cookie (General)  more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\gurren-lagann\cookies\gurren-lagann@ad.yieldmanager[1].txt


Cookie: Mediaplex.com Cookie (General)  more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\gurren-lagann\cookies\gurren-lagann@mediaplex[1].txt


Cookie: Overture.com Cookie (General)  more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\gurren-lagann\cookies\gurren-lagann@overture[1].txt


Cookie: PointRoll.com Cookie (General)  more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\gurren-lagann\cookies\gurren-lagann@ads.pointroll[1].txt


WhenU.Save Adware (General)  more information...
Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing.
Status: Deleted

Files detected
C:\Program Files\DAEMON Tools\SetupDTSB.exe


Cookie: Advertising.com Cookie (General)  more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\gurren-lagann\cookies\gurren-lagann@advertising[2].txt


Cookie: TribalFusion.com Cookie (General)  more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\gurren-lagann\cookies\gurren-lagann@tribalfusion[2].txt


MyWebSearch Toolbar Potentially Unwanted Program  more information...
Details: MyWebSearch Toolbar is a customizable Internet Explorer search toolbar with various other tools.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} 
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} 
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} 
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} 


Cookie: WindowsMedia Cookie (General)  more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\gurren-lagann\cookies\gurren-lagann@windowsmedia[1].txt


My Search Bar Potentially Unwanted Program  more information...
Details: My Search Bar and the variants "My Way Speedbar" and "My Way Search Assistant", are browser helper objects that allows you to search on multiple search engines.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\IMSIDE1EGATE.APPLICATION.1 
HKEY_LOCAL_MACHINE\Software\Classes\IMSIDE1EGATE.APPLICATION.1 
HKEY_LOCAL_MACHINE\Software\Classes\IMSIDE1EGATE.APPLICATION.1\CLSID 
HKEY_LOCAL_MACHINE\Software\Classes\IMSIDE1EGATE.APPLICATION.1\CLSID 


Cookie: adrevolver Cookie (General)  more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\gurren-lagann\cookies\gurren-lagann@adrevolver[1].txt


Email-Worm.Win32.Brontok.a Worm.Generic  more information...
Status: Deleted

Files detected
C:\Documents and Settings\Gurren-Lagann\Local Settings\Application Data\csrss.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\animes\+\+.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\animes\animes.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\animes\images\images.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Downloaded Installations\Adobe Dreamweaver CS3\Adobe Dreamweaver CS3.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeALMAnchorServiceAll\AdobeALMAnchorServiceAll.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeAssetServices3All\AdobeAssetServices3All.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeAUM5.1All\AdobeAUM5.1All`.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeBridge2All\AdobeBridge2All.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeCameraRaw4.0All\AdobeCameraRaw4.0All`.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeCMapsAll\AdobeCMapsAll.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeDefaultLanguageCS3All\AdobeDefaultLanguageCS3All.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeDeviceCentralAll\AdobeDeviceCentralAll.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeDeviceCentralAll\oem\Adobe Device Central CS3\Adobe Device Central CS3.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeDreamweaver9en_US\AdobeDreamweaver9en_US.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeExtendScriptToolKitAll\AdobeExtendScriptToolKitAll.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeExtensionManager1.8All\AdobeExtensionManager1.8All`.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeHelpViewerAll\AdobeHelpViewerAll.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobePDFL8All\AdobePDFL8All.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeTypeSupportAll\AdobeTypeSupportAll.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeVersionCueClient3All\AdobeVersionCueClient3All.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\BridgeStartMeeting\BridgeStartMeeting.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\payloads.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Downloaded Installations\Adobe Dreamweaver CS3\redist\redist.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Downloaded Installations\Adobe Dreamweaver CS3\resources\common\alert\alert.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Downloaded Installations\Adobe Dreamweaver CS3\resources\common\scripts\scripts.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Downloaded Installations\Adobe Dreamweaver CS3\resources\media\css\css.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Downloaded Installations\Adobe Dreamweaver CS3\resources\media\img\img.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Downloaded Installations\Adobe Dreamweaver CS3\resources\resources.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\DXWnd 1.21A\DXWnd 1.21A`.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Files\TAFE\Cert III files\Class\HTML\Build a Basic Website\images\images.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Files\TAFE\Cert III files\Class\HTML\Personal Details\images\images.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Files\TAFE\Cert III files\Class\HTML\Resume\Resume.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\Files\TAFE\Cert III files\Class\HTML\Rollover+Image Map\menufiles\menufiles.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\MobileAction\HandsetManager\ToolData\IMAGE_BACKGROUND\IMAGE_BACKGROUND.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\MobileAction\HandsetManager\ToolData\VIDEO_TEXTICON\Item_1\Item_1.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\MobileAction\HandsetManager\ToolData\VIDEO_TEXTICON\Item_2\Item_2.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\My Music\iTunes\iTunes Music\Atreyu\A Death Grip on Yesterday Disc 1\A Death Grip on Yesterday Disc 1.exe
C:\Documents and Settings\Gurren-Lagann\My Documents\My Music\iTunes\iTunes.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 16-12-2007, 10:19 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Help removing Email-Worm.Win32.Brontok.q please
How is your PC doing?

If the worm is still present, then we may need to try some additional tools. The inability to update definitions is also never a good sign although possibly to be expected when an infection is in charge of your PC.

If 'counterspy' will update, that might be a very favorable sign.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 17-12-2007, 07:17 AM
Newbie
D-A-L Newbie
  
Join Date: Dec 2007
Posts: 4
GARLOCK Is a beginner here at D-A-L
Re: Help removing Email-Worm.Win32.Brontok.q please
The worm is still present.
All the things like registry editor and stuff are still disabled.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 17-12-2007, 01:58 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Help removing Email-Worm.Win32.Brontok.q please
See if you csn run the following online antivirus scan (NOD32):

http://www.eset.com/onlinescan/


Let us know if anything improves with that scan. Check if Counterspy will update afterwards.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 17-12-2007, 08:34 PM
Newbie
D-A-L Newbie
  
Join Date: Dec 2007
Posts: 4
GARLOCK Is a beginner here at D-A-L
Re: Help removing Email-Worm.Win32.Brontok.q please
Virus scan found nothing.
Counterspy couldn't update.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 19-12-2007, 03:06 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Help removing Email-Worm.Win32.Brontok.q please
Are you actually seeing any specific further sign of 'Brontok'?



Your best option may be to try a system restore point (if available) to a date before any known problems or before you started performing any recent fixes:

Click on Start>All Programs>Accessories>System Tools>System Restore.

Check Restore my computer to an earlier date> Click Next.

Choose the date before you performed any recent fixes and click Next and Next again.




POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
worm.win32 shutdown supertrooper A Question to the community! 1 22-03-2008 01:39 PM
email-worm.win32.brontok.q StefanF Spyware, Adware, Viruses and HijackThis Logs 1 11-10-2007 07:25 PM
HELP I have win32.p2p-worm.alcan.a oatsey1983 Spyware, Adware, Viruses and HijackThis Logs 5 13-08-2007 07:45 PM
Help! Win32.P2P-Worm.Alcan.a worm. shakti Spyware, Adware, Viruses and HijackThis Logs 14 17-12-2006 05:22 PM
Email-Worm.Win32.Brontok.q (I need help)my pc Victim!!! almobde3 Spyware, Adware, Viruses and HijackThis Logs 2 15-09-2006 01:18 PM


All times are GMT +1. The time now is 10:29 AM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav