Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » JS/Generic Exploit.j and Generic Downloader.X Problem

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

JS/Generic Exploit.j and Generic Downloader.X Problem

Reply
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 13-03-2009, 12:52 PM
Newbie
D-A-L Newbie
  
Join Date: Mar 2009
Posts: 4
Marcolinho Is a beginner here at D-A-L
JS/Generic Exploit.j and Generic Downloader.X Problem
Hi everyone.

Some days ago I downloaded a file which was infected by a virus.
Since then every time when I access to the internet a virus-scan notice appears in which the files "rc(1).htm" and "rc(2).htm" are detected as "JS/Generic Exploit.j" and sometimes other files are detected as "Generic Downloader.X" (My Anti-virus program is McAfee).
In addition to that an internet explorer window pops up and says that a failure appeared on the site "http://jl.chura.pl/rc/" but I never entered this site.

After that I ran my HijackThis and saved the log.

I hope You can help me to solve my problem.
Thank you very much...

Here is my hijacklog:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:06, on 13.03.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\ico.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CyberLink\InstantBurn\Win2K\IBurn.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Razer\Diamondback\razerhid.exe
C:\Program Files\Razer\Diamondback\razerofa.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ArcorOnline\AOButler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Personalisierte Startseite
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = DSL Flatrate, DSL Tarife, DSL Angebote von Arcor
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = DSL Flatrate, DSL Tarife, DSL Angebote von Arcor
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = DSL Flatrate, DSL Tarife, DSL Angebote von Arcor
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = DSL Flatrate, DSL Tarife, DSL Angebote von Arcor
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = DSL Flatrate, DSL Tarife, DSL Angebote von Arcor
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = DSL Flatrate, DSL Tarife, DSL Angebote von Arcor
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = DSL Flatrate, DSL Tarife, DSL Angebote von Arcor
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [InstantBurn] C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback\razerhid.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - Startup: Product Registration.lnk = C:\Users\Marcolinho\AppData\Local\Temp\is-KV5B6.tmp\ATR1.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Users\Marcolinho\Dateien\Anwendungen\Internet\I CQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Users\Marcolinho\Dateien\Anwendungen\Internet\I CQ6.5\ICQ.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8CC12B6-A73F-4265-9C8C-66D3ECF97B41}: NameServer = 195.50.140.114 195.50.140.252
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_80034f72\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8438 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 14-03-2009, 03:57 AM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: JS/Generic Exploit.j and Generic Downloader.X Problem
Some or most of your issues are related to JAVAScript (JS) based malware.



Verify your current running JAVA Version and install the latest version, if not present:
Verify Java Version


Download the latest version of Java Runtime Environment (JRE) 6.0 Update 12 or higher, and install it to your computer.

New Version should then show as:
Quote:
java version "1.6.0_12" or higher
  • START-> RUN-> cmd
  • copy & paste the following text and hit Enter key:
    JAVA –VERSION





Older JAVA versions have vulnerabilities that malware can and are using to infect systems.

Please follow these steps to remove older version Java components.
  • Close any programs you may have running, ESPECIALLY your web browser
  • Click Start > Control Panel.
  • Click Add/Remove Programs.
  • Check any item with Java Runtime Environment (JRE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove all versions of Java.
  • Reboot your computer once all OLDER Java components are removed.






Note: It may be necessary to download the following tool and/or update it from another PC, and possibly give it a new name (rename it), e.g.:

needed_scan.exe



* Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • Run the scan in SAFEMODE (tapping the F8 key on bootup), if necessary.
  • If an update is found, it will download and install the latest version.
  • If you encounter any problems while downloading the updates, manually download them from HERE and just double-click on mbam-rules.exe to install.
  • Once the program has loaded, you can initially select the often highly productive "Perform Quick Scan", then click Scan.
    ….. AND/OR go straight to the longer but more comprehensive scan:
  • It is also highly advisable to run the longer ”Full Scan” in addition to the above scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked , and click Remove Selected.
  • When disinfection is completed , a log will open in Notepad and you may be prompted to Restart(See Extra Note).
  • A run log is automatically saved by MBAM and can be viewed by clicking the Logs TAB in MBAM.
  • Copy&Paste the entire report(s) in your next reply along with a fresh HijackThis log.
  • Please post any current revised observations.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



Let us see/review what is loaded on your PC:
  • Run HijackThis and Click Main Menu
  • Click Open the Misc Tools section button.
  • Then click the Open Uninstall Manager… button.
  • Click the Save list… button. Save uninstall_list to your desktop.

  • Open the Uninstall list file and post in your next reply, please.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 14-03-2009, 05:39 PM
Newbie
D-A-L Newbie
  
Join Date: Mar 2009
Posts: 4
Marcolinho Is a beginner here at D-A-L
Re: JS/Generic Exploit.j and Generic Downloader.X Problem
Hi VopThis
I am really grateful for trying to help me and spending your time for thinking about my problem but the problem still exists.

At first I successfully installed the newest version of Java and removed the old one from my computer.
After that I installed MBAM and ran the "Full Scan" but the program didn't find any infected files or something.
Here is the mbam-log:

Malwarebytes' Anti-Malware 1.34
Database version: 1848
Windows 6.0.6001 Service Pack 1

14.03.2009 12:17:04
mbam-log-2009-03-14 (12-17-04).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 290697
Time elapsed: 1 hour(s), 9 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I don't know if it's a good or bad sign that mbam didn't find a problem and I hope you or anyone else has another idea how I can solve my problem.

oh yes here is the uninstall-list you mentioned:

3DMark Vantage
7-Zip 4.57
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9 - Deutsch
AGEIA PhysX v7.07.09
AnyDVD
Assassin's Creed
ATI Catalyst Control Center
ATITool Overclocking Utility
Azureus
BD/HD Advisor 1.0
BioShock
Browser Address Error Redirector
Call of Duty(R) - World at War(TM)
Call of Duty(R) 4 - Modern Warfare(TM)
Catalyst Control Center - Branding
Compatibility Pack für 2007 Office System
Conflict Denied Ops
Crysis(R)
CyberLink InstantBurn
CyberLink PowerDVD
Dead Space™
Deinstallation der Arcor Online Software
Dell Handbuch zum Einstieg
Dell Resource CD
Dell Support Center (Support Software)
Der Herr der Ringe® - Die Eroberung™
DiRT
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
EDocs
Ein Quantum Trost(TM)
Empire Earth III
EVEREST Home Edition v2.20
F.E.A.R. 2: Project Origin
Fallout 3
Far Cry 2
FEAR
Futuremark SystemInfo
GameShadow
GRID
Hervorhebe-Funktion (Windows Live Toolbar)
Hi-Def Suite
HijackThis 2.0.2
ICQ6.5
Intel® Matrix Storage Manager
InterVideo FilterSDK for Hauppauge
Java(TM) 6 Update 12
Juiced2_HIN
Just Cause 1.00.0000
LabelPrint
LG ODD Auto Firmware Update
LightScribe Optical Disc Kit
Malwarebytes' Anti-Malware
McAfee VirusScan Enterprise
Medal of Honor Airborne
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mouse Suite for Desktop Computers
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB954430)
Need for Speed™ Most Wanted
Need for Speed™ Undercover
Nero 9
neroxml
OpenAL
Power2Go 5.0
PowerBackup
PowerISO
PowerProducer
Prince of Persia
PunkBuster Services
Pure
Quake 4(TM)
Razer Diamondback
S.T.A.L.K.E.R. - Shadow of Chernobyl
Secret Service
ShaunWhiteSnowboarding
Shellshock 2
SL-6555-SBK
Smart Menus (Windows Live Toolbar)
Steam
SUPERAntiSpyware Free Edition
The Battle for Middle-earth (tm) II
Tom Clancy's EndWar
Tom Clancy's H.A.W.X Demo
Tom Clancy's Rainbow Six Vegas
Tom Clancy's Rainbow Six Vegas 2
Tomb Raider: Underworld 1.0
VC80CRTRedist - 8.0.50727.762
VTPlus32 für WinTV (German)
Windows Live Anmelde-Assistent
Windows Live Favorites für Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
Windows Media Player Firefox Plugin
WORLD IN CONFLICT


I hope it helps you finding something..

thank you.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 14-03-2009, 06:58 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: JS/Generic Exploit.j and Generic Downloader.X Problem
Quote:
I don't know if it's a good or bad sign that mbam didn't find a problem
Certainly, that is good news.



Run the following scan to determine if your critical updates are all current (report header top right – Microsoft Security Updates - Up-to-date??). Follow the links as appropriate to resolve any missing updates:


Belarc Advisor - Free Personal PC Audit

Belarc Advisor - Free Personal PC Audit





Run the following scans:

Clean out TEMPORARY FILES procedures:
To clean your temp folder, recycle bin, etc..please download this free tool:

CCleaner CCleaner - Download

Install Options:
  • Don't install any Toolbars, or other programs, should it ask you!
  • Just uncheck the option of installing the Yahoo toolbar.

It will put a shortcut on your Desktop.

Do not run CCleaner until requested later.



Run CCleaner preferably in SAFE MODE (reboot tapping the F8 key after the beep).

Select the ‘Options’ BUTTON option (top LEFT), ‘Advanced’ BUTTON, and then UNCHECK the ‘Only delete files in Windows Temp Folders older than 48 hours’ (often, the latest download traffic could be the bearer of bad content – RESET back to default after this particular cleaning).

Select the ‘Cleaner’ BUTTON option (top LEFT), if not already selected. Use the ’Windows’ TAB up front by default.
  • Uncheck ‘Cookies’ option (advisable)
  • Optionally, Uncheck ‘Recently Typed URLs’ option (potentially still useful)
  • Click the ‘Analyse’ button.
  • Thereafter, click ‘Run Cleaner’ after you have reviewed what it proposes to clean.



Please do an online scan (scan only tool) with Kaspersky WebScanner
[Internet Explorer required]


Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      - Extended (if available otherwise Standard)
    • Scan Options:
      - Scan Archives
      - Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



Post your latest HJT LOG and any additional observations.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 15-03-2009, 01:01 AM
Newbie
D-A-L Newbie
  
Join Date: Mar 2009
Posts: 4
Marcolinho Is a beginner here at D-A-L
Re: JS/Generic Exploit.j and Generic Downloader.X Problem
Hello again.

The belarc advisor told me that no updates are missing.
Then I ran the ccleaner as you pointed out in your message.
And here are the information of the kaspersky online scanner:

KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, March 15, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, March 14, 2009 18:48:54
Records in database: 1902519
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 212924
Threat name: 1
Infected objects: 68
Suspicious objects: 0
Duration of the scan: 02:35:19


File name / Threat name / Threats count
C:\ATI\SUPPORT\8-11_vista32-64_ccc_lang2_70231\Bin\InstallManagerApp.exe Infected: Virus.Win32.Virut.ce 1
C:\ATI\SUPPORT\8-11_vista32-64_ccc_lang2_70231\Bin64\InstallManagerApp.exe Infected: Virus.Win32.Virut.ce 1
C:\ATI\SUPPORT\8-12_vista32-64_ccc_lang2_72277\Bin\InstallManagerApp.exe Infected: Virus.Win32.Virut.ce 1
C:\ATI\SUPPORT\8-12_vista32-64_ccc_lang2_72277\Bin64\InstallManagerApp.exe Infected: Virus.Win32.Virut.ce 1
C:\ATI\SUPPORT\8-12_vista32_dd_72275\Bin\InstallManagerApp.exe Infected: Virus.Win32.Virut.ce 1
C:\ATI\SUPPORT\8-12_vista32_dd_ccc_wdm_enu_72275\Driver\Bin\Install ManagerApp.exe Infected: Virus.Win32.Virut.ce 1
C:\ATI\SUPPORT\8-12_vista64_dd_72276\Bin64\InstallManagerApp.exe Infected: Virus.Win32.Virut.ce 1
C:\DELL\docs\EDocs.exe Infected: Virus.Win32.Virut.ce 1
C:\DELL\docs\EDocs32.exe Infected: Virus.Win32.Virut.ce 1
C:\DELL\dscstart.exe Infected: Virus.Win32.Virut.ce 1
C:\Drivers\audio\R190321\idt64mp1.exe Infected: Virus.Win32.Virut.ce 1
C:\Drivers\audio\R190321\idtmini1.exe Infected: Virus.Win32.Virut.ce 1
C:\Drivers\audio\R190321\stacsv64.exe Infected: Virus.Win32.Virut.ce 1
C:\Drivers\audio\R190321\sttray64.exe Infected: Virus.Win32.Virut.ce 1
C:\Drivers\audio\R190321\suhlp.exe Infected: Virus.Win32.Virut.ce 1
C:\Drivers\audio\R190321\suhlp64.exe Infected: Virus.Win32.Virut.ce 1
C:\Program Files\WinTV\pnpscan.exe Infected: Virus.Win32.Virut.ce 1
C:\Program Files\WinTV\Scheduler\uniSCHED.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Assassin's Creed\AssassinsCreed_Dx10.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Assassin's Creed\AssassinsCreed_Dx9.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Assassin's Creed\Detection\Detection.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Call of Duty 4 - Modern Warfare\iw3mp.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Call of Duty 4 - Modern Warfare\Mods\ModWarfare\7za.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Conflict Denied Ops\ConflictDeniedOps.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Empire Earth III\MCELauncher.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\F.E.A.R\config.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\F.E.A.R\FEARServer.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\F.E.A.R\fpupdate.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Far Cry 2\bin\FC2BenchmarkTool.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Far Cry 2\bin\FC2Editor.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Far Cry 2\bin\FC2ServerLauncher.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\GRID\GRID.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Just Cause\JCSetup.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Medal of Honor Airborne\Support\Medal of Honor Airborne_code.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Medal of Honor Airborne\Support\Medal of Honor Airborne_uninst.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Need for Speed Most Wanted\eauninstall.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Need for Speed Most Wanted\safemode_inst.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Need for Speed Most Wanted\shell_inst.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Need for Speed Most Wanted\Support\EasyInfo.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Need for Speed Most Wanted\Support\EReg.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Need for Speed Most Wanted\Support\Need for Speed Most Wanted_code.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Need for Speed Most Wanted\Support\Need for Speed Most Wanted_uninst.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Need for Speed Undercover\setup.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Need for Speed Undercover\Support\EAregister.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Prince of Persia\PrinceOfPersia_Launcher.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Prince of Persia\Support\Detection\Detection.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Pure\Originale EXE\Pure.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Pure\Pure.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Quake 4\Quake4.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Quake 4\Quake4Ded.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Rainbow Six Vegas 2\Binaries\RainbowSixVegas2_SADS.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\The Battle for Middle-earth (tm) II\eauninstall.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\The Battle for Middle-earth (tm) II\extra_uninst.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\The Battle for Middle-earth (tm) II\lotrbfme2.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\The Battle for Middle-earth (tm) II\LotRIcon.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\The Battle for Middle-earth (tm) II\Support\EasyInfo.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\The Battle for Middle-earth (tm) II\Support\EReg.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\The Battle for Middle-earth (tm) II\Support\The Battle for Middle-earth II_code.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\The Battle for Middle-earth (tm) II\Support\The Battle for Middle-earth II_uninst.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\The Battle for Middle-earth (tm) II\Worldbuilder.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Tom Clancy's Rainbow Six Vegas\Binaries\Alte EXE\R6Vegas_Game.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Tom Clancy's Rainbow Six Vegas\Detection\detectionui_r.exe Infected: Virus.Win32.Virut.ce 1
C:\Users\Marcolinho\Games\Tom Clancy's Rainbow Six Vegas\Register\RegistrationReminder.exe Infected: Virus.Win32.Virut.ce 1

The selected area was scanned.

(I have no idea why most of my games are shown as infected but i suppose you know it better than me.)

Here is the hijacklog of the scan I made after the actions above:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:47:04, on 15.03.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\ico.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CyberLink\InstantBurn\Win2K\IBurn.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Razer\Diamondback\razerhid.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Razer\Diamondback\razerofa.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ArcorOnline\AOButler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Personalisierte Startseite
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = DSL Flatrate, DSL Tarife, DSL Angebote von Arcor
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = DSL Flatrate, DSL Tarife, DSL Angebote von Arcor
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = DSL Flatrate, DSL Tarife, DSL Angebote von Arcor
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = DSL Flatrate, DSL Tarife, DSL Angebote von Arcor
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = DSL Flatrate, DSL Tarife, DSL Angebote von Arcor
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = DSL Flatrate, DSL Tarife, DSL Angebote von Arcor
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = DSL Flatrate, DSL Tarife, DSL Angebote von Arcor
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [InstantBurn] C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback\razerhid.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Product Registration.lnk = C:\Users\Marcolinho\AppData\Local\Temp\is-KV5B6.tmp\ATR1.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Users\Marcolinho\Dateien\Anwendungen\Internet\I CQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Users\Marcolinho\Dateien\Anwendungen\Internet\I CQ6.5\ICQ.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8CC12B6-A73F-4265-9C8C-66D3ECF97B41}: NameServer = 195.50.140.114 195.50.140.252
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_80034f72\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8707 bytes


I hope there is anything new you can find and hopefully something good you can tell me.

Oh yes I thought it could perhaps be useful for you to post the path of one of the virus files my virus scanner detects all the time:

C:\Users\Marcolinho\AppData\Local\Microsoft\Window s\Temporary Internet Files\Content.IE5\JIGAQ15E\rc[1].htm

This is just one example for a path.
I already tried to delete the folder these files were in but every time I access to the internet the folders are written new an sometimes with another name.
Another one would be:

C:\Users\Marcolinho\AppData\Local\Microsoft\Window s\Temporary Internet Files\Content.IE5\GMNX88MM\rc[1].htm

perhaps this is interesting for you.

I'm looking forward to hearing from you.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 15-03-2009, 01:25 AM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: JS/Generic Exploit.j and Generic Downloader.X Problem
The virus (Virus.Win32.Virut.ce) appears to have systematically infected 68 once legitimate objects. If you were to disable or temporarily uninstall McAfee and install Kaspersky trial you may still not get a complete cleanup - but you could try if you want:


BleepingComputer.com > virus.win32.virut.ce
Quote:
My question is, should I spend time tryin to clean this up or just try to back up some data using a pe boot disc and reformat? From looking online about this virus it isn't very nice but hoping someone with more experience could shed some light on this for me.
I ended up trying to clean my thumb drive using the Kaspersky av for Windows7 only because I didn't want to infect any other computers with these viruses.
Virus.Win32.Virut.ce - Google Search
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 15-03-2009, 05:48 PM
Newbie
D-A-L Newbie
  
Join Date: Mar 2009
Posts: 4
Marcolinho Is a beginner here at D-A-L
Re: JS/Generic Exploit.j and Generic Downloader.X Problem
After uninstalling McAfee and installing the Kaspersky trial I ran the full system scan.
All in all aproximately 150 viruses were detected which were all located in different exe files.
Most of them were cleaned but the problem is still existing.

I think a virus also infected the exe file of the program (arcor onlinebutler) for accessing to the internet, because kaspersky detects a download of a trojan which it directly stops.

Do you have any advise for me how I could clean my system?
Or would be back-up and re-format the best choice?

Perhaps this hijacklog of the scan after the kaspersky scan helps you to find anything:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:45:14, on 15.03.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\ico.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\CyberLink\InstantBurn\Win2K\IBurn.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Razer\Diamondback\razerhid.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Razer\Diamondback\razerofa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\ArcorOnline\AOButler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Personalisierte Startseite
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = DSL Flatrate, DSL Tarife, DSL Angebote von Arcor
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = DSL Flatrate, DSL Tarife, DSL Angebote von Arcor
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = DSL Flatrate, DSL Tarife, DSL Angebote von Arcor
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = DSL Flatrate, DSL Tarife, DSL Angebote von Arcor
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = DSL Flatrate, DSL Tarife, DSL Angebote von Arcor
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = DSL Flatrate, DSL Tarife, DSL Angebote von Arcor
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = DSL Flatrate, DSL Tarife, DSL Angebote von Arcor
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [InstantBurn] C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback\razerhid.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Product Registration.lnk = C:\Users\Marcolinho\AppData\Local\Temp\is-KV5B6.tmp\ATR1.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Users\Marcolinho\Dateien\Anwendungen\Internet\I CQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Users\Marcolinho\Dateien\Anwendungen\Internet\I CQ6.5\ICQ.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8CC12B6-A73F-4265-9C8C-66D3ECF97B41}: NameServer = 195.50.140.114 195.50.140.252
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA ~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_80034f72\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8334 bytes


I don't think it's helping you but I hope so..
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 16-03-2009, 04:57 AM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: JS/Generic Exploit.j and Generic Downloader.X Problem
Quote:
Do you have any advise for me how I could clean my system?
Or would be back-up and re-format the best choice?
As you have seen, the virus infects random EXEs and the prospects for getting this completely cleaned up are likely slim. You best guide is if there are still double digit new infected items still to be found on yet another Kaspersky scan.


Ultimately, you should prepare for a re-format.


Nevertheless, you could also try the following:

SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

O4 - Startup: Product Registration.lnk = C:\Users\Marcolinho\AppData\Local\Temp\is-KV5B6.tmp\ATR1.exe

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.



REBOOT.


DELETE FILES:

C:\Users\Marcolinho\AppData\Local\Temp\is-KV5B6.tmp\ATR1.exe




Next try a different, but online, scan tool:

Free ESET Online Antivirus Scanner



If there are only a few remaining items, you may be able to identify another tool that may be able to help you. Submit such files to:

VirusTotal - Free Online Virus and Malware Scan
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
[Active] adware generic 4 problem, POP up viruses on my computer! stalker93 Spyware, Adware, Viruses and HijackThis Logs 18 26-07-2009 02:28 AM
[Resolved]Pls help me with this hijackthis log (adware generic 4 problem) ganghao Spyware, Adware, Viruses and HijackThis Logs 11 19-05-2009 07:00 AM
hijack log / generic downloader.x problem peeeet Spyware, Adware, Viruses and HijackThis Logs 5 02-03-2009 10:01 PM
Generic host for win32 processes problem. DylanBurnett Windows XP Help 9 26-05-2005 12:23 AM


All times are GMT +1. The time now is 08:01 PM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav