TechSpot

HJT log-malware infection,hidden ADS parsing posts!

By holdenyosarian
Feb 27, 2007
  1. Accidentally connected while ZL suite was off, picked something up:
    turned ZL back on- warnings from Zl and win.
    Zl- "Services and Controller is trying to open/unload/alter driver"- "driver" was "klm1"-never appeared before.
    When refused, win alert-"the ordinal 110 could not be located in the dynamic link library SSLEAY32.dll"
    when I initially ran a full scan (post exposure)-scan discontinued before completion.
    However, accidentally clicked "ALLOW" on ZL "Allow or deny driver to unload!!!!
    HJT found three ADS- two are "invisible" (don't appear in supposed folder)-AND the files ARE PARSING MY POSTS!!!...
    In other words, I tried to report above to another help site,but
    instead of the name of the folder appearing as I typed it...IT DROPPED THE
    FIRST LETTER, REPLACING IT WITH A GREEN SMILEY FACE! (posted twice, to make sure it wasn't typo).
    was told not to delete ADS until I determined funtion..but why on earth would anything necessary prevent reporting it by name?!?!?
    here are the ADS:
    C:\Documents and Settings\All Users\Application Data\TEMP...then the file
    "D"...is the first letter..followed by "FC5A2B2"...(118 bytes)
    This appears twice on the HJT ADS scan, as well as...
    C:\Documents and Settings\HP_Adminstrator\Favorites\Ancestry.com-SSmithe.url:favicon (9062 bytes)

    What is the TEMP file? Is there any reason I shouldn't assume it's malicious?
    Should I expect HJT to remove the threat completely (by using the "Remove Selected" function?

    What should be done about the unloaded "klm1" driver?
    Is it related to the ADS?

    THANKS!!
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.

    Regards Howard :wave: :wave:

    This thread is for the use of holdenyosarian only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...