Kaspersky online scanner Finds 1 Threat and 3 Objects

[hikerbear]

Hi All;

Kaspersky's Free On Line Scanner found 1 threat and three objects.
The threat, Trojan-Spy.HTML.Bankfraud.sv is in 3 places on my
External USB drive and have been there for some time.
The .pcv extentions are from aThunderbird backup program, MozBackup.

I have tried Kaspersky's scanner, my own Avira Antivir, Spyware Doctor and
a few others - nothing. Google comes up with almost northing. I've attached
the log file.

Before I put my mind totally to rest I thought I would check here. I've been through
AV Pre-Flight- all negative. Thanks for any thoughts and/or suggestions.

 

[xxdanielxx]

download SDFix from the link below to your desktop then run it SDFix will create a folder in your C drive boot into safe mode and go to C:\SDFix and run --->RunThis.bat. Post the log it creates here. to boot into safe mode reboot computer and start tapping the F8 key until you get to a menu select safe mode. Please post a fresh hijackthis log after running the software

SDFix:
http://www.bleepingcomputer.com/files/sdfix.php

Also * Click here to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Doubleclick on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Hijack This.
• Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
• Put a check by Create a desktop icon then click Next again.
• Continue to follow the rest of the prompts from there.
• At the final dialogue box click Finish and it will launch Hijack This.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

 

[hikerbear]

Ok xx,

Will do that now.

 

[hikerbear]

If SDFix creates a log, do you wish to have included rather than attached?

R.

 

[xxdanielxx]

attached is fine

 

[hikerbear]

SDFix and HJT logs

Hi;

Have done as you advised and have attached both logs.

SDFix went quite fast and I didn't catch all the messages- between reboots was one about "Protection hosts files such as MU......." and it finished.

I look foward to what you think.

Oh-- There is no B: drive, just C: and E:

 

[xxdanielxx]

where are the logs?

 

[hikerbear]

Logs

Hang with me- Don't know- they looked attached. I'll try again.

 

[hikerbear]

SDFix and HJT Logs

Here we go again.

I guess you have to remember to hit UpLoad

 

[hikerbear]

Hi;
I guess you went off somewhere. I'll give it a little bit and then look for you later.
Sorry 'bout the logs.

 

[hikerbear]

Hi;
I see someone is reading the post- so I'll stick around for a bit.

 

[hikerbear]

Hi;
The logs are there.
Hope you haven't given up on me.

 

[xxdanielxx]

Your logs look clean is your computer running better

 

[hikerbear]

Seems better

Hi;
Yes, it seems better. What did SDFix do? Really would like to know- if you have time.

And many thanks for your help

 

[xxdanielxx]

SDFix is a program written by AndyManchesta that can remove many different types of Trojans and Worms

 

[hikerbear]

Thanks

You and Andy certainly helped me and I appreciate your time.

 

[xxdanielxx]

oh almost forgot one more thing

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• 
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

• 1. Turn off System Restore.
  • On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.
  2. Restart your computer.
  
  3. Turn ON System Restore.
  • On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    UN-Check Turn off System Restore.
    Click Apply, and then click OK.

System Restore will now be active again.