Spyware problem c:\windows\wml.exe and trojandownloader.xs

[rolando_romp]

Hi there,
I keep getting popups one is Red that I am infected with windows .wml.exe abebot and another popup is Trojan xs downloader

then on the sytem tray. i have a yellow triangle then it pops up that my computer is seruiously infected. run scan now.

please help

 

[rolando_romp]

i also have that xp antivirus

 

[kritius]

Download and Install SuperAntiSpyware Free

• Launch SuperAntiSpyware
• Click Check for Updates and update to the latest definitions.
• Click Scan your Computer
  • Check all boxes in the Scan Location box.
  • Check the Complete Scan radio button.
  • Click Scanning Preferences/Control Centre button.
    • Uncheck Ignore files larger than 4MB (recommended)
    • Check Scan Alternate Data Streams.
    • Click Close.
  • Click Next
• SuperAntiSpyware will now scan your computer for infection. (This could take in excess of an hour depending on the number of files scanned)
• When finished it will present you with a summary of its findings.
• Click OK.
• The Removal Screen will open.
  • Check the items in the list to mark them for Quarantine.
  • Click Next and SAS will Quarantine them.

Please send me the log.

• Click the Preferences button.
  • Click the Statistics/Logs tab.
    • Logs are listed by date and time, click on the latest one to highlight it (at the top).
    • Click View log.
  • This will open a log page.
  • Attach it here please.

CAUTION: SuperAntiSpyware comes with a programme called Bootsafe, do not for any reason use this programme, if used on an infected computer it could render it UNBOOTABLE.

Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please Attach the log into your next reply.
• If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Download and Run ComboFix

• Download this file to your desktop from either of the two below listed places :
  
  HERE or HERE
  
• Then double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Attach that log in your next reply

WARNING: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

[rolando_romp]

SUPERAntiSpyware Scan Log

Generated 04/23/2008 at 09:10 PM

Application Version : 4.0.1154

Core Rules Database Version : 3446
Trace Rules Database Version: 1438

Scan type : Complete Scan
Total Scan Time : 01:44:29

Memory items scanned : 869
Memory threats detected : 0
Registry items scanned : 8053
Registry threats detected : 2
File items scanned : 119971
File threats detected : 2

Adware.Tracking Cookie
C:\Users\roland\AppData\Roaming\Microsoft\Windows\Cookies\roland@2o7[2].txt
C:\Users\roland\AppData\Roaming\Microsoft\Windows\Cookies\roland@pc-antispyware[2].txt

Trojan.DNSChanger-Codec
HKU\S-1-5-21-1888220204-662823554-1505966377-1001\Software\uninstall

Rogue.PC-Antispyware
HKLM\Software\PC-Antispyware

 

[rolando_romp]

Malwarebytes' Anti-Malware 1.11
Database version: 672

Scan type: Full Scan (C:\|)
Objects scanned: 182713
Time elapsed: 2 hour(s), 3 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\OneMoreKey (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\roland\Desktopvirii (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\roland\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\roland\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\roland\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\roland\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\roland\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\roland\Desktopblackbird.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\roland\DesktopEditorFKWP1.5.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\roland\DesktopEditorFKWP2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\roland\Desktopfilemanagerclient.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\roland\Desktopfkwp1.5.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\roland\Desktopfkwp2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\roland\Desktopfwebd.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\roland\DesktopFWebdEditor.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\roland\DesktopTrojan.Win32.BlackBird.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

 

[rolando_romp]

i cant run combo fix my antivirus says its not safe i have mcafee, spyware doctor and avast the pop ups have stop are they gone i mean the spyware?

 

[kritius]

Disable your antivirus and get combofix downloaded, then disconnect from the internet and let it run. Also attach the documents rather than cutting and pasting them.

 

[hydrois2nice]

spyware

Hi Kritius,

I scanned my computer with SAS; i have attached the log

 

[hydrois2nice]

Hi Kritius,

I have attached the log from the Malwarebytes' Anti-Malware