momok
Posts: 2,127 +6
Hi,
lately I was surfing on the internet when a random dialog from my SpyBot SSD and Ad aware popped up to ask for permission to allow the addition of the entry 'rundl132.exe' and 'load'. My ZL firewall asked me for internet access permission for a program 'logo1_.exe'. I found this extremely disturbing and denied all access. Thereafter I conducted a series of checks on processes and system scans using all my programs (Ad aware, SpyBot, HijackThis, AVG Anti-Spyware 7.
The scans on Ad aware and spybot did not turn up anything, except for 1 or 2 random tracking cookies on ad aware which I removed. The scan on AVG revealed a series of malware:
Worm.Viking.ix
Trojan.WOW.qa
Trojan.OnLineGames.lc
byetmr.exe -> Trojan.WOW.ec
TrackingCookie.Burstnet
Worm.Viking.jr
I promptly cleaned them all up. I fixed the suspicious entries on my HijackThis too.
I did a forum search here for these files, and thereafter found Logo1_.exe, rundl132.exe in C:\windows and C:\windows\uninstall respectively. I deleted both files and the 'uninstall' folder.
I did another scan on AVG and nothing turned up. I thought that was the end of my problems and nothing else happened for the rest of the night. However, the next day when I reboot my laptop, the same programs came up again requesting to add registry values.
I have no idea what is going on, been running AVG a few times and repeating this whole process 3 or 4 times already. Apparently the problems only resurface after sometime from the last cleaning when I think they're gone and I go on about my business.
I have posted the following files.
AVG:
"AVG 1st Scan.txt" - the first time I scanned after discovering the weird problems
"AVG latest scan.txt" - the scan that I just did after discovering for the 3rd/4th? time the problem is still there
"AVG latest rescan after cleaning.txt" - a rescan I did right after "AVG latest scan.txt" and cleaning. The last scan I've done so far.
"HijackThis.log" latest scan on hijack this.
Sorry if this seems a little paranoid. I don't know when the problems will resurface again, so I decided to post these logs when I've just finished my own round of cleaning to ask for help to see if there was anything I left out.
Thanks guys!
PS im going to do one more rescan on AVG after this to see if anything comes up.
<edit>
ar har. something came up in AVG.
I've replaced the first hijackthis.log because I've hit the 5 file limit =p
Also added the latest AVG log together. "AVG latest scan.txt"
lately I was surfing on the internet when a random dialog from my SpyBot SSD and Ad aware popped up to ask for permission to allow the addition of the entry 'rundl132.exe' and 'load'. My ZL firewall asked me for internet access permission for a program 'logo1_.exe'. I found this extremely disturbing and denied all access. Thereafter I conducted a series of checks on processes and system scans using all my programs (Ad aware, SpyBot, HijackThis, AVG Anti-Spyware 7.
The scans on Ad aware and spybot did not turn up anything, except for 1 or 2 random tracking cookies on ad aware which I removed. The scan on AVG revealed a series of malware:
Worm.Viking.ix
Trojan.WOW.qa
Trojan.OnLineGames.lc
byetmr.exe -> Trojan.WOW.ec
TrackingCookie.Burstnet
Worm.Viking.jr
I promptly cleaned them all up. I fixed the suspicious entries on my HijackThis too.
I did a forum search here for these files, and thereafter found Logo1_.exe, rundl132.exe in C:\windows and C:\windows\uninstall respectively. I deleted both files and the 'uninstall' folder.
I did another scan on AVG and nothing turned up. I thought that was the end of my problems and nothing else happened for the rest of the night. However, the next day when I reboot my laptop, the same programs came up again requesting to add registry values.
I have no idea what is going on, been running AVG a few times and repeating this whole process 3 or 4 times already. Apparently the problems only resurface after sometime from the last cleaning when I think they're gone and I go on about my business.
I have posted the following files.
AVG:
"AVG 1st Scan.txt" - the first time I scanned after discovering the weird problems
"AVG latest scan.txt" - the scan that I just did after discovering for the 3rd/4th? time the problem is still there
"AVG latest rescan after cleaning.txt" - a rescan I did right after "AVG latest scan.txt" and cleaning. The last scan I've done so far.
"HijackThis.log" latest scan on hijack this.
Sorry if this seems a little paranoid. I don't know when the problems will resurface again, so I decided to post these logs when I've just finished my own round of cleaning to ask for help to see if there was anything I left out.
Thanks guys!
PS im going to do one more rescan on AVG after this to see if anything comes up.
<edit>
ar har. something came up in AVG.
I've replaced the first hijackthis.log because I've hit the 5 file limit =p
Also added the latest AVG log together. "AVG latest scan.txt"