Home > General > Trojan-Downloader.JS.ListensEvent.b

Trojan-Downloader.JS.ListensEvent.b

Quote: ComboFix downloaded the windows system recovery thingy that gives me an option at bootup to recover the system. I've scanned with Malwarebytes twice in the last 24 hours and it did not find this . My system seems alot better, but I've still got the redirect issue in internet explorer. uStart Page = hxxp://www.google.ca/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe . - - - - ORPHANS REMOVED - - - - Notify-ACNotify - ACNotify.dll Notify-NavLogon - http://wpquickadminthemes.com/general/trojan-downloader-gen.html

Submit a sample to our Labs for analysis Submit Sample Give And Get Advice Give advice. PE file found in sector at 0x04A81809 ! I'm afraid to open taskmgr in case that's considered interrupting... 0 Prev Page 2 of 4 1 2 3 4 Next Back to Virus, Spyware, Malware Removal · Next Unread Topic Not someone who plays with it. – Will Smith Back to top #9 marketboom marketboom Members 1 posts OFFLINE Local time:09:04 AM Posted 13 July 2009 - 02:07 PM Hey https://www.bleepingcomputer.com/forums/t/240724/trojan-downloaderjslistenseventb/

Technical Details Technically. DDS (Ver_11-03-05.01) - NTFSx86 Run by hw at 20:20:53.60 on Sun 12/22/2013 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.25.2 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1753 [GMT -5:00] . Now what? 12-03-2009, 09:50 PM #3 Ried AdministratorManagement Team, Security Center & TSF Academy Expert Analyst, Moderator, Security Team Rangemaster, Moderator, TSF Academy Join Date: Jan 2005 When activated, it downloads an EXE file from a website and saves it into the root directory of the C: drive.

Follow the prompts. Here is the log: ComboFix 13-12-24.02 - hw 12/25/2013 0:14.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1489 [GMT -5:00] Running from: c:\users\hw\Desktop\ComboFix.exe AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730} FW: ZoneAlarm SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\sondra\Desktop\SDFix.exe;Tool.Prockill;; SDFix.exe;C:\Documents and Settings\sondra\Desktop;Archive contains infected objects;; SmitfraudFix.exe\SmitfraudFix\Process.exe;C:\Documents and Settings\sondra\My Documents\Downloads\SmitfraudFix.exe;Tool.Prockill;; SmitfraudFix.exe\SmitfraudFix\restart.exe;C:\Documents and Settings\sondra\My Documents\Downloads\SmitfraudFix.exe;Tool.ShutDown.14;; SmitfraudFix.exe;C:\Documents and Settings\sondra\My Documents\Downloads;Archive contains infected objects;; Process.exe;C:\Program Files\Mozilla Firefox\SmitfraudFix;Tool.Prockill;; restart.exe;C:\Program Files\Mozilla Firefox\SmitfraudFix;Tool.ShutDown.14;; Process.exe;C:\SDFix\apps;Tool.Prockill;; this happens with the online scanner, "may be" because they(generally all av companys) keep the virus definitions of their online scanner to be light.

Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.Please download DrWeb-CureIt and save it to your desktop. Restart Firefox when done. Should I: a) let this scan finish, and then scan again with Computer, b) let this scan finish, and then scan again with Computer, c) let this scan Attached and below is the information you asked for. # AdwCleaner v3.016 - Report created 23/12/2013 at 19:06:54 # Updated 23/12/2013 by Xplode # Operating System : Windows Vista

Please re-enable javascript to access full functionality. If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. Go back to the BitDefender QuickScan page again and click on Free Scan Now and proceed accordingly. Click on the Scan button.

If you’re using Windows XP, see our Windows XP end of support page. DDS (the attach zip is attached): DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16526 BrowserJavaVersion: 10.25.2 Run by hw at 15:13:57 on 2013-12-26 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1951 [GMT -5:00] should an overheated computer be... original MBR restored successfully ! 12-04-2009, 10:43 AM #8 GrumpyDad Registered Member Join Date: Dec 2009 Posts: 16 OS: win xp I've run the look.bat as per your

A Software Installation window will appear. http://wpquickadminthemes.com/general/trojan-downloader-conhook.html Username or email: I've forgotten my password Forum Password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Community Forum After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically. It's 100% free.

could that be related, or is it supposed to show 3 when I have 4?Here's the OTL log:OTL logfile created on: 08/04/2011 9:42:37 PM - Run 2OTL by OldTimer - Version Register now! Attached Files ark.txt (63.3 KB, 25 views) 12-04-2009, 02:56 PM #11 Ried AdministratorManagement Team, Security Center & TSF Academy Expert Analyst, Moderator, Security Team Rangemaster, Moderator, TSF Academy have a peek here Not someone who plays with it. – Will Smith Back to top #14 muzzles muzzles Topic Starter Members 261 posts OFFLINE Gender:Male Local time:10:04 AM Posted 19 July 2009 -

uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6843 BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll Next steps? The time now is 07:04 AM. -- Mobile_Default -- TSF - v2.0 -- TSF - v1.0 Contact Us - Tech Support Forum - Site Map - Community Rules - Terms of

I attempted to close any processes that looked like they belonged to AVG.

Then I tried google.com again and it went there (actually to google.ca, but I think that's understandable, since I'm in Canada).So it's better, but I'm not convinced it's completely clean yet...I hw attach.zip 2.38KB 43 downloads Back to top #10 jeffce jeffce Malware Guy Authentic Member 8,693 posts Posted 26 December 2013 - 07:47 PM Hi, Thanks for letting me know. WDS and DHCP settings Chromium and XP with SP3 Introduction Does Cat5 Cable break down over... » Site Navigation » Forum> User CP> FAQ> Support.Me> Steam Error 118> 10.0.0.2> Trusteer Endpoint Error Type: MyBB Error (40) Error Message: Your board has not yet been installed and configured.

Use: "mbr.exe -f" to fix. 12-04-2009, 09:17 AM #5 GrumpyDad Registered Member Join Date: Dec 2009 Posts: 16 OS: win xp I've not yet followed the instructions to Click on Free Scan Now again and proceed accordingly. The downloaded file is then run. http://wpquickadminthemes.com/general/trojan-downloader-gen-inst2.html What do I do? 0 user(s) are reading this topic 0 members, 0 guests, 0 anonymous users Reply to quoted postsClear BleepingComputer.com → Security → Am I infected?

C:\install.exe c:\users\hw\AppData\Local\assembly\tmp c:\windows\system32\drivers\etc\hosts.ics D:\Autorun.inf . Click Start When asked, allow the activex control to install Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked. AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D} FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B} . ============== Running Processes =============== . I goofed.