Broadband Tech > Security > Security > @#&@$ Hijackers #2

@#&@$ Hijackers #2

That is the worst log I have ever seen. You need to scan your computer with a good Anti Virus.
--
Better to remain silent and be thought a fool, than to speak and remove all doubt.

reply to gardfield
At first the log was not so bad. It subsequently got worse.
I normally use Norton and I tried an on line scan on Symantec web page too.
No virus, no exit.
When the problem grew up, Spybot found a Klez virus (I deleted it, obviously).
After, no antivirus found anything (and so AdAware, CWShredder, Spywareguard, SpywareBlaster etc.)
Would you try by another antvirus?

Gardfield

reply to gardfield
This is not a virus, it is the newest Coolwebsearch hijack just discovered and no tool can fix it yet.

We have a tentative manual fix for XP and Win2k, but still working on the Win98 and ME. Hold on please until I can get more specific instructions for your operating system, meanwhile I'll look at your log and see what can be cleaned up.
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum
Proud Member of ASAP (Alliance of Security Analysis Professionals) »www.a-sap.org/

reply to gardfield
gardfield, what is your native language in case we need a translator? I can understand your English just fine. I don't know if you can understand my instructions, so please let us know if you can't.

Let's clean up some of these and see if we can narrow the list down to the actual current infection.

This hijacker creates two randomly named exe files and two randomly named dll files that protect each other (if one is deleted they will create a new one, which is why you see so many in your list). This is also running a service called Network Security Services and I do not know how to enable you to see that process to end it in WinME. but that is what we are looking for.

Scan with HijackThis and place an x next to these items, then press *fix checked*. Please go through the list carefully so that you do not accidentally checkmark an item that is not listed below since some of the files in your log are legitimate ones. The following are the bad ones, checkmark these and only these, then *fix checked*.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\jciav.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://jciav.dll/index.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://jciav.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\jciav.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://jciav.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\jciav.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\DOCUMENTI\2004\SPYWAREGUARD\DLPROTECT.DLL (file missing)

O2 - BHO: (no name) - {1D533677-6478-9DBE-8A8D-E743E69BF5FD} - C:\WINDOWS\SYSJS.DLL (file missing)

O2 - BHO: (no name) - {9B9EF254-3484-1BDC-7CB9-3403426F6C75} - C:\WINDOWS\SYSTEM\ADDET.DLL (file missing)

O2 - BHO: (no name) - {455B7C3B-BCAA-9FA5-A3E8-C0A5ABC09CDF} - C:\WINDOWS\SYSTEM\D3UY32.DLL (file missing)

O2 - BHO: (no name) - {2E5F3F0F-A8E9-9966-28A6-57B5C8F81A66} - C:\WINDOWS\SYSTEM\IPFJ32.DLL (file missing)

O2 - BHO: (no name) - {AA17060B-41AF-88EC-D24D-13F4FB9C2034} - C:\WINDOWS\D3TQ.DLL (file missing)

O2 - BHO: (no name) - {C8EF4D7C-EFC9-7E57-6EF3-DB0656634548} - C:\WINDOWS\SYSTEM\MFCAK.DLL (file missing)

O2 - BHO: (no name) - {241C3A0C-A543-F995-50E7-0146FBFF8DF3} - C:\WINDOWS\SYSTEM\IEKM32.DLL (file missing)

O2 - BHO: (no name) - {66D51211-60E5-DF3B-CC23-CAB9B1B7A172} - C:\WINDOWS\SYSTEM\D3QK32.DLL

O2 - BHO: (no name) - {D8EA2F43-4063-63D9-7846-08669B86043F} - C:\WINDOWS\SYSTEM\SDKPZ.DLL (file missing)

O2 - BHO: (no name) - {B77AD325-1801-3C3B-230A-B513F19CE5C6} - C:\WINDOWS\WINKX32.DLL (file missing)

O2 - BHO: (no name) - {E0DA4602-C389-40D3-4ABE-C81BB11A0F31} - C:\WINDOWS\SYSAL32.DLL (file missing)

O2 - BHO: (no name) - {A6487937-196E-FBA8-F97C-E10CCE67B49B} - C:\WINDOWS\APILS32.DLL (file missing)

O2 - BHO: (no name) - {B35515F4-F23D-5370-7E4F-F0060FB29CBB} - C:\WINDOWS\MSJX.DLL

O2 - BHO: (no name) - {EC46FA78-8A43-7216-A401-57D764A9825D} - C:\WINDOWS\SYSTEM\APPSD32.DLL

O2 - BHO: (no name) - {115E5C08-B81B-0D79-CD2A-7B758D540646} - C:\WINDOWS\IPMJ.DLL

O2 - BHO: (no name) - {7CCE6452-9DBC-615F-2B63-B92A8D4C2292} - C:\WINDOWS\IETB32.DLL (file missing)

O2 - BHO: (no name) - {7AD04E0B-D534-84CD-5E99-9EFA09A699CC} - C:\WINDOWS\SYSTEM\ADDHQ.DLL (file missing)

O2 - BHO: (no name) - {AB90306E-6E13-23FC-F00B-0204CAD2906D} - C:\WINDOWS\SYSTEM\D3PL.DLL (file missing)

O2 - BHO: (no name) - {51F0E5D0-5A0D-1418-A1C9-C417E3C5C516} - C:\WINDOWS\SYSTEM\IEJD.DLL (file missing)

O2 - BHO: (no name) - {F313B055-84D8-458A-0077-BA8F83DBF962} - C:\WINDOWS\SYSTEM\ATLYG.DLL (file missing)

O2 - BHO: (no name) - {9CBB4BED-3078-BC62-C651-22791481A3D1} - C:\WINDOWS\JAVAWU.DLL (file missing)

O2 - BHO: (no name) - {F538B067-5A0F-89FE-6A09-3F46EAC2A99E} - C:\WINDOWS\SYSTEM\MFCEW32.DLL (file missing)

O2 - BHO: (no name) - {BEE04A74-44DB-87EF-F49F-DD32EFD32F05} - C:\WINDOWS\SYSTEM\NTVW.DLL (file missing)

O2 - BHO: (no name) - {27CF61EF-9339-4F47-D27B-D56CF2005AF4} - C:\WINDOWS\SYSWS32.DLL (file missing)

O2 - BHO: (no name) - {58D324EE-2062-6566-1F57-2A699079E447} - C:\WINDOWS\IENK.DLL (file missing)

O2 - BHO: (no name) - {A427B795-B498-01D2-0E8D-3F5691575C0A} - C:\WINDOWS\ATLSY.DLL (file missing)

O2 - BHO: (no name) - {9761BD77-53EE-24FE-1150-9064978789B4} - C:\WINDOWS\SYSTEM\MFCRJ32.DLL (file missing)

O2 - BHO: (no name) - {3D11949D-122A-F736-FC9E-B1C992E35B78} - C:\WINDOWS\SYSTEM\IPUO.DLL (file missing)

O2 - BHO: (no name) - {CE4F710F-22A5-CC2B-2D18-4A75C5FF4232} - C:\WINDOWS\SYSTEM\CRYA32.DLL (file missing)

O2 - BHO: (no name) - {56791174-6E86-7AEF-B404-ED9E42ABFF73} - C:\WINDOWS\WINTS.DLL (file missing)

O2 - BHO: (no name) - {8D40A014-F240-A3E9-52B2-907E3A6D3B6B} - C:\WINDOWS\SYSTEM\ADDQG.DLL

O2 - BHO: (no name) - {0AB844A3-59F7-B49D-2CE3-649396BA8F19} - C:\WINDOWS\ATLHU.DLL

O2 - BHO: (no name) - {5461BE13-F536-594F-118B-41BE2C201324} - C:\WINDOWS\ADDVN.DLL (file missing)

O2 - BHO: (no name) - {A8A25B9F-A171-07FC-65EF-155E374280B3} - C:\WINDOWS\SYSTEM\NETNU32.DLL

O2 - BHO: (no name) - {C0FC592D-0F01-D1DA-5FF6-0FBD68AE97F0} - C:\WINDOWS\SYSTEM\NTYQ.DLL (file missing)

O2 - BHO: (no name) - {AEF319B8-61C4-EA19-F010-C8C9BB5429EC} - C:\WINDOWS\SDKHJ.DLL

O2 - BHO: (no name) - {AA789315-FC8D-2CB6-FE84-E4580336201F} - C:\WINDOWS\SYSTEM\MSYN32.DLL (file missing)

O2 - BHO: (no name) - {5B571395-D542-0087-653F-7C09A44F7F9B} - C:\WINDOWS\APPHG32.DLL (file missing)

O2 - BHO: (no name) - {D29EFCA0-2D0C-D1C4-542A-6C9791FA8293} - C:\WINDOWS\ATLBZ32.DLL (file missing)

O2 - BHO: (no name) - {EB84B012-4632-FBFB-2FFC-592CEAD4D6D0} - (no file)
O2 - BHO: (no name) - {6FA3EF4C-4A9A-2ADD-FA10-9427905AC587} - C:\WINDOWS\SYSTEM\SYSLC32.DLL (file missing)

O2 - BHO: (no name) - {39407E41-E7C0-FB5C-B1D6-C8C738A6CDC8} - C:\WINDOWS\SYSTEM\D3RN32.DLL (file missing)

O2 - BHO: (no name) - {91D35FB9-8C73-8003-5769-8D26575C1767} - C:\WINDOWS\SYSTEM\D3DJ.DLL (file missing)

O2 - BHO: (no name) - {1FF55FF8-18EB-46CA-A1B0-6EB9E0AC0883} - C:\WINDOWS\SYSZF32.DLL (file missing)

O2 - BHO: (no name) - {4792B49D-788B-72E3-2632-60714544088C} - C:\WINDOWS\SYSYJ.DLL (file missing)

O2 - BHO: (no name) - {98423E66-0A99-AACE-9761-7E959AD010C0} - C:\WINDOWS\SYSTEM\NTKU.DLL

O2 - BHO: (no name) - {26565460-D3FF-D0D6-C07D-1F260FA16CC8} - C:\WINDOWS\IPUH32.DLL

O2 - BHO: (no name) - {10E45678-2A8B-2196-7570-195720910D91} - C:\WINDOWS\SYSTEM\NETBD32.DLL (file missing)

O2 - BHO: (no name) - {BEFC5A1B-596E-5A24-906D-6C9687B77212} - C:\WINDOWS\SYSTEM\IPBN.DLL (file missing)

O2 - BHO: (no name) - {1DE0838B-81C7-4619-D695-75ED11D630B6} - C:\WINDOWS\APPAI.DLL (file missing)

O2 - BHO: (no name) - {5D29CB91-A959-E2C1-4346-FA68E60B26EB} - C:\WINDOWS\IPPY.DLL (file missing)

O2 - BHO: (no name) - {4890C089-827C-E424-6B1F-A679F9DE3943} - C:\WINDOWS\APIBI32.DLL (file missing)

O2 - BHO: (no name) - {88D11BB1-1BFB-7E04-872E-49C92B655BC0} - C:\WINDOWS\SYSTEM\MFCCH.DLL

O2 - BHO: (no name) - {5A1C8D7E-C7E5-007F-3F44-064CE5D36CD1} - C:\WINDOWS\D3TM32.DLL (file missing)

O2 - BHO: (no name) - {16699CC7-2121-F194-7988-8258EB5373BB} - C:\WINDOWS\WINXG.DLL (file missing)

O2 - BHO: (no name) - {284475B9-A34F-FFA4-13BD-47555649B85F} - C:\WINDOWS\MFCMB32.DLL

O2 - BHO: (no name) - {A9C49FE1-AF03-C711-032D-4C625DD01015} - C:\WINDOWS\SYSTEM\MFCTD32.DLL

O2 - BHO: (no name) - {B7B31397-93FC-5ABD-5E72-3C4626580399} - C:\WINDOWS\APIUX.DLL (file missing)

O2 - BHO: (no name) - {F8D1EA89-4410-D2AC-241E-9F0036B11B2D} - C:\WINDOWS\WINTN32.DLL (file missing)

O2 - BHO: (no name) - {DD33DD18-4D26-B41E-13DA-43F55E371DD6} - C:\WINDOWS\D3WN32.DLL

O2 - BHO: (no name) - {5D1B6CB0-404C-94F9-785E-600B55B92E5C} - C:\WINDOWS\SYSTEM\IPCT32.DLL (file missing)

O2 - BHO: (no name) - {AB093479-21C9-42A9-D886-4FA99281A681} - C:\WINDOWS\SYSTEM\NTLF.DLL (file missing)

O2 - BHO: (no name) - {313A227B-D9AD-02B6-5AB8-F1EAF2F9A72A} - C:\WINDOWS\APPFU32.DLL (file missing)

O2 - BHO: (no name) - {4C929281-787B-C661-4821-B4EE5169FF8C} - C:\WINDOWS\SYSTEM\APIVJ.DLL (file missing)

O2 - BHO: (no name) - {B5C699C0-04D3-A0F8-00C0-8F9B575E5A03} - C:\WINDOWS\SYSKU.DLL (file missing)

O2 - BHO: (no name) - {9DA88B9D-C95D-EFD0-E242-15732A9E5A0C} - C:\WINDOWS\SYSTEM\MSGZ32.DLL

O2 - BHO: (no name) - {595AD4D2-88BB-5563-8BB4-F6F7AC5BB382} - C:\WINDOWS\MSGL32.DLL (file missing)

O2 - BHO: (no name) - {1E8824D7-30FE-99B0-DBE3-FBFCBD478BF7} - C:\WINDOWS\SYSTEM\WINGR.DLL (file missing)

O2 - BHO: (no name) - {146C4F51-67A8-452B-2264-6CBE75DD8509} - C:\WINDOWS\SYSTEM\APIQP.DLL (file missing)

O2 - BHO: (no name) - {822904F6-6515-F4CA-FCA6-3DD79347C0E0} - C:\WINDOWS\APIEZ32.DLL

O2 - BHO: (no name) - {12D3C117-2DB4-8A4E-FBFD-1182AB839709} - C:\WINDOWS\SYSTEM\NETTM.DLL (file missing)

O2 - BHO: (no name) - {33C77152-B550-0E68-4A8C-A73A3B6FA8D1} - C:\WINDOWS\NTJA.DLL (file missing)

O2 - BHO: (no name) - {44FA9C24-4B1C-7B33-D4B3-BD4E2E0C3F47} - C:\WINDOWS\SYSTEM\IPXX32.DLL (file missing)

O2 - BHO: (no name) - {932FFC92-E36B-17AD-64FD-FC9367AF9E39} - C:\WINDOWS\SYSTEM\MSDQ.DLL

O2 - BHO: (no name) - {DEDB1C39-F5D9-1ED1-CB3D-4B8A9B67B7B8} - C:\WINDOWS\SYSTEM\ADDND.DLL (file missing)

O2 - BHO: (no name) - {D1F75A0F-AEB8-ABEF-1BFF-D1970966C7F0} - C:\WINDOWS\SYSTEM\CRMT32.DLL (file missing)

O2 - BHO: (no name) - {AC0905B4-4FA0-D9D6-3B94-47CF30F2911A} - C:\WINDOWS\APIKK32.DLL

O2 - BHO: (no name) - {05BA99FE-B9FE-C1A4-557E-880036A20118} - C:\WINDOWS\SYSTEM\JAVAZZ32.DLL

O2 - BHO: (no name) - {4A71E4ED-B153-02B7-F9C5-D2CE34029094} - C:\WINDOWS\JAVAHQ32.DLL

O2 - BHO: (no name) - {8A5F0FCE-B4C7-C116-D92B-0B255A0B1010} - C:\WINDOWS\NTZX32.DLL (file missing)

O2 - BHO: (no name) - {D1DF8BA5-C70C-3D1B-E931-4D794ECE63C4} - C:\WINDOWS\SYSTEM\IEBG.DLL

O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\MSOPT.DLL (file missing)

O2 - BHO: (no name) - {6D3484AA-897D-AAF0-2D5F-04315F3B78D6} - C:\WINDOWS\SYSTEM\APPVZ.DLL (file missing)

O2 - BHO: (no name) - {4504C936-6489-5173-C645-4CAC683228A5} - C:\WINDOWS\WINKO.DLL (file missing)

O2 - BHO: (no name) - {007D7874-818F-5A8C-2C0C-25C2A5907083} - C:\WINDOWS\ADDVV.DLL

O2 - BHO: (no name) - {6F602FD6-D87A-FBB2-6E16-961DD4CD1331} - C:\WINDOWS\IEKK.DLL

O2 - BHO: (no name) - {6D572DA9-A3BD-A89A-B92E-3D307839683A} - C:\WINDOWS\SYSTEM\NETDR32.DLL (file missing)

O2 - BHO: (no name) - {40125A23-CDA6-5BCC-7F4F-738DFD6F3935} - C:\WINDOWS\APPBG.DLL

O2 - BHO: (no name) - {E83BD831-5E72-3E58-3D12-E5B3E66F75A1} - C:\WINDOWS\SYSTEM\IPSG.DLL (file missing)

O2 - BHO: (no name) - {85109FF9-1ADE-DF6B-61AF-ADDEDF9ACB09} - C:\WINDOWS\SYSTEM\WINAS32.DLL (file missing)

O2 - BHO: (no name) - {78BD49CD-D8F5-E44D-32E0-263AAC5E1E5A} - C:\WINDOWS\SYSTEM\D3TW32.DLL

O2 - BHO: (no name) - {B7C06F7A-7E5B-8248-7CE7-E61C97F1037E} - C:\WINDOWS\MFCWY.DLL

O2 - BHO: (no name) - {1044D226-ABD5-722D-DD77-9D9C9402539A} - C:\WINDOWS\SDKRB32.DLL

O2 - BHO: (no name) - {030ABC1A-DBE3-F7C5-6F50-B7C1A732D3DE} - C:\WINDOWS\SYSTEM\APIRJ32.DLL

O2 - BHO: (no name) - {8D404A47-9791-D80C-3E84-8E7B3D9C3C44} - C:\WINDOWS\SYSWP.DLL

O4 - HKLM\..\Run: [WINOO32.EXE] C:\WINDOWS\WINOO32.EXE

O4 - HKLM\..\RunServices: [SYSYS.EXE] C:\WINDOWS\SYSTEM\SYSYS.EXE

O4 - HKLM\..\RunServices: [WINIS.EXE] C:\WINDOWS\SYSTEM\WINIS.EXE

O4 - HKLM\..\RunServices: [ATLGC32.EXE] C:\WINDOWS\SYSTEM\ATLGC32.EXE

O4 - HKLM\..\RunServices: [ADDLP.EXE] C:\WINDOWS\ADDLP.EXE

O4 - HKLM\..\RunServices: [WINXU.EXE] C:\WINDOWS\WINXU.EXE

O4 - HKLM\..\RunServices: [MSVU32.EXE] C:\WINDOWS\MSVU32.EXE

O4 - HKLM\..\RunServices: [IPWD.EXE] C:\WINDOWS\SYSTEM\IPWD.EXE

O4 - HKLM\..\RunServices: [ATLFA32.EXE] C:\WINDOWS\SYSTEM\ATLFA32.EXE

O4 - HKLM\..\RunServices: [APPRQ32.EXE] C:\WINDOWS\SYSTEM\APPRQ32.EXE

O4 - HKLM\..\RunServices: [APIEY32.EXE] C:\WINDOWS\SYSTEM\APIEY32.EXE

O4 - HKLM\..\RunServices: [ATLRE32.EXE] C:\WINDOWS\SYSTEM\ATLRE32.EXE

O4 - HKLM\..\RunServices: [NETDA32.EXE] C:\WINDOWS\NETDA32.EXE

O4 - HKLM\..\RunServices: [ADDXH32.EXE] C:\WINDOWS\ADDXH32.EXE

O4 - HKLM\..\RunServices: [D3UT32.EXE] C:\WINDOWS\D3UT32.EXE

O4 - HKLM\..\RunServices: [IPEO32.EXE] C:\WINDOWS\SYSTEM\IPEO32.EXE

O4 - HKLM\..\RunServices: [APPLU32.EXE] C:\WINDOWS\APPLU32.EXE

O4 - HKLM\..\RunServices: [D3YR32.EXE] C:\WINDOWS\SYSTEM\D3YR32.EXE

O4 - HKLM\..\RunServices: [JAVACS.EXE] C:\WINDOWS\JAVACS.EXE

O4 - HKLM\..\RunServices: [IESQ32.EXE] C:\WINDOWS\IESQ32.EXE

O4 - HKLM\..\RunServices: [IPBU32.EXE] C:\WINDOWS\SYSTEM\IPBU32.EXE

O4 - HKLM\..\RunServices: [SDKYI32.EXE] C:\WINDOWS\SYSTEM\SDKYI32.EXE

O4 - HKLM\..\RunServices: [CREC.EXE] C:\WINDOWS\SYSTEM\CREC.EXE

O4 - HKLM\..\RunServices: [APILQ.EXE] C:\WINDOWS\SYSTEM\APILQ.EXE

O4 - HKLM\..\RunServices: [SYSAI32.EXE] C:\WINDOWS\SYSTEM\SYSAI32.EXE

O4 - HKLM\..\RunServices: [ATLSR.EXE] C:\WINDOWS\ATLSR.EXE

O4 - HKLM\..\RunServices: [CRCJ32.EXE] C:\WINDOWS\SYSTEM\CRCJ32.EXE

O4 - HKLM\..\RunServices: [ATLVI.EXE] C:\WINDOWS\SYSTEM\ATLVI.EXE

O4 - HKLM\..\RunServices: [SDKZY.EXE] C:\WINDOWS\SYSTEM\SDKZY.EXE

O4 - HKLM\..\RunServices: [MSJT32.EXE] C:\WINDOWS\MSJT32.EXE

O4 - HKLM\..\RunServices: [ATLRW32.EXE] C:\WINDOWS\ATLRW32.EXE

O4 - HKLM\..\RunServices: [SDKDD.EXE] C:\WINDOWS\SYSTEM\SDKDD.EXE

O4 - HKLM\..\RunServices: [IPYH.EXE] C:\WINDOWS\IPYH.EXE

O4 - HKLM\..\RunServices: [D3KR.EXE] C:\WINDOWS\SYSTEM\D3KR.EXE

O4 - HKLM\..\RunServices: [WINRX32.EXE] C:\WINDOWS\WINRX32.EXE

O4 - HKLM\..\RunServices: [CRXN.EXE] C:\WINDOWS\CRXN.EXE

O4 - HKLM\..\RunServices: [MFCNN32.EXE] C:\WINDOWS\SYSTEM\MFCNN32.EXE

O4 - HKLM\..\RunServices: [WINXL32.EXE] C:\WINDOWS\WINXL32.EXE

O4 - HKLM\..\RunServices: [APPIO32.EXE] C:\WINDOWS\SYSTEM\APPIO32.EXE

O4 - HKLM\..\RunServices: [MSUL32.EXE] C:\WINDOWS\MSUL32.EXE

O4 - HKLM\..\RunServices: [APPYM.EXE] C:\WINDOWS\SYSTEM\APPYM.EXE

O4 - HKLM\..\RunServices: [NETSH.EXE] C:\WINDOWS\SYSTEM\NETSH.EXE

O4 - HKLM\..\RunServices: [MFCCF.EXE] C:\WINDOWS\SYSTEM\MFCCF.EXE

O4 - HKLM\..\RunServices: [IEXS.EXE] C:\WINDOWS\SYSTEM\IEXS.EXE

O4 - HKLM\..\RunServices: [NETFV.EXE] C:\WINDOWS\NETFV.EXE

O4 - HKLM\..\RunServices: [ATLXR.EXE] C:\WINDOWS\SYSTEM\ATLXR.EXE

O4 - HKLM\..\RunServices: [IEGI32.EXE] C:\WINDOWS\SYSTEM\IEGI32.EXE

O4 - HKLM\..\RunServices: [IPNY.EXE] C:\WINDOWS\IPNY.EXE

O4 - HKLM\..\RunServices: [APIDW.EXE] C:\WINDOWS\APIDW.EXE

O4 - HKLM\..\RunServices: [APIJC32.EXE] C:\WINDOWS\APIJC32.EXE

O4 - HKLM\..\RunServices: [JAVAYO.EXE] C:\WINDOWS\SYSTEM\JAVAYO.EXE

O4 - HKLM\..\RunServices: [NETRN.EXE] C:\WINDOWS\NETRN.EXE

O4 - HKLM\..\RunServices: [D3FC32.EXE] C:\WINDOWS\D3FC32.EXE

O4 - HKLM\..\RunServices: [D3TL32.EXE] C:\WINDOWS\SYSTEM\D3TL32.EXE

O4 - HKLM\..\RunServices: [IEOM32.EXE] C:\WINDOWS\IEOM32.EXE

O4 - HKLM\..\RunServices: [D3YK32.EXE] C:\WINDOWS\SYSTEM\D3YK32.EXE

O4 - HKLM\..\RunServices: [IPBA.EXE] C:\WINDOWS\IPBA.EXE

O4 - HKLM\..\RunServices: [IPZD32.EXE] C:\WINDOWS\IPZD32.EXE

O4 - HKLM\..\RunServices: [ADDEA.EXE] C:\WINDOWS\ADDEA.EXE

O4 - HKLM\..\RunServices: [IPKB.EXE] C:\WINDOWS\SYSTEM\IPKB.EXE

O4 - HKLM\..\RunServices: [ATLJG.EXE] C:\WINDOWS\ATLJG.EXE

O4 - HKLM\..\RunServices: [D3UU.EXE] C:\WINDOWS\D3UU.EXE

O4 - HKLM\..\RunServices: [SDKXQ.EXE] C:\WINDOWS\SDKXQ.EXE

O4 - HKLM\..\RunServices: [IPBZ.EXE] C:\WINDOWS\SYSTEM\IPBZ.EXE

O4 - HKLM\..\RunServices: [SYSCO.EXE] C:\WINDOWS\SYSCO.EXE

O4 - HKLM\..\RunServices: [SDKIE32.EXE]
C:\WINDOWS\SYSTEM\SDKIE32.EXE

O4 - HKLM\..\RunServices: [D3WC.EXE] C:\WINDOWS\SYSTEM\D3WC.EXE

O4 - HKLM\..\RunServices: [IEQT.EXE] C:\WINDOWS\SYSTEM\IEQT.EXE

Now please reboot your PC and scan again with HijackThis and post a new log. You will see some *bad* files return because this will not cure the infection, but hopefully they will be fewer in number.
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum
Proud Member of ASAP (Alliance of Security Analysis Professionals) »www.a-sap.org/

reply to gardfield
I would have thought that it would be worh trying System Restore.

To restore your computer settings from an earlier time:

Click the Start button.
Point to Programs, point to Accessories, point to System Tools, and then click System Restore.
Choose Restore my computer to an earlier time, and then click Next.
Click a day on the calendar, click the restore point description, and then click Next.
Make sure you have closed all your files and open programs, and then click OK to close the dialog box.
Click Next.
Your system will revert to its previous settings, your time will return to its usual dimensions, and you can go full speed ahead.
--
Better to remain silent and be thought a fool, than to speak and remove all doubt.

reply to gardfield
It is my understanding from pieter arntz who is an expert at this type of malware (and this new variant), that Trojan Hunter can detect the running processes heuristically and give us the name of the infected files we are looking for.

Please download the free 30day trial version of Trojan Hunter:
»www.misec.net/trojanhunter/

Next, please download and install the updates for Trojan Hunter (click on the link in this page for *latest ruleset update*
»www.misec.net/trojanhunter/updating/

Follow the instructions on the above page to manually install those updates.

I will see if I can find a user familiar with Trojan Hunter to tell us how to enable the program to scan heuristics (or is that a default setting??) I'll find out. So wait before scanning with TH but do go ahead and download, install, and update the program. I will wait to see you post your next HijackThis log as well.
--
It takes a disaster to make a woman out of a female

Gladiator Security Forum


Proud Member of ASAP (Alliance of Security Analysis Professionals) »www.a-sap.org/

reply to CalamityJane

said by CalamityJane:

---

This is not a virus, it is the newest Coolwebsearch hijack just discovered and no tool can fix it yet.

---

reply to gardfield

said by gardfield:

---

Would you try by another antvirus?

---

reply to gardfield
If you had had BOClean installed, you would not have been infected, as it is already in the definitions and has been for some days.

Maybe a lesson for the future.
--
Better to remain silent and be thought a fool, than to speak and remove all doubt.

reply to gardfield
First of all, thanks a lots for your help.

For Calamity Jane: Italian is my mother tongue, but I can read documents written in English without problems.

I realize the problem is not easy so I do not want to make mistakes.
John2g has suggested I try System Restore (before scanning by Hijack, I suppose. Am I correct?).

So I must:
i) try System Restore;
ii) download Trojan Hunter and install its updates;
iii) scan with Hijack and fix the items shown in Calamity jane's second message.
Am I right?

Thanks, Gardfield

said by gardfield:

---

John2g has suggested I try System Restore (before scanning by Hijack, I suppose. Am I correct?).

---

reply to gardfield
If you try System Restore, you are not risking anything. You might be able to put your system back as it was before the infection. I am just trying to save you needless work.

If that doesn't work, try CalamityJanes's solution.
--
Better to remain silent and be thought a fool, than to speak and remove all doubt.

reply to gardfield
You are infected with "CWS FEADS" if it is of any interest to you.

reply to gardfield
Hi,
I did not try System Restore because my computer would have come back at a time when the log was very very bad.
It would not have been useful.

I scanned by Hijack, fixed the suggested items, rebooted my comuter and this is the last log.

But I did not start IE yet.

Thanks, Gardfield

Logfile of HijackThis v1.97.7
Scan saved at 17.32.09, on 18/06/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\THOTKEY.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAMMI\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAMMI\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\LTCM000C.EXE
C:\WINDOWS\SYSTEM\TPWRTRAY.EXE
C:\WINDOWS\SYSTEM\TFNCKY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\S3TRAY.EXE
C:\PROGRAMMI\NORTON ANTIVIRUS\VPTRAY.EXE
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAMMI\BHODEMON\BHODEMON.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\MALWARE\HIJACKTHIS.EXE

O2 - BHO: (no name) - {E920ADE2-4FD1-B1B7-E04D-7CF62AAF0FE9} - C:\WINDOWS\SYSTEM\WINAW.DLL
O2 - BHO: (no name) - {C9572C8A-E964-DF8E-5874-FA3BF04F7790} - C:\WINDOWS\SYSTEM\IPRY32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [XircWinModem4] ltcm000c.exe 9
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncky] TFncky.exe
O4 - HKLM\..\Run: [S3TRAY] S3tray.exe
O4 - HKLM\..\Run: [vptray] C:\Programmi\Norton AntiVirus\vptray.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Programmi\Trojan Remover\Trjscan.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [THotkey] C:\WINDOWS\SYSTEM\THotkey.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [rtvscn95] C:\Programmi\Norton AntiVirus\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\Programmi\Norton AntiVirus\defwatch.exe
O4 - Startup: Avvio Office.lnk = C:\Programmi\Microsoft Office\Office\OSA.EXE
O4 - Startup: SpywareGuard.lnk = C:\Documenti\2004\SpywareGuard\sgmain.exe
O4 - Startup: BHODemon.lnk = C:\Programmi\BHODemon\BHODemon.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - »v4.windowsupdate.microsoft.com/C···93865741
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - »office.microsoft.com/officeupdat···opuc.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - »server/iNotes.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »download.macromedia.com/pub/shoc···lash.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - »www.pandasoftware.com/activescan···inst.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - »security.symantec.com/sscv6/Shar···niff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - »security.symantec.com/sscv6/Shar···absa.cab

Ok, that cleared out a lot of junk but I do see the hijacker there. Now, download, install and get the latest ruleset updates from Trojan Hunter (you have to get the update manually and install them as per the instructions on the update page). It is a free, fully functional 30 day trial. I just had another vicitm of this CWS variant in a different forum who had some success with Trojan Hunter, Adware and Coolwebsearch all run in SAFE MODE (for Win98 and ME)

How to start the computer in Safe mode
»service1.symantec.com/SUPPORT/ts···_doc_nam

Scan with HijackThis and checkmark these items and then press *fix checked*

O2 - BHO: (no name) - {E920ADE2-4FD1-B1B7-E04D-7CF62AAF0FE9} - C:\WINDOWS\SYSTEM\WINAW.DLL

O2 - BHO: (no name) - {C9572C8A-E964-DF8E-5874-FA3BF04F7790} - C:\WINDOWS\SYSTEM\IPRY32.DLL

Scan with Trojan Hunter, Adaware and CWShredder.

Let those 3 programs remove anything found bad. Then reboot back into normal mode and scan once more with HijackThis to see where we are (there may be more to do)
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum
Proud Member of ASAP (Alliance of Security Analysis Professionals) »www.a-sap.org/

I did what you suggested.

CWShredder did not find anyting.
Trojan: it wrote a lot of warnings concerning the .exe file you told me to delete.
For example, it said: "Unable to unpack UPX-packed file. C:\\WINDOWS\System\sdkk.exe (suspicious....)
Found possible trojan file".

I scanned twice AdAware.
1. It found C:\\Windows
- itwg.dat
- ijyuf.dll
- fsdk.dll
- wzckv.dat
- ilyca.dat
- uupn.dll
- jciav.dll (this one is like the file of the home page of IE)

2. It found 5 objects in the registry (HKCU_ecc.)

Note: I did not start IE yet

Thanks, Gardfield

reply to gardfield
Gardfield,

A few more things before you start (I'm getting more new information on the removal of this thing for Win98/ME)

1. Before you start and after you get the updates for Adaware (latest reference file is 01R319 15.06.2004). Please make sure you have Adaware configured as follows (and I am including instructions to update it):

Just open Adaware and click on *Check for Updates Now* and then *Connect*. It will find a new reference-file. Click *ok* and let it download and install the updates by clicking on *Finish* .This will return you to the main screen. You should now see Reference File # : 01r319 15.06.2004 or higher listed.

This link will show you how to run a full scan. Make sure when you click on "scan now" that "custom" scan is checked, not "smart" scan.
»www.lavahelp.com/howto/fullscan/index.html

quote:

---

How To: Perform a "Full Scan" With Ad-aware 6 Build 181

The following explains how to set Ad-aware's settings to perform a "Full Scan."

In Ad-aware click the Gear to go to the Settings area.

The following items should be on a green check, not on a red X.

Under the Scanning button:

Scan within archives

Under Memory & Registry, Check EVERYTHING

In Check Drives & Folders, make sure all of your hard drives are selected

Under the Advanced button, check ALL under Log detail level (this makes it easier for visitors to the Lavasoft Support Forums to see what options you have selected should you require assistance.)

Under the Tweak button...

Some of these may not be an available option, depending on your version of Ad-aware and your version of Windows. Do not be concerned if you cannot select a certain item.

In Scanning Engine:

Unload recognized processes during scanning

Include info about ignored objects in logfile, if detected in scan

Include basic Ad-aware settings in logfile

Include additional Ad-aware settings in logfile

Include used command line parameters in logfile

In Cleaning Engine:

XP/2000: Allow unloading explorer to unload shell extensions prior to deletion

Let Windows remove files in use at next reboot

UNCHECK: Automatically try to unregister objects prior to deletion

Click Proceed to save these settings. When you would like to perform a "Full Scan," switch the scan mode from SmartScan to Custom.

---

Hi, I followed your instructions but I am not sure I did everything right.
Specifically, I had problems in updating trojan (it is not possible on line and I do not know if I succeeded in the manual installaction).
Thanks and Thanks for your help. Have a nice Friday night.
Gardfield

AdAware found 4 objects in C:\_Restore\temp\a02141518 (a0241521, a0141524, a0241527).cpy
(vendor Coolwebsearch).

This is the report of Trojan.

Registry scan
No suspicious entries found
Inifile scan
No suspicious entries found
Port scan
No suspicious open ports found
Memory scan
No trojans found in memory
File scan
Error: Directory not found: A:\
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\sysys.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\sysys.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\ienk32.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\ienk32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\winis.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\winis.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\atlgc32.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\atlgc32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\atlhh.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\atlhh.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\ipwd.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\ipwd.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\atlfa32.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\atlfa32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\apprq32.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\apprq32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\apiey32.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\apiey32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\atlre32.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\atlre32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\ipeo32.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\ipeo32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\d3yr32.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\d3yr32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\ipbu32.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\ipbu32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\sdkyi32.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\sdkyi32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\crec.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\crec.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\apilq.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\apilq.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\sysai32.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\sysai32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\crcj32.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\crcj32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\atlvi.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\atlvi.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\sdkzy.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\sdkzy.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\sdkdd.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\sdkdd.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\d3kr.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\d3kr.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\mfcnn32.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\mfcnn32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\d3oz32.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\d3oz32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\mfckv.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\mfckv.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\sdkie32.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\sdkie32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\javawf.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\javawf.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\winwn.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\winwn.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\d3wc.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\d3wc.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\appym.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\appym.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\appio32.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\appio32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\netsh.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\netsh.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\mfccf.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\mfccf.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\ieqt.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\ieqt.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\iegi32.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\iegi32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\iexs.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\iexs.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\atlxr.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\atlxr.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\javayo.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\javayo.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\d3tl32.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\d3tl32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\ipkb.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\ipkb.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\d3yk32.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\d3yk32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\ipbz.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\ipbz.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM\ntlp.exe (Add to ignore list)
Found possible trojan file: C:\WINDOWS\SYSTEM\ntlp.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\winoo32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\scanregw.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\crfx32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\addea.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\appzj32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\addlp.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\winxu.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\atlvu.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\msvu32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\netda32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\addxh32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\d3ut32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\applu32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\ipzd32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\javacs.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\iesq32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\atlrw32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\atlsr.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\msjt32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\winxl32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\apidw.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\ipyh.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\ipba.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\winrx32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\crxn.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\msyo32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\apijc32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\sysco.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\msul32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\netfv.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\d3uu.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\ipny.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\crmb32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\netrn.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\d3fc32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\winzd32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\ieom32.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\atljg.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\sdkxq.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\sdkkt.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\msns32.exe (Add to ignore list)
Found possible trojan file: C:\Programmi\Windows Media Player\WMPLAYER.EXE/4MG9deR7.exe (Possible trojan downloader) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Error: Directory not found: D:\
44 possible trojan files found

reply to gardfield
gardfield, you can contact me at inviaqui@email.it if you need help in your mother tongue.