[Jacko2983]

Ok, I'm stuck again. I am trying to do the Kaspersky scan. After I hit accept, it downloads and installs, and then after it updates the database I get this error:

Update has failed. Program has failed to start. Close the scanner and open it again to install the program.

I did this a few times and I get the same error.

[evilfantasy]

Strange. You 're the second person today that that has happened to with the K-Scan. Must be an issue on their end.

Use the Panda scanner instead please.

Please scan your computer with Panda ActiveScan

* Once you are on the Panda site click the Scan your PC now button.
* A new window will open...click the Scan Now button.
* If it wants to install an ActiveX component allow it.
* It will start downloading the files it requires for the scan. (Note: It may take a couple of minutes)
* You may get a warning from Internet Explorer that Panda is ready to install, please allow it.
* The scan will begin. Please be patient as it can take an hour or more to complete.
* When the scan completes, if anything malicious is detected, click the Export to: button (looks like a little Notepad).
* Save the ActiveScan.txt to a convenient location like your desktop.
* Note: You do not need to select any of the Disinfect options. We will remove any threats manually.

* Post the contents of the ActiveScan report in your next reply.

[Jacko2983]

;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2009-08-13 06:48:17
PROTECTIONS: 1
MALWARE: 31
SUSPECTS: 0
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
McAfee VirusScan No Yes
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jackie\Cookies\jackie@trafficmp[1].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Frankie\Cookies\frankie@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jackie\Cookies\jackie@casalemedia[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Frankie\Cookies\frankie@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Frankie\Cookies\frankie@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Jackie\Cookies\jackie@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Jackie\Cookies\jackie@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Frankie\Cookies\frankie@atdmt[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jackie\Cookies\jackie@247realmedia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Frankie\Cookies\frankie@247realmedia[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Frankie\Cookies\frankie@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jackie\Cookies\jackie@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Frankie\Cookies\frankie@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Jackie\Cookies\jackie@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Frankie\Cookies\frankie@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Jackie\Cookies\jackie@mediaplex[2].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Jackie\Cookies\jackie@linksynergy[2].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Frankie\Cookies\frankie@linksynergy[1].txt
00147806 Cookie/7search TrackingCookie No 0 Yes No C:\Documents and Settings\Jackie\Cookies\jackie@7search[2].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Jackie\Cookies\jackie@clickbank[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Frankie\Cookies\frankie@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@com[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Jackie\Cookies\jackie@statcounter[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Frankie\Cookies\frankie@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jackie\Cookies\jackie@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jackie\Cookies\jackie@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Frankie\Cookies\frankie@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Jackie\Cookies\jackie@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Frankie\Cookies\frankie@burstnet[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Jackie\Cookies\jackie@burstnet[3].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Jackie\Cookies\jackie@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Frankie\Cookies\frankie@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jackie\Cookies\jackie@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jackie\Cookies\jackie@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Frankie\Cookies\frankie@bs.serving-sys[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Jackie\Cookies\jackie@www.burstbeacon[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Frankie\Cookies\frankie@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jackie\Cookies\jackie@advertising[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Frankie\Cookies\frankie@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jackie\Cookies\jackie@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Frankie\Cookies\frankie@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Frankie\Cookies\frankie@realmedia[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jackie\Cookies\jackie@realmedia[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Jackie\Cookies\jackie@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Frankie\Cookies\frankie@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Frankie\Cookies\frankie@zedo[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jackie\Cookies\jackie@zedo[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Jackie\Cookies\jackie@adrevolver[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Frankie\Cookies\frankie@adrevolver[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@go[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Frankie\Cookies\frankie@go[2].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Frankie\Cookies\frankie@searchportal.info rmation[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Jackie\Cookies\jackie@searchportal.inform ation[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Frankie\Cookies\frankie@target[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Jackie\Cookies\jackie@target[2].txt
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@cgi-bin[1].txt
00685047 Trj/WMAdownloader.J Virus/Trojan No 0 Yes No C:\Documents and Settings\Jackie\Shared\kevin chalfant.wma
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Sent Location 7
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================
VULNERABILITIES
Id Severity Description 7
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================

[evilfantasy]

Mostly Cookies which are not a threat. You can use CCleaner to remove them.

Quote:

00685047 Trj/WMAdownloader.J Virus/Trojan No 0 Yes No C:\Documents and Settings\Jackie\Shared\kevin chalfant.wma

You need to delete the kevin chalfant.wma file as it's infected with a malicious codec.

Other than that it looks good as long as the computer is running OK now.

Final suggestions...

Set a New Restore Point to prevent possible reinfection from an old one.

Please go to: Start -> All Programs -> Accessories -> System Tools -> System Restore -> System Restore Settings
Click to add a check mark beside Turn off System Restore and click Apply
When you are warned that all existing Restore Points will be deleted, click Yes to continue and wait a few moments to let System Restore clear.
Uncheck "Turn off System Restore"
Click "Apply," and then click "OK".

----------

Use the Secunia Software Inspector to check for out of date software.
Out of date software has security vulnerabilities that malware can exploit.

• Click Start Now
• Check the box next to Enable thorough system inspection.
• Click Start
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

----------

Go to Microsoft Windows Update and get all critical updates.

----------

Make sure all of your security programs are up to date and run scans with them regularly.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself safe On The Web for tips and free tools to keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

[Jacko2983]

HELP!! I just got back from vacation and checked here to see what additional steps to take... apparently my computer was infected HUGE during the week I was gone. I keep getting virus warning pop up bubbles, trojan.win.agent.dcc, windows antivirus pro has been installed on my computer which I know is malware or something of some sort, protection system support has been installed. I am unable to access add/remove programs, or any of the superantispyware, malwarebytes, cccleaner, or the programs like that to do scans, my McAfee virus scan has been disabled and won't fix when I try, I can't access system restore... anytime I try to access any of these files i get a pop-up bubble from windows antivirus pro that said access to program is impossible. I know these are fake programs because the "warnings" in the pop-ups have words misspelled.

Just while I wrote this I have seen at least 20 popup warnings. What do I do?!!

[evilfantasy]

Please work through the malware removal guide again and post the logs in a new thread. This one is 3 pages long already.

Closing this one now...