HEY what to do, my computer is full of hidden crap !?

[Majki Majk]

HEY what to do, my computer is full of hidden crap !?

It's the first time some smartass broken into my computer, usually
AVAST had done it's job and sometimes I would do cleaning via
MAlwarebytes and superantivirus and Truesword, but now it's all gone
to some shithole.

...There are a few trojans and bacdoor agents, some guy , is very
pleased with the informations on my computer so he comes back here and
there.

What to do to clean it up...hijack report ?

...uff...

[Majki Majk]

HERE Is the info :

alwarebytes' Anti-Malware 1.38
Database version: 2358
Windows 5.1.2600 Service Pack 2

1.7.2009 21:01:43
mbam-log-2009-07-01 (21-01-43).txt

Scan type: Full Scan (G:\|)
Objects scanned: 131007
Time elapsed: 4 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Not
selected for removal.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ksi32sk
(Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\amd64si
(Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ati64si
(Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\securentm
(Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
\Winlogon\Notify\antiwpa (Trojan.I.Stole.Windows) -> Not selected for
removal.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\acpi32
(Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\i386si
(Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ws2_32sik
(Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\netsik
(Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Not
selected for removal.

I have trojan agents on windows WPA files also, but didn't deleted
them,as i think these are cracked files so program sees them as
trojans !?

thanks if so!

[Max Wachtel]

On Wed, 01 Jul 2009 15:03:28 -0400, Majki Majk <comi...@europe.com> wrote:

> snip complete waste of our time

>
> I have trojan agents on windows WPA files also, but didn't deleted
> them,as i think these are cracked files so program sees them as
> trojans !?

you should go take your stolen, infected, cracked arse up the road.
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Change nomail.afraid.org to gmail.com to reply by email.
nomail.afraid.org is specifically setup for use in USENET

[1PW]

Majki Majk wrote:

Snip, snip...

Now, you may wish to follow with SAS:

<http://www.superantispyware.com/>

SAS is best run in the Safe Mode.

I'm sure that you can re-examine your security practices for increased
protection. Why aren't you at SP3? What other patches and fixes are
you missing? Are you using a good NAT router?

Please update this thread with your progress.

Pete
--
1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

[Z]

ad...Linux is a better operating system for you if you cannot clean
your craps...

[Majki Majk]

solved....mostly ;)

[Iron Man]

Max Wachtel" <maxwa...@nomail.afraid.org> wrote in message
news:op.uweo60iwkzp3b8@max...

> On Wed, 01 Jul 2009 15:03:28 -0400, Majki Majk <comi...@europe.com>
> wrote:
>
>
>> snip complete waste of our time
>>
>> I have trojan agents on windows WPA files also, but didn't deleted
>> them,as i think these are cracked files so program sees them as
>> trojans !?
>
> you should go take your stolen, infected, cracked arse up the road.

Can we quote you on that?

[Max Wachtel]

On Sun, 05 Jul 2009 02:56:38 -0400, Iron Man <gci...@hotmail.com> wrote:

> Max Wachtel" <maxwa...@nomail.afraid.org> wrote in message
> news:op.uweo60iwkzp3b8@max...

>> you should go take your stolen, infected, cracked arse up the road.
>
> Can we quote you on that?
>

you just did :)

There is no need to use stolen software. There's plenty of freeware
programs to choose from. Ask in alt.comp.freeware

[majki majk]

Majki Majk wrote:
> On 2 srp, 05:46, Z <sdr...@gmail.com> wrote:

1) win32.Trojanspy.Goldun is found
2) win32.backdoorAgent is found
3.)win32.Generic.PWS
4) MatrixHasYou

What to do...cleaning registry...i have the list of files which to
delete, and to renew by system repair. But, how the heck on the first
place did i got all of these ? And whats the best way to protect the
computer from it ?

Thanks.
Respect!

[FromTheRafters]

"majki majk" <comi...@europe.com> wrote in message
news:h2tlhb$6p6$1...@ss408.t-com.hr...

[...]

... And whats the best way to protect the computer from it ?

Change your computing habits.

Give yourself restrictions, and exist within them.

Set strict policies, and abide by them.

[Nick Sanders]

Seems like you have a rootkit infection....... Try INNOBATE AntiVirus
30 trial to see if it fixes the problem...

[Nomen Nescio]

"Nick Sanders" <inno...@gmail.com> shilled:

|
| Seems like you have a rootkit infection....... Try INNOBATE

Seems like you have an ASCII infection....... Try MASTURBATE