Trojan

[Ky.Rose]

I ran StopSign Threat Scanner and it said I had a Trojan.DownLoad.12944: Virus in my
system volume information\_restore and I was wanting to know how to remove it ? Here is a copy of the scan I have Win XP

1 Virus infection(s):
Infection Name: Type: Status:
Trojan.DownLoad.12944 Virus Infected



more...
24 Spyware, Adware and other infection(s):
Infection Name: Type: Status:
Date Cookie Spyware Cookie Infected
MediaPlex Cookie Spyware Cookie Infected
QuestionMarket Cookie Spyware Cookie Infected
WebtrendsLive Cookie Spyware Cookie Infected
more...
Full Virus Scan Details:

Trojan.DownLoad.12944: Virus
c:\system volume information\_restore{2711c854-b028-4acc-86a0-0319e470c27f}\rp782\a0067549.dll is Infected.
Full Spyware, Adware, and Other Threat Details:

AdDynamix Cookie: Spyware Cookie
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt is Infected.
AdServer Cookie: Spyware Cookie
C:\Documents and Settings\Owner\Cookies\owner@wjadserver[2].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[10].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[1].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[2].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[3].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[4].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[5].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[6].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[7].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[8].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[9].txt is Infected.
Ads-Track Cookie: Spyware Cookie
C:\Documents and Settings\Owner\Cookies\owner@login.tracking101[2].txt is Infected.
AngelFire Cookie: Spyware Cookie
C:\Documents and Settings\Owner\Cookies\owner@angelfire[1].txt is Infected.
Bluestreak Cookie: Spyware Cookie
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt is Infected.
CoreMetrics Cookie: Spyware Cookie
C:\Documents and Settings\Owner\Cookies\owner@data.coremetrics[1].txt is Infected.
Coupons Cookie: Spyware Cookie
C:\Documents and Settings\Owner\Cookies\owner@couponbar.coupons[1].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@print.coupons[2].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@print.coupons[3].txt is Infected.
Date Cookie: Spyware Cookie
C:\Documents and Settings\Owner\Cookies\owner@technixupdate[2].txt is Infected.
FastClick Cookie: Spyware Cookie
C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt is Infected.
MediaPlex Cookie: Spyware Cookie
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt is Infected.
MediatrackRevenue Cookie: Spyware Cookie
C:\Documents and Settings\Owner\Cookies\owner@revenue[2].txt is Infected.
Omniture Cookie: Spyware Cookie
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wakywgdjgbp.stats.esomniture[2].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wck4sncjabp.stats.esomniture[1].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wck4sncjabp.stats.esomniture[2].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wck4sncjabp.stats.esomniture[3].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfl4qocjwdp.stats.esomniture[2].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfliciczwap.stats.esomniture[1].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgkiqjd5aao.stats.esomniture[2].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6whkoqhcjwep.stats.esomniture[1].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkokgazwko.stats.esomniture[2].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkyolc5who.stats.esomniture[2].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlywocpkho.stats.esomniture[2].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyqicpikp.stats.esomniture[2].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wmkoamdzeco.stats.esomniture[2].txt is Infected.
PointRoll Cookie: Spyware Cookie
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[3].txt is Infected.
Program.PopcapLoader.4: Riskware Program
c:\program files\skilljam technologies\secure player\uninstall.exe:SkillJamLoader.dll is Infected.
c:\documents and settings\all users\application data\skilljam\secureplayer\skilljamloader.dll is Infected.
QuestionMarket Cookie: Spyware Cookie
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt is Infected.
RealMedia Cookie: Spyware Cookie
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[1].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[2].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[4].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@network.realmedia[1].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@realmedia[3].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@realmedia[4].txt is Infected.
StatCounter Cookie: Spyware Cookie
C:\Documents and Settings\Owner\Cookies\owner@stat.onestat[2].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@stat.onestat[3].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt is Infected.
Tracking Cookie: Spyware Cookie
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@2o7[3].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@americanexpress.122.2 o7[1].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@blockbuster.112.2o7[1].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@electronicarts.112.2o 7[1].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@electronicarts.112.2o 7[2].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@electronicarts.112.2o 7[3].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@ge.112.2o7[1].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@ge.112.2o7[2].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@guthyrenker.112.2o7[1].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@ldproducts.122.2o7[1].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@medhelpinternational. 112.2o7[1].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@microsoftwlsearchcrm. 112.2o7[1].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@microsoftwlsearchcrm. 112.2o7[2].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@paypal.112.2o7[1].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@paypal.112.2o7[3].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@radarnetworks.112.2o7[1].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@samsclub.112.2o7[1].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@snapfish.112.2o7[1].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@waterfrontmedia.112.2 o7[1].txt is Infected.
Trafficmp Cookie: Spyware Cookie
C:\Documents and Settings\Owner\Cookies\owner@cache.trafficmp[1].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@cache.trafficmp[2].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@cache.trafficmp[3].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt is Infected.
TribalFusion Cookie: Spyware Cookie
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[3].txt is Infected.
WebtrendsLive Cookie: Spyware Cookie
C:\Documents and Settings\Owner\Cookies\owner@webtrends.chase[1].txt is Infected.
C:\Documents and Settings\Owner\Cookies\owner@webtrends.chase[2].txt is Infected.
Zedo Cookie: Spyware Cookie
C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt is Infected.
iWon Toolbar Application: Spyware Program
HKCR\Interface\{83654582-4333-11D5-B0DF-0050DAC24E8F} is Infected.
HKCR\Interface\{83654583-4333-11D5-B0DF-0050DAC24E8F} is Infected.
HKCR\Interface\{83654584-4333-11D5-B0DF-0050DAC24E8F} is Infected.
HKCR\Interface\{83654585-4333-11D5-B0DF-0050DAC24E8F} is Infected.
HKLM\SOFTWARE\Classes\Interface\{83654582-4333-11D5-B0DF-0050DAC24E8F} is Infected.
HKLM\SOFTWARE\Classes\Interface\{83654583-4333-11D5-B0DF-0050DAC24E8F} is Infected.
HKLM\SOFTWARE\Classes\Interface\{83654584-4333-11D5-B0DF-0050DAC24E8F} is Infected.
HKLM\SOFTWARE\Classes\Interface\{83654585-4333-11D5-B0DF-0050DAC24E8F} is Infected


Thanks For Any Help !!!

[Ferrit]

Ok first thing you need is to shut off the system restore for the cleaning process.
Right click My Computer and choose Properties.
At the top is a tab called Restore. Click it and then Turn off for C drive and click Apply.
Then download both
Malwarebytes
http://www.malwarebytes.org/mbam.php
Spybot Search and Destroy.
http://fileforum.betanews.com/downlo...y/1043809773/1
Install them,
Update them then reboot to safemode and scan with them.
Oh and by the way I would believe nothing Stop Sign threat scanner tells me.
Use the above scanners,they are likely the best.

[NooNoo]

According to Spywarewarrior.net Stop-sign are now behaving themselves... it might be a false positive Rose... Follow ferrit's suggestion (don't have them both scanning at the same time!) and then if it finds nothing in safe mode, do it again in normal mode.

With malwarebytes you have to tell it to do a slow scan (which means everything) the quick scan can miss things.

Post the malwarebytes log if it finds anything... it will create one automatically.