
w32.Trats!inf infection, Vundo seems gone
#46
Posted 19 January 2008 - 11:28 PM
Register to Remove
#47
Posted 20 January 2008 - 12:31 AM
From HiJack This
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:36 AM, on 1/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
K:\WINDOWS\System32\smss.exe
K:\WINDOWS\system32\winlogon.exe
K:\WINDOWS\system32\services.exe
K:\WINDOWS\system32\lsass.exe
K:\WINDOWS\system32\svchost.exe
K:\WINDOWS\System32\svchost.exe
K:\WINDOWS\system32\spoolsv.exe
K:\WINDOWS\Explorer.EXE
K:\WINDOWS\system32\wscntfy.exe
K:\Program Files\Messenger\msmsgs.exe
K:\Program Files\Internet Explorer\iexplore.exe
H:\Downloads\Computer Maintenance\HJTInstall.exe
c:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - HKCU\..\Run: [MSMSGS] "K:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1200804071656
--
End of file - 1376 bytes
---------------------------
Kaspersky results, I scanned the drives indivdiually to avoid crashes
C Drive
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, January 19, 2008 11:39:36 PM
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/01/2008
Kaspersky Anti-Virus database records: 524340
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - Folders:
C:\
Scan Statistics:
Total number of scanned objects: 46017
Number of viruses found: 6
Number of infected objects: 23
Number of suspicious objects: 0
Duration of the scan process: 00:26:32
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\511a0f3f9e960fa97de3d0b74adfc574_73110072-fe08-441d-b3da-689ae3f80fab Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\df0d961ccfb186fee077d99c127f979c_73110072-fe08-441d-b3da-689ae3f80fab Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\mama\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\mama\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\pops\Local Settings\Temp\hsperfdata_pops\3952 Object is locked skipped
C:\Documents and Settings\pops\My Documents\Pops\Downloaded Shareware\RevelationV2.zip/SetupRevelationV2.exe/WISE0012.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\Documents and Settings\pops\My Documents\Pops\Downloaded Shareware\RevelationV2.zip/SetupRevelationV2.exe/WISE0013.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\Documents and Settings\pops\My Documents\Pops\Downloaded Shareware\RevelationV2.zip/SetupRevelationV2.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\Documents and Settings\pops\My Documents\Pops\Downloaded Shareware\RevelationV2.zip ZIP: infected - 3 skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1848OinUninstaller.exe.vir/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1848OinUninstaller.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ddccd.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\QooBox\Quarantine\catchme2008-01-18_202332.82.zip/ddccd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dgy skipped
C:\QooBox\Quarantine\catchme2008-01-18_202332.82.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{34C07D2B-8B48-4EF4-9EFC-506A4B76E79C}\RP0\A0000008.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{34C07D2B-8B48-4EF4-9EFC-506A4B76E79C}\RP11\A0005364.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{34C07D2B-8B48-4EF4-9EFC-506A4B76E79C}\RP2\A0000051.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{34C07D2B-8B48-4EF4-9EFC-506A4B76E79C}\RP2\A0000054.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{34C07D2B-8B48-4EF4-9EFC-506A4B76E79C}\RP2\A0001083.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{34C07D2B-8B48-4EF4-9EFC-506A4B76E79C}\RP2\A0002094.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{34C07D2B-8B48-4EF4-9EFC-506A4B76E79C}\RP2\A0002102.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{34C07D2B-8B48-4EF4-9EFC-506A4B76E79C}\RP2\A0002105.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{34C07D2B-8B48-4EF4-9EFC-506A4B76E79C}\RP3\A0002137.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{34C07D2B-8B48-4EF4-9EFC-506A4B76E79C}\RP3\A0002141.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume Information\_restore{34C07D2B-8B48-4EF4-9EFC-506A4B76E79C}\RP3\A0002141.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{34C07D2B-8B48-4EF4-9EFC-506A4B76E79C}\RP3\A0002154.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dgy skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\browser.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
Scan process completed.
-----------------------------------------
H Drive results
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, January 20, 2008 12:22:12 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/01/2008
Kaspersky Anti-Virus database records: 524340
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - Folders:
H:\
Scan Statistics:
Total number of scanned objects: 48839
Number of viruses found: 20
Number of infected objects: 77
Number of suspicious objects: 8
Duration of the scan process: 00:13:21
Infected Object Name / Virus Name / Last Action
H:\Downloads\Computer Maintenance\revealpw.zip/SetupRevelationV2.exe/WISE0012.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
H:\Downloads\Computer Maintenance\revealpw.zip/SetupRevelationV2.exe/WISE0013.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
H:\Downloads\Computer Maintenance\revealpw.zip/SetupRevelationV2.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
H:\Downloads\Computer Maintenance\revealpw.zip ZIP: infected - 3 skipped
H:\Downloads\Computer Maintenance\XBMC\mirc621.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
H:\Downloads\Computer Maintenance\XBMC\mirc621.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
H:\Downloads\Computer Maintenance\XBMC\mirc621.exe NSIS: infected - 2 skipped
H:\Downloads\Computer Maintenance\jellybean.zip/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
H:\Downloads\Computer Maintenance\jellybean.zip/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
H:\Downloads\Computer Maintenance\jellybean.zip/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
H:\Downloads\Computer Maintenance\jellybean.zip ZIP: infected - 3 skipped
H:\System Volume Information\_restore{14010B59-50B0-4A8C-8411-F068898862CB}\RP6\change.log Object is locked skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08700000.VBN Infected: Backdoor.Win32.Codbot.ax skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\099C0000.VBN/Setup.exe Infected: Backdoor.Win32.IRCBot.dd skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\099C0000.VBN ZIP: infected - 1 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\099C0000.VBN CryptZ: infected - 1 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\099C0001.VBN/Setup.exe Infected: Backdoor.Win32.IRCBot.dd skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\099C0001.VBN ZIP: infected - 1 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\099C0001.VBN CryptZ: infected - 1 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09F80000.VBN Infected: Trojan-Downloader.HTML.Agent.aq skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A600000.VBN/Setup.exe Infected: Worm.Win32.VB.an skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A600000.VBN ZIP: infected - 1 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A600000.VBN CryptZ: infected - 1 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A600001.VBN/Setup.exe Infected: Worm.Win32.VB.an skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A600001.VBN ZIP: infected - 1 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A600001.VBN CryptZ: infected - 1 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A840000.VBN/Setup.exe Infected: Worm.Win32.VB.an skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A840000.VBN ZIP: infected - 1 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A840000.VBN CryptZ: infected - 1 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC80000.VBN/Setup.exe Infected: Worm.Win32.VB.an skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC80000.VBN ZIP: infected - 1 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC80000.VBN CryptZ: infected - 1 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC80001.VBN/Setup.exe Infected: Worm.Win32.VB.an skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC80001.VBN ZIP: infected - 1 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC80001.VBN CryptZ: infected - 1 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0ED00000.VBN/Setup.exe Infected: Worm.Win32.VB.an skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0ED00000.VBN ZIP: infected - 1 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0ED00000.VBN CryptZ: infected - 1 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F940000.VBN/Setup.exe Infected: Backdoor.Win32.IRCBot.tk skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F940000.VBN ZIP: infected - 1 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F940000.VBN CryptZ: infected - 1 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F940001.VBN/Setup.exe Infected: Backdoor.Win32.IRCBot.tk skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F940001.VBN ZIP: infected - 1 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F940001.VBN CryptZ: infected - 1 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\Mama\Local Settings\Temp\couponsandoffers.exe/data0120 Infected: not-a-virus:AdWare.Win32.TopMoxie.f skipped
H:\18_Feb_WinXP Reload\Documents and Settings\Mama\Local Settings\Temp\couponsandoffers.exe NSIS: infected - 1 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\Alek\Local Settings\Temporary Internet Files\Content.IE5\NUO3Z58L\dl[1].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
H:\18_Feb_WinXP Reload\Documents and Settings\Alek\Local Settings\Temporary Internet Files\Content.IE5\IK1BRIXN\dl[2].htm Infected: Trojan-Downloader.JS.Holistyc.a skipped
H:\18_Feb_WinXP Reload\Documents and Settings\Alek\Local Settings\Temporary Internet Files\Content.IE5\HN3719OA\cam2[1].htm Infected: Trojan-Clicker.JS.Linker.j skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Documents\Outlook\archive.pst/Archive Folders/Saudi Stuff/04 Sep 1999 19:10 to Hank & Patricia Castelain; Macut Steven Maj/ACONTI~1.DOC Infected: Virus.MSWord.Class.d skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Documents\Outlook\archive.pst/Archive Folders/Saudi Stuff/10 Jun 1999 14:30 to 'Hank Castelain':Welcome to the Big Sand Co/CHECKL~1.DOC Infected: Virus.MSWord.Class.d skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Documents\Outlook\archive.pst Mail MS Mail: infected - 2 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00A80000.VBN Infected: Exploit.Win32.MS04-028.gen skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00A80001.VBN Infected: Exploit.Win32.MS04-028.gen skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00A80002.VBN Infected: Exploit.Win32.MS04-028.gen skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00A80003.VBN Infected: Exploit.Win32.MS04-028.gen skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01400000.VBN Infected: Trojan-Clicker.Win32.VB.dn skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01A40000.VBN Infected: Email-Worm.Win32.Sober.p skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02240000.VBN Infected: Net-Worm.Win32.Welchia.a skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06280000.VBN Infected: Exploit.Win32.MS04-028.gen skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07980000.VBN Infected: Exploit.JS.ActiveXComponent skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07BC0000.VBN Infected: Exploit.JS.ActiveXComponent skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09500000.VBN Infected: Net-Worm.Win32.Welchia.a skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09540000.VBN Infected: Net-Worm.Win32.Welchia.a skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B740000.VBN Suspicious: Exploit.HTML.Mht skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B740001.VBN Suspicious: Exploit.HTML.Mht skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B740002.VBN Suspicious: Exploit.HTML.Mht skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B740003.VBN Suspicious: Exploit.HTML.Mht skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B740004.VBN Suspicious: Exploit.HTML.Mht skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B740005.VBN Suspicious: Exploit.HTML.Mht skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B740006.VBN Suspicious: Exploit.HTML.Mht skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B740007.VBN Suspicious: Exploit.HTML.Mht skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BEC0000.VBN/setup.exe Infected: P2P-Worm.Win32.Alcan.a skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BEC0000.VBN ZIP: infected - 1 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BEC0000.VBN CryptZ: infected - 1 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BEC0001.VBN/setup.exe Infected: P2P-Worm.Win32.Alcan.a skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BEC0001.VBN ZIP: infected - 1 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BEC0001.VBN CryptZ: infected - 1 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D640000.VBN Infected: Trojan-Downloader.JS.Inor.a skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D640001.VBN Infected: Trojan-Downloader.JS.Inor.a skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EB00000.VBN Infected: Exploit.HTML.Mht skipped
H:\18_Feb_WinXP Reload\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EB00001.VBN Infected: Exploit.HTML.Mht skipped
H:\18_Feb_WinXP Reload\Documents and Settings\Pops\My Documents\Pops\Downloaded Shareware\RevelationV2.zip/SetupRevelationV2.exe/WISE0012.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\Pops\My Documents\Pops\Downloaded Shareware\RevelationV2.zip/SetupRevelationV2.exe/WISE0013.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\Pops\My Documents\Pops\Downloaded Shareware\RevelationV2.zip/SetupRevelationV2.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
H:\18_Feb_WinXP Reload\Documents and Settings\Pops\My Documents\Pops\Downloaded Shareware\RevelationV2.zip ZIP: infected - 3 skipped
Scan process completed.
Don't know if this is able to be fixed????
#48
Posted 20 January 2008 - 05:27 AM

I doubt very much that all problems will be resolved. Let's try this:
Please copy and paste the text in the code box into Notepad (Go to Start > Run, type Notepad and hit Enter)
@echo off if exist "%temp%\log.txt" del "%temp%\log.txt" for %%g in ( "C:\Documents and Settings\pops\My Documents\Pops\Downloaded Shareware\RevelationV2.zip" "H:\Downloads\Computer Maintenance\revealpw.zip" "H:\Downloads\Computer Maintenance\jellybean.zip" "H:\18_Feb_WinXP Reload\Documents and Settings\Mama\Local Settings\Temp\couponsandoffers.exe" "H:\18_Feb_WinXP Reload\Documents and Settings\Alek\Local Settings\Temporary Internet Files\Content.IE5\NUO3Z58L\dl[1].htm" "H:\18_Feb_WinXP Reload\Documents and Settings\Alek\Local Settings\Temporary Internet Files\Content.IE5\IK1BRIXN\dl[2].htm" "H:\18_Feb_WinXP Reload\Documents and Settings\Alek\Local Settings\Temporary Internet Files\Content.IE5\HN3719OA\cam2[1].htm" "H:\18_Feb_WinXP Reload\Documents and Settings\Pops\My Documents\Pops\Downloaded Shareware\RevelationV2.zip" ) do ( del /a/f/q %%g >nul 2>&1 if exist %%g echo.%%~g>>"%temp%\log.txt" ) if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt" ) else echo.Deleted Successfully !! nircmd wait 7000 del %0
Go to File > Save As:. Save the file as "Fix.bat" (Including the quotes)
Double-click on Fix.bat to run the file.
If a Notepad windows pops up, please post its contents in your next reply. Also tell me what problems you are currently experiencing.
Edited by Simon V., 20 January 2008 - 07:37 AM.


So How Did I Get Infected In The First Place?
Stand Up and Be Counted!
#49
Posted 20 January 2008 - 09:12 AM

#50
Posted 20 January 2008 - 09:51 AM



So How Did I Get Infected In The First Place?
Stand Up and Be Counted!
#51
Posted 20 January 2008 - 10:20 AM
#52
Posted 20 January 2008 - 10:57 AM

I recommend FireFox. Especially the lack of ActiveX objects makes it a more secure browser; you can also personalize it with a lot of add-ons.
Here are a few links that will propably help when reinstalling Windows:
Reformatting Windows XP by wng_z3r0
When should I re-format? How should I reinstall?
Windows XP Clean install
We've deleted them by running Fix.bat.Kaspersky found 6-8 viruses and 20-30 warnings on two drives; did it quarantine or remove those or does it just ID them?
After you've reformatted your drive, here are some tips to keep your computer clean in the future:
Make your Internet Explorer More Secure
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab.
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt.
- Change the Download unsigned ActiveX controls to Disable.
- Change the Initialise and script ActiveX controls not marked as safe to Disable.
- Change the Installation of desktop items to Prompt.
- Change the Launching programs and files in an IFRAME to Prompt.
- Change the Navigate sub-frames across different domains to Prompt.
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Next press the Apply button and then the OK to exit the Internet Properties page.
Use a Firewall - Without a firewall your computer is susceptible to being hacked and taken over. The Windows firewall isn't sufficient as it only monitors incoming connections.
Here are a few (free) firewalls, please download and install one of them:
Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Spybot - Search and Destroy - Download and install Spybot - Search and Destroy with its TeaTimer option (if you have an older version than 1.5, please update it). This will provide real time spyware and hijacker protection on your computer alongside your virus protection. You should scan your computer with the program on a regular basis just as you would with your anti-virus software. A tutorial on installing and using this product can be found here: http://www.bleepingc...tutorial43.html
Install Ad-Aware - Download and install Ad-Aware (if you have Ad-Aware SE note that it is outdated, and you should update to Ad-Aware 2007). You should scan your computer with the program on a regular basis just as you would with your anti-virus software. A tutorial on installing and using this product can be found here: http://www.bleepingc...tutorial48.html
Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial can be found here: http://www.bleepingc...tutorial49.html
Install IE-Spyad - IE-Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here: http://www.spywarewa...rce.htm#IESPYAD
Update All Your Security Programs Regularly - Make sure you update all your security programs (Anti-Virus, Firewall, Anti-Spyware) regularly (once a weak, at least). Without regular updates you WILL NOT be protected when new malicious programs are released.
You can also read this excellent article by TonyKlein: So how did I get infected in the first place?
Follow this list and your potential for being infected again will reduce dramatically.


So How Did I Get Infected In The First Place?
Stand Up and Be Counted!
#53
Posted 20 January 2008 - 11:38 AM
#54
Posted 20 January 2008 - 12:06 PM
You're very welcome. Happy surfing and stay safe!Simon,
THanks I will apply these. also using FireFox
again appreciate all the help
Hank



So How Did I Get Infected In The First Place?
Stand Up and Be Counted!
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users