Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91733 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Windows 2000 server


  • This topic is locked This topic is locked
No replies to this topic

#1 jcharnley

jcharnley

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 07 May 2008 - 05:34 AM

Hi im having afew problems with my windows 2000 server. Yesterday every computer connected to the network was running slow, I virused scanned it found 2 trojans. I might also have aworm or some sort. Could you take alook at this log and tell me what you think Thanks HKLM\SECURITY\Policy\Secrets\SAC* 4/6/2003 4:13 PM 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\SAI* 4/6/2003 4:13 PM 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\SCM:{32B7E16F-061D-4769-A507-9402E8C020AC}* 2/9/2005 3:55 PM 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\SCM:{3D14228D-FBE1-11D0-995D-00C04FD919C1}* 4/2/2003 5:12 AM 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\SCM:{4ABABDDF-B4AA-40fb-B0F3-DE3021506472}* 2/9/2005 3:55 PM 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\TS:InternetConnectorPswd* 4/2/2003 5:11 AM 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\XATM:374423e1-6cf5-4348-8e4a-0630a98706ad* 4/6/2003 9:56 PM 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\BKUPEXEC\MSSQLServer\uptime_time_utc 5/7/2008 11:45 AM 8 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\uptime_time_utc 5/7/2008 11:45 AM 8 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System* 3/15/2005 10:25 PM 0 bytes Key name contains embedded nulls (*) C:\Documents and Settings\Administrator.RCS1\Application Data\Mozilla\Firefox\Profiles\mlplvwgz.default\parent.lock 5/7/2008 11:49 AM 0 bytes Hidden from Windows API. C:\Documents and Settings\Administrator.RCS1\Local Settings\Temp\Rar$EX00.843 5/7/2008 11:57 AM 0 bytes Hidden from Windows API. C:\Documents and Settings\Administrator.RCS1\Local Settings\Temp\Rar$EX00.843\Eula.txt 5/7/2008 11:57 AM 6.84 KB Hidden from Windows API. C:\Documents and Settings\Administrator.RCS1\Local Settings\Temp\Rar$EX00.843\tcpvcon.exe 5/7/2008 11:57 AM 129.04 KB Hidden from Windows API. C:\Documents and Settings\Administrator.RCS1\Local Settings\Temp\Rar$EX00.843\tcpview.chm 5/7/2008 11:57 AM 39.08 KB Hidden from Windows API. C:\Documents and Settings\Administrator.RCS1\Local Settings\Temp\Rar$EX00.843\Tcpview.exe 5/7/2008 11:57 AM 145.04 KB Hidden from Windows API. C:\Documents and Settings\Administrator.RCS1\Recent\TcpView.zip.lnk 5/7/2008 11:56 AM 470 bytes Hidden from Windows API. C:\WINNT\system32\Perflib_Perfdata_abc.dat 5/7/2008 11:45 AM 16.00 KB Visible in Windows API, but not in MFT or directory index. D:\cumbsupp\LPT1:BCH857.WRK 9/12/2003 12:43 AM 1.53 KB Hidden from Windows API. D:\User Files\comp\Profiles\Program Files\d2000\LPT1:BCH633.WRK 4/8/2006 7:48 PM 1.52 KB Hidden from Windows API. D:\User Files\comp\Profiles\Program Files\d2000\LPT1:BCH635.WRK 4/8/2006 7:48 PM 1.52 KB Hidden from Windows API. Someing was deffo messin arouond with it. as when i came back from the weekend CMD was open, They where trying to download wplayer.exe from a FTP site Please help

Edited by jcharnley, 07 May 2008 - 05:37 AM.

    Advertisements

Register to Remove

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users