Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde, Win32 infections . . .


  • This topic is locked This topic is locked
2 replies to this topic

#1 tuckeryou

tuckeryou

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 02 April 2009 - 03:43 PM

When I start my computer in normal mode, two things usually happen. One, it asks me to log on as the administrator (I'm on windows XP) and enter the password. The thing is, I have my own account set up as the administrator, so there IS no administrator password. So, I change the name to my account and sign in and it works fine.

Until the computer loads. It loads everything except explorer and when I go to new task to load explorer.exe, windows shuts it down and doesn't let it load for whatever reason.

So, I'm able to start up in safemode and luckily safemode with networking works.

:thumbup2:

Thanks for all the help!


DDS (Ver_09-03-16.01) - NTFSx86 NETWORK
Run by Administrator at 13:33:49.04 on Thu 04/02/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.630 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
svchost.exe C:\WINDOWS\TEMP\VRTB.tmp
C:\WINDOWS\System32\reader_s.exe
C:\Documents and Settings\Administrator.FIDELITO\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://eeepc.asus.com/global
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {92f4a936-2c5a-4f13-bda7-c7a204726945} - No File
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: {c2ba40a2-74f3-42bd-f434-2604812c8954} - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRun: [services] c:\windows\services.exe
dRun: [reader_s] c:\documents and settings\administrator.fidelito\reader_s.exe
dRun: [services] c:\windows\services.exe
mExplorerRun: [services] c:\windows\services.exe
dExplorerRun: [services] c:\windows\services.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\npjpi160_07.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~4\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1.fid\applic~1\mozilla\firefox\profiles\wwuk35gp.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [2008-6-26 11264]
R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [2008-5-21 25088]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-6-26 36864]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-6-26 625024]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-26 97928]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-26 26824]
S1 ethcoexk;ethcoexk;c:\windows\system32\drivers\ethcoexk.sys --> c:\windows\system32\drivers\ethcoexk.sys [?]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-11-26 875288]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-26 231704]
S2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-26 76040]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-9-12 24652]
S3 botdrv;botdrv;c:\windows\system32\driver.sys [2009-4-1 137344]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]

=============== Created Last 30 ================

2009-04-02 13:04 137,376 a------- c:\windows\system32\drivers\ethddkvx.sys
2009-04-02 12:58 0 a------- C:\34.tmp
2009-04-02 12:55 0 a------- C:\33.tmp
2009-04-02 12:53 0 a------- C:\25.tmp
2009-04-02 12:51 0 a------- C:\24.tmp
2009-04-02 12:50 153,088 a------- C:\1F.tmp
2009-04-02 12:49 52,190 a------- c:\windows\services.exe
2009-04-02 12:49 31,744 a------- c:\windows\system32\11.tmp
2009-04-02 12:49 124 a------- c:\windows\system32\D.tmp
2009-04-01 22:51 137,344 a------- c:\windows\system32\driver.sys
2009-04-01 22:47 0 a------- C:\23.tmp
2009-04-01 22:44 0 a------- C:\22.tmp
2009-04-01 22:41 0 a------- C:\21.tmp
2009-04-01 22:39 0 a------- C:\1E.tmp
2009-04-01 22:39 154,112 a------- C:\1D.tmp
2009-04-01 22:38 29,696 a------- c:\windows\system32\E.tmp
2009-04-01 22:37 124 a------- c:\windows\system32\A.tmp
2009-04-01 21:08 0 a------- C:\1C.tmp
2009-04-01 21:05 0 a------- C:\1B.tmp
2009-04-01 21:02 0 a------- C:\1A.tmp
2009-04-01 21:00 0 a------- C:\19.tmp
2009-04-01 20:59 154,112 a------- C:\18.tmp
2009-04-01 20:58 28,672 a------- c:\windows\system32\C.tmp
2009-04-01 20:58 124 a------- c:\windows\system32\5.tmp
2009-04-01 17:12 0 a------- C:\17.tmp
2009-04-01 17:10 0 a------- C:\16.tmp
2009-04-01 17:07 0 a------- C:\15.tmp
2009-04-01 17:06 0 a------- C:\14.tmp
2009-04-01 17:04 0 a------- C:\13.tmp
2009-04-01 17:03 0 a------- C:\12.tmp
2009-04-01 17:01 0 a------- C:\11.tmp
2009-04-01 17:01 0 a------- C:\10.tmp
2009-04-01 17:00 124 a------- c:\windows\system32\7.tmp
2009-04-01 16:57 0 a------- C:\F.tmp
2009-04-01 16:56 0 a------- C:\E.tmp
2009-04-01 16:54 0 a------- C:\D.tmp
2009-04-01 16:54 0 a------- C:\C.tmp
2009-04-01 16:53 29,696 a------- c:\windows\system32\8.tmp
2009-04-01 16:53 124 a------- c:\windows\system32\4.tmp
2009-04-01 16:27 0 a------- C:\B.tmp
2009-04-01 16:26 142,333 a------- C:\A.tmp
2009-04-01 16:25 29,696 a------- c:\windows\system32\9.tmp
2009-04-01 16:25 124 a------- c:\windows\system32\6.tmp
2009-04-01 16:18 0 a------- C:\10E.tmp
2009-04-01 16:15 0 a------- C:\AC.tmp
2009-04-01 16:13 0 a------- C:\4A.tmp
2009-04-01 16:13 84,733 a------- C:\40.tmp
2009-04-01 16:12 <DIR> --d----- c:\windows\ERUNT
2009-04-01 16:12 35,328 a------- c:\documents and settings\administrator.fidelito\reader_s.exe
2009-04-01 15:57 <DIR> --d----- C:\SDFix
2009-04-01 12:50 35,328 a------- c:\windows\system32\reader_s.exe
2009-04-01 05:00 0 a------- c:\windows\_id.dat
2009-04-01 03:11 0 a------- C:\139.tmp
2009-04-01 03:07 0 a------- C:\137.tmp
2009-04-01 03:04 0 a------- C:\136.tmp
2009-04-01 03:03 153,088 a------- C:\10F.tmp
2009-04-01 03:00 37,376 a------- c:\windows\system32\reader_s.ex_
2009-04-01 02:55 130 a------- c:\windows\adobe.bat
2009-04-01 02:55 28,672 a------- c:\windows\system32\14.tm_
2009-04-01 02:55 11,264 a------- c:\windows\system32\13.tm_
2009-04-01 02:48 408,064 a------- c:\windows\system32\CF25977.exe
2009-04-01 02:48 <DIR> --d----- C:\ComboFix
2009-03-31 13:30 0 a------- c:\windows\mqcd.dbt
2009-03-31 13:18 96,768 a------- C:\dxxrp.exe
2009-03-31 13:18 49,152 a------- C:\wixex.exe
2009-03-31 13:18 46,080 a------- C:\vaybq.exe
2009-03-31 13:18 29,696 a------- C:\ijmaxk.exe
2009-03-31 13:18 289,792 a------- C:\tqaau.exe
2009-03-31 13:18 68,096 a------- C:\liymwuq.exe
2009-03-31 13:18 42,496 a------- c:\windows\system32\kmsvc32.dll
2009-03-31 13:18 1,468 a------- c:\windows\system32\wh
2009-03-31 12:33 28,672 a------- c:\windows\system32\kdoqmn.sr
2009-03-31 12:33 32,768 a------- c:\windows\system32\odjan.wa
2009-03-31 12:33 32,768 a------- c:\windows\system32\kei1w.an
2009-03-31 12:33 28,672 a------- c:\windows\system32\doqkm.zt
2009-03-31 12:33 77,312 a------- c:\windows\system32\rkoq.pxf
2009-03-31 12:33 262,144 a------- c:\windows\system32\nvtpm32.dll
2009-03-31 12:30 96,768 a------- C:\aoqckrns.exe
2009-03-31 12:30 46,080 a------- C:\ajtbyh.exe
2009-03-31 12:30 29,696 a------- C:\wicnin.exe
2009-03-31 12:30 117,248 a------- c:\windows\system32\azton.mt
2009-03-31 12:30 90,624 a------- C:\rojpcck.exe
2009-03-31 12:30 289,792 a------- C:\uldwlib.exe
2009-03-31 12:30 68,096 a------- C:\dmsiacq.exe
2009-03-31 12:29 31,232 a------- c:\windows\instsp2.exe
2009-03-30 13:40 <DIR> --d----- c:\program files\MSECache
2009-03-30 11:57 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-03-30 11:55 <DIR> --d----- c:\windows\SHELLNEW
2009-03-25 00:21 524,288 a------- c:\windows\1000H-ASUS-1803.ROM
2009-03-25 00:21 388,942 a------- c:\windows\1000H-ASUS-1803.zip
2009-03-24 22:31 605 a------- c:\windows\wininit.ini
2009-03-22 17:51 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\CanonIJScan
2009-03-22 17:46 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-03-22 17:46 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-03-19 22:30 <DIR> --d----- c:\program files\Canon
2009-03-19 22:29 325,632 a------- c:\windows\IsUninst.exe
2009-03-19 22:26 230,912 a------- c:\windows\system32\CNMLM9F.DLL
2009-03-19 22:26 1,339,392 a------- c:\windows\system32\CNC480C.DLL
2009-03-19 22:26 270,336 a------- c:\windows\system32\CNC480L.DLL
2009-03-19 22:26 188,416 a------- c:\windows\system32\CNC480O.DLL
2009-03-19 22:26 98,304 a------- c:\windows\system32\CNC480I.DLL
2009-03-17 00:48 <DIR> --d----- c:\program files\iPod
2009-03-17 00:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-17 00:45 <DIR> --d----- c:\program files\Bonjour
2009-03-16 09:26 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-03-16 09:26 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-03-10 20:53 <DIR> --d----- c:\program files\VSTplugins
2009-03-10 17:29 <DIR> --d----- c:\program files\Sony
2009-03-10 17:08 <DIR> --d----- c:\windows\system32\XPSViewer
2009-03-10 17:06 14,048 -------- c:\windows\system32\spmsg2.dll
2009-03-10 13:36 <DIR> --d----- c:\program files\JRE
2009-03-10 13:36 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-03-10 13:21 <DIR> --d----- c:\program files\Sony Setup

==================== Find3M ====================

2009-04-01 15:28 90,112 a------- c:\windows\DUMP63bb.tmp
2009-04-01 02:59 90,112 a------- c:\windows\DUMP564d.tmp
2009-03-31 12:33 157,696 a------- c:\windows\okolilun.dll
2009-03-31 12:31 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-03-31 12:29 84,768 a--sh--- c:\windows\system32\wivagoge.exe
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-01-14 19:26 3,039,899 a----r-- C:\Combo-Fix.exe
2008-10-26 20:25 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-05-07 16:34 15,523,560 a------- c:\program files\U1 Setup.exe
0000-00-00 00:00 47,616 a--sh--- c:\windows\system32\vinabino.dll.vir

============= FINISH: 13:34:16.76 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:16 AM

Posted 02 April 2009 - 07:00 PM

Hi tuckeryou,

I am sorry to give you some very bad news. :thumbup2:

Your System is infected with Virut!!
Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.

More information:
http://free.avg.com/66558

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.


http://home.mcafee.com/VirusInfo/VirusProf...aspx?key=143034

W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)


Miekiemoes, an expert  for malware removal, and an MS-MVP, additionally has a blog post about Virut.

I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc..
Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.

Read here for instructions how to format and reinstall Windows
:

http://web.mit.edu/ist/products/winxp/adva...all-format.html
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:16 AM

Posted 11 April 2009 - 04:14 PM

Since your problem appears to be resolved, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users