Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Two Viruses Found Using Kaspersky's Online Scan


  • Please log in to reply
7 replies to this topic

#1 ceb83

ceb83

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wiltshire, England
  • Local time:02:28 PM

Posted 24 July 2007 - 08:18 PM

Hi, :trumpet:

I've a Dell desktop running 98SE, IE6 with Ad-aware, Spyware Blaster, SpyBot, Avast! anti virus and others installed.
PC's been behaving strangely for the last week.
After scanning with above programmes found one or two bits of malware.
Used SpyBot to clear them.

However, scanned PC on Kaspersky earlier and it found two bugs. :inlove:

c:\sysmeob.exe Infected: Virus.Win32.KME skipped

c:\systole.exe Infected: Virus.Win32.KME skipped

c:\sysnlll.exe Infected: Trojan-Downloader.Win32.Small.evy skipped


Hoping someone with a LOT more know-how can help me out!! :flowers:

I've kept both log files for future use. :thumbsup:

Many thanks, in advance.

Carol

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:28 AM

Posted 24 July 2007 - 09:38 PM

Try running this scan, as it can remove what it finds SuperAntiSpyware .
Using the free home version,down load,install, uodate then run scan from Safe Mode
see How to start Windows in Safe Mode

Let us know if it works as there is still another option
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ceb83

ceb83
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wiltshire, England
  • Local time:02:28 PM

Posted 25 July 2007 - 07:14 AM

Hi 'boopme',

I've updated SuperAntiSpyware definitions and run a scan in Safe mode. It found 20 tracking cookies, no viruses, which I've quarantined.

Here's the log;

SUPERAntiSpyware Scan Log
Generated 07/25/2007 at 12:20 PM

Core Rules Database Version : 3273
Trace Rules Database Version: 1284

Memory threats detected : 0
Registry threats detected : 0
File threats detected : 20

Adware.Tracking Cookie
C:\WINDOWS\Cookies\carol@xiti[1].txt
C:\WINDOWS\Cookies\carol@revsci[2].txt
C:\WINDOWS\Cookies\carol@1070847646[1].txt
c:\WINDOWS\TEMP\Cookies\carol@revsci[2].txt
c:\WINDOWS\TEMP\Cookies\carol@cannamedia[1].txt
c:\WINDOWS\TEMP\Cookies\carol@xiti[1].txt
c:\WINDOWS\TEMP\Cookies\carol@adserver[1].txt
c:\WINDOWS\TEMP\Cookies\carol@tacoda[2].txt
c:\WINDOWS\TEMP\Cookies\carol@bizrate.co[1].txt
c:\WINDOWS\TEMP\Cookies\carol@www.etracker[2].txt
c:\WINDOWS\TEMP\Cookies\carol@adserver.actionsm[1].txt
c:\WINDOWS\TEMP\Cookies\carol@bizrate[1].txt
c:\WINDOWS\TEMP\Cookies\carol@stat.dealtime[2].txt
c:\WINDOWS\TEMP\Cookies\carol@clickauditor[1].txt
c:\WINDOWS\TEMP\Cookies\carol@statcounter[2].txt
c:\WINDOWS\TEMP\Cookies\carol@e-2dj6whlyuicpsdp.stats.esomniture[1].txt
c:\WINDOWS\TEMP\Cookies\carol@e-2dj6wfmiwgc5ocp.stats.esomniture[2].txt
c:\WINDOWS\TEMP\Cookies\carol@sales.liveperson[1].txt
c:\WINDOWS\TEMP\Cookies\carol@server.iad.liveperson[1].txt
c:\WINDOWS\TEMP\Cookies\carol@nextag.co[1].txt


Hope it's of some help?? :thumbsup:

Cheers,

Carol

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:28 AM

Posted 25 July 2007 - 01:36 PM

Hello Carol, well tried the simple way first..
1>If you are running LinkScanner Pro 2.5.1.0048 (released on 2/20/07) and current versions of Kaspersky Anti-Virus or Zone Alarm with Kaspersky inside it, you may find that they alert on our product file (LinkScannerChecker.exe) declaring it to be virus: Virus.Win32.KME
Kaspersky acknowledges this is a false positive and our file is absolutely safe. They are working to correct the problem.
2> As`for the Downloader its got to go
So your next step isposting a hijack This log to be sureit's removed
See.. Preparation Guide for use before posting a HijackThis Log
Then post that HERE by clicking on New Topic

Good luck
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 ceb83

ceb83
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wiltshire, England
  • Local time:02:28 PM

Posted 25 July 2007 - 06:24 PM

Hi 'boopme',

A few weeks back I downloaded Zone Alarm not realising it wasn't compatable with 98SE.

It's been sitting, uninstalled, in a folder on my hard drive.
Is that where Kaspersky picked it up??

Anyhow, the programme's been deleted from my PC now - just in case.

Really appreciate the help. :flowers:

Off to do a HJT log and will post ASAP.

Many thanks.

Kindest regards,

Carol :thumbsup:

#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:02:28 PM

Posted 25 July 2007 - 06:50 PM

Here's some info on Trojan-Downloader.Win32.Small.evy
http://research.sunbelt-software.com/threa...threatid=148205

This really is a case of running a Hjt log and getting it checked.

BBPP6nz.png


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:28 AM

Posted 25 July 2007 - 07:10 PM

Your welcome, Thanks Starbuck for the extra info.
Carol just wanted to mention that once you've posted your HJT >>>MAKE NO changes to your PC until your told by the team member. If you have any further questions til then post them here not there.

Just in case, as they are a very busy bunch,you don't get a response go here
Haven't Had A Reply In Five Days?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 ceb83

ceb83
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wiltshire, England
  • Local time:02:28 PM

Posted 25 July 2007 - 07:56 PM

Many thanks Starbuck for the additional information.

Promise not to change anything on my PC bootme.

Done the AdAware x2 and the SpyBot, all clean.
Off to do a Panda AV scan now.

Cheers guys,

Carol




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users