Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected File


  • This topic is locked This topic is locked
4 replies to this topic

#1 huMAC

huMAC

  • Members
  • 153 posts
  • OFFLINE
  •  
  • Location:Barling, AR
  • Local time:03:17 PM

Posted 23 August 2007 - 03:23 PM

Well I'm not having any problem with my computers but I was just doing my virus can today and I found a couple of infected files. I don't really know whether to remove it or quarantine it, so I'm asking for assistance.


Heres my log





Scan Started Thu Aug 23 11:02:23 2007

-------------------------------------------------------------------------------



WARNING: Can't open file \\?\C:\Documents and Settings\Chau\Local Settings\Temp\hsperfdata_Chau\912, Permission denied

WARNING: Can't open file \\?\C:\Documents and Settings\Chau\Local Settings\Temporary Internet Files\Content.IE5\ONZZ609L\9da142ad29ed3110ef11649b1b2e1d6216c0f34f89cd201c1671fa51d731adfc8933fae2841c3c87b14665b2bfcef79db3a54130b98f565f672342e50be8032b797bae1a10270db38a2491,;ord=118775877587N!O!?@, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\Chau\My Documents\Azureus Downloads\Macromedia Studio 8 Full Edition.(Flash Dreamweaver Fireworks)+Keygen\Macromedia Studio 8 Full Edition.(Flash Dreamweaver Fireworks)+Keygen\Macromedia Studio 8 Full Edition\Beweisfoto_Paypal.jpg.jpg_H!I!?@, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\Chau\My Documents\Azureus Downloads\Macromedia Studio 8 Full Edition.(Flash Dreamweaver Fireworks)+Keygen\Macromedia Studio 8 Full Edition.(Flash Dreamweaver Fireworks)+Keygen\Macromedia Studio 8 Full Edition\Data\Captivate-en.zip.zip7J!H!?@, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\Chau\My Documents\Azureus Downloads\Macromedia Studio 8 Full Edition.(Flash Dreamweaver Fireworks)+Keygen\Macromedia Studio 8 Full Edition.(Flash Dreamweaver Fireworks)+Keygen\Macromedia Studio 8 Full Edition\Data\Captivate-tc.zip.zip7J!H!?@, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\Chau\My Documents\Azureus Downloads\Macromedia Studio 8 Full Edition.(Flash Dreamweaver Fireworks)+Keygen\Macromedia Studio 8 Full Edition.(Flash Dreamweaver Fireworks)+Keygen\Macromedia Studio 8 Full Edition\Data\Dreamweaver8-en.-en.7J!H!?@, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\Chau\My Documents\Azureus Downloads\Macromedia Studio 8 Full Edition.(Flash Dreamweaver Fireworks)+Keygen\Macromedia Studio 8 Full Edition.(Flash Dreamweaver Fireworks)+Keygen\Macromedia Studio 8 Full Edition\Data\Email_Beweis01.j01.j7J!H!?@, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\Chau\My Documents\Azureus Downloads\Macromedia Studio 8 Full Edition.(Flash Dreamweaver Fireworks)+Keygen\Macromedia Studio 8 Full Edition.(Flash Dreamweaver Fireworks)+Keygen\Macromedia Studio 8 Full Edition\Data\Email_Beweis02.j02.j7J!H!?@, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\Chau\My Documents\Azureus Downloads\Macromedia Studio 8 Full Edition.(Flash Dreamweaver Fireworks)+Keygen\Macromedia Studio 8 Full Edition.(Flash Dreamweaver Fireworks)+Keygen\Macromedia Studio 8 Full Edition\Data\Fireworks8-en.exn.ex7J!H!?@, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\Chau\My Documents\Azureus Downloads\Macromedia Studio 8 Full Edition.(Flash Dreamweaver Fireworks)+Keygen\Macromedia Studio 8 Full Edition.(Flash Dreamweaver Fireworks)+Keygen\Macromedia Studio 8 Full Edition\Data\FreeHandMX-en.zin.zi7J!H!?@, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\Chau\Shared\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Adobe® Photoshop® CS2\commonfilesinstaller\Adobe Common File Installer.ler.E!OJ!?@, No such file or directory

WARNING: Can't open file \\?\C:\hiberfil.sys, Permission denied

WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied

WARNING: Can't open file \\?\C:\WINDOWS\system32\CatRoot2\tmp.edb, Permission denied



C:\2B.tmp: Trojan.Downloader-11651 FOUND

C:\4D.tmp: Trojan.Downloader-11651 FOUND

C:\4E.tmp: Trojan.Downloader-11651 FOUND

C:\8.tmp: Trojan.Downloader-11651 FOUND

C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL: Virut.set1.08 FOUND

----------- SCAN SUMMARY -----------

Known viruses: 148231

Engine version: 0.91.1

Scanned directories: 5929

Scanned files: 66772

Skipped non-executable files: 1180

Infected files: 5



Data scanned: 28488.59 MB

Time: 11793.906 sec (196 m 33 s)

--------------------------------------

Completed

--------------------------------------

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:17 PM

Posted 23 August 2007 - 05:09 PM

What program produced the log? Dr. Web? It is safe to quarantine these files. If at a later date you find you need them or they are false/positives, you can restore them.
You should use the programs below to confirm you are malware free or find and remove other malware.

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

Please let us know the results.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 huMAC

huMAC
  • Topic Starter

  • Members
  • 153 posts
  • OFFLINE
  •  
  • Location:Barling, AR
  • Local time:03:17 PM

Posted 23 August 2007 - 07:27 PM

I'm used Clamwin Antivirus for that log.

#4 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:17 PM

Posted 23 August 2007 - 08:35 PM

Thanks for answering my question. Be sure to let us know what the other scans find if anything.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,484 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:17 PM

Posted 24 August 2007 - 07:19 AM

I see you posted a hijackthis log here and have been receiving help from RichieUK.

Did you advise him the results of your scan or continuing problems? If not, please do so right away.

Please refrain from asking for help from other members or staff while you are being instructed by a member of the HJT Team. Any modifications you make can result in system changes which may not show it the log you already posted. Further, following advice outside of that post may cause confusion for the team member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

The HJT Team should be the only members that you take advice from, until they have verified your log as clean. If you followed any other advice already, please ensure you inform the HJT Team Helper. This will help them know what has been done and they probably will ask for an updated log.

To avoid confusing, I am closing this topic until you are cleared by the HJT Team. If you still need assistance after your log has been reviewed and you have been cleared, please PM me or another moderator and we will re-open this topic.

Thanks for your cooperation.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users