Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hacked Through Skype, Trojans, Rootkits, Viruses Etc...


  • Please log in to reply
3 replies to this topic

#1 sb1000

sb1000

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 12 September 2007 - 08:55 AM

Hi,

I got badly infected through the skype message I print below.

But it was through a skype friend who got hacked.

see news.sina.com.hk/cgi-bin/news/show_news.cgi?ct=headlines&type=hongkong&date=2007-09-12&id=2455578 for details about it in Chinese (not a virus link, an article about this virus).

I have been getting trojans, viruses, hacks and hostfile changes, with a list of Hijack This 01 blocks as long as I've ever seen before and crashes after 5minutes of running my computer.

I managed to clear most of it using a few scanners, antiviruses, Spybot and going through the Hijack This tutorial here etc. And then my AVG did a scan today and found 3 trojans it deleted.

So I am going through the malware removal process starting with Adaware, then spybot, online scanners, virus scan etc and will post a HJT log with the result after the processes as a reply to this...

I run important financial processes involving markets, banking, business from this computer and thought it would "never happen to me" so I'm grateful for your service.

Here is a copy of the skype I received and foolishly clicked on (URLs modified)

how are u ? :thumbsup:
how are u ? :flowers:
where I put ur photo :D
haha lol
[ look what crazy photo Tiffany sent to me,looks cool
www.myimagespace.net/erotic-gallerys/..../dsc027.jpg
[10/09/2007 10:21:13] Johan Anders Taft says: www.myimagespace.net/erotic-gallerys/..../dsc027.jpg
says: this (happy) sexy one
oops sorry please don't look there :S
:D
(devil)
how are u ? :huh:
look what crazy photo Tiffany sent to me,looks cool
myimagespace.net/erotic-gallerys......./dsc027.jpg
says: you checked ?
:D
I used photoshop and edited it
haha lol
www.myimagespace.net/erotic-gallerys/......../dsc027.jpg
(devil)

Thanks for your help guys.

Sam

Mod edit: Hotlinks have been disabled--please don't post direct links to sites that could be dangerous.


UPDATED:

I got this message through a friend directly from skype about this mean, horrible phish...


HJT log to come. I think my computer is clean now, just running stinger and then will post HJT log.

= no more crashing
= URLs to antivirus sites no longers coming up in 01 for HJT

Edited by sb1000, 12 September 2007 - 04:40 PM.


BC AdBot (Login to Remove)

 


#2 sb1000

sb1000
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 12 September 2007 - 04:52 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54:45, on 12/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RAMfreer\RAMfreer.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Documents and Settings\Sam\Desktop\stinger.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\analys#ze.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [RAMfreer] C:\Program Files\RAMfreer\RAMfreer.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Spurl! - http://www.spurl.net/rclick.php
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Spurl! - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Bookmark the current page to Spurl.net - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra button: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1163638470125
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C728DAB8-FDF5-4CD7-89DD-879D25794C77} (KooPlayer Control) - http://www.cctv.com/p2p/tvkoo/cctvplayer.ocx
O21 - SSODL: Olerav32 - {CE8907D4-ED49-41E7-82D4-EA9289298BBB} - C:\WINDOWS\system32\mp3oksnd.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8895 bytes

Edited by sb1000, 12 September 2007 - 04:56 PM.


#3 sb1000

sb1000
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 12 September 2007 - 05:41 PM

I am now getting my AVG Resident shield finding a whole string of Trojan Horse SHeur.MNU and I-Worm/Stration (see the latter virus vault entries)

c:\system volume information\_restore{6C7798E7-436F-4A57-8208--E32777E83221}\RP172\A0059750.exe

and so forth with change to the numbers...

This also happened this morning before performing the prescribed scans and I got a problem with AVG closing onm an error without removing all of the MRU tracking cookies.

Virus identified I-Worm/Stration C:\Documents and Settings\Sam\Desktop\desktop\dsc027.scr 9/11/2007 12:53:01 PM dsc027.scr 184 KB
Trojan horse SHeur.MNU C:\WINDOWS\system32\drnnctop.exe 9/12/2007 2:12:30 PM drnnctop.exe 97.66 KB
Trojan horse SHeur.MNU C:\WINDOWS\system32\lkavs32.exe 9/12/2007 2:12:31 PM lkavs32.exe 97.66 KB
Trojan horse SHeur.MNU C:\WINDOWS\system32\netstdll2.exe 9/12/2007 2:12:31 PM netstdll2.exe 97.66 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP169\A0056747.exe 9/12/2007 11:30:25 PM A0056747.exe 184 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP172\A0059750.exe 9/12/2007 11:35:16 PM A0059750.exe 97.66 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP172\A0059753.exe 9/12/2007 11:35:34 PM A0059753.exe 97.66 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP172\A0059754.exe 9/12/2007 11:35:37 PM A0059754.exe 97.66 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP173\A0059796.exe 9/12/2007 11:35:38 PM A0059796.exe 97.66 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP173\A0060746.exe 9/12/2007 11:35:42 PM A0060746.exe 184 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP173\A0060747.exe 9/12/2007 11:35:44 PM A0060747.exe 184 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP173\A0060748.exe 9/12/2007 11:35:46 PM A0060748.exe 184 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP173\A0060750.exe 9/12/2007 11:36:00 PM A0060750.exe 184 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0060766.exe 9/12/2007 11:36:05 PM A0060766.exe 184 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0060773.exe 9/12/2007 11:36:08 PM A0060773.exe 97.66 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0060993.exe 9/12/2007 11:36:12 PM A0060993.exe 184 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0060997.exe 9/12/2007 11:36:18 PM A0060997.exe 97.66 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0060999.exe 9/12/2007 11:36:23 PM A0060999.exe 97.66 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0061007.exe 9/12/2007 11:36:26 PM A0061007.exe 184 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0061008.exe 9/12/2007 11:36:43 PM A0061008.exe 184 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP169\A0056746.exe 9/12/2007 4:20:19 PM A0056746.exe 184 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP169\A0057750.exe 9/12/2007 4:20:32 PM A0057750.exe 97.66 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP169\A0057751.exe 9/12/2007 4:20:37 PM A0057751.exe 97.66 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP169\A0057752.exe 9/12/2007 4:20:45 PM A0057752.exe 97.66 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP169\A0057753.exe 9/12/2007 4:20:48 PM A0057753.exe 97.66 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP170\A0057769.exe 9/12/2007 4:20:52 PM A0057769.exe 97.66 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP170\A0058746.exe 9/12/2007 4:20:57 PM A0058746.exe 184 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP170\A0058747.exe 9/12/2007 4:21:03 PM A0058747.exe 184 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP170\A0058748.exe 9/12/2007 4:21:05 PM A0058748.exe 184 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP170\A0058749.exe 9/12/2007 4:21:08 PM A0058749.exe 97.66 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP170\A0058750.exe 9/12/2007 4:21:10 PM A0058750.exe 184 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP170\A0058751.exe 9/12/2007 4:21:12 PM A0058751.exe 97.66 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP170\A0058752.exe 9/12/2007 4:21:15 PM A0058752.exe 97.66 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP170\A0058753.exe 9/12/2007 4:21:20 PM A0058753.exe 97.66 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP172\A0058806.exe 9/12/2007 4:21:26 PM A0058806.exe 97.66 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP172\A0059747.exe 9/12/2007 4:21:29 PM A0059747.exe 184 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP172\A0059748.exe 9/12/2007 4:21:30 PM A0059748.exe 184 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP172\A0059749.exe 9/12/2007 4:21:31 PM A0059749.exe 184 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP172\A0059751.exe 9/12/2007 4:21:41 PM A0059751.exe 184 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP172\A0059752.exe 9/12/2007 4:21:44 PM A0059752.exe 97.66 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP173\A0060751.exe 9/12/2007 4:22:06 PM A0060751.exe 97.66 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP173\A0060752.exe 9/12/2007 4:22:08 PM A0060752.exe 97.66 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP173\A0060753.exe 9/12/2007 4:22:09 PM A0060753.exe 97.66 KB
Virus identified I-Worm/Stration.ESP C:\WINDOWS\system32\sdrivec32.exe 9/11/2007 4:28:13 PM sdrivec32.exe 184 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0060767.exe 9/12/2007 4:24:11 PM A0060767.exe 184 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0060768.exe 9/12/2007 4:24:15 PM A0060768.exe 184 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0060769.exe 9/12/2007 4:24:17 PM A0060769.exe 97.66 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0060770.exe 9/12/2007 4:24:43 PM A0060770.exe 184 KB
Virus identified I-Worm/Stration.ESP C:\WINDOWS\system32\winlgcverx.exe 9/11/2007 4:29:43 PM winlgcverx.exe 184 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0060771.exe 9/12/2007 4:24:47 PM A0060771.exe 97.66 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0060772.exe 9/12/2007 4:24:52 PM A0060772.exe 97.66 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0060992.exe 9/12/2007 4:25:06 PM A0060992.exe 184 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0060994.exe 9/12/2007 4:25:09 PM A0060994.exe 184 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0060995.exe 9/12/2007 4:25:13 PM A0060995.exe 184 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0060996.exe 9/12/2007 4:25:18 PM A0060996.exe 97.66 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0060998.exe 9/12/2007 4:26:19 PM A0060998.exe 97.66 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0061009.exe 9/12/2007 4:26:59 PM A0061009.exe 184 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0061010.exe 9/12/2007 4:27:02 PM A0061010.exe 97.66 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0061011.exe 9/12/2007 4:27:04 PM A0061011.exe 184 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0061012.exe 9/12/2007 4:28:02 PM A0061012.exe 97.66 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0061013.exe 9/12/2007 4:28:05 PM A0061013.exe 97.66 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0061014.exe 9/12/2007 4:28:08 PM A0061014.exe 97.66 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0061047.exe 9/12/2007 4:28:28 PM A0061047.exe 97.66 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0062009.exe 9/12/2007 4:28:31 PM A0062009.exe 184 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0062010.exe 9/12/2007 4:28:35 PM A0062010.exe 184 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0062011.exe 9/12/2007 4:28:38 PM A0062011.exe 184 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP174\A0062013.exe 9/12/2007 4:28:46 PM A0062013.exe 184 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP175\A0062038.scr 9/12/2007 4:29:37 PM A0062038.scr 184 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP175\A0062059.exe 9/12/2007 4:29:39 PM A0062059.exe 184 KB
Virus identified I-Worm/Stration.ESP C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP175\A0062060.exe 9/12/2007 4:29:47 PM A0062060.exe 184 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP175\A0062089.exe 9/12/2007 4:30:03 PM A0062089.exe 97.66 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP175\A0062090.exe 9/12/2007 4:30:09 PM A0062090.exe 97.66 KB
Trojan horse SHeur.MNU C:\System Volume Information\_restore{6C7798E7-436F-4A57-8208-E32777E83221}\RP175\A0062091.exe 9/12/2007 4:30:11 PM A0062091.exe 97.66 KB

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:17 PM

Posted 28 September 2007 - 10:44 AM

Sorry for the delay.

If you are still having problems, please post a brand new log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users