Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected: Backdoor.win32.mosucker.30.b


  • Please log in to reply
13 replies to this topic

#1 hunteroriginal

hunteroriginal

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 09 November 2007 - 11:42 PM

As the discription suggests, I am looking for a specific removal tool for this virus. As the scanners I have used claim to remove it and it just shows up again later. Any help would be appreciated.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:16 AM

Posted 10 November 2007 - 12:54 AM

Hello this should take care of it
Download and scan with Dr.Web CureIt

Download Dr.Web CureIt! from our web-site. Run the utility and press the "Start" button in the opened window. Confirm the launch by pressing the "OK" button and wait for the scanning results of the main memory and startup files. If you want to scan hard drives of your computer, select the objects for scanning in the central part of the scanner window and press "Start scanning" in the right bottom corner.


To scan your computer with the most up-to-date Dr.Web virus databases next time you should download new Dr.Web CureIt! package. For this, press the "Update" link on the first utility screen, which leads to our ftp-server where the latest version of CureIt! is located. Download the utility and run it again.

Scan using safe mode ... How to start Windows in Safe Mode
Download, Install and update ..Reboot back into safe mode and scan with the Free Home user version of SUPERAntiSpyware
Delete anything found and reboot back to normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 hunteroriginal

hunteroriginal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 10 November 2007 - 01:01 AM

alright, I'm going to run a few more scans to see if it is still present in my system first, if so I will follow your instructions carefully. Appreciate the fast responce time.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:16 AM

Posted 10 November 2007 - 08:24 AM

What program is alerting you to the backdoor infection?
Is there a specific file associated with it?
What is the location (full path) is this file running from?

Backdoor Trojans, IRCBots and Infostealers are very dangerous because they provide a means of accessing a computer system that bypasses security mechanisms and steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge. Read the Danger: Remote Access Trojans.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect your computer from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breech.

Although the backdoor Trojan has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because the backdoor Trojan has been removed the computer is now secure. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat and reinstall the OS - "When should I re-format?".

Edited by quietman7, 10 November 2007 - 08:25 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 hunteroriginal

hunteroriginal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 10 November 2007 - 09:53 AM

http://prerelease.trendmicro-europe.com/hc66/launch/
is alerting me to its presence. I do not recall the exact filepath but toward the end was hosts/127.0.0.1 (I'm pretty sure on the number, but I'll update it in a little bit if I'm wrong.)
I'm running a scan now to see if it is still present, and I'm not at all worried about the backdoor being able to "call home". I'm behind a firewall here that is set to request-only, and a firewalled router. The issue I have with the virus being present is that it appears to slow up the system a bit. It should also be noted that I am running Vista.

Edited by hunteroriginal, 10 November 2007 - 10:00 AM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:16 AM

Posted 10 November 2007 - 12:07 PM

Ok. If its still present, submit the file to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
Post back with the results of the file analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 hunteroriginal

hunteroriginal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 21 November 2007 - 08:54 AM

Well for starters Dr.Web detected absolutely nothing.
Trend micro said it was gone for a couple weeks, then i guess i stumbled across the same place on the internet I got it the first time because now it's back.

I ran a new scan and trend micro says this is the filepath.

C:\windows\system32\drivers\etc\hosts\127.0.0.1

However, it also says that now it is removed. I will continue to run daily scans to see if it is actualy gone or if trend micro is just ignoring it. I'm also running the virusscan.jotti.org, and currently nothing is being detected in my hosts file.

Edited by hunteroriginal, 21 November 2007 - 08:58 AM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:16 AM

Posted 21 November 2007 - 10:19 AM

What exactly is Trend Micro saying about your hosts file?

The HOSTS file is a text file that has no extension and can be viewed using notepad. At the top is an explanation of the simple syntax. Each line is an IP address, a domain name, and an optional comment placed after a # sign. A HOSTS file maps an IP address to a name. The original purpose of hosts files was to map the proper address to a site's name but now its also used for blocking purposes. 127.0.0.1 localhost is the universal IP address of all local computers and is also called the "loopback" because it refers to the local computer only.

The loopback address is used to stop web ads from displaying because 127.0.0.1 indicates home (the location of your computer) and whatever is redirected home will not leave the system. Anything that appears in your HOSTS file without an # at the beginning, except from the "127.0.0.1 localhost" line, should be viewed with suspicion.

The HOSTS file is found in these default locations:
Windows Vista -> C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows XP -> C:\Windows\system32\drivers\etc\hosts
Windows 2K -> C:\WInnt\system32\drivers\etc\hosts
Windows 98 -> C:\Windows\hosts
Windoes ME -> C:\Windows\hosts

An example HOSTS file is shown here.

To view the folder containing the Hosts file, go to Start > Run and type: %windir%\system32\drivers\etc\
The Hosts file has as no extension. The easiest way to access and view the contents is by using notepad.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 hunteroriginal

hunteroriginal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 24 November 2007 - 01:34 AM

Alright it was gone for a few more days and now it's back again. I'm begining to think it may be hoping over from another computer in my network, but I am unsure.

Below is a screenshot of the result window, I cannot provide you with further info.
Posted Image

I've looked at my host file, and can't say I see anything out of the ordinary. Should I post it?

Edited by hunteroriginal, 24 November 2007 - 01:39 AM.


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:16 AM

Posted 24 November 2007 - 06:47 AM

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.
Please download Dr.Web CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with Dr.Web CureIt as follows:
  • Double-click on cureit.exe to start the program. (ignore any prompts to update or check for a new version)
  • When the Dr.Web opens, an "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop. (You can use Notepad to open the DrWeb.cvs report)
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply.
Download Sysclean Package and the latest Virus Pattern Files - (Pattern files are usually named lptxxx.zip, where xxx is the pattern file number).
  • Be sure to print out and follow the instructions provided in the How to Use System Cleaner for performing a scan.
  • This tool generates a log file (sysclean.log) in the same folder where the scan is completed - C:\Sysclean.
  • When using Sysclean its best to use the Administrator's account or an account with Administrative rights otherwise you will not have access rights to scan some locations. You can also Use the "Run As" Command to Start a Program as an Administrator. Even when doing that, the scanning process may result in "Access Denied" messages for some files. This is normal because these files are protected by the system.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 hunteroriginal

hunteroriginal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 27 November 2007 - 02:48 PM

Ok I booted in safe mode and ran ATF cleaner and the Dr.Web Cureit program.
Dr.Web found a trojan downloader (this time :thumbsup:)


tmp1D89.vbs;C:\Documents and Settings\HunterOriginal\AppData\Local\Application Data\Temp;Modification of Trojan.DownLoader.13879;Moved.;
tmp1D89.vbs;C:\Documents and Settings\HunterOriginal\DoctorWeb\Quarantine;Modification of Trojan.DownLoader.13879;Moved.;


I did not see your note about syscleaner untill after I had already rebooted out of safe mode. Do I need to return to safemode to run the syscleaner?

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:16 AM

Posted 27 November 2007 - 05:34 PM

Yes, go ahead and run the Sysclean Package in safe mode.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 hunteroriginal

hunteroriginal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 07 December 2007 - 11:04 AM

/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/


2007-12-03, 18:05:24, Auto-clean mode specified.
2007-12-03, 18:05:24, Running scanner "C:\Clean\TSC.BIN"...
2007-12-03, 18:05:53, Scanner "C:\Clean\TSC.BIN" has finished running.
2007-12-03, 18:05:53, TSC Log:

2007-12-03, 18:05:53, An error was detected on "C:\Documents and Settings\*.*": Access is denied.
2007-12-03, 18:06:04, An error was detected on "C:\Program Files\Microsoft Windows OneCare Live\ClientSD\*.*": Access is denied.
2007-12-03, 18:06:09, An error was detected on "C:\ProgramData\Application Data\*.*": Access is denied.
2007-12-03, 18:06:09, An error was detected on "C:\ProgramData\Desktop\*.*": Access is denied.
2007-12-03, 18:06:09, An error was detected on "C:\ProgramData\Documents\*.*": Access is denied.
2007-12-03, 18:06:09, An error was detected on "C:\ProgramData\Favorites\*.*": Access is denied.
2007-12-03, 18:06:10, An error was detected on "C:\ProgramData\Start Menu\*.*": Access is denied.
2007-12-03, 18:06:11, An error was detected on "C:\ProgramData\Templates\*.*": Access is denied.
2007-12-03, 18:06:11, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2007-12-03, 18:06:11, An error was detected on "C:\Users\All Users\Application Data\*.*": Access is denied.
2007-12-03, 18:06:11, An error was detected on "C:\Users\All Users\Desktop\*.*": Access is denied.
2007-12-03, 18:06:11, An error was detected on "C:\Users\All Users\Documents\*.*": Access is denied.
2007-12-03, 18:06:11, An error was detected on "C:\Users\All Users\Favorites\*.*": Access is denied.
2007-12-03, 18:06:12, An error was detected on "C:\Users\All Users\Start Menu\*.*": Access is denied.
2007-12-03, 18:06:12, An error was detected on "C:\Users\All Users\Templates\*.*": Access is denied.
2007-12-03, 18:06:12, An error was detected on "C:\Users\Default\AppData\Local\Application Data\*.*": Access is denied.
2007-12-03, 18:06:12, An error was detected on "C:\Users\Default\AppData\Local\History\*.*": Access is denied.
2007-12-03, 18:06:12, An error was detected on "C:\Users\Default\AppData\Local\Temporary Internet Files\*.*": Access is denied.
2007-12-03, 18:06:13, An error was detected on "C:\Users\Default\Application Data\*.*": Access is denied.
2007-12-03, 18:06:13, An error was detected on "C:\Users\Default\Cookies\*.*": Access is denied.
2007-12-03, 18:06:13, An error was detected on "C:\Users\Default\Documents\My Music\*.*": Access is denied.
2007-12-03, 18:06:13, An error was detected on "C:\Users\Default\Documents\My Pictures\*.*": Access is denied.
2007-12-03, 18:06:13, An error was detected on "C:\Users\Default\Documents\My Videos\*.*": Access is denied.
2007-12-03, 18:06:13, An error was detected on "C:\Users\Default\Local Settings\*.*": Access is denied.
2007-12-03, 18:06:13, An error was detected on "C:\Users\Default\My Documents\*.*": Access is denied.
2007-12-03, 18:06:13, An error was detected on "C:\Users\Default\NetHood\*.*": Access is denied.
2007-12-03, 18:06:13, An error was detected on "C:\Users\Default\PrintHood\*.*": Access is denied.
2007-12-03, 18:06:13, An error was detected on "C:\Users\Default\Recent\*.*": Access is denied.
2007-12-03, 18:06:13, An error was detected on "C:\Users\Default\SendTo\*.*": Access is denied.
2007-12-03, 18:06:13, An error was detected on "C:\Users\Default\Start Menu\*.*": Access is denied.
2007-12-03, 18:06:13, An error was detected on "C:\Users\Default\Templates\*.*": Access is denied.
2007-12-03, 18:06:13, An error was detected on "C:\Users\Default User\*.*": Access is denied.
2007-12-03, 18:06:13, An error was detected on "C:\Users\HunterOriginal\AppData\Local\Application Data\*.*": Access is denied.
2007-12-03, 18:06:13, An error was detected on "C:\Users\HunterOriginal\AppData\Local\History\*.*": Access is denied.
2007-12-03, 18:06:18, An error was detected on "C:\Users\HunterOriginal\AppData\Local\Temporary Internet Files\*.*": Access is denied.
2007-12-03, 18:06:19, An error was detected on "C:\Users\HunterOriginal\Application Data\*.*": Access is denied.
2007-12-03, 18:06:19, An error was detected on "C:\Users\HunterOriginal\Cookies\*.*": Access is denied.
2007-12-03, 18:06:19, An error was detected on "C:\Users\HunterOriginal\Documents\My Music\*.*": Access is denied.
2007-12-03, 18:06:19, An error was detected on "C:\Users\HunterOriginal\Documents\My Pictures\*.*": Access is denied.
2007-12-03, 18:06:19, An error was detected on "C:\Users\HunterOriginal\Documents\My Videos\*.*": Access is denied.
2007-12-03, 18:06:19, An error was detected on "C:\Users\HunterOriginal\Local Settings\*.*": Access is denied.
2007-12-03, 18:06:19, An error was detected on "C:\Users\HunterOriginal\My Documents\*.*": Access is denied.
2007-12-03, 18:06:19, An error was detected on "C:\Users\HunterOriginal\NetHood\*.*": Access is denied.
2007-12-03, 18:06:19, An error was detected on "C:\Users\HunterOriginal\PrintHood\*.*": Access is denied.
2007-12-03, 18:06:19, An error was detected on "C:\Users\HunterOriginal\Recent\*.*": Access is denied.
2007-12-03, 18:06:19, An error was detected on "C:\Users\HunterOriginal\SendTo\*.*": Access is denied.
2007-12-03, 18:06:19, An error was detected on "C:\Users\HunterOriginal\Start Menu\*.*": Access is denied.
2007-12-03, 18:06:19, An error was detected on "C:\Users\HunterOriginal\Templates\*.*": Access is denied.
2007-12-03, 18:06:19, An error was detected on "C:\Users\Public\Documents\My Music\*.*": Access is denied.
2007-12-03, 18:06:19, An error was detected on "C:\Users\Public\Documents\My Pictures\*.*": Access is denied.
2007-12-03, 18:06:19, An error was detected on "C:\Users\Public\Documents\My Videos\*.*": Access is denied.
2007-12-03, 18:06:26, An error was detected on "C:\Windows\System32\LogFiles\WMI\RtBackup\*.*": Access is denied.
2007-12-03, 18:06:31, An error was detected on "D:\System Volume Information\*.*": Access is denied.
2007-12-03, 18:33:13, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 12/3/2007 18:06:33
VSAPI Engine Version : 8.500-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 849 (263345 Patterns) (2007/11/26) (484900)
Command Line: C:\Clean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Clean

78697 files have been read.
78697 files have been checked.
78649 files have been scanned.
203982 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/3/2007 18:33:13
---------*---------*---------*---------*---------*---------*---------*---------*
2007-12-03, 18:33:13, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 12/3/2007 18:06:33
VSAPI Engine Version : 8.500-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 849 (263345 Patterns) (2007/11/26) (484900)
Command Line: C:\Clean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Clean

78697 files have been read.
78697 files have been checked.
78649 files have been scanned.
203982 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/3/2007 18:33:13 26 minutes 39 seconds (1598.45 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-12-03, 18:33:13, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 12/3/2007 18:06:33
VSAPI Engine Version : 8.500-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 849 (263345 Patterns) (2007/11/26) (484900)
Command Line: C:\Clean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Clean

78697 files have been read.
78697 files have been checked.
78649 files have been scanned.
203982 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/3/2007 18:33:13 26 minutes 39 seconds (1598.45 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-12-03, 18:33:13, Scanner "C:\Clean\VSCANTM.BIN" has finished running.
2007-12-03, 18:35:20, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 12/3/2007 18:33:13
VSAPI Engine Version : 8.500-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 849 (263345 Patterns) (2007/11/26) (484900)
Command Line: C:\Clean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Clean

9412 files have been read.
9412 files have been checked.
9411 files have been scanned.
9415 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/3/2007 18:35:20
---------*---------*---------*---------*---------*---------*---------*---------*
2007-12-03, 18:35:20, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 12/3/2007 18:33:13
VSAPI Engine Version : 8.500-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 849 (263345 Patterns) (2007/11/26) (484900)
Command Line: C:\Clean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Clean

9412 files have been read.
9412 files have been checked.
9411 files have been scanned.
9415 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/3/2007 18:35:20 2 minutes 6 seconds (126.41 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-12-03, 18:35:20, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 12/3/2007 18:33:13
VSAPI Engine Version : 8.500-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 849 (263345 Patterns) (2007/11/26) (484900)
Command Line: C:\Clean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Clean

9412 files have been read.
9412 files have been checked.
9411 files have been scanned.
9415 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/3/2007 18:35:20 2 minutes 6 seconds (126.41 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-12-03, 18:35:20, Scanner "C:\Clean\VSCANTM.BIN" has finished running.


/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/


2007-12-04, 15:30:29, Auto-clean mode specified.
2007-12-04, 15:30:29, Running scanner "C:\Clean\TSC.BIN"...
2007-12-04, 15:30:29, Scanner "C:\Clean\TSC.BIN" could not be executed: The system cannot find the file specified.
2007-12-04, 15:30:29, An error was detected on "C:\Documents and Settings\*.*": Access is denied.
2007-12-04, 15:30:38, An error was detected on "C:\Program Files\Microsoft Windows OneCare Live\ClientSD\*.*": Access is denied.
2007-12-04, 15:30:44, An error was detected on "C:\ProgramData\Application Data\*.*": Access is denied.
2007-12-04, 15:30:44, An error was detected on "C:\ProgramData\Desktop\*.*": Access is denied.
2007-12-04, 15:30:44, An error was detected on "C:\ProgramData\Documents\*.*": Access is denied.
2007-12-04, 15:30:44, An error was detected on "C:\ProgramData\Favorites\*.*": Access is denied.
2007-12-04, 15:30:46, An error was detected on "C:\ProgramData\Start Menu\*.*": Access is denied.
2007-12-04, 15:30:48, An error was detected on "C:\ProgramData\Templates\*.*": Access is denied.
2007-12-04, 15:30:48, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2007-12-04, 15:30:48, An error was detected on "C:\Users\All Users\Application Data\*.*": Access is denied.
2007-12-04, 15:30:48, An error was detected on "C:\Users\All Users\Desktop\*.*": Access is denied.
2007-12-04, 15:30:48, An error was detected on "C:\Users\All Users\Documents\*.*": Access is denied.
2007-12-04, 15:30:48, An error was detected on "C:\Users\All Users\Favorites\*.*": Access is denied.
2007-12-04, 15:30:49, An error was detected on "C:\Users\All Users\Start Menu\*.*": Access is denied.
2007-12-04, 15:30:49, An error was detected on "C:\Users\All Users\Templates\*.*": Access is denied.
2007-12-04, 15:30:49, An error was detected on "C:\Users\Default\AppData\Local\Application Data\*.*": Access is denied.
2007-12-04, 15:30:49, An error was detected on "C:\Users\Default\AppData\Local\History\*.*": Access is denied.
2007-12-04, 15:30:49, An error was detected on "C:\Users\Default\AppData\Local\Temporary Internet Files\*.*": Access is denied.
2007-12-04, 15:30:49, An error was detected on "C:\Users\Default\Application Data\*.*": Access is denied.
2007-12-04, 15:30:49, An error was detected on "C:\Users\Default\Cookies\*.*": Access is denied.
2007-12-04, 15:30:49, An error was detected on "C:\Users\Default\Documents\My Music\*.*": Access is denied.
2007-12-04, 15:30:49, An error was detected on "C:\Users\Default\Documents\My Pictures\*.*": Access is denied.
2007-12-04, 15:30:49, An error was detected on "C:\Users\Default\Documents\My Videos\*.*": Access is denied.
2007-12-04, 15:30:49, An error was detected on "C:\Users\Default\Local Settings\*.*": Access is denied.
2007-12-04, 15:30:49, An error was detected on "C:\Users\Default\My Documents\*.*": Access is denied.
2007-12-04, 15:30:49, An error was detected on "C:\Users\Default\NetHood\*.*": Access is denied.
2007-12-04, 15:30:49, An error was detected on "C:\Users\Default\PrintHood\*.*": Access is denied.
2007-12-04, 15:30:49, An error was detected on "C:\Users\Default\Recent\*.*": Access is denied.
2007-12-04, 15:30:49, An error was detected on "C:\Users\Default\SendTo\*.*": Access is denied.
2007-12-04, 15:30:49, An error was detected on "C:\Users\Default\Start Menu\*.*": Access is denied.
2007-12-04, 15:30:49, An error was detected on "C:\Users\Default\Templates\*.*": Access is denied.
2007-12-04, 15:30:49, An error was detected on "C:\Users\Default User\*.*": Access is denied.
2007-12-04, 15:30:49, An error was detected on "C:\Users\HunterOriginal\AppData\Local\Application Data\*.*": Access is denied.
2007-12-04, 15:30:50, An error was detected on "C:\Users\HunterOriginal\AppData\Local\History\*.*": Access is denied.
2007-12-04, 15:30:54, An error was detected on "C:\Users\HunterOriginal\AppData\Local\Temporary Internet Files\*.*": Access is denied.
2007-12-04, 15:30:57, An error was detected on "C:\Users\HunterOriginal\Application Data\*.*": Access is denied.
2007-12-04, 15:30:57, An error was detected on "C:\Users\HunterOriginal\Cookies\*.*": Access is denied.
2007-12-04, 15:30:57, An error was detected on "C:\Users\HunterOriginal\Documents\My Music\*.*": Access is denied.
2007-12-04, 15:30:57, An error was detected on "C:\Users\HunterOriginal\Documents\My Pictures\*.*": Access is denied.
2007-12-04, 15:30:57, An error was detected on "C:\Users\HunterOriginal\Documents\My Videos\*.*": Access is denied.
2007-12-04, 15:30:57, An error was detected on "C:\Users\HunterOriginal\Local Settings\*.*": Access is denied.
2007-12-04, 15:30:57, An error was detected on "C:\Users\HunterOriginal\My Documents\*.*": Access is denied.
2007-12-04, 15:30:57, An error was detected on "C:\Users\HunterOriginal\NetHood\*.*": Access is denied.
2007-12-04, 15:30:57, An error was detected on "C:\Users\HunterOriginal\PrintHood\*.*": Access is denied.
2007-12-04, 15:30:57, An error was detected on "C:\Users\HunterOriginal\Recent\*.*": Access is denied.
2007-12-04, 15:30:57, An error was detected on "C:\Users\HunterOriginal\SendTo\*.*": Access is denied.
2007-12-04, 15:30:57, An error was detected on "C:\Users\HunterOriginal\Start Menu\*.*": Access is denied.
2007-12-04, 15:30:57, An error was detected on "C:\Users\HunterOriginal\Templates\*.*": Access is denied.
2007-12-04, 15:30:57, An error was detected on "C:\Users\Public\Documents\My Music\*.*": Access is denied.
2007-12-04, 15:30:57, An error was detected on "C:\Users\Public\Documents\My Pictures\*.*": Access is denied.
2007-12-04, 15:30:57, An error was detected on "C:\Users\Public\Documents\My Videos\*.*": Access is denied.
2007-12-04, 15:31:05, An error was detected on "C:\Windows\System32\LogFiles\WMI\RtBackup\*.*": Access is denied.
2007-12-04, 15:31:24, An error was detected on "D:\System Volume Information\*.*": Access is denied.
2007-12-04, 15:31:30, Scanner "C:\Clean\VSCANTM.BIN" could not be executed: The system cannot find the file specified.
2007-12-04, 15:31:30, Scanner "C:\Clean\VSCANTM.BIN" could not be executed: The system cannot find the file specified.


/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/


2007-12-04, 15:32:18, Auto-clean mode specified.
2007-12-04, 15:32:18, Running scanner "C:\Clean\TSC.BIN"...
2007-12-04, 15:35:39, Scanner "C:\Clean\TSC.BIN" has finished running.
2007-12-04, 15:35:39, TSC Log:

2007-12-04, 15:35:39, An error was detected on "C:\Documents and Settings\*.*": Access is denied.
2007-12-04, 15:35:42, An error was detected on "C:\Program Files\Microsoft Windows OneCare Live\ClientSD\*.*": Access is denied.
2007-12-04, 15:35:43, An error was detected on "C:\ProgramData\Application Data\*.*": Access is denied.
2007-12-04, 15:35:43, An error was detected on "C:\ProgramData\Desktop\*.*": Access is denied.
2007-12-04, 15:35:43, An error was detected on "C:\ProgramData\Documents\*.*": Access is denied.
2007-12-04, 15:35:43, An error was detected on "C:\ProgramData\Favorites\*.*": Access is denied.
2007-12-04, 15:35:44, An error was detected on "C:\ProgramData\Start Menu\*.*": Access is denied.
2007-12-04, 15:35:44, An error was detected on "C:\ProgramData\Templates\*.*": Access is denied.
2007-12-04, 15:35:44, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2007-12-04, 15:35:44, An error was detected on "C:\Users\All Users\Application Data\*.*": Access is denied.
2007-12-04, 15:35:44, An error was detected on "C:\Users\All Users\Desktop\*.*": Access is denied.
2007-12-04, 15:35:44, An error was detected on "C:\Users\All Users\Documents\*.*": Access is denied.
2007-12-04, 15:35:44, An error was detected on "C:\Users\All Users\Favorites\*.*": Access is denied.
2007-12-04, 15:35:44, An error was detected on "C:\Users\All Users\Start Menu\*.*": Access is denied.
2007-12-04, 15:35:45, An error was detected on "C:\Users\All Users\Templates\*.*": Access is denied.
2007-12-04, 15:35:45, An error was detected on "C:\Users\Default\AppData\Local\Application Data\*.*": Access is denied.
2007-12-04, 15:35:45, An error was detected on "C:\Users\Default\AppData\Local\History\*.*": Access is denied.
2007-12-04, 15:35:45, An error was detected on "C:\Users\Default\AppData\Local\Temporary Internet Files\*.*": Access is denied.
2007-12-04, 15:35:45, An error was detected on "C:\Users\Default\Application Data\*.*": Access is denied.
2007-12-04, 15:35:45, An error was detected on "C:\Users\Default\Cookies\*.*": Access is denied.
2007-12-04, 15:35:45, An error was detected on "C:\Users\Default\Documents\My Music\*.*": Access is denied.
2007-12-04, 15:35:45, An error was detected on "C:\Users\Default\Documents\My Pictures\*.*": Access is denied.
2007-12-04, 15:35:45, An error was detected on "C:\Users\Default\Documents\My Videos\*.*": Access is denied.
2007-12-04, 15:35:45, An error was detected on "C:\Users\Default\Local Settings\*.*": Access is denied.
2007-12-04, 15:35:45, An error was detected on "C:\Users\Default\My Documents\*.*": Access is denied.
2007-12-04, 15:35:45, An error was detected on "C:\Users\Default\NetHood\*.*": Access is denied.
2007-12-04, 15:35:45, An error was detected on "C:\Users\Default\PrintHood\*.*": Access is denied.
2007-12-04, 15:35:45, An error was detected on "C:\Users\Default\Recent\*.*": Access is denied.
2007-12-04, 15:35:45, An error was detected on "C:\Users\Default\SendTo\*.*": Access is denied.
2007-12-04, 15:35:45, An error was detected on "C:\Users\Default\Start Menu\*.*": Access is denied.
2007-12-04, 15:35:45, An error was detected on "C:\Users\Default\Templates\*.*": Access is denied.
2007-12-04, 15:35:45, An error was detected on "C:\Users\Default User\*.*": Access is denied.
2007-12-04, 15:35:45, An error was detected on "C:\Users\HunterOriginal\AppData\Local\Application Data\*.*": Access is denied.
2007-12-04, 15:35:45, An error was detected on "C:\Users\HunterOriginal\AppData\Local\History\*.*": Access is denied.
2007-12-04, 15:35:45, An error was detected on "C:\Users\HunterOriginal\AppData\Local\Temporary Internet Files\*.*": Access is denied.
2007-12-04, 15:35:45, An error was detected on "C:\Users\HunterOriginal\Application Data\*.*": Access is denied.
2007-12-04, 15:35:45, An error was detected on "C:\Users\HunterOriginal\Cookies\*.*": Access is denied.
2007-12-04, 15:35:45, An error was detected on "C:\Users\HunterOriginal\Documents\My Music\*.*": Access is denied.
2007-12-04, 15:35:45, An error was detected on "C:\Users\HunterOriginal\Documents\My Pictures\*.*": Access is denied.
2007-12-04, 15:35:45, An error was detected on "C:\Users\HunterOriginal\Documents\My Videos\*.*": Access is denied.
2007-12-04, 15:35:45, An error was detected on "C:\Users\HunterOriginal\Local Settings\*.*": Access is denied.
2007-12-04, 15:35:46, An error was detected on "C:\Users\HunterOriginal\My Documents\*.*": Access is denied.
2007-12-04, 15:35:46, An error was detected on "C:\Users\HunterOriginal\NetHood\*.*": Access is denied.
2007-12-04, 15:35:46, An error was detected on "C:\Users\HunterOriginal\PrintHood\*.*": Access is denied.
2007-12-04, 15:35:46, An error was detected on "C:\Users\HunterOriginal\Recent\*.*": Access is denied.
2007-12-04, 15:35:46, An error was detected on "C:\Users\HunterOriginal\SendTo\*.*": Access is denied.
2007-12-04, 15:35:46, An error was detected on "C:\Users\HunterOriginal\Start Menu\*.*": Access is denied.
2007-12-04, 15:35:46, An error was detected on "C:\Users\HunterOriginal\Templates\*.*": Access is denied.
2007-12-04, 15:35:46, An error was detected on "C:\Users\Public\Documents\My Music\*.*": Access is denied.
2007-12-04, 15:35:46, An error was detected on "C:\Users\Public\Documents\My Pictures\*.*": Access is denied.
2007-12-04, 15:35:46, An error was detected on "C:\Users\Public\Documents\My Videos\*.*": Access is denied.
2007-12-04, 15:35:49, An error was detected on "C:\Windows\System32\LogFiles\WMI\RtBackup\*.*": Access is denied.
2007-12-04, 15:35:54, An error was detected on "D:\System Volume Information\*.*": Access is denied.
2007-12-04, 15:35:56, Scanner "C:\Clean\VSCANTM.BIN" could not be executed: The system cannot find the file specified.
2007-12-04, 15:35:56, Scanner "C:\Clean\VSCANTM.BIN" could not be executed: The system cannot find the file specified.


In safe mode all my programs run as admin anyway. I am unable to figure out why it cannot enter these directories. I've tried right clicking the program that appears after activating the DOS application, and running it as admin, but I recieve the same errors. :S help?

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:16 AM

Posted 07 December 2007 - 11:32 AM

"Object is locked skipped" or "Access Denied" notations in a scan -> This is normal as a files are locked by the operating system or running programs during use for protection, so scanners cannot access them. However, that should not be the case for each and every folder if your running with Admin rights.

Retry in normal mode and if your still having problems, then perform this online Virus scan: BitDefender Online Scanner. <- Add a check by "Autoclean".
(Requires Internet Explorer to work. Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component. If given the option, choose "Quarantine" instead of delete.)

Also let me know if your having any further malware issues.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users