Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help!


  • Please log in to reply
17 replies to this topic

#1 trevorveasey

trevorveasey

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Location:AVON PARK, FL
  • Local time:05:57 PM

Posted 23 February 2005 - 04:29 AM

Logfile of HijackThis v1.99.1
Scan saved at 4:27:35 AM, on 2/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\TREVOR~1.D3H\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {11111111-1111-1111-1111-111111114457} - file://c:\ied_s7m.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107681204906
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Trevor

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:57 PM

Posted 24 February 2005 - 12:26 AM

You are currently using hijackthis from a temp directory. This can cause problems. Please create a directory on your c: drive called c:\hijackthis and download and unzip hijackthis into that directory. Run the program from that directory from now on.

For a tutorial on how to use HijackThis please see the following link:

Using HijackThis to Remove Spyware, Browser Hijackers, and Dialers


Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O16 - DPF: {11111111-1111-1111-1111-111111114457} - file://c:\ied_s7m.cab

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

c:\ied_s7m.cab

Reboot your computer to go back to normal mode and post a new log.

#3 trevorveasey

trevorveasey
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Location:AVON PARK, FL
  • Local time:05:57 PM

Posted 24 February 2005 - 09:52 PM

Ok, I have a dumb question. How do you start in safe mode? I've tried to run setup when the comp is restarting. but I can't find it.
Trevor

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:57 PM

Posted 24 February 2005 - 11:20 PM

Click on safe mode link in my post above for a tutorial on how to get into it

#5 trevorveasey

trevorveasey
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Location:AVON PARK, FL
  • Local time:05:57 PM

Posted 25 February 2005 - 01:47 AM

Logfile of HijackThis v1.99.1
Scan saved at 1:46:28 AM, on 2/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107681204906
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Trevor

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:57 PM

Posted 25 February 2005 - 11:32 AM

Looks good to me. Are you still having problems?

#7 trevorveasey

trevorveasey
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Location:AVON PARK, FL
  • Local time:05:57 PM

Posted 25 February 2005 - 02:08 PM

one of my anti-virus programs says that I have to trojan viruses that it can't delete.
Trevor

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:57 PM

Posted 25 February 2005 - 03:28 PM

What file and where is it located?

#9 trevorveasey

trevorveasey
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Location:AVON PARK, FL
  • Local time:05:57 PM

Posted 25 February 2005 - 04:33 PM

eTrust EZ Antivirus Version 6.2.0.28
Started scanning: 2:02:48 AM, 2/7/2005
Dat file v8915

Scanning boot sectors...
c:\ Master Boot Record matches template, is OK: standard Win2000 (1).
c:\ Partition Boot Record matches template, is OK: standard Win2000 (2).

Scanning file(s)...
c:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - unable to open file - not scanned.
c:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - unable to open file - not scanned.
c:\Documents and Settings\LocalService\Cookies\INDEX.DAT - unable to open file - not scanned.
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT - unable to open file - not scanned.
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT - unable to open file - not scanned.
c:\Documents and Settings\LocalService\NTUSER.DAT - unable to open file - not scanned.
c:\Documents and Settings\LocalService\ntuser.dat.LOG - unable to open file - not scanned.
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
c:\Documents and Settings\NetworkService\NTUSER.DAT - unable to open file - not scanned.
c:\Documents and Settings\NetworkService\ntuser.dat.LOG - unable to open file - not scanned.
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\1.jar-bd9bcb1-2a3626db.zip>Counter.class - Java.ByteVerify!exploit trojan.
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\1.jar-bd9bcb1-2a3626db.zip>Dummy.class - Java.ByteVerify!exploit trojan.
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\1.jar-bd9bcb1-2a3626db.zip>Matrix.class - Java.Shinwow.W trojan.
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\1.jar-bd9bcb1-2a3626db.zip>Parser.class - Java.ByteVerify!exploit trojan.
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\1.jar-bd9bcb1-2a3626db.zip contains infected files.
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-73a87542-2f6dae46.zip>BlackBox.class - Java.ByteVerify!exploit trojan.
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-73a87542-2f6dae46.zip>VB.class - Java.ByteVerify!exploit trojan.
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-73a87542-2f6dae46.zip>Dummy.class - Java.ByteVerify!exploit trojan.
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-73a87542-2f6dae46.zip>Beyond.class - Java.Shinwow.AM trojan.
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-73a87542-2f6dae46.zip contains infected files.
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-783e237a-4b9dfb89.zip>GetAccess.class - Java.ByteVerify!exploit trojan.
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-783e237a-4b9dfb89.zip>InsecureClassLoader.class - Java.ByteVerify!exploit trojan.
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-783e237a-4b9dfb89.zip>Dummy.class - Java.ByteVerify!exploit trojan.
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-783e237a-4b9dfb89.zip>Installer.class - Java.Shinwow.Q trojan.
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-783e237a-4b9dfb89.zip contains infected files.
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-430178ad-6cae1f1b.zip>Beyond.class - Java.Shinwow.U trojan.
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-430178ad-6cae1f1b.zip>BlackBox.class - Java.ByteVerify!exploit trojan.
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-430178ad-6cae1f1b.zip>Dummy.class - Java.ByteVerify!exploit trojan.
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-430178ad-6cae1f1b.zip>VerifierBug.class - Java.ByteVerify!exploit trojan.
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-430178ad-6cae1f1b.zip contains infected files.
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-6ecc4ec7-256bafa0.zip>GetAccess.class - Java.ByteVerify!exploit trojan.
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-6ecc4ec7-256bafa0.zip>InsecureClassLoader.class - Java.ByteVerify!exploit trojan.
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-6ecc4ec7-256bafa0.zip>Dummy.class - Java.ByteVerify!exploit trojan.
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-6ecc4ec7-256bafa0.zip>Installer.class - Java.Shinwow.Q trojan.
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-6ecc4ec7-256bafa0.zip contains infected files.
c:\Documents and Settings\Trevor Veasey\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF\enter[1].htm>unknown - HTML.HelpControl!exploit trojan.
c:\Documents and Settings\Trevor Veasey\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF\enter[1].htm contains infected files.
c:\Documents and Settings\Trevor Veasey\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF\msits[1].exe - Win32.Winshow.AR trojan. Deleted.
c:\Documents and Settings\Trevor Veasey\Local Settings\Temporary Internet Files\Content.IE5\4T09UFC9\dir31320646[1].htm - JS.MHTMLRedir!exploit trojan. Deleted.
c:\Documents and Settings\Trevor Veasey\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\counter[1].gif - JS.MHTMLRedir!exploit trojan. Deleted.
c:\Documents and Settings\Trevor Veasey\Local Settings\Temporary Internet Files\Content.IE5\OT2JQP0H\counter[1].htm - HTML.MHTMLRedir!exploit trojan. Deleted.
c:\Documents and Settings\Trevor Veasey\Local Settings\Temporary Internet Files\Content.IE5\Q18F2T25\exploit[1].exe - Win32.Dister.O trojan. Deleted.
c:\Documents and Settings\Trevor Veasey\Local Settings\Temporary Internet Files\Content.IE5\UBMZEDUB\EXPLOIT[1].CHM - JS.Petch trojan. Deleted.
c:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch.1612.204484 - error in scanning - scan abandoned.
c:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4d73a4d2-33c7cbfc.zip>Mein.class - Java.ByteVerify!exploit trojan.
c:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4d73a4d2-33c7cbfc.zip>ProbeLoader.class - Java.ByteVerify!exploit trojan.
c:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4d73a4d2-33c7cbfc.zip>Dummy.class - Java.ByteVerify!exploit trojan.
c:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4d73a4d2-33c7cbfc.zip>Beyond.class - Java.Shinwow.AJ trojan.
c:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4d73a4d2-33c7cbfc.zip>binny/binny.class - Java.Shinwow.AJ trojan.
c:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4d73a4d2-33c7cbfc.zip contains infected files.
c:\Documents and Settings\Trevor Veasey.D3H36G41\Cookies\INDEX.DAT - unable to open file - not scanned.
c:\Documents and Settings\Trevor Veasey.D3H36G41\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini.inuse - unable to open file - not scanned.
c:\Documents and Settings\Trevor Veasey.D3H36G41\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
c:\Documents and Settings\Trevor Veasey.D3H36G41\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
c:\Documents and Settings\Trevor Veasey.D3H36G41\Local Settings\History\History.IE5\INDEX.DAT - unable to open file - not scanned.
c:\Documents and Settings\Trevor Veasey.D3H36G41\Local Settings\Temp\Perflib_Perfdata_724.dat - unable to open file - not scanned.
c:\Documents and Settings\Trevor Veasey.D3H36G41\Local Settings\Temp\Perflib_Perfdata_a28.dat - unable to open file - not scanned.
c:\Documents and Settings\Trevor Veasey.D3H36G41\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT - unable to open file - not scanned.
c:\Documents and Settings\Trevor Veasey.D3H36G41\NTUSER.DAT - unable to open file - not scanned.
c:\Documents and Settings\Trevor Veasey.D3H36G41\ntuser.dat.LOG - unable to open file - not scanned.
c:\hiberfil.sys - unable to open file - not scanned.
c:\I386\WBCACHE.NL_ - scan incomplete.
c:\ied_s7m.cab>nnet.exe - Win32.SillyDl.AE trojan.
c:\ied_s7m.cab contains infected files.
c:\pagefile.sys - unable to open file - not scanned.
c:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VIRUSLOG.TXT - unable to open file - not scanned.
c:\Program Files\Sonic\RecordNow!\Tutorial\ENU\TutorialENU.exe - scan incomplete.
c:\Program Files\Sonic\RecordNow!\Tutorial\Movies\movies.exe - scan incomplete.
c:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP26\A0002364.exe - Win32.Startpage.LO trojan. Deleted.
c:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP26\A0003038.exe - Win32.Startpage.LO trojan. Deleted.
c:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP26\A0003039.exe - Win32.Startpage.LO trojan. Deleted.
c:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP26\A0003102.exe - Win32.Winshow.AR trojan. Deleted.
c:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP29\change.log - unable to open file - not scanned.
c:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001213.exe - scan incomplete.
c:\WINDOWS\Debug\oakley.log - unable to open file - not scanned.
c:\WINDOWS\Debug\PASSWD.LOG - unable to open file - not scanned.
c:\WINDOWS\Help\CHMRedir.chm - HTML.Bloon.B trojan. Deleted.
c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch.1120.217015 - error in scanning - scan abandoned.
c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch.1120.217015 - error in scanning - scan abandoned.
c:\WINDOWS\SchedLgU.Txt - unable to open file - not scanned.
c:\WINDOWS\SoftwareDistribution\ReportingEvents.log - unable to open file - not scanned.
c:\WINDOWS\Sti_Trace.log - unable to open file - not scanned.
c:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt - unable to open file - not scanned.
c:\WINDOWS\SYSTEM32\CONFIG\DEFAULT - unable to open file - not scanned.
c:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG - unable to open file - not scanned.
c:\WINDOWS\SYSTEM32\CONFIG\SAM - unable to open file - not scanned.
c:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG - unable to open file - not scanned.
c:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt - unable to open file - not scanned.
c:\WINDOWS\SYSTEM32\CONFIG\SECURITY - unable to open file - not scanned.
c:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG - unable to open file - not scanned.
c:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE - unable to open file - not scanned.
c:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG - unable to open file - not scanned.
c:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt - unable to open file - not scanned.
c:\WINDOWS\SYSTEM32\CONFIG\SYSTEM - unable to open file - not scanned.
c:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG - unable to open file - not scanned.
c:\WINDOWS\SYSTEM32\H323LOG.TXT - unable to open file - not scanned.
c:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR - unable to open file - not scanned.
c:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA - unable to open file - not scanned.
c:\WINDOWS\WIADEBUG.LOG - unable to open file - not scanned.
c:\WINDOWS\WIASERVC.LOG - unable to open file - not scanned.
c:\WINDOWS\WindowsUpdate.log - unable to open file - not scanned.

Finished scanning: 2:18:30 AM, 2/7/2005
Number of files scanned: 83419.
Number of files that could not be scanned: 54
Number of archives containing infected files: 8
Number of infections: 38
Number of infected files deleted: 11
Number of infected files not cleaned/deleted/renamed: 27
First 10 files:
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\1.jar-bd9bcb1-2a3626db.zip>Counter.class (Java.ByteVerify!exploit trojan)
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\1.jar-bd9bcb1-2a3626db.zip>Dummy.class (Java.ByteVerify!exploit trojan)
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\1.jar-bd9bcb1-2a3626db.zip>Matrix.class (Java.Shinwow.W trojan)
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\1.jar-bd9bcb1-2a3626db.zip>Parser.class (Java.ByteVerify!exploit trojan)
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-73a87542-2f6dae46.zip>BlackBox.class (Java.ByteVerify!exploit trojan)
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-73a87542-2f6dae46.zip>VB.class (Java.ByteVerify!exploit trojan)
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-73a87542-2f6dae46.zip>Dummy.class (Java.ByteVerify!exploit trojan)
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-73a87542-2f6dae46.zip>Beyond.class (Java.Shinwow.AM trojan)
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-783e237a-4b9dfb89.zip>GetAccess.class (Java.ByteVerify!exploit trojan)
c:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-783e237a-4b9dfb89.zip>InsecureClassLoader.class (Java.ByteVerify!exploit trojan)

eTrust EZ Antivirus Version 6.2.0.28
Started scanning: 5:52:36 AM, 2/9/2005
Dat file v8921

Scanning boot sectors...

Scanning file(s)...
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - unable to open file - not scanned.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT - unable to open file - not scanned.
C:\Documents and Settings\LocalService\NTUSER.DAT - unable to open file - not scanned.
C:\Documents and Settings\LocalService\ntuser.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\NTUSER.DAT - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\1.jar-bd9bcb1-2a3626db.zip>Counter.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\1.jar-bd9bcb1-2a3626db.zip>Dummy.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\1.jar-bd9bcb1-2a3626db.zip>Matrix.class - Java.Shinwow.W trojan.
C:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\1.jar-bd9bcb1-2a3626db.zip>Parser.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\1.jar-bd9bcb1-2a3626db.zip contains infected files.
C:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-73a87542-2f6dae46.zip>BlackBox.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-73a87542-2f6dae46.zip>VB.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-73a87542-2f6dae46.zip>Dummy.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-73a87542-2f6dae46.zip>Beyond.class - Java.Shinwow.AM trojan.
C:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-73a87542-2f6dae46.zip contains infected files.
C:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-783e237a-4b9dfb89.zip>GetAccess.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-783e237a-4b9dfb89.zip>InsecureClassLoader.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-783e237a-4b9dfb89.zip>Dummy.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-783e237a-4b9dfb89.zip>Installer.class - Java.Shinwow.Q trojan.
C:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-783e237a-4b9dfb89.zip contains infected files.
C:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-430178ad-6cae1f1b.zip>Beyond.class - Java.Shinwow.U trojan.
C:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-430178ad-6cae1f1b.zip>BlackBox.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-430178ad-6cae1f1b.zip>Dummy.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-430178ad-6cae1f1b.zip>VerifierBug.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-430178ad-6cae1f1b.zip contains infected files.
C:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-6ecc4ec7-256bafa0.zip>GetAccess.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-6ecc4ec7-256bafa0.zip>InsecureClassLoader.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-6ecc4ec7-256bafa0.zip>Dummy.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-6ecc4ec7-256bafa0.zip>Installer.class - Java.Shinwow.Q trojan.
C:\Documents and Settings\Trevor Veasey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-6ecc4ec7-256bafa0.zip contains infected files.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4d73a4d2-33c7cbfc.zip>Mein.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4d73a4d2-33c7cbfc.zip>ProbeLoader.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4d73a4d2-33c7cbfc.zip>Dummy.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4d73a4d2-33c7cbfc.zip>Beyond.class - Java.Shinwow.AJ trojan.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4d73a4d2-33c7cbfc.zip>binny/binny.class - Java.Shinwow.AJ trojan.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4d73a4d2-33c7cbfc.zip contains infected files.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Webroot\Spy Sweeper\Logs\SpySweeperLog.txt - unable to open file - not scanned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Cookies\INDEX.DAT - unable to open file - not scanned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Local Settings\History\History.IE5\INDEX.DAT - unable to open file - not scanned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Local Settings\History\History.IE5\MSHist012005020920050210\index.dat - unable to open file - not scanned.
eTrust EZ Antivirus Version 6.2.0.28
Started scanning: 9:15:24 PM, 2/22/2005
Dat file v8954

Scanning boot sectors...

Scanning file(s)...
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log - unable to open file - not scanned.
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck - unable to open file - not scanned.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - unable to open file - not scanned.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT - unable to open file - not scanned.
C:\Documents and Settings\LocalService\NTUSER.DAT - unable to open file - not scanned.
C:\Documents and Settings\LocalService\ntuser.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\NTUSER.DAT - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\AVG7\Log\emc.log - unable to open file - not scanned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\GetAccess.class-322566a0-1fddbc0e.class - error in scanning - scan abandoned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\InsecureClassLoader.class-7aa0acf5-450bd21f.class - error in scanning - scan abandoned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-246797d4-100a4b1c.zip>binny/binny.class - Java.Shinwow.AJ trojan.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-246797d4-100a4b1c.zip contains infected files.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4d73a4d2-33c7cbfc.zip>binny/binny.class - Java.Shinwow.AJ trojan.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4d73a4d2-33c7cbfc.zip contains infected files.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Webroot\Spy Sweeper\Logs\SpySweeperLog.txt - unable to open file - not scanned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Cookies\INDEX.DAT - unable to open file - not scanned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini.inuse - unable to open file - not scanned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Local Settings\History\History.IE5\INDEX.DAT - unable to open file - not scanned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Local Settings\Temp\NAV\Support\LUpdate\LUSETUP.EXE - scan incomplete.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Local Settings\Temp\Perflib_Perfdata_b4.dat - unable to open file - not scanned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Local Settings\Temporary Internet Files\Content.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\NTUSER.DAT - unable to open file - not scanned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\ntuser.dat.LOG - unable to open file - not scanned.
C:\hiberfil.sys - unable to open file - not scanned.
C:\I386\WBCACHE.NL_ - scan incomplete.
C:\pagefile.sys - unable to open file - not scanned.
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VIRUSLOG.TXT - unable to open file - not scanned.
C:\Program Files\Sygate\SPF\debug.log - unable to open file - not scanned.
C:\Program Files\Sygate\SPF\rawlog.log - unable to open file - not scanned.
C:\Program Files\Sygate\SPF\seclog.log - unable to open file - not scanned.
C:\Program Files\Sygate\SPF\syslog.log - unable to open file - not scanned.
C:\Program Files\Sygate\SPF\tralog.log - unable to open file - not scanned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP44\A0011552.exe - scan incomplete.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP44\A0011553.exe - scan incomplete.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001213.exe - scan incomplete.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP57\A0018271.exe - scan incomplete.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP59\A0018292.exe - scan incomplete.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP73\change.log - unable to open file - not scanned.
C:\WINDOWS\Debug\PASSWD.LOG - unable to open file - not scanned.
C:\WINDOWS\SchedLgU.Txt - unable to open file - not scanned.
C:\WINDOWS\SoftwareDistribution\EventCache\{77EA2056-510F-43EB-A5CF-1C2F46695044}.bin - unable to open file - not scanned.
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log - unable to open file - not scanned.
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log - unable to open file - not scanned.
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb - unable to open file - not scanned.
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt - unable to open file - not scanned.
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT - unable to open file - not scanned.
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG - unable to open file - not scanned.
C:\WINDOWS\SYSTEM32\CONFIG\SAM - unable to open file - not scanned.
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG - unable to open file - not scanned.
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt - unable to open file - not scanned.
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY - unable to open file - not scanned.
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG - unable to open file - not scanned.
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE - unable to open file - not scanned.
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG - unable to open file - not scanned.
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt - unable to open file - not scanned.
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM - unable to open file - not scanned.
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG - unable to open file - not scanned.
C:\WINDOWS\SYSTEM32\H323LOG.TXT - unable to open file - not scanned.
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR - unable to open file - not scanned.
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP - unable to open file - not scanned.
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER - unable to open file - not scanned.
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP - unable to open file - not scanned.
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP - unable to open file - not scanned.
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA - unable to open file - not scanned.
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP - unable to open file - not scanned.
C:\WINDOWS\WindowsUpdate.log - unable to open file - not scanned.

Finished scanning: 10:28:31 PM, 2/22/2005
Number of files scanned: 103708.
Number of files that could not be scanned: 65
Number of archives containing infected files: 2
Number of infections: 2
Number of infected files not cleaned/deleted/renamed: 2
C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-246797d4-100a4b1c.zip>binny/binny.class (Java.Shinwow.AJ trojan)
C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4d73a4d2-33c7cbfc.zip>binny/binny.class (Java.Shinwow.AJ trojan)

eTrust EZ Antivirus Version 6.2.0.28
Started scanning: 4:25:12 PM, 2/25/2005
Dat file v8961

Scanning boot sectors...
C:\ Master Boot Record matches template, is OK: standard Win2000 (1).
C:\ Partition Boot Record matches template, is OK: standard Win2000 (2).

Scanning file(s)...
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log - unable to open file - not scanned.
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck - unable to open file - not scanned.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - unable to open file - not scanned.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT - unable to open file - not scanned.
C:\Documents and Settings\LocalService\NTUSER.DAT - unable to open file - not scanned.
C:\Documents and Settings\LocalService\ntuser.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\NTUSER.DAT - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\AVG7\Log\emc.log - unable to open file - not scanned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\GetAccess.class-322566a0-1fddbc0e.class - error in scanning - scan abandoned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\InsecureClassLoader.class-7aa0acf5-450bd21f.class - error in scanning - scan abandoned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-246797d4-100a4b1c.zip>binny/binny.class - Java.Shinwow.AJ trojan.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-246797d4-100a4b1c.zip contains infected files.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4d73a4d2-33c7cbfc.zip>binny/binny.class - Java.Shinwow.AJ trojan.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4d73a4d2-33c7cbfc.zip contains infected files.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Webroot\Spy Sweeper\Logs\SpySweeperLog.txt - unable to open file - not scanned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Cookies\INDEX.DAT - unable to open file - not scanned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini.inuse - unable to open file - not scanned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Local Settings\History\History.IE5\INDEX.DAT - unable to open file - not scanned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Local Settings\Temp\NAV\Support\LUpdate\LUSETUP.EXE - scan incomplete.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Local Settings\Temp\Perflib_Perfdata_b8.dat - unable to open file - not scanned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\Local Settings\Temporary Internet Files\Content.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\NTUSER.DAT - unable to open file - not scanned.
C:\Documents and Settings\Trevor Veasey.D3H36G41\ntuser.dat.LOG - unable to open file - not scanned.
C:\hiberfil.sys - unable to open file - not scanned.
C:\I386\PER_SEG1.SW_ - scan incomplete.

Scan aborted by user: 4:30:44 PM, 2/25/2005
Number of files scanned: 17366.
Number of files that could not be scanned: 29
Number of archives containing infected files: 2
Number of infections: 2
Number of infected files not cleaned/deleted/renamed: 2
C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-246797d4-100a4b1c.zip>binny/binny.class (Java.Shinwow.AJ trojan)
C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4d73a4d2-33c7cbfc.zip>binny/binny.class (Java.Shinwow.AJ trojan)


Ok, Now it says that it delated them, but every time I start my comp it says I still have it.
Trevor

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:57 PM

Posted 27 February 2005 - 07:19 PM

Boot into safe mode and see if you can delete this:

C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-246797d4-100a4b1c.zip

Your log is stil clean, so though its on your computer its not affecting you

#11 trevorveasey

trevorveasey
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Location:AVON PARK, FL
  • Local time:05:57 PM

Posted 01 March 2005 - 05:54 PM

I tried to, but I can't find it. is there some way I can find it?
Trevor

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:57 PM

Posted 01 March 2005 - 06:06 PM

Click on start, then run and type the following in the open field:

C:\Documents and Settings\Trevor Veasey.D3H36G41\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar

Then press the ok button. It should show everything in that folder

#13 trevorveasey

trevorveasey
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Location:AVON PARK, FL
  • Local time:05:57 PM

Posted 01 March 2005 - 08:03 PM

Thanx. One more thing. Everyday my comp tells me that I have been hijacked. Is there anyway I can stop this? I am running spygate firewall. Is there another program that works better?
Trevor

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:57 PM

Posted 02 March 2005 - 12:35 AM

I need more info..what exactly is it saying to you. Where is this file its finding? Have you looked for and dleeted this file?

If its the file we are working, lets get rid of it and try again

#15 trevorveasey

trevorveasey
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Location:AVON PARK, FL
  • Local time:05:57 PM

Posted 03 March 2005 - 03:08 AM

Ok, psygate is saying that C:\WINDOWS\system32\wbem\wmiprvse.exe is accessing the network. Also, Somebody is scanning your computer.
Your computer's TCP ports:
5005, 5006, 5003, and 5007 have been scanned from 207.67.118.80..

This is from spygate's log viewer.
Trevor




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users