Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Virus


  • Please log in to reply
27 replies to this topic

#1 GA_crazy_shamz

GA_crazy_shamz

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 27 January 2008 - 11:25 AM

hey there...i have a virus on my computer that i think u can help me with. it's actually on 2 laptops and on an external harddisk and on a usb drive

this virus transfers thru external disks i think...i formatted my external harddisk but the virus is still on there (im guessin it's cause i formatted it on the laptop that has the virus)...i tried system restore but it didnt work...i later realized that a rollback may have worked but unfortunately there r no more restore points now!

i hope u can help me. ill really appreciate it.

heres a report of one of the laptops scan (kaspersky online scanner):

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR5.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\00000002.ps1 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\00000002.ps2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\00010004.ci Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\cicat.fid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\cicat.hsh Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiCL0001.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiP10000.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiP20000.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiPT0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiSL0001.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiSP0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiST0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiVP0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\INDEX.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\propstor.bk1 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\propstor.bk2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Application Data\SiteAdvisor\SiteAdv.csh Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Application Data\Microsoft\Messenger\sa_zuberi@msn.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Application Data\Microsoft\Messenger\sa_zuberi@msn.com\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Application Data\Microsoft\Messenger\sa_zuberi@msn.com\SharingMetadata\Working\database_5CB8_451C_B844_F654\dfsr.db Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Application Data\Microsoft\Messenger\sa_zuberi@msn.com\SharingMetadata\Working\database_5CB8_451C_B844_F654\fsr.log Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Application Data\Microsoft\Messenger\sa_zuberi@msn.com\SharingMetadata\Working\database_5CB8_451C_B844_F654\fsrtmp.log Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Application Data\Microsoft\Messenger\sa_zuberi@msn.com\SharingMetadata\Working\database_5CB8_451C_B844_F654\tmp.edb Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Application Data\Microsoft\Windows Live Contacts\sa_zuberi@msn.com\real\members.stg Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Application Data\Microsoft\Windows Live Contacts\sa_zuberi@msn.com\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\History\History.IE5\MSHist012008012620080127\index.dat Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\History\History.IE5\MSHist012008012720080128\index.dat Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Temp\s2pg.dll Infected: Worm.Win32.AutoRun.cex skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Temp\~DF12B9.tmp Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Temp\~DF609E.tmp Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Temp\~DF60B2.tmp Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Temp\~DFAE7C.tmp Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Temp\~DFAE8D.tmp Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Temp\~DFC51A.tmp Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Temp\~DFC52B.tmp Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Asad Zuberi\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Asad Zuberi\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Softex\OmniPass\btype0.dat Object is locked skipped

C:\Program Files\Softex\OmniPass\btype256.dat Object is locked skipped

C:\Program Files\Softex\OmniPass\btype259.dat Object is locked skipped

C:\Program Files\Softex\OmniPass\btype3.dat Object is locked skipped

C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped

C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped

C:\System Volume Information\catalog.wci\0001000F.ci Object is locked skipped

C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped

C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped

C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped

C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped

C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP121\A0022763.exe Infected: Worm.Win32.AutoRun.cex skipped

C:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP121\A0022780.dll Infected: Worm.Win32.AutoRun.cex skipped

C:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP121\A0022784.exe Infected: Worm.Win32.AutoRun.cex skipped

C:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP121\A0022803.dll Infected: Worm.Win32.AutoRun.cex skipped

C:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP121\A0022807.exe Infected: Worm.Win32.AutoRun.cex skipped

C:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP121\A0022824.dll Infected: Worm.Win32.AutoRun.cex skipped

C:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP121\A0022827.exe Infected: Worm.Win32.AutoRun.cex skipped

C:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP121\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\amvo.exe Infected: Worm.Win32.AutoRun.cex skipped

C:\WINDOWS\system32\amvo0.dll Infected: Worm.Win32.AutoRun.cex skipped

C:\WINDOWS\system32\amvo1.dll Infected: Trojan-PSW.Win32.OnLineGames.pnz skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\mcmsc_WqBOBSeH1Teg0xf Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_3c4.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\xo8wr9.exe Infected: Worm.Win32.AutoRun.cex skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP121\A0022765.exe Infected: Worm.Win32.AutoRun.cex skipped

E:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP121\A0022786.exe Infected: Worm.Win32.AutoRun.cex skipped

E:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP121\A0022830.exe Infected: Worm.Win32.AutoRun.cex skipped

E:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP121\change.log Object is locked skipped

E:\xo8wr9.exe Infected: Worm.Win32.AutoRun.cex skipped

Scan process completed.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,745 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:34 AM

Posted 27 January 2008 - 02:46 PM

Please insert your flash drive before we begin!

Reconfigure Windows XP to show hidden files, folders. Open My Computer, go to Tools > Folder Options and click on the View tab. Under Hidden Files and Folders, check "Show hidden files and Folders", uncheck "Hide Protected operating system Files (recommended)", uncheck "Hide file extensions for known file types", and hit Apply > OK.

Reboot your computer in "Safe Mode" or "Safe Mode With Command Prompt" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode With Command Prompt".

Go to Start > Run and type: cmd
  • press Ok.
  • At the command prompt, type in your primay drive location, usually C:
  • You may need to change the directory. If so type: cd \
  • Hit Enter.
  • Type: attrib -s -h -r -a autorun.inf
  • Hit Enter.
  • Type: dir
  • Hit Enter. This will allow you to see and confirm the Autorun files.
  • Type: del autorun.inf
  • Hit Enter.
  • Repeat the above commands for each drive on your computer.
Now search for and remove xo8wr9.exe
  • At the command prompt, type in your primay drive location, usually C:
  • Type: dir /s xo8wr9.exe
  • Hit Enter.
  • If the file is present, type: del xo8wr9.exe
  • Hit Enter.
  • Repeat the above commands for each drive on your computer.
  • Then repeat the above commands to search for and delete amvo.exe, amvo0.dll, amvo1.dll on each drive.
  • Exit the command prompt and reboot your computer normally.
When done, check for and remove any Startup RUN values by downloading and using Autoruns.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Tomo2

Tomo2

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wanganui, Aotearoa NZ
  • Local time:02:34 AM

Posted 27 January 2008 - 02:53 PM

Your system restore points are infected. How to clear system restore on ME/XP/Vista. Besides that it has infected plenty more files, Have you run McAfee Virus Scan? You may also want to run something like a boot scan with Avast! Antivirus Home Edition. Hope that helps!

L&P, World Famous in New Zealand since ages ago!
Posted Image
Avast! Antivirus : Spybot S&D : Trend Micro Housecall : Hosts file : HiJack This
Don't be too open minded - your brains will fall out


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,745 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:34 AM

Posted 27 January 2008 - 03:00 PM

Disabling System Restore as the first step when attempting to clean a system or when scanning for malware is not advisable. Unfortunately, some anti-virus vendors still recommend doing this before attempting malware removal and many folks follow that advice. This is really not a good practice when dealing with infected computer systems. Turning System Restore off and then turning it back on has some risk associated with it since that feature does not always work as intended. Further, there is always a possibility of something going wrong during the malware removal process and you end up with more problems. Without a restore point to fall back on, you are then stuck with a limited means of restoring your system such as a Repair Install or Reformat. Although System Restore is not 100% guaranteed to work all the time, it at least gives you another option. See "System Restore and malware removal - what is best practice?".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 GA_crazy_shamz

GA_crazy_shamz
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 27 January 2008 - 05:37 PM

hey guys! thanks for all ur fast replies. quietman7, i did wht u told me to:
when ever i tried to look at any of the amvo files, it gave me an error...when i start up my computer, it gives me a message: Amvo.exe Application error
The exception Privileged instruction.
(0xc0000096) occurred in the application at location 0x10013fd1.

Click on OK to terminate the program.

this happened after the virus by the way. do u know how to get rid of that?? also, i scanned my computer and my diskdrives with kaspersky again and unfortunately it still gave me viruses :S here's the log:

C:\autorun.inf Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR5.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\00000002.ps1 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\00000002.ps2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\00010004.ci Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\cicat.fid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\cicat.hsh Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiCL0001.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiP10000.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiP20000.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiPT0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiSL0001.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiSP0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiST0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiVP0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\INDEX.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\propstor.bk1 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\propstor.bk2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Application Data\SiteAdvisor\SiteAdv.csh Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Application Data\Microsoft\Messenger\sa_zuberi@msn.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Application Data\Microsoft\Messenger\sa_zuberi@msn.com\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Application Data\Microsoft\Messenger\sa_zuberi@msn.com\SharingMetadata\Working\database_5CB8_451C_B844_F654\dfsr.db Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Application Data\Microsoft\Messenger\sa_zuberi@msn.com\SharingMetadata\Working\database_5CB8_451C_B844_F654\fsr.log Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Application Data\Microsoft\Messenger\sa_zuberi@msn.com\SharingMetadata\Working\database_5CB8_451C_B844_F654\fsrtmp.log Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Application Data\Microsoft\Messenger\sa_zuberi@msn.com\SharingMetadata\Working\database_5CB8_451C_B844_F654\tmp.edb Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Application Data\Microsoft\Windows Live Contacts\sa_zuberi@msn.com\real\members.stg Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Application Data\Microsoft\Windows Live Contacts\sa_zuberi@msn.com\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\History\History.IE5\MSHist012008012720080128\index.dat Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Temp\ojv.dll Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Temp\Perflib_Perfdata_e88.dat Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Temp\s2pg.dll Infected: Worm.Win32.AutoRun.cex skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Temp\~DF3CBF.tmp Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Temp\~DF3D5A.tmp Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Temp\~DF666B.tmp Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Temp\~DFBB5D.tmp Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Temp\~DFBB77.tmp Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Temporary Internet Files\Content.IE5\HNC6SBPO\help[1].exe Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

C:\Documents and Settings\Asad Zuberi\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Asad Zuberi\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Asad Zuberi\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Softex\OmniPass\btype0.dat Object is locked skipped

C:\Program Files\Softex\OmniPass\btype256.dat Object is locked skipped

C:\Program Files\Softex\OmniPass\btype259.dat Object is locked skipped

C:\Program Files\Softex\OmniPass\btype3.dat Object is locked skipped

C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped

C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped

C:\System Volume Information\catalog.wci\0001000F.ci Object is locked skipped

C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped

C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped

C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped

C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped

C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1\A0000001.exe Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

C:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1\A0000002.inf Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

C:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1\A0000012.dll Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

C:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1\A0000013.dll Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

C:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1\A0000021.dll Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

C:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1\A0000024.exe Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

C:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1\A0000025.inf Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

C:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\amvo.exe Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

C:\WINDOWS\system32\amvo0.dll Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

C:\WINDOWS\system32\amvo1.dll Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\mcafee_A08qh8lw1C8Dp1X Object is locked skipped

C:\WINDOWS\Temp\mcmsc_lNT26SiSwE6CyAm Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_35c.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\xo8wr9.exe Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

E:\autorun.inf Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1\A0000003.exe Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

E:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1\A0000004.inf Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

E:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1\A0000011.inf Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

E:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1\A0000026.exe Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

E:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1\change.log Object is locked skipped

E:\xo8wr9.exe Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

F:\xo8wr9.exe Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

F:\autorun.inf Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

Scan process completed.


as for my other computer, kaspersky only gives 1 virus: (i tried wht u told me before on this comp too, but it told me that autorun.inf wasnt found...i think its cuz 'show hidden files' has stopped working since the virus came--on both computers)

C:\autorun.inf Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\012b_File_Monitoring_eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\012d_Web_Monitoring_eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\012e_AdBlocker_eventcritlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\012e_AdBlocker_eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.idx Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\report.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\student\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped

C:\Documents and Settings\student\Application Data\Microsoft\Word\AutoRecovery save of Document1.asd Object is locked skipped

C:\Documents and Settings\student\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\student\Local Settings\Application Data\Ares\My Shared Folder\___ARESTRA___03 whatever it takes(2).mp3 Object is locked skipped

C:\Documents and Settings\student\Local Settings\Application Data\Ares\My Shared Folder\___ARESTRA___03 whatever it takes(3).mp3 Object is locked skipped

C:\Documents and Settings\student\Local Settings\Application Data\Ares\My Shared Folder\___ARESTRA___03 whatever it takes(4).mp3 Object is locked skipped

C:\Documents and Settings\student\Local Settings\Application Data\Ares\My Shared Folder\___ARESTRA___03 whatever it takes(5).mp3 Object is locked skipped

C:\Documents and Settings\student\Local Settings\Application Data\Ares\My Shared Folder\___ARESTRA___03 whatever it takes(6).mp3 Object is locked skipped

C:\Documents and Settings\student\Local Settings\Application Data\Ares\My Shared Folder\___ARESTRA___03 whatever it takes.mp3 Object is locked skipped

C:\Documents and Settings\student\Local Settings\Application Data\Ares\My Shared Folder\___ARESTRA___a song for mama.mp3 Object is locked skipped

C:\Documents and Settings\student\Local Settings\Application Data\Ares\My Shared Folder\___ARESTRA___kelly clarkson - sober (full)(2).mp3 Object is locked skipped

C:\Documents and Settings\student\Local Settings\Application Data\Ares\My Shared Folder\___ARESTRA___mario - how do i breathe(4)(2).mp3 Object is locked skipped

C:\Documents and Settings\student\Local Settings\Application Data\BVRP Software\NetWaiting\MoHlog.txt Object is locked skipped

C:\Documents and Settings\student\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\student\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\student\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\student\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\student\Local Settings\History\History.IE5\MSHist012008012720080128\index.dat Object is locked skipped

C:\Documents and Settings\student\Local Settings\Temp\~DF497.tmp Object is locked skipped

C:\Documents and Settings\student\Local Settings\Temp\~DF6F3.tmp Object is locked skipped

C:\Documents and Settings\student\Local Settings\Temp\~DFCD4D.tmp Object is locked skipped

C:\Documents and Settings\student\Local Settings\Temp\~WRF0000.tmp Object is locked skipped

C:\Documents and Settings\student\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\student\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\student\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\student\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\student\UserData\index.dat Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP380\change.log Object is locked skipped

C:\WINDOWS\CSC\00000001 Object is locked skipped

C:\WINDOWS\Debug\Netlogon.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,745 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:34 AM

Posted 27 January 2008 - 10:27 PM

We can only do one computer at a time as the instructions will be different and attempting to do otherwise will cause confusion. Use these instructions on the Asad Zuberi computer.

Please download OTMoveIt2 by OldTimer and save to your Desktop.
  • Double-click on OTMoveIt2.exe to launch the program.
  • Copy the file(s)/folder(s) paths listed below - highlight everything in the quote box and press CTRL+C or right-click and choose Copy.

C:\autorun.inf
E:\autorun.inf
F:\autorun.inf
C:\xo8wr9.exe
E:\xo8wr9.exe
F:\xo8wr9.exe
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
C:\Documents and Settings\Asad Zuberi\Local Settings\Temp\ojv.dll
C:\Documents and Settings\Asad Zuberi\Local Settings\Temp\s2pg.dll
C:\Documents and Settings\Asad Zuberi\Local Settings\Temporary Internet Files\Content.IE5\HNC6SBPO\help[1].exe

  • Return to OTMoveIt2, right-click in the open text box labeled "Paste List of Files/Folders to be Moved" (under the light blue bar) and choose Paste.
  • Click the red MoveIt! button.
  • The list will be processed and the results will be displayed in the right-hand pane.
  • Highlight everything in the Results window (under the green bar), press CTRL+C or right-click, choose Copy, right-click again and Paste it in your next reply.
  • Click Exit when done.
  • A log of the results is automatically created and saved to C:\_OTMoveIt\MovedFiles \mmddyyyy_hhmmss.log <- the date/time the tool was run.
-- Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

Caution: Be careful of what you copy and paste with this tool. OTMoveIt is a powerful program, designed to move highly persistent files and folders. Not following the directions as instructed or using incorrectly could lead to disastrous problems with your operating system.


Download AutoRuns and save it to your Desktop.
  • Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if your not sure how to do this.)
  • Open the folder and double-click on autoruns.exe to launch it.
  • Please be patient as it scans and populates the entries.
  • When done scanning, it will say Ready at the bottom.
  • Scroll through the list and look for a startup entry related to amvo.exe.
  • Right-click on the entry and choose delete.
  • Exit when done.
Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.
Please download Dr.Web CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with Dr.Web CureIt as follows:
  • Double-click on cureit.exe to start the program. (ignore any prompts to update or check for a new version)
  • When the Dr.Web opens, an "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Custom Scan", then Select drives (a red dot will show which drives have been chosen).
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop. (You can use Notepad to open the DrWeb.cvs report)
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 GA_crazy_shamz

GA_crazy_shamz
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 28 January 2008 - 07:56 AM

here u go:

C:\autorun.inf moved successfully.
E:\autorun.inf moved successfully.
F:\autorun.inf moved successfully.
C:\xo8wr9.exe moved successfully.
E:\xo8wr9.exe moved successfully.
F:\xo8wr9.exe moved successfully.
C:\WINDOWS\system32\amvo.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo0.dll NOT unregistered.
C:\WINDOWS\system32\amvo0.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\amvo1.dll NOT unregistered.
C:\WINDOWS\system32\amvo1.dll moved successfully.
DllUnregisterServer procedure not found in C:\Documents and Settings\Asad Zuberi\Local Settings\Temp\ojv.dll
C:\Documents and Settings\Asad Zuberi\Local Settings\Temp\ojv.dll NOT unregistered.
C:\Documents and Settings\Asad Zuberi\Local Settings\Temp\ojv.dll moved successfully.
DllUnregisterServer procedure not found in C:\Documents and Settings\Asad Zuberi\Local Settings\Temp\s2pg.dll
C:\Documents and Settings\Asad Zuberi\Local Settings\Temp\s2pg.dll NOT unregistered.
C:\Documents and Settings\Asad Zuberi\Local Settings\Temp\s2pg.dll moved successfully.
C:\Documents and Settings\Asad Zuberi\Local Settings\Temporary Internet Files\Content.IE5\HNC6SBPO\help[1].exe moved successfully.

OTMoveIt2 v1.0.15 log created on 01282008_130952



A0000003.exe;E:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1;Trojan.MulDrop.6474;Deleted.;
A0000026.exe;E:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1;Trojan.MulDrop.6474;Deleted.;
A0000071.exe;E:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1;Trojan.MulDrop.6474;Deleted.;
A0000001.exe;C:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1;Trojan.MulDrop.6474;Deleted.;
A0000012.dll;C:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1;Trojan.PWS.Wsgame.2387;Deleted.;
A0000013.dll;C:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1;Trojan.PWS.Wsgame.2387;Deleted.;
A0000021.dll;C:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1;Trojan.PWS.Wsgame.2387;Deleted.;
A0000024.exe;C:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1;Trojan.MulDrop.6474;Deleted.;
A0000044.dll;C:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1;Trojan.PWS.Wsgame.2387;Deleted.;
A0000046.exe;C:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1;Trojan.MulDrop.6474;Deleted.;
A0000064.dll;C:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1;Trojan.PWS.Wsgame.2387;Deleted.;
A0000065.exe;C:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1;Trojan.MulDrop.6474;Deleted.;
A0000076.exe;C:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1;Trojan.MulDrop.6474;Deleted.;
xo8wr9.exe;C:\_OTMoveIt\MovedFiles\01282008_130952;Trojan.MulDrop.6474;Deleted.;
ojv.dll;C:\_OTMoveIt\MovedFiles\01282008_130952\Documents and Settings\Asad Zuberi\Local Settings\Temp;Trojan.Nsanti.Packed;Deleted.;
s2pg.dll;C:\_OTMoveIt\MovedFiles\01282008_130952\Documents and Settings\Asad Zuberi\Local Settings\Temp;Trojan.Nsanti.Packed;Deleted.;
help[1].exe;C:\_OTMoveIt\MovedFiles\01282008_130952\Documents and Settings\Asad Zuberi\Local Settings\Temporary Internet Files\Content.IE5\;Trojan.MulDrop.6474;Deleted.;
amvo.exe;C:\_OTMoveIt\MovedFiles\01282008_130952\WINDOWS\system32;Trojan.MulDrop.6474;Deleted.;
amvo0.dll;C:\_OTMoveIt\MovedFiles\01282008_130952\WINDOWS\system32;Trojan.PWS.Wsgame.2387;Deleted.;
amvo1.dll;C:\_OTMoveIt\MovedFiles\01282008_130952\WINDOWS\system32;Trojan.PWS.Wsgame.2387;Deleted.;



the error msg is gone
whenever i try to open any harddrives, it gives me the open with box.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,745 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:34 AM

Posted 28 January 2008 - 09:46 AM

Connect to the Internet and double-click on OTMoveIt2.exe to launch the program again.
  • Click on the green CleanUp! button.
  • When you do this a text file named cleanup.txt will be downloaded from the Internet.
  • If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the Internet you should allow it to do so.
  • After the text file has been downloaded, you will be asked if you want to Begin cleanup process?
  • Select Yes.

Download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that is plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Go to Start > Run and type: regedit
Press "OK" and navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

In the right pane you should see the default entries:
Shell = Explorer.exe
Userinit = C:\WINDOWS\system32\userinit.exe,


Let me know if thats what you see or if there is something else.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 GA_crazy_shamz

GA_crazy_shamz
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 28 January 2008 - 11:02 AM

that's exactly what i see

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,745 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:34 AM

Posted 28 January 2008 - 11:05 AM

Ok. Did you run Flash_Disinfector.exe.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 GA_crazy_shamz

GA_crazy_shamz
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 28 January 2008 - 11:11 AM

yes i did, the drives open fine now and i can see hidden files, but scanning with kaspersky still shows viruses

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,745 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:34 AM

Posted 28 January 2008 - 11:17 AM

What else is Kaspersky showing?

Have you tried doing a full system scan with your primary anti-virus in "Safe Mode"?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 GA_crazy_shamz

GA_crazy_shamz
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 28 January 2008 - 11:23 AM

this is wht kaspersky gives me when i scan my external harddisk and usb...i havent scanned the whole computer again yet:

E:\autorun.inf Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1\A0000004.inf Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

E:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1\A0000011.inf Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

E:\System Volume Information\_restore{191A6B8A-2DCE-40B0-9F98-AF1628E440AA}\RP1\A0000072.inf Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

F:\autorun.inf Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped


my primary anti-virus is mcafee...it wont show any viruses in normal mode. would u like me to run it in safe mode?

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,745 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:34 AM

Posted 28 January 2008 - 11:44 AM

Did you run Flask_Disinfector while the E and F drives were present? That autorun.inf has returned. Rerun that tool again and make sure it is run on both of those drives.

Then you need to purge your System Restore points on both of those drives. See here for how to do that.

When done, run your anti-virus in safe mode.
You probably should also run another scan with Dr.Web CureIt following the same directions as before.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 GA_crazy_shamz

GA_crazy_shamz
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 28 January 2008 - 11:50 AM

i dont think its working...i just used the flash program to clean my usb and then checked kaspersky and the virus is there... :S




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users