Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32\disabler.i Trojan


  • Please log in to reply
No replies to this topic

#1 SvetaK

SvetaK

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 16 April 2008 - 09:52 AM

Win32\Disabler.I Trojan
am I still infected

Hi, I have given my USB key to someone to save a few files for me. When i got it back some of my folders have changed to some weird files with extension exe. I decided to run virus scan on them and it detected the following:

Time Module Object Name Threat Action User Information
14.04.2008 23:42:38 AMON file G:\ssh.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:42:38 AMON file G:\the card.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:42:25 AMON file G:\ssh.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:42:25 AMON file G:\the card.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:42:14 AMON file G:\ssh.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:42:14 AMON file G:\the card.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:42:00 AMON file G:\ssh.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:42:00 AMON file G:\the card.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:41:48 AMON file G:\ssh.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:41:48 AMON file G:\the card.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:41:35 AMON file G:\ssh.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:41:35 AMON file G:\the card.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:41:16 AMON file G:\ssh.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:41:16 AMON file G:\the card.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:41:03 AMON file G:\ssh.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:41:03 AMON file G:\the card.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:40:52 AMON file G:\ssh.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:40:52 AMON file G:\the card.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.


Its not the whole log (its too long to post here)
My virus software (Nod 32) placed this files into quarantine and deleted it.


Next day i run the scan again:


Time Module Object Name Threat Action User Information
14.04.2008 23:42:38 AMON file G:\ssh.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:42:38 AMON file G:\the card.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:42:25 AMON file G:\ssh.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:42:25 AMON file G:\the card.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:42:14 AMON file G:\ssh.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:42:14 AMON file G:\the card.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:42:00 AMON file G:\ssh.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:42:00 AMON file G:\the card.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:41:48 AMON file G:\ssh.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:41:48 AMON file G:\the card.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:41:35 AMON file G:\ssh.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:41:35 AMON file G:\the card.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:41:16 AMON file G:\ssh.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:41:16 AMON file G:\the card.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:41:03 AMON file G:\ssh.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:41:03 AMON file G:\the card.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:40:52 AMON file G:\ssh.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
14.04.2008 23:40:52 AMON file G:\the card.Vexe Win32/Disabler.I trojan error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.

So i decided to delete everything from the USB to make sure there are nothing else left with viruses there. I have run the manual scan:

Scanning Log
NOD32 version 3027 (20080415) NT
C:\Program Files\Eset\nod32.exe:KAVICHS - error opening (Access denied) [4]
Operating memory - is OK

Date: 15.4.2008 Time: 18:09:07
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:
C:\asusdisp.log:KAVICHS - error opening (Access denied) [4]
C:\boot.ini:KAVICHS - error opening (Access denied) [4]
C:\gm.log:KAVICHS - error opening (Access denied) [4]
C:\pagefile.sys - error opening (File locked) [4]
C:\sc.log:KAVICHS - error opening (Access denied) [4]
C:\sqmdata00.sqm:KAVICHS - error opening (Access denied) [4]
C:\sqmdata01.sqm:KAVICHS - error opening (Access denied) [4]
C:\sqmdata02.sqm:KAVICHS - error opening (Access denied) [4]
C:\sqmdata03.sqm:KAVICHS - error opening (Access denied) [4]
C:\sqmdata04.sqm:KAVICHS - error opening (Access denied) [4]
C:\sqmdata05.sqm:KAVICHS - error opening (Access denied) [4]
C:\sqmdata06.sqm:KAVICHS - error opening (Access denied) [4]
C:\sqmdata07.sqm:KAVICHS - error opening (Access denied) [4]
C:\sqmdata08.sqm:KAVICHS - error opening (Access denied) [4]
C:\sqmdata09.sqm:KAVICHS - error opening (Access denied) [4]
C:\sqmdata10.sqm:KAVICHS - error opening (Access denied) [4]
C:\sqmdata11.sqm:KAVICHS - error opening (Access denied) [4]
C:\sqmdata12.sqm:KAVICHS - error opening (Access denied) [4]
C:\sqmdata13.sqm:KAVICHS - error opening (Access denied) [4]
C:\sqmdata14.sqm:KAVICHS - error opening (Access denied) [4]
C:\sqmdata15.sqm:KAVICHS - error opening (Access denied) [4]
C:\sqmdata16.sqm:KAVICHS - error opening (Access denied) [4]
C:\sqmdata17.sqm:KAVICHS - error opening (Access denied) [4]
C:\sqmdata18.sqm:KAVICHS - error opening (Access denied) [4]
C:\sqmdata19.sqm:KAVICHS - error opening (Access denied) [4]
C:\sqmnoopt00.sqm:KAVICHS - error opening (Access denied) [4]
C:\sqmnoopt01.sqm:KAVICHS - error opening (Access denied) [4]
C:\sqmnoopt02.sqm:KAVICHS - error opening (Access denied) [4]
C:\sqmnoopt03.sqm:KAVICHS - error opening (Access denied) [4]
C:\sqmnoopt04.sqm:KAVICHS - error opening (Access denied) [4]
C:\sqmnoopt05.sqm:KAVICHS - error opening (Access denied) [4]
C:\sqmnoopt06.sqm:KAVICHS - error opening (Access denied) [4]
C:\Dart Karaoke Studio CDG\amp.dll:KAVICHS - error opening (Access denied) [4]
C:\Dart Karaoke Studio CDG\CDGSim.exe:KAVICHS - error opening (Access denied) [4]
C:\Dart Karaoke Studio CDG\CDRec4UI.dll:KAVICHS - error opening (Access denied) [4]
C:\Dart Karaoke Studio CDG\DartUI.dll:KAVICHS - error opening (Access denied) [4]
C:\Dart Karaoke Studio CDG\DartUtil.dll:KAVICHS - error opening (Access denied) [4]
C:\Documents and Settings\Администратор\ntuser.ini:KAVICHS - error opening (Access denied) [4]
C:\Documents and Settings\Администратор\Application Data\desktop.ini:KAVICHS - error opening (Access denied) [4]
C:\Documents and Settings\Администратор\Application Data\ACD Systems\ACDSee\80Pro\UsageTrack.txt:KAVICHS - error opening (Access denied) [4]
C:\Documents and Settings\Администратор\Application Data\Adobe\Acrobat\8.0\AdobeCMapFnt08.lst:KAVICHS - error opening (Access denied) [4]
C:\Documents and Settings\Администратор\Application Data\Adobe\Acrobat\8.0\AdobeComFnt08.lst:KAVICHS - error opening (Access denied) [4]
C:\Documents and Settings\Администратор\Application Data\Adobe\Acrobat\8.0\AdobeSysFnt08.lst:KAVICHS - error opening (Access denied) [4]

Note: I haven't past the full log because its too long

Number of scanned files: 186357
Number of threats found: 0
Time of completion: 18:57:56 Total scanning time: 2929 sec (00:48:49)

Notes:
[4] File cannot be opened. It may be in use by another application or operating system.


I have also run Spyboot & found nothing

My question is because there is still an error while trying to access some files and 4 files can't be opened does it mean i still have the virus.

I am not very technical so if you explain in the plain language it would be highly appreciated.
Thanks in advance for any advice
Svetlana

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users