Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.. Spools.exe ... Excessive Pop-up Spyware Ads


  • This topic is locked This topic is locked
22 replies to this topic

#1 johnnyballgamer

johnnyballgamer

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 26 April 2008 - 05:22 AM

Hi,

PS: Sorry first post... I think I put it in the wrong place... Dont know how to move it. Very Sorry!

I just had my first real run in with something taking over my computer. Long story, but browsing myspace for the first time because it was on Yahoo toolbar ... A few minutes later the command prompt opened and the fireworks went off. Tons of spyware IE pop-ups (first time I've ever had pop-ups since Win XP), my desktop background is repeatedly replaced with a big text link to click spyware, and in the bottom tray a MSFT update knockoff constantly reappears "click me" etc.

I ran McAfee quick to find ...spools.exe was listed as a new malware trojan. With McAfee Firewall (which had been disabled), I also ended up blocking about 3-4 programs that repeatedly wanted to access the internet. Running msconfig to just to try to gain some control, I also see there are two of these ...spools.exe. After turning everything non MSFT off, the computer is calmer but I know its all still there.

Not knowing what things can do nowadays and mainly concerned about saved online id's and passwords, I just unplugged the internet cable. I'm don't know whether or not to plug it back in to download anti spyware stuff. Not sure.

After switching to a different computer, I googled and wound up here. I found similar things... Lots of HiJackThis and Kaspersky and such.. It all looks pretty complicated and time consuming, and I am leaving the country in just a couple days with many other things to do. Is there just one program I could download and run to take care of this problem? I like the computer but there is nothing on there of importance. Worst case, I would just never turn it on again.

Thanks much!
Johnny

Edited by garmanma, 26 April 2008 - 09:25 AM.
Moved to more appropiate forum


BC AdBot (Login to Remove)

 


#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 26 April 2008 - 05:44 AM

if they are not already there you may wish to get on that computer and run some of the programs in
the spyware removal section in
http://www.bleepingcomputer.com/forums/topic3616.html

I would suggest you might wish to try a2free and superantispyware for starters

if you run each of them, and get their reports on here the Experts can examine them and guide you if necessary to use more powerful tools

#3 johnnyballgamer

johnnyballgamer
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 26 April 2008 - 06:04 AM

Hi, ya, thank you.

I am looking around and stuff.

The malware totally is re-routing me from reaching any internet links on that computer. I was thinking of burning a cd to help install stuff.

#4 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 26 April 2008 - 06:24 AM

you might wish to be a wee bit overcautious and burn at least two if not more cds

I would get asquared and superantispyare on separate discs with the exes and update definitions from the clean computer then load them on to the infected computer

I would then treat those two( or however many you use) cds as 'infected' and NOT put them back into my clean machine

if you CAN get at least those two programs on there , you will need to reboot the computer and open the programs from their desktop icons and run full deep scans ; one can then maybe identify the nasty you have on baord and see what next you need to do :thumbsup:

#5 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:53 PM

Posted 26 April 2008 - 07:27 AM

http://www.bleepingcomputer.com/startups/s....exe-22320.html

Note: Use SDFix under supervision.

http://www.castlecops.com/o23et-t.html
Chewy

No. Try not. Do... or do not. There is no try.

#6 johnnyballgamer

johnnyballgamer
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 26 April 2008 - 11:23 AM

Thank you very much for the advices. SDFix really easily hit the spot, but I learned quite a bit along the way. I will continue to check out what else has happened to my machine, but am very happy to be where I am at right now - within just a few hours. Really appreciate it, again, great site!!!

One other minor question... this wouldn't quietly & secretly bleed onto my other computers over my home router just because they were on would it?

:thumbsup:

#7 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:53 PM

Posted 26 April 2008 - 11:47 AM

if you have file and printer sharing and network shares on a home network and each computer doesn't have a rock solid
firewall active and had all the latest updates installed?

best to keep infected computers isolated

run a Kaspersky online scan

and post the log
Chewy

No. Try not. Do... or do not. There is no try.

#8 johnnyballgamer

johnnyballgamer
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 27 April 2008 - 02:16 AM

Hi, I tried to run some of the other scans, including the Kaspersky and Sophos (castlecops), but I had trouble with the installations. They seemed to conflict with the McAfee and maybe a2 software. I couldn't uninstall the McAfee (and maybe a2) just by the normal add/remove programs. I did a google to try to figure how to uninstall that stuff, but I got a little tired and thats where I stopped yesterday. I should try to uninstall everything and run the Kaspersky? Should I do the HiJackThis as well? The McAfee still suggests that spoolsv.exe and something else might still be on my computer. THANKS! :thumbsup:

#9 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:53 PM

Posted 27 April 2008 - 03:34 AM

http://service.mcafee.com/FAQDocument.aspx...c=1033&pf=1

for uninstalling McAfee
Chewy

No. Try not. Do... or do not. There is no try.

#10 johnnyballgamer

johnnyballgamer
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 27 April 2008 - 04:10 AM

I uninstalled McAfee and loaded Sophos for the spoolsv.exe. But currently having trouble getting control and opening sophos after the install reboot. Constant sophos messages but machine very bogged. Currently in sophos scan.

I've gotten about 1000 sophos messages about the same 2 .dll files for suspicion - i tried to delete them through the sophos quarentine but was unsuccessful. The machine is very bogged and difficult to operate atm.

One last note. Sophos has identified a handful of suspicious files including one trojan, but the quarentine doesn't seem to delete them. How do I get rid of these files? Then, I suppose I will run the Kasperky scan and show the log? Thank you!

Edited by johnnyballgamer, 27 April 2008 - 05:58 AM.


#11 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 27 April 2008 - 07:02 AM

just a thought ; did you reboot the computer after removing the Macaffee and BEFORE and after you installed the sophos ?

#12 johnnyballgamer

johnnyballgamer
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 27 April 2008 - 07:26 AM

Probably didn't reboot before. It was definitely sophos that was slowing my machine down. It identified the trojan but really didn't help me do anything with it - so I know it is still there. I uninstalled and am scanning with Kaspersky currently. Machine is running much faster after sophos uninstall.

#13 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 27 April 2008 - 07:32 AM

may I just say that when you uninstall a major program like an antivirus one it is always best to reboot the computer after the uninstalation and before you install another program ; that allows the computer to 'settle down'

personally I would go for having avg antivirus on board , but the choice is of course yours!!!

#14 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:53 PM

Posted 27 April 2008 - 08:43 AM

may I just say that when you uninstall a major program like an antivirus one it is always best to reboot the computer after the uninstalation and before you install another program ; that allows the computer to 'settle down'

personally I would go for having avg antivirus on board , but the choice is of course yours!!!



many installs and uninstalls don't actually complete until you reboot

and it's hard to uninstall a program that's currently running in the background, especially an antivirus
Chewy

No. Try not. Do... or do not. There is no try.

#15 johnnyballgamer

johnnyballgamer
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 28 April 2008 - 02:40 AM

Hi, I was trying to get some of this stuff done yesterday, but all the scans make me feel as if I have the virus myself. Here is Kaspersky online for critical areas.



Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\

Scan Statistics
Total number of scanned objects 9847
Number of viruses found 2
Number of infected objects 2
Number of suspicious objects 0
Duration of the scan process 00:09:19

Infected Object Name Virus Name Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\beep.sys Infected: Rootkit.Win32.Agent.aii skipped

C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\xcsDd06\xcsDd061083.exe Infected: Trojan-Downloader.Win32.VB.dht skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\~DFB964.tmp Object is locked skipped


Here is the C:\ ; D:\ ; E:\ - (E: is anti virus software cd).


Monday, April 28, 2008 2:39:17 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/04/2008
Kaspersky Anti-Virus database records: 650245


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 92254
Number of viruses found 13
Number of infected objects 59
Number of suspicious objects 0
Duration of the scan process 01:01:37

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\0061_AdBlocker_eventcritlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\0061_AdBlocker_eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\006a_File_Monitoring_eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\006c_Web_Monitoring_eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.idx Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\report.rpt Object is locked skipped

C:\Documents and Settings\Johnny\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Johnny\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Johnny\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Johnny\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Johnny\Local Settings\History\History.IE5\MSHist012008042820080429\index.dat Object is locked skipped

C:\Documents and Settings\Johnny\Local Settings\Temp\~DF4A3E.tmp Object is locked skipped

C:\Documents and Settings\Johnny\Local Settings\Temp\~DF8231.tmp Object is locked skipped

C:\Documents and Settings\Johnny\Local Settings\Temp\~DFB964.tmp Object is locked skipped

C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Johnny\ntuser.dat Object is locked skipped

C:\Documents and Settings\Johnny\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\index[1].htm Infected: not-virus:Hoax.HTML.AntiSpySpider.b skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\SDFix\backups\backups.zip/backups/000070.exe Infected: Packed.Win32.Monder.gen skipped

C:\SDFix\backups\backups.zip/backups/000080.exe Infected: Trojan-Downloader.Win32.Small.uuw skipped

C:\SDFix\backups\backups.zip/backups/17PHolmes72.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped

C:\SDFix\backups\backups.zip/backups/cftmon.exe Infected: Worm.Win32.Socks.ff skipped

C:\SDFix\backups\backups.zip/backups/coco.exe.exe Infected: Email-Worm.Win32.Zhelatin.xv skipped

C:\SDFix\backups\backups.zip/backups/default.htm Infected: not-virus:Hoax.HTML.Secureinvites.b skipped

C:\SDFix\backups\backups.zip/backups/kavir.exe Infected: Email-Worm.Win32.Zhelatin.xv skipped

C:\SDFix\backups\backups.zip/backups/mrofinu1000106.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped

C:\SDFix\backups\backups.zip/backups/mrofinu72.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped

C:\SDFix\backups\backups.zip/backups/mrofinu72.exe.tmp Infected: Trojan-Downloader.Win32.Homles.bj skipped

C:\SDFix\backups\backups.zip/backups/winself.exe Infected: Trojan.Win32.DNSChanger.cjd skipped

C:\SDFix\backups\backups.zip/backups/WLCtrl32.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped

C:\SDFix\backups\backups.zip/backups/wmsdkns.exe Infected: not-virus:Hoax.Win32.Renos.bur skipped

C:\SDFix\backups\backups.zip ZIP: infected - 13 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000009.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001009.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001197.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001210.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001214.exe Infected: Worm.Win32.Socks.ff skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001215.exe Infected: Worm.Win32.Socks.ff skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001216.exe Infected: Worm.Win32.Socks.ff skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001217.exe Infected: Email-Worm.Win32.Zhelatin.xv skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001219.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001220.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001221.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001222.exe Infected: Packed.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001223.exe Infected: Trojan-Downloader.Win32.Small.uuw skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001244.exe Infected: Email-Worm.Win32.Zhelatin.xv skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001258.exe Infected: not-virus:Hoax.Win32.Renos.bur skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001262.exe Infected: Trojan.Win32.DNSChanger.cjd skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001272.exe Infected: Packed.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001273.exe Infected: Trojan-Downloader.Win32.Small.uuw skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001275.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001293.exe Infected: Worm.Win32.Socks.ff skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001295.exe Infected: Email-Worm.Win32.Zhelatin.xv skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001299.exe Infected: Email-Worm.Win32.Zhelatin.xv skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001300.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001301.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001319.exe Infected: Trojan.Win32.DNSChanger.cjd skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001320.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001321.exe Infected: not-virus:Hoax.Win32.Renos.bur skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001636.old Infected: Trojan-Downloader.Win32.Small.ixt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\snapshot\MFEX-1.DAT Infected: Trojan-Downloader.Win32.Small.uvt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0002032.dll Infected: Packed.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0002033.dll Infected: Packed.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0002034.dll Infected: Packed.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0002035.dll Infected: Packed.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0002036.dll Infected: Packed.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0002037.dll Infected: Packed.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0002038.dll Infected: Packed.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0002039.dll Infected: Packed.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0002040.dll Infected: Packed.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0002041.dll Infected: Packed.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0002042.exe Infected: not-virus:Hoax.Win32.Renos.bur skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0003746.sys Infected: Rootkit.Win32.Agent.aii skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0003753.dll Infected: Packed.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\beep.sys Infected: Rootkit.Win32.Agent.aii skipped

C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\xcsDd06\xcsDd061083.exe Infected: Trojan-Downloader.Win32.VB.dht skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Edited by johnnyballgamer, 28 April 2008 - 03:34 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users