Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A Very Dangerous Situation. Please Help !


  • Please log in to reply
7 replies to this topic

#1 DJ Endever

DJ Endever

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 01 July 2008 - 04:31 PM

Hello guys,

Im new to this forum. I have run into a very deep sh** problem, i hope you guys would be able to help me ! This is going to be a detailed description of what happened and what the situation is, so please dont mind. . .

Okay, so this problem started 2 weeks ago. I have installed Kaspersky Internet Security 7.0 (Original License). Everything was working fine when the following started to happen :

1) One fine morning, the antivirus reported a trojan program named :

detected: Trojan program Trojan-Downloader.JS.Multi.cn
URL: http://mx.content-type.cn:443/day.js


Along with the one mentioned above, now i keep getting these alerts from the antivirus software :

6/29/2008 3:54:04 PM Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2156): suspicious action. Attempt to modify Microsoft Internet Explorer plug-in settings (key HKEY_USERS\S-1-5-21-776561741-1767777339-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser, value ITBar7Layout, data 13 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 10 00 01 00 15 00 00 00 01 00 00 00 00 07 00 00 5e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 be c0 2e 18 10 51 c8 49 a0 62 be b1 d0 2a 22 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00).


6/29/2008 4:58:56 PM Malicious HTTP object <http://mx.content-type.cn:443/day.js>: detected: Trojan program 'Trojan-Downloader.JS.Multi.cn'.
6/29/2008 4:58:56 PM Malicious HTTP object <http://mx.content-type.cn:443/day.js>: access denied.
6/29/2008 5:01:41 PM Malicious HTTP object <http://mx.content-type.cn:443/day.js>: detected: Trojan program 'Trojan-Downloader.JS.Multi.cn'.
6/29/2008 5:01:41 PM Malicious HTTP object <http://mx.content-type.cn:443/day.js>: access denied.
6/29/2008 5:04:39 PM Malicious HTTP object <http://mx.content-type.cn:443/day.js>: detected: Trojan program 'Trojan-Downloader.JS.Multi.cn'.
6/29/2008 5:04:39 PM Malicious HTTP object <http://mx.content-type.cn:443/day.js>: access denied.
6/29/2008 5:07:41 PM Malicious HTTP object <http://mx.content-type.cn:443/day.js>: detected: Trojan program 'Trojan-Downloader.JS.Multi.cn'.
6/29/2008 5:07:41 PM Malicious HTTP object <http://mx.content-type.cn:443/day.js>: access denied.
6/29/2008 5:10:38 PM Malicious HTTP object <http://mx.content-type.cn:443/day.js>: detected: Trojan program 'Trojan-Downloader.JS.Multi.cn'.
6/29/2008 5:10:38 PM Malicious HTTP object <http://mx.content-type.cn:443/day.js>: access denied.


By the above alert you can see how frequent it is. These alerts come randomly, and always come whenever i open windows internet explorer 7, OR i try to open any website.
So, the problem is that KIS 7.0 gives me the option of blocking/denying the threat but for some reason it doesnt detect or delete it. Im pretty good at these computer issues but im completely puzzled at this thing.

Below is some very vital diagnosis i did (may prove helpful in letting you guys know a clear better picture of the problem)
1. When KIS detects any of the above threats (especially that Trojan-Downloader.JS.Multi.cn), i obviously deny/block it. When i do that immidiately the IE7 shows "Done" in the bar below. When this happened, i right clicked on the white blank space and selected view source.
The notepad file opened up the mystery, it said :

<script language="javascript" SRC="http://mx.content-type.cn:443/day.js"></script>.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


This piece of code has been somehow injected into every webpage that i browse and it loads BEFORE any other thing does. So as a result if i block it, the browsing will be blocked also. I also tried allowing to see what happens, it loads the page occasionally (other times it says internet explorer cannot display the webpage) and whole of the text on whatever website browsed has its sized increased by 2 times !!!!
Plus, when i allow it, somehow i cannot login into ANY site on the internet (cookies get messed up or something)

This has to do something with the site that the code injected directs to open :
http://mx.content-type.cn:443/day.js

I searched for this problem on the internet (searched for mx.content........), i found that i wasnt alone :
http://ph.answers.yahoo.com/question/index...29072722AAc7DlL
Also a reference from an indonesian site (but too bad i dont understand indonesian language) :
http://jailangkung.wordpress.com/2008/06/3...jan-dari-china/

Please help me this stupid trojan has disrupted my life completely (I feel like breaking my system !)
The most frustrating thing is that i have formatted windows 3 times but the problem still prevails !!!!

Edited by DJ Endever, 01 July 2008 - 04:36 PM.


BC AdBot (Login to Remove)

 


#2 DJ Endever

DJ Endever
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 01 July 2008 - 05:24 PM

WARNING : I suspect as the sources also say, its a very recent and new trojan program and certainly the most dangerous i have ever witnessed in life, so please be careful with this thing..... (For users currently not infected by it)

#3 DJ Endever

DJ Endever
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 01 July 2008 - 05:37 PM

Sorry posting in multiple posts, but i forgot to inform about something very important :
I have tried using other browsers also. For example when i had started experiencing these problems with internet explorer 7, i downloaded two other browsers : Mozilla Firefox and Maxthon. I thought this would solve the problem. But no luck, the condition remains the same, i still get all those notifications from KIS 7.0 and the browsing is hampered in those browsers also.

Something strange : When i was trying to browse in Maxthon, i got the notification and denied/blocked it and then i got saw in the top title bar of the maxthon browser "Internet explorer cannot display webpage"

I dont think this should be the case, when im browsing with maxthon why should i get a screen of internet explorer ?
Just provided the info hoping it would help. I think the trojan has injected itself into the iexplore.exe itself. . . . .

Update :: Just ran all of the scanning tools mention on this very cool site and immidiately KIS 7.0 found 97 traces of 'Virus.Win32.Alman.b'

Edited by DJ Endever, 01 July 2008 - 05:57 PM.


#4 DJ Endever

DJ Endever
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 02 July 2008 - 07:10 PM

Please somebody help me out with this ..... !!

#5 I_am_CanadianEh?

I_am_CanadianEh?

  • Members
  • 489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 03 July 2008 - 08:16 AM

Download CCleaner from Here

Try running Kaspersky in Safe Mode and delete/quarantine anything it finds. You need to reboot your computer and then Tap F8 to get into safe mode.

Then, delete all your temp files, Internet cookies, History and Temporary File folders. Also clear your Java cache.
All this can be done via CCleaner

Install it, and then set it up with these settings:

1) Click Options, then Advanced. Clear all check boxes EXCEPT: "Show Prompt to Backup Registry Issues"
2) Click the Cleaner Tab. Under the Windows tab, UNCHECK the following:

- Autocomplete Form History
- Menu Order Cache
- Window Size/Location Cache
- Hotfix Uninstallers
- Custom Files & Folders

3) Click the Cleaner Tab. Under the Applications tab, UNCHECK the following:

- Saved Form History

Now run CCleaner by selecting "Run Cleaner" at bottom right of the screen.

Reboot into normal mode and and let me know the situation.

:thumbsup:

#6 DJ Endever

DJ Endever
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 04 July 2008 - 03:58 PM

Situation still remained the same. When i restarted the windows installation had corrupted. So, as i already had all data backed up,

1). I used (7-Pass secure German VSITR formatting technology) and formatted my whole hard disk. 2). Installed winXP Professional with a disk and installed an original license again.
3). Now when i was running windows update i encountered the same trojan (i was suspicious of its presence).
4). So i installed Kaspersky Internet Security 2009 with a valid original license, update the antivirus databases and below is the report it generated.

I couldnt find attachments so posting it here only. Sorry its a bit too big.

Full Scan: completed 7/4/2008 9:29:30 PM (events: 4, objects: 47374, time: 12:06:25 AM)
7/4/2008 10:54:58 PM Task completed
7/4/2008 10:54:22 PM Detected: http://www.viruslist.com/en/advisories/26027 c:\windows\system32\Macromed\Flash\flash.ocx
7/4/2008 10:51:34 PM Detected: http://www.viruslist.com/en/advisories/26027 c:\windows\SoftwareDistribution\Download\354955e5a48449db338e32557238a670\flash.ocx
7/4/2008 10:44:10 PM Detected: http://www.viruslist.com/en/advisories/26027 c:\windows\system32\Macromed\Flash\flash.ocx
7/4/2008 10:44:02 PM Task started
Full Scan: completed 7/4/2008 9:29:30 PM (events: 4, objects: 47374, time: 12:06:25 AM)
7/4/2008 9:29:30 PM Task completed
7/4/2008 9:28:58 PM Detected: http://www.viruslist.com/en/advisories/26027 c:\windows\system32\Macromed\Flash\flash.ocx
7/4/2008 9:26:24 PM Detected: http://www.viruslist.com/en/advisories/26027 c:\windows\SoftwareDistribution\Download\354955e5a48449db338e32557238a670\flash.ocx
7/4/2008 9:23:05 PM Task started
Full Scan: completed 7/4/2008 9:29:30 PM (events: 4, objects: 47374, time: 12:06:25 AM)
7/4/2008 9:23:02 PM Task completed
7/4/2008 9:22:46 PM Task started
Full Scan: completed 7/4/2008 9:29:30 PM (events: 4, objects: 47374, time: 12:06:25 AM)
7/4/2008 9:15:25 PM Task started
Full Scan: completed 7/4/2008 9:29:30 PM (events: 4, objects: 47374, time: 12:06:25 AM)
7/4/2008 9:14:38 PM Task completed
7/4/2008 9:13:34 PM Detected: http://www.viruslist.com/en/advisories/26027 c:\windows\system32\Macromed\Flash\flash.ocx
7/4/2008 9:11:13 PM Detected: http://www.viruslist.com/en/advisories/26027 c:\windows\SoftwareDistribution\Download\354955e5a48449db338e32557238a670\flash.ocx
7/4/2008 9:08:20 PM Untreated: Trojan-GameThief.Win32.OnLineGames.sawi c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003169.dll Postponed
7/4/2008 9:08:20 PM Detected: Trojan-GameThief.Win32.OnLineGames.sawi c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003169.dll
7/4/2008 9:08:20 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxwy c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003166.exe/UPack Postponed
7/4/2008 9:08:20 PM Untreated: Virus.Win32.Alman.b c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003167.sys Postponed
7/4/2008 9:08:20 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxwy c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003166.exe/UPack
7/4/2008 9:08:20 PM Detected: Virus.Win32.Alman.b c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003167.sys
7/4/2008 9:08:20 PM Untreated: Trojan-GameThief.Win32.OnLineGames.sasr c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003165.exe/UPack Postponed
7/4/2008 9:08:20 PM Detected: Trojan-GameThief.Win32.OnLineGames.sasr c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003165.exe/UPack
7/4/2008 9:08:20 PM Untreated: Trojan-GameThief.Win32.OnLineGames.sata c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003164.exe/UPack Postponed
7/4/2008 9:08:20 PM Detected: Trojan-GameThief.Win32.OnLineGames.sata c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003164.exe/UPack
7/4/2008 9:08:19 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxxp c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003163.exe/UPack Postponed
7/4/2008 9:08:19 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxp c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003163.exe/UPack
7/4/2008 9:08:19 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxxp c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003162.exe/UPack Postponed
7/4/2008 9:08:19 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxp c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003162.exe/UPack
7/4/2008 9:08:19 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxxa c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003161.exe/UPack Postponed
7/4/2008 9:08:19 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxa c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003161.exe/UPack
7/4/2008 9:08:19 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxwy c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003158.exe/UPack Postponed
7/4/2008 9:08:19 PM Untreated: Trojan-GameThief.Win32.OnLineGames.sasz c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003159.exe/UPack Postponed
7/4/2008 9:08:19 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxyp c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003160.exe/UPack Postponed
7/4/2008 9:08:19 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxyp c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003160.exe/UPack
7/4/2008 9:08:19 PM Detected: Trojan-GameThief.Win32.OnLineGames.sasz c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003159.exe/UPack
7/4/2008 9:08:19 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxwy c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003158.exe/UPack
7/4/2008 9:08:19 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxxp c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003157.exe/UPack Postponed
7/4/2008 9:08:19 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxyk c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003156.exe/UPack Postponed
7/4/2008 9:08:19 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxp c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003157.exe/UPack
7/4/2008 9:08:19 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxyk c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003156.exe/UPack
7/4/2008 9:08:19 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxyp c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003154.exe/UPack Postponed
7/4/2008 9:08:19 PM Untreated: Trojan-GameThief.Win32.OnLineGames.sasu c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003155.exe/UPack Postponed
7/4/2008 9:08:19 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxyp c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003154.exe/UPack
7/4/2008 9:08:19 PM Detected: Trojan-GameThief.Win32.OnLineGames.sasu c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003155.exe/UPack
7/4/2008 9:08:19 PM Untreated: Trojan-GameThief.Win32.OnLineGames.said c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003153.exe/UPack Postponed
7/4/2008 9:08:19 PM Detected: Trojan-GameThief.Win32.OnLineGames.said c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003153.exe/UPack
7/4/2008 9:08:19 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxzp c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003152.exe/UPack Postponed
7/4/2008 9:08:19 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxxz c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003148.exe/UPack Postponed
7/4/2008 9:08:19 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxzp c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003152.exe/UPack
7/4/2008 9:08:19 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxyj c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003151.exe/UPack Postponed
7/4/2008 9:08:19 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxz c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003148.exe/UPack
7/4/2008 9:08:19 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxyj c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003151.exe/UPack
7/4/2008 9:08:19 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxxz c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003150.exe/UPack Postponed
7/4/2008 9:08:19 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxz c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003150.exe/UPack
7/4/2008 9:08:19 PM Untreated: Trojan-GameThief.Win32.OnLineGames.satp c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003149.exe/UPack Postponed
7/4/2008 9:08:19 PM Detected: Trojan-GameThief.Win32.OnLineGames.satp c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003149.exe/UPack
7/4/2008 9:08:19 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxxz c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003147.exe/UPack Postponed
7/4/2008 9:08:19 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxz c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003147.exe/UPack
7/4/2008 9:08:18 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxxp c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003145.exe/UPack Postponed
7/4/2008 9:08:18 PM Untreated: Trojan-GameThief.Win32.OnLineGames.sasv c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003146.exe/UPack Postponed
7/4/2008 9:08:18 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxp c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003145.exe/UPack
7/4/2008 9:08:18 PM Detected: Trojan-GameThief.Win32.OnLineGames.sasv c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0003146.exe/UPack
7/4/2008 9:08:18 PM Untreated: Trojan-Downloader.Win32.Agent.erl c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0002121.dll Postponed
7/4/2008 9:08:18 PM Detected: Trojan-Downloader.Win32.Agent.erl c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0002121.dll
7/4/2008 9:08:18 PM Untreated: Virus.Win32.Alman.b c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0002119.sys Postponed
7/4/2008 9:08:18 PM Detected: Virus.Win32.Alman.b c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0002119.sys
7/4/2008 9:08:17 PM Untreated: Virus.Win32.Alman.b c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001140.sys Postponed
7/4/2008 9:08:17 PM Detected: Virus.Win32.Alman.b c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001140.sys
7/4/2008 9:08:17 PM Untreated: Trojan-Downloader.Win32.Small.hlp c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001135.dll Postponed
7/4/2008 9:08:17 PM Detected: Trojan-Downloader.Win32.Small.hlp c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001135.dll
7/4/2008 9:08:17 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxyh c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001133.dll Postponed
7/4/2008 9:08:17 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxyh c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001133.dll
7/4/2008 9:08:17 PM Untreated: Trojan-GameThief.Win32.OnLineGames.satt c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001134.dll Postponed
7/4/2008 9:08:17 PM Detected: Trojan-GameThief.Win32.OnLineGames.satt c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001134.dll
7/4/2008 9:08:17 PM Untreated: Trojan-GameThief.Win32.OnLineGames.save c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001132.dll Postponed
7/4/2008 9:08:17 PM Detected: Trojan-GameThief.Win32.OnLineGames.save c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001132.dll
7/4/2008 9:08:17 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rzqw c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001130.dll Postponed
7/4/2008 9:08:17 PM Detected: Trojan-GameThief.Win32.OnLineGames.rzqw c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001130.dll
7/4/2008 9:08:16 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxyp c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001131.dll Postponed
7/4/2008 9:08:16 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxyp c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001131.dll
7/4/2008 9:08:16 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxxh c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001129.dll Postponed
7/4/2008 9:08:16 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxh c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001129.dll
7/4/2008 9:08:16 PM Untreated: Trojan-GameThief.Win32.OnLineGames.ryay c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001128.dll Postponed
7/4/2008 9:08:16 PM Detected: Trojan-GameThief.Win32.OnLineGames.ryay c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001128.dll
7/4/2008 9:08:16 PM Untreated: Trojan-GameThief.Win32.OnLineGames.saia c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001127.dll Postponed
7/4/2008 9:08:16 PM Detected: Trojan-GameThief.Win32.OnLineGames.saia c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001127.dll
7/4/2008 9:08:16 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxys c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001126.dll Postponed
7/4/2008 9:08:16 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxys c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001126.dll
7/4/2008 9:08:16 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxzz c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001125.dll Postponed
7/4/2008 9:08:16 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxzz c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001125.dll
7/4/2008 9:08:16 PM Untreated: Trojan-GameThief.Win32.OnLineGames.ryts c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001124.dll Postponed
7/4/2008 9:08:16 PM Detected: Trojan-GameThief.Win32.OnLineGames.ryts c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001124.dll
7/4/2008 9:08:16 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxxu c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001123.dll Postponed
7/4/2008 9:08:16 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxu c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001123.dll
7/4/2008 9:08:16 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxya c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001122.dll Postponed
7/4/2008 9:08:16 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxya c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001122.dll
7/4/2008 9:08:16 PM Untreated: Trojan-GameThief.Win32.OnLineGames.sasj c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001121.dll Postponed
7/4/2008 9:08:16 PM Detected: Trojan-GameThief.Win32.OnLineGames.sasj c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001121.dll
7/4/2008 9:08:15 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxxm c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001120.dll Postponed
7/4/2008 9:08:15 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxm c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001120.dll
7/4/2008 9:08:15 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rzqk c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001119.dll Postponed
7/4/2008 9:08:15 PM Detected: Trojan-GameThief.Win32.OnLineGames.rzqk c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001119.dll
7/4/2008 9:08:15 PM Untreated: Trojan-GameThief.Win32.OnLineGames.sask c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001118.dll Postponed
7/4/2008 9:08:15 PM Detected: Trojan-GameThief.Win32.OnLineGames.sask c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001118.dll
7/4/2008 9:08:15 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxxl c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001117.dll Postponed
7/4/2008 9:08:15 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxl c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001117.dll
7/4/2008 9:08:15 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxyq c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001115.dll Postponed
7/4/2008 9:08:15 PM Untreated: Trojan-GameThief.Win32.OnLineGames.ryax c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001116.dll Postponed
7/4/2008 9:08:15 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxyq c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001115.dll
7/4/2008 9:08:15 PM Detected: Trojan-GameThief.Win32.OnLineGames.ryax c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001116.dll
7/4/2008 9:08:15 PM Untreated: Trojan-Downloader.Win32.Small.xwr c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001111.dll Postponed
7/4/2008 9:08:15 PM Detected: Trojan-Downloader.Win32.Small.xwr c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001111.dll
7/4/2008 9:08:15 PM Untreated: Virus.Win32.Alman.b c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001102.sys Postponed
7/4/2008 9:08:15 PM Detected: Virus.Win32.Alman.b c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0001102.sys
7/4/2008 9:08:14 PM Untreated: Virus.Win32.Alman.b c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0000103.sys Postponed
7/4/2008 9:08:14 PM Detected: Virus.Win32.Alman.b c:\System Volume Information\_restore{560D374A-D13D-4E93-A31B-4C052809669C}\RP4\A0000103.sys
7/4/2008 9:07:48 PM Task started
Full Scan: completed 7/4/2008 9:29:30 PM (events: 4, objects: 47374, time: 12:06:25 AM)
7/4/2008 9:07:29 PM Task completed
7/4/2008 9:06:37 PM Task started
Full Scan: completed 7/4/2008 9:29:30 PM (events: 4, objects: 47374, time: 12:06:25 AM)
7/4/2008 9:03:54 PM Task completed
7/4/2008 9:03:41 PM Detected: Trojan-GameThief.Win32.OnLineGames.sawi c:\windows\system32\zywmgime.dll
7/4/2008 9:03:39 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.sawi HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7319A1F1-9410-9654-3201-345FFA349137}
7/4/2008 9:03:39 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.sawi HKCR\{7319a1f1-9410-9654-3201-345ffa349137}\InprocServer32
7/4/2008 9:03:38 PM Will be deleted on system restart: Trojan-GameThief.Win32.OnLineGames.sawi c:\windows\system32\zywmgime.dll
7/4/2008 9:03:38 PM Detected: Trojan-GameThief.Win32.OnLineGames.sawi c:\windows\system32\zywmgime.dll
7/4/2008 9:03:38 PM Task started
Full Scan: completed 7/4/2008 9:29:30 PM (events: 4, objects: 47374, time: 12:06:25 AM)
7/4/2008 9:03:38 PM Task completed
7/4/2008 9:00:49 PM Detected: Trojan-GameThief.Win32.OnLineGames.sawi c:\windows\system32\zywmgime.dll
7/4/2008 9:00:49 PM Deleted: Trojan-GameThief.Win32.OnLineGames.rxwy c:\windows\system32\zxcsahlp.exe
7/4/2008 9:00:49 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxwy c:\windows\system32\zxcsahlp.exe/UPack
7/4/2008 9:00:49 PM Deleted: Trojan-GameThief.Win32.OnLineGames.sasr c:\windows\system32\zscqahlp.exe
7/4/2008 9:00:49 PM Detected: Trojan-GameThief.Win32.OnLineGames.sasr c:\windows\system32\zscqahlp.exe/UPack
7/4/2008 9:00:49 PM Deleted: Trojan-GameThief.Win32.OnLineGames.sata c:\windows\system32\tjfyabyt.exe
7/4/2008 9:00:49 PM Detected: Trojan-GameThief.Win32.OnLineGames.sata c:\windows\system32\tjfyabyt.exe/UPack
7/4/2008 9:00:49 PM Deleted: Trojan-GameThief.Win32.OnLineGames.rxxp c:\windows\system32\spjhahlp.exe
7/4/2008 9:00:49 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxp c:\windows\system32\spjhahlp.exe/UPack
7/4/2008 9:00:49 PM Deleted: Trojan-GameThief.Win32.OnLineGames.rxxp c:\windows\system32\siwdaapi.exe
7/4/2008 9:00:49 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxp c:\windows\system32\siwdaapi.exe/UPack
7/4/2008 9:00:49 PM Deleted: Trojan-GameThief.Win32.OnLineGames.rxxa c:\windows\system32\simyaapi.exe
7/4/2008 9:00:49 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxa c:\windows\system32\simyaapi.exe/UPack
7/4/2008 9:00:49 PM Deleted: Trojan-GameThief.Win32.OnLineGames.rxyp c:\windows\system32\pldhadwd.exe
7/4/2008 9:00:49 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxyp c:\windows\system32\pldhadwd.exe/UPack
7/4/2008 9:00:49 PM Deleted: Trojan-GameThief.Win32.OnLineGames.sasz c:\windows\system32\mkjsakaq.exe
7/4/2008 9:00:49 PM Detected: Trojan-GameThief.Win32.OnLineGames.sasz c:\windows\system32\mkjsakaq.exe/UPack
7/4/2008 9:00:49 PM Deleted: Trojan-GameThief.Win32.OnLineGames.rxwy c:\windows\system32\lpzhatde.exe
7/4/2008 9:00:49 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxwy c:\windows\system32\lpzhatde.exe/UPack
7/4/2008 9:00:49 PM Deleted: Trojan-GameThief.Win32.OnLineGames.rxxp c:\windows\system32\lpsgajba.exe
7/4/2008 9:00:49 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxp c:\windows\system32\lpsgajba.exe/UPack
7/4/2008 9:00:49 PM Deleted: Trojan-GameThief.Win32.OnLineGames.rxyk c:\windows\system32\jbhxabyt.exe
7/4/2008 9:00:49 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxyk c:\windows\system32\jbhxabyt.exe/UPack
7/4/2008 9:00:49 PM Deleted: Virus.Win32.Alman.b c:\windows\system32\drivers\cdralw.sys
7/4/2008 9:00:48 PM Detected: Virus.Win32.Alman.b c:\windows\system32\drivers\cdralw.sys
7/4/2008 9:00:22 PM Untreated: Virus.Win32.Alman.b c:\windows\system32\drivers\cdralw.sys Postponed
7/4/2008 9:00:22 PM Detected: Virus.Win32.Alman.b c:\windows\system32\drivers\cdralw.sys
7/4/2008 8:59:44 PM Untreated: Trojan-GameThief.Win32.OnLineGames.sawi c:\windows\system32\zywmgime.dll Postponed
7/4/2008 8:59:44 PM Detected: Trojan-GameThief.Win32.OnLineGames.sawi c:\windows\system32\zywmgime.dll
7/4/2008 8:59:44 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxwy c:\windows\system32\zxcsahlp.exe/UPack Postponed
7/4/2008 8:59:44 PM Untreated: Trojan-GameThief.Win32.OnLineGames.sasr c:\windows\system32\zscqahlp.exe/UPack Postponed
7/4/2008 8:59:44 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxwy c:\windows\system32\zxcsahlp.exe/UPack
7/4/2008 8:59:43 PM Detected: Trojan-GameThief.Win32.OnLineGames.sasr c:\windows\system32\zscqahlp.exe/UPack
7/4/2008 8:59:37 PM Untreated: Trojan-GameThief.Win32.OnLineGames.sata c:\windows\system32\tjfyabyt.exe/UPack Postponed
7/4/2008 8:59:37 PM Detected: Trojan-GameThief.Win32.OnLineGames.sata c:\windows\system32\tjfyabyt.exe/UPack
7/4/2008 8:59:36 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxxp c:\windows\system32\spjhahlp.exe/UPack Postponed
7/4/2008 8:59:36 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxp c:\windows\system32\spjhahlp.exe/UPack
7/4/2008 8:59:35 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxxp c:\windows\system32\siwdaapi.exe/UPack Postponed
7/4/2008 8:59:35 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxp c:\windows\system32\siwdaapi.exe/UPack
7/4/2008 8:59:35 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxxa c:\windows\system32\simyaapi.exe/UPack Postponed
7/4/2008 8:59:35 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxa c:\windows\system32\simyaapi.exe/UPack
7/4/2008 8:59:30 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxyp c:\windows\system32\pldhadwd.exe/UPack Postponed
7/4/2008 8:59:30 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxyp c:\windows\system32\pldhadwd.exe/UPack
7/4/2008 8:59:19 PM Untreated: Trojan-GameThief.Win32.OnLineGames.sasz c:\windows\system32\mkjsakaq.exe/UPack Postponed
7/4/2008 8:59:19 PM Detected: Trojan-GameThief.Win32.OnLineGames.sasz c:\windows\system32\mkjsakaq.exe/UPack
7/4/2008 8:59:19 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxwy c:\windows\system32\lpzhatde.exe/UPack Postponed
7/4/2008 8:59:18 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxwy c:\windows\system32\lpzhatde.exe/UPack
7/4/2008 8:59:18 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxxp c:\windows\system32\lpsgajba.exe/UPack Postponed
7/4/2008 8:59:18 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxp c:\windows\system32\lpsgajba.exe/UPack
7/4/2008 8:59:16 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxyk c:\windows\system32\jbhxabyt.exe/UPack Postponed
7/4/2008 8:59:16 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxyk c:\windows\system32\jbhxabyt.exe/UPack
7/4/2008 8:59:16 PM Untreated: Trojan-GameThief.Win32.OnLineGames.sasu c:\windows\system32\isdsasrv.exe/UPack Postponed
7/4/2008 8:59:16 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxyp c:\windows\system32\ismhasrv.exe/UPack Postponed
7/4/2008 8:59:16 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxyp c:\windows\system32\ismhasrv.exe/UPack
7/4/2008 8:59:16 PM Detected: Trojan-GameThief.Win32.OnLineGames.sasu c:\windows\system32\isdsasrv.exe/UPack
7/4/2008 8:59:13 PM Untreated: Trojan-GameThief.Win32.OnLineGames.said c:\windows\system32\fdtxaiua.exe/UPack Postponed
7/4/2008 8:59:13 PM Detected: Trojan-GameThief.Win32.OnLineGames.said c:\windows\system32\fdtxaiua.exe/UPack
7/4/2008 8:59:12 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxzp c:\windows\system32\dsdyapaw.exe/UPack Postponed
7/4/2008 8:59:12 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxzp c:\windows\system32\dsdyapaw.exe/UPack
7/4/2008 8:59:10 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxyj c:\windows\system32\dazfajke.exe/UPack Postponed
7/4/2008 8:59:10 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxyj c:\windows\system32\dazfajke.exe/UPack
7/4/2008 8:59:06 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxxz c:\windows\system32\azzxaime.exe/UPack Postponed
7/4/2008 8:59:06 PM Untreated: Trojan-GameThief.Win32.OnLineGames.satp c:\windows\system32\azwmaime.exe/UPack Postponed
7/4/2008 8:59:06 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxz c:\windows\system32\azzxaime.exe/UPack
7/4/2008 8:59:06 PM Detected: Trojan-GameThief.Win32.OnLineGames.satp c:\windows\system32\azwmaime.exe/UPack
7/4/2008 8:59:06 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxxz c:\windows\system32\azcbaime.exe/UPack Postponed
7/4/2008 8:59:06 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxxz c:\windows\system32\azwlaime.exe/UPack Postponed
7/4/2008 8:59:06 PM Untreated: Trojan-GameThief.Win32.OnLineGames.sasv c:\windows\system32\axmsawin.exe/UPack Postponed
7/4/2008 8:59:06 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxz c:\windows\system32\azcbaime.exe/UPack
7/4/2008 8:59:06 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxz c:\windows\system32\azwlaime.exe/UPack
7/4/2008 8:59:06 PM Detected: Trojan-GameThief.Win32.OnLineGames.sasv c:\windows\system32\axmsawin.exe/UPack
7/4/2008 8:59:05 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxxp c:\windows\system32\aitlasys.exe/UPack Postponed
7/4/2008 8:59:05 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxp c:\windows\system32\aitlasys.exe/UPack
7/4/2008 8:55:58 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxxz c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\S5ANCHEN\9[1].gif/UPack Postponed
7/4/2008 8:55:58 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxz c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\S5ANCHEN\9[1].gif/UPack
7/4/2008 8:55:58 PM Untreated: Trojan-GameThief.Win32.OnLineGames.sasv c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\S5ANCHEN\4[1].gif/UPack Postponed
7/4/2008 8:55:58 PM Detected: Trojan-GameThief.Win32.OnLineGames.sasv c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\S5ANCHEN\4[1].gif/UPack
7/4/2008 8:55:58 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxyj c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\S5ANCHEN\22[1].gif/UPack Postponed
7/4/2008 8:55:58 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxyj c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\S5ANCHEN\22[1].gif/UPack
7/4/2008 8:55:58 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxxz c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\S5ANCHEN\16[1].gif/UPack Postponed
7/4/2008 8:55:58 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxz c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\S5ANCHEN\16[1].gif/UPack
7/4/2008 8:55:58 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxyp c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\S5ANCHEN\12[1].gif/UPack Postponed
7/4/2008 8:55:57 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxyp c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\S5ANCHEN\12[1].gif/UPack
7/4/2008 8:55:57 PM Untreated: Exploit.JS.RealPlr.lf c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\K9URG52F\ilink[1].htm Postponed
7/4/2008 8:55:57 PM Detected: Exploit.JS.RealPlr.lf c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\K9URG52F\ilink[1].htm
7/4/2008 8:55:56 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxxa c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\K9URG52F\7[1].gif/UPack Postponed
7/4/2008 8:55:56 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxzp c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\K9URG52F\6[1].gif/UPack Postponed
7/4/2008 8:55:56 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxzp c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\K9URG52F\6[1].gif/UPack
7/4/2008 8:55:56 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxa c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\K9URG52F\7[1].gif/UPack
7/4/2008 8:55:56 PM Untreated: Trojan-GameThief.Win32.OnLineGames.sata c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\K9URG52F\23[1].gif/UPack Postponed
7/4/2008 8:55:56 PM Detected: Trojan-GameThief.Win32.OnLineGames.sata c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\K9URG52F\23[1].gif/UPack
7/4/2008 8:55:55 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxyp c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\K9URG52F\1[1].gif/UPack Postponed
7/4/2008 8:55:55 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxyp c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\K9URG52F\1[1].gif/UPack
7/4/2008 8:55:55 PM Untreated: Trojan-GameThief.Win32.OnLineGames.said c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\K9URG52F\13[1].gif/UPack Postponed
7/4/2008 8:55:55 PM Untreated: Trojan-GameThief.Win32.OnLineGames.sasu c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\K9URG52F\17[1].gif/UPack Postponed
7/4/2008 8:55:55 PM Detected: Trojan-GameThief.Win32.OnLineGames.said c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\K9URG52F\13[1].gif/UPack
7/4/2008 8:55:55 PM Detected: Trojan-GameThief.Win32.OnLineGames.sasu c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\K9URG52F\17[1].gif/UPack
7/4/2008 8:55:55 PM Untreated: Trojan.Win32.Agent.qnw c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\GTMF49MN\russ[1].gif/PE_Patch.UPX/UPX Postponed
7/4/2008 8:55:54 PM Detected: Trojan.Win32.Agent.qnw c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\GTMF49MN\russ[1].gif/PE_Patch.UPX/UPX
7/4/2008 8:55:53 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxwy c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\GTMF49MN\5[1].gif/UPack Postponed
7/4/2008 8:55:53 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxyk c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\GTMF49MN\3[1].gif/UPack Postponed
7/4/2008 8:55:53 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxwy c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\GTMF49MN\5[1].gif/UPack
7/4/2008 8:55:53 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxyk c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\GTMF49MN\3[1].gif/UPack
7/4/2008 8:55:53 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxwy c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\GTMF49MN\21[1].gif/UPack Postponed
7/4/2008 8:55:53 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxwy c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\GTMF49MN\21[1].gif/UPack
7/4/2008 8:55:53 PM Untreated: Trojan-GameThief.Win32.OnLineGames.satp c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\GTMF49MN\20[1].gif/UPack Postponed
7/4/2008 8:55:52 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxxz c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\GTMF49MN\15[1].gif/UPack Postponed
7/4/2008 8:55:52 PM Detected: Trojan-GameThief.Win32.OnLineGames.satp c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\GTMF49MN\20[1].gif/UPack
7/4/2008 8:55:52 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxz c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\GTMF49MN\15[1].gif/UPack
7/4/2008 8:55:52 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxxp c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\GTMF49MN\11[1].gif/UPack Postponed
7/4/2008 8:55:52 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxp c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\GTMF49MN\11[1].gif/UPack
7/4/2008 8:55:52 PM Untreated: Trojan-GameThief.Win32.OnLineGames.sasr c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\GTMF49MN\10[1].gif/UPack Postponed
7/4/2008 8:55:52 PM Untreated: Trojan-Downloader.JS.Agent.cbp c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\GTMF49MN\014[1].htm Postponed
7/4/2008 8:55:52 PM Detected: Trojan-GameThief.Win32.OnLineGames.sasr c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\GTMF49MN\10[1].gif/UPack
7/4/2008 8:55:52 PM Detected: Trojan-Downloader.JS.Agent.cbp c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\GTMF49MN\014[1].htm
7/4/2008 8:55:52 PM Untreated: Trojan-Downloader.Win32.Small.xwr c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\CXUB0XUR\rm[1].exe/UPX Postponed
7/4/2008 8:55:52 PM Detected: Trojan-Downloader.Win32.Small.xwr c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\CXUB0XUR\rm[1].exe/UPX
7/4/2008 8:55:49 PM Untreated: Trojan-Dropper.Win32.Small.axv c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\CXUB0XUR\down[1].gif/UPX Postponed
7/4/2008 8:55:49 PM Detected: Trojan-Dropper.Win32.Small.axv c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\CXUB0XUR\down[1].gif/UPX
7/4/2008 8:55:47 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxxp c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\CXUB0XUR\8[1].gif/UPack Postponed
7/4/2008 8:55:47 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxp c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\CXUB0XUR\8[1].gif/UPack
7/4/2008 8:55:47 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxxp c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\CXUB0XUR\2[1].gif/UPack Postponed
7/4/2008 8:55:47 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxp c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\CXUB0XUR\2[1].gif/UPack
7/4/2008 8:55:47 PM Untreated: Trojan-GameThief.Win32.OnLineGames.rxxp c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\CXUB0XUR\14[1].gif/UPack Postponed
7/4/2008 8:55:47 PM Untreated: Trojan-GameThief.Win32.OnLineGames.sasz c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\CXUB0XUR\19[1].gif/UPack Postponed
7/4/2008 8:55:47 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxp c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\CXUB0XUR\14[1].gif/UPack
7/4/2008 8:55:47 PM Detected: Trojan-GameThief.Win32.OnLineGames.sasz c:\Documents and Settings\R D\Local Settings\Temporary Internet Files\Content.IE5\CXUB0XUR\19[1].gif/UPack
7/4/2008 8:54:39 PM Task started
Full Scan: completed 7/4/2008 9:29:30 PM (events: 4, objects: 47374, time: 12:06:25 AM)
7/4/2008 8:42:51 PM Task completed
7/4/2008 8:42:36 PM Will be deleted on system restart: Trojan-Downloader.Win32.Agent.erl c:\windows\linkinfo.dll
7/4/2008 8:42:36 PM Detected: Trojan-Downloader.Win32.Agent.erl c:\windows\linkinfo.dll
7/4/2008 8:42:36 PM Task started
Full Scan: completed 7/4/2008 9:29:30 PM (events: 4, objects: 47374, time: 12:06:25 AM)
7/4/2008 8:34:46 PM Task completed
7/4/2008 8:34:29 PM Deleted: Trojan-Downloader.Win32.Small.xwr c:\windows\apppatch\desktopwin.dll
7/4/2008 8:34:28 PM Disinfected: Trojan-Downloader.Win32.Small.xwr HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\DesktopWin
7/4/2008 8:34:28 PM Disinfected: Trojan-Downloader.Win32.Small.xwr HKCR\{da191de0-aa86-4ed0-4b87-292a3d48be99}\InprocServer32
7/4/2008 8:34:27 PM Detected: Trojan-Downloader.Win32.Small.xwr c:\windows\apppatch\desktopwin.dll
7/4/2008 8:34:18 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.satt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{5A069845-2036-6084-9054-6087502480A5}
7/4/2008 8:34:18 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.satt HKCR\{5a069845-2036-6084-9054-6087502480a5}\InprocServer32
7/4/2008 8:34:17 PM Will be deleted on system restart: Trojan-Downloader.Win32.Small.hlp c:\windows\apppatch\AcSpecf.dll
7/4/2008 8:34:17 PM Detected: Trojan-Spy.Win32.FtpSend.b c:\windows\apppatch\acxtrnel.bpl
7/4/2008 8:34:17 PM Detected: Trojan-Downloader.Win32.Small.hlp c:\windows\apppatch\AcSpecf.dll
7/4/2008 8:34:17 PM Will be deleted on system restart: Trojan-GameThief.Win32.OnLineGames.satt c:\windows\system32\ozfyebyt.dll
7/4/2008 8:34:16 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.rxyh HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{60A345CD-ABCD-EFAB-CDEF-ABCD01020306}
7/4/2008 8:34:16 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.rxyh HKCR\{60a345cd-abcd-efab-cdef-abcd01020306}\InprocServer32
7/4/2008 8:34:15 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.save HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6A908760-8000-4000-A000-9000322145A6}
7/4/2008 8:34:15 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.save HKCR\{6a908760-8000-4000-a000-9000322145a6}\InprocServer32
7/4/2008 8:34:14 PM Detected: Trojan-GameThief.Win32.OnLineGames.satt c:\windows\system32\ozfyebyt.dll
7/4/2008 8:34:14 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.rxyp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3D698451-2015-6358-9871-2015987452D3}
7/4/2008 8:34:14 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.rxyp HKCR\{3d698451-2015-6358-9871-2015987452d3}\InprocServer32
7/4/2008 8:34:14 PM Will be deleted on system restart: Trojan-GameThief.Win32.OnLineGames.rxyh c:\windows\system32\pqzfajke.dll
7/4/2008 8:34:13 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxyh c:\windows\system32\pqzfajke.dll
7/4/2008 8:34:13 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.rzqw HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4A698102-5904-AFD0-20DF-CD1A65829CA4}
7/4/2008 8:34:13 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.rzqw HKCR\{4a698102-5904-afd0-20df-cd1a65829ca4}\InprocServer32
7/4/2008 8:34:12 PM Will be deleted on system restart: Trojan-GameThief.Win32.OnLineGames.save c:\windows\system32\akjsfkaq.dll
7/4/2008 8:34:12 PM Will be deleted on system restart: Trojan-GameThief.Win32.OnLineGames.rxyp c:\windows\system32\apzhctde.dll
7/4/2008 8:34:12 PM Will be deleted on system restart: Trojan-GameThief.Win32.OnLineGames.rzqw c:\windows\system32\zycbdime.dll
7/4/2008 8:34:12 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxyp c:\windows\system32\apzhctde.dll
7/4/2008 8:34:11 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.rxxh HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{37A924AF-1A5F-CF21-AB1D-1D5CF82A8A73}
7/4/2008 8:34:11 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.rxxh HKCR\{37a924af-1a5f-cf21-ab1d-1d5cf82a8a73}\InprocServer32
7/4/2008 8:34:11 PM Detected: Trojan-GameThief.Win32.OnLineGames.save c:\windows\system32\akjsfkaq.dll
7/4/2008 8:34:10 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.ryay HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{528DF602-9541-A985-210A-984A698C6F25}
7/4/2008 8:34:10 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.ryay HKCR\{528df602-9541-a985-210a-984a698c6f25}\InprocServer32
7/4/2008 8:34:10 PM Will be deleted on system restart: Trojan-GameThief.Win32.OnLineGames.rxxh c:\windows\system32\zywlcime.dll
7/4/2008 8:34:09 PM Detected: Trojan-GameThief.Win32.OnLineGames.rzqw c:\windows\system32\zycbdime.dll
7/4/2008 8:34:08 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.saia HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{20618412-C528-C784-C056-C164D1F7C502}
7/4/2008 8:34:08 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.saia HKCR\{20618412-c528-c784-c056-c164d1f7c502}\InprocServer32
7/4/2008 8:34:08 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxh c:\windows\system32\zywlcime.dll
7/4/2008 8:34:07 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.rxys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{AA59145F-315D-BC23-AC1F-145DF81A34AA}
7/4/2008 8:34:07 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.rxys HKCR\{aa59145f-315d-bc23-ac1f-145df81a34aa}\InprocServer32
7/4/2008 8:34:06 PM Will be deleted on system restart: Trojan-GameThief.Win32.OnLineGames.ryay c:\windows\system32\ptjhehlp.dll
7/4/2008 8:34:06 PM Detected: Trojan-GameThief.Win32.OnLineGames.ryay c:\windows\system32\ptjhehlp.dll
7/4/2008 8:34:06 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.rxzz HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6C648541-1025-9650-9057-6541258720C6}
7/4/2008 8:34:06 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.rxzz HKCR\{6c648541-1025-9650-9057-6541258720c6}\InprocServer32
7/4/2008 8:34:06 PM Will be deleted on system restart: Trojan-GameThief.Win32.OnLineGames.saia c:\windows\system32\detxbiua.dll
7/4/2008 8:34:06 PM Will be deleted on system restart: Trojan-GameThief.Win32.OnLineGames.rxys c:\windows\system32\zyzxjime.dll
7/4/2008 8:34:06 PM Detected: Trojan-GameThief.Win32.OnLineGames.saia c:\windows\system32\detxbiua.dll
7/4/2008 8:34:05 PM Will be deleted on system restart: Trojan-GameThief.Win32.OnLineGames.rxzz c:\windows\system32\mndhfdwd.dll
7/4/2008 8:34:05 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.ryts HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{55694105-5108-9405-3695-954187462155}
7/4/2008 8:34:05 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.ryts HKCR\{55694105-5108-9405-3695-954187462155}\InprocServer32
7/4/2008 8:34:04 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxys c:\windows\system32\zyzxjime.dll
7/4/2008 8:34:03 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.rxxu HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{B629FF4F-ACDB-5C90-A098-FACB3456A26B}
7/4/2008 8:34:03 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.rxxu HKCR\{b629ff4f-acdb-5c90-a098-facb3456a26b}\InprocServer32
7/4/2008 8:34:03 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxzz c:\windows\system32\mndhfdwd.dll
7/4/2008 8:34:02 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.rxya HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{35671234-7890-ABCD-CDEF-567801237653}
7/4/2008 8:34:02 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.rxya HKCR\{35671234-7890-abcd-cdef-567801237653}\InprocServer32
7/4/2008 8:34:01 PM Will be deleted on system restart: Trojan-GameThief.Win32.OnLineGames.ryts c:\windows\system32\mpwdeapi.dll
7/4/2008 8:34:01 PM Detected: Trojan-GameThief.Win32.OnLineGames.ryts c:\windows\system32\mpwdeapi.dll
7/4/2008 8:34:01 PM Will be deleted on system restart: Trojan-GameThief.Win32.OnLineGames.rxxu c:\windows\system32\hdf453d.dll
7/4/2008 8:34:01 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.sasj HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{80AF1289-F140-A140-D012-C1458759FC08}
7/4/2008 8:34:01 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.sasj HKCR\{80af1289-f140-a140-d012-c1458759fc08}\InprocServer32
7/4/2008 8:34:00 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxu c:\windows\system32\hdf453d.dll
7/4/2008 8:34:00 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.rxxm HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{50940F85-F015-14F1-A05F-F69858AC6D05}
7/4/2008 8:34:00 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.rxxm HKCR\{50940f85-f015-14f1-a05f-f69858ac6d05}\InprocServer32
7/4/2008 8:33:59 PM Will be deleted on system restart: Trojan-GameThief.Win32.OnLineGames.rxya c:\windows\system32\yxcschlp.dll
7/4/2008 8:33:59 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxya c:\windows\system32\yxcschlp.dll
7/4/2008 8:33:59 PM Will be deleted on system restart: Trojan-GameThief.Win32.OnLineGames.sasj c:\windows\system32\ypcqghlp.dll
7/4/2008 8:33:59 PM Will be deleted on system restart: Trojan-GameThief.Win32.OnLineGames.rxxm c:\windows\system32\zptlcsys.dll
7/4/2008 8:33:58 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.rzqk HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{2A698452-C5D8-C584-C256-C264C987C5A2}
7/4/2008 8:33:58 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.rzqk HKCR\{2a698452-c5d8-c584-c256-c264c987c5a2}\InprocServer32
7/4/2008 8:33:57 PM Detected: Trojan-GameThief.Win32.OnLineGames.sasj c:\windows\system32\ypcqghlp.dll
7/4/2008 8:33:57 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.sask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8A041F13-A111-12A3-B0CF-F99818AA68A8}
7/4/2008 8:33:57 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.sask HKCR\{8a041f13-a111-12a3-b0cf-f99818aa68a8}\InprocServer32
7/4/2008 8:33:56 PM Will be deleted on system restart: Trojan-GameThief.Win32.OnLineGames.rzqk c:\windows\system32\ijdybpaw.dll
7/4/2008 8:33:56 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxm c:\windows\system32\zptlcsys.dll
7/4/2008 8:33:55 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.rxxl HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7C8D1401-A58D-A81C-CD24-A5915C4517C7}
7/4/2008 8:33:55 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.rxxl HKCR\{7c8d1401-a58d-a81c-cd24-a5915c4517c7}\InprocServer32
7/4/2008 8:33:55 PM Detected: Trojan-GameThief.Win32.OnLineGames.rzqk c:\windows\system32\ijdybpaw.dll
7/4/2008 8:33:54 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.ryax HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6B1AEF69-DDAE-FDAD-DCAB-698F026ABDB6}
7/4/2008 8:33:54 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.ryax HKCR\{6b1aef69-ddae-fdad-dcab-698f026abdb6}\InprocServer32
7/4/2008 8:33:54 PM Will be deleted on system restart: Trojan-GameThief.Win32.OnLineGames.sask c:\windows\system32\zxmsewin.dll
7/4/2008 8:33:53 PM Detected: Trojan-GameThief.Win32.OnLineGames.sask c:\windows\system32\zxmsewin.dll
7/4/2008 8:33:53 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.rxyq HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7FD45A54-9875-698F-E56E-65102358FDF7}
7/4/2008 8:33:53 PM Disinfected: Trojan-GameThief.Win32.OnLineGames.rxyq HKCR\{7fd45a54-9875-698f-e56e-65102358fdf7}\InprocServer32
7/4/2008 8:33:52 PM Will be deleted on system restart: Trojan-GameThief.Win32.OnLineGames.rxxl c:\windows\system32\mnmhgsrv.dll
7/4/2008 8:33:52 PM Will be deleted on system restart: Trojan-GameThief.Win32.OnLineGames.ryax c:\windows\system32\oohxebyt.dll
7/4/2008 8:33:52 PM Will be deleted on system restart: Trojan-GameThief.Win32.OnLineGames.rxyq c:\windows\system32\apsggjba.dll
7/4/2008 8:33:52 PM Detected: Trojan-GameThief.Win32.OnLineGames.ryax c:\windows\system32\oohxebyt.dll
7/4/2008 8:33:52 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxyq c:\windows\system32\apsggjba.dll
7/4/2008 8:33:52 PM Detected: Trojan-GameThief.Win32.OnLineGames.rxxl c:\windows\system32\mnmhgsrv.dll
7/4/2008 8:33:41 PM Will be deleted on system restart: Trojan-Spy.Win32.FtpSend.b c:\windows\apppatch\acxtrnel.bpl
7/4/2008 8:33:41 PM Detected: Trojan-Spy.Win32.FtpSend.b c:\windows\apppatch\acxtrnel.bpl
7/4/2008 8:33:41 PM Task started
Full Scan: completed 7/4/2008 9:29:30 PM (events: 4, objects: 47374, time: 12:06:25 AM)
7/4/2008 6:05:20 PM Task completed
7/4/2008 6:04:40 PM Task started


NOTE :-
1. These reports were generated on scanning a freshly installed copy of windows xp professional.
2. No external drives except for winXP CD and GIGABYTE drives CD were inserted or connected to the system.
3. Computer HDD had been formatted with 7-pass German VSITR technology !! Still infections were detected.

#7 Love My Name

Love My Name

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 04 July 2008 - 06:14 PM

I am no pro. but i will make an attempt suggestion...

Is your windows CD legitimate? You said the license is, but is the CD? Some could be created with viruses already embedded i think.
You said you backed up, before Format? Don't restore, any data, until install Kaspersky and uptodate. Then make a scan of that back up data, which i am assuming is on another drive. Hopefully its just data (i.e. stuff in My Documents), and not critical system files you are restoring.

____

You can go to safe mode and deactivate windows restore. System properties>Restore> Turn off on all drives, this will delete all restore points in "c:\System Volume Information\" including viruses that get propogated when active. Keep deactivate while you try to fix the problem.

Full system Scan with your Kasperky.

I went to the site you posted with language issue, i don't know the language but maybe this is important:

On 4 July, 2008 at 11:17 am obwellyx Said:

Dear All,

Saya dapat solusi dari temen yg pegang jaringan kantor, sbb:

1. open file €˜hosts€™, yang ada di folder:
c:\windows\system32\drivers\etc
2. tambahkan:
127.0.0.1 mx.content-type.cn

Solusi ini cukup membantu untuk memulihkan kecepatan akses internet.


I think wat it is saying is to add the line above to your host file to block the bad addess..
host file located at
C:\WINDOWS\System32\drivers\etc
"hosts" not extension, open with NOTEPAD to edit... Backup First (copy and rename)

Example of what my "host" file says in NOTEPAD:
---------------------------------------------------------------------------------------------

# Copyright 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
.
.
.

---------------------------------------------------------------------------------------------

Edited by Love My Name, 04 July 2008 - 06:17 PM.


#8 lavallie

lavallie

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 20 January 2009 - 07:13 PM

Without pouring over the copious amount of data you submitted, try a fix i just used. It worked.

http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

It looks a little cheezy but right now i can confirm a kill on antivirus xp pro 2009!!!

you can check here first for some reviews: http://www.snapfiles.com/opinions/Super-An...ti-Spyware.html




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users