Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Or Not? (included Various Scans)


  • Please log in to reply
3 replies to this topic

#1 theparade

theparade

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 01 August 2008 - 10:15 PM

Installed a program yesterday, it was a worm and AVG Free detected it. I proceeded to delete it. Then I ran AVG Free scan and it detected nothing. This morning I uninstalled AVG and installed Avira AntiVir Personal Edition. It scanned it around 1 hr, no infections but 8 warnings I believe. I'm worried that my computer is still infected. I think I am infected because
I installed AVG's setup, and then it wouldn't install for some reason. The screen would go white and then I had to end the program. Tried twice. Deleted the setup, and then my friend told me to install Avira. Now thinking back about the setup problem with AVG, it was probably because I was using Firefox 3 to download the setup, and I used IE to download the Avira setup. I'm not sure, so I posted this. By the way, programs used are:

Avira AntiVir Personal Edition
Spybot Search & Destroy
COMODO Firewall Pro
A-squared Free
Spyware Blaster
F-Secure Blacklight

So here is the report of Avira:

Avira AntiVir Personal
Report file date: Friday, August 01, 2008 11:38

Scanning for 1528705 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: YOUR-47375C5FC1

Version information:
BUILD.DAT : 8.1.0.326 16933 Bytes 11/7/2008 12:57:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/6/2008 17:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/5/2008 16:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/6/2008 21:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/5/2008 16:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/7/2007 19:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/6/2008 22:54:15
ANTIVIR2.VDF : 7.0.5.174 2027008 Bytes 25/7/2008 18:35:08
ANTIVIR3.VDF : 7.0.5.205 285696 Bytes 1/8/2008 18:35:10
Engineversion : 8.1.1.15
AEVDF.DLL : 8.1.0.5 102772 Bytes 9/7/2008 17:46:50
AESCRIPT.DLL : 8.1.0.61 311675 Bytes 1/8/2008 18:35:50
AESCN.DLL : 8.1.0.23 119156 Bytes 1/8/2008 18:35:49
AERDL.DLL : 8.1.0.20 418165 Bytes 9/7/2008 17:46:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 1/8/2008 18:35:48
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 1/8/2008 18:35:46
AEHEUR.DLL : 8.1.0.44 1343863 Bytes 1/8/2008 18:35:45
AEHELP.DLL : 8.1.0.15 115063 Bytes 9/7/2008 17:46:50
AEGEN.DLL : 8.1.0.32 315765 Bytes 1/8/2008 18:35:41
AEEMU.DLL : 8.1.0.7 430452 Bytes 1/8/2008 18:35:40
AECORE.DLL : 8.1.1.8 172406 Bytes 1/8/2008 18:35:38
AEBB.DLL : 8.1.0.1 53617 Bytes 24/4/2008 17:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 9/7/2008 17:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/5/2008 18:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 1/8/2008 18:35:36
AVREG.DLL : 8.0.0.1 33537 Bytes 9/5/2008 20:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/2/2008 17:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/6/2008 21:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/1/2008 02:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/6/2008 21:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/1/2008 21:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/6/2008 22:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/6/2008 22:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Friday, August 01, 2008 11:38

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'LowLight.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'cfp.exe' - '1' Module(s) have been scanned
Scan process 'cssurf.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'ipoint.exe' - '1' Module(s) have been scanned
Scan process 'itype.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'PPHIDPAD.EXE' - '1' Module(s) have been scanned
Scan process 'pptd40nt.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
Scan process 'LVComS.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'VAIOUpdt.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'RM_SV.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'VzFw.exe' - '1' Module(s) have been scanned
Scan process 'VzCdbSvc.exe' - '1' Module(s) have been scanned
Scan process 'VCSW.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMceMan.exe' - '1' Module(s) have been scanned
Scan process 'SonicStageMonitoring.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned
Scan process 'cmdagent.exe' - '1' Module(s) have been scanned
Scan process 'Brmfrmps.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'brss01a.exe' - '1' Module(s) have been scanned
Scan process 'brsvc01a.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
62 processes with 62 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '87' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Joshua\Local Settings\Temporary Internet Files\Content.IE5\6TC6POX4\scnAVavbase13500000[1].cab
[0] Archive type: CAB (Microsoft)
--> scnAVavbase.inf
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Joshua\Local Settings\Temporary Internet Files\Content.IE5\ODNAVSLG\scnAVavbase13500000[1].cab
[0] Archive type: CAB (Microsoft)
--> scnAVavbase.inf
[WARNING] No further files can be extracted from this archive. The archive will be closed
Begin scan in 'D:\'


End of the scan: Friday, August 01, 2008 12:44
Used time: 1:05:35 Hour(s)

The scan has been done completely.

14190 Scanning directories
471984 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
471982 Files not concerned
10334 Archives were scanned
8 Warnings
0 Notes



------
F-Secure Blacklight found nothing

Spybot Search & Destroy found nothing

------------------
Just finished scanning using A-squared free (deep scan). Detected 1 tracking cookie + 2 Ad-ware. Deleted them.

a-squared Free - Version 3.5
Last update: 8/1/2008 5:06:16 PM

Scan settings:

Objects: Memory, Traces, Cookies, C:\, D:\
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 8/1/2008 5:09:56 PM

C:\Documents and Settings\Joshua\Cookies\joshua@com[1].txt detected: Trace.TrackingCookie
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL detected: Adware.Win32.MySearch.i
C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\runner.exe detected: Adware.BackWeb.a
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe detected: Adware.BackWeb.a

Scanned

Files: 329928
Traces: 425962
Cookies: 2331
Processes: 59

Found

Files: 3
Traces: 0
Cookies: 1
Processes: 0
Registry keys: 0

Scan end: 8/1/2008 7:49:19 PM
Scan time: 2:39:23

C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\runner.exe Deleted Adware.BackWeb.a
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe Deleted Adware.BackWeb.a
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL Deleted Adware.Win32.MySearch.i
C:\Documents and Settings\Joshua\Cookies\joshua@com[1].txt Deleted Trace.TrackingCookie

Deleted

Files: 3
Traces: 0
Cookies: 1
-------------

Should I post a HJT log in the HJT log forum?

Edited by theparade, 01 August 2008 - 10:21 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:14 PM

Posted 02 August 2008 - 08:05 AM

If you're not finding anything with these scans and you're not having any issues/signs of infection with your computer, then I'd say your probably ok. There are better scanning tools besides Spybot and A-squared so try one more.

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 rnfstwill

rnfstwill

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:11:14 PM

Posted 14 March 2009 - 09:13 PM

Hello,

I'm a new user of PCs. I'm having some of the same warnings that are posted in the original message. Can anyone tell me what they mean and what to do??

in master boot sectors HD1 and HD2 and HD3 and HD4

[info] no virus found
[warning] system error [21]: the device is not ready
[info] please restart search with Administrator rights

Also

C:\hiberfil.sys
[warning] the file could not be opened

C:\pagefile.sys
[warning] the file could not be opened

Edited by rnfstwill, 14 March 2009 - 09:13 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:14 PM

Posted 15 March 2009 - 06:49 AM

Hello rnfstwill

If you have an issue or problem you would like to discuss, please start your own topic. Doing that will help to avoid the confusion that often occurs when trying to help two or more members at the same time in the same thread. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette.

Thanks for your cooperation.
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users