Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Infections - Please Help


  • This topic is locked This topic is locked
23 replies to this topic

#1 ridgedale

ridgedale

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 12 May 2009 - 11:57 PM

I would be grateful if someone could help me with this infected PC. Below is the DDS.txt log as requested and I have also attached zipped Attach.txt log. In addition I have attached zipped anti-virus ClamWin and Kaspersky Online Scanner scan logs for additional reference:

================================DDS Log=================================


DDS (Ver_09-03-16.01) - NTFSx86
Run by Gemma at 5:33:13.70 on 13/05/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2039.1564 [GMT 1:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gemma\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198156548328
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198164892156
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {38B12A38-EE0C-4186-B532-29D63ECEE449} = 192.168.6.1
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gemma\applic~1\mozilla\firefox\profiles\kxo8vkkk.default\
FF - component: c:\documents and settings\gemma\application data\mozilla\firefox\profiles\kxo8vkkk.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll

============= SERVICES / DRIVERS ===============

S2 gupdate1c9890676d31988;Google Update Service (gupdate1c9890676d31988);c:\program files\google\update\GoogleUpdate.exe [2009-2-7 133104]

=============== Created Last 30 ================

2009-05-12 15:59 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-12 15:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-05-12 08:38 <DIR> a-dshr-- C:\cmdcons
2009-05-12 08:36 161,792 a------- c:\windows\SWREG.exe
2009-05-12 08:36 98,816 a------- c:\windows\sed.exe
2009-05-12 08:28 <DIR> --d----- c:\docume~1\gemma\applic~1\Malwarebytes
2009-05-12 08:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-12 06:04 <DIR> --dsh--- c:\documents and settings\gemma\IECompatCache
2009-05-12 06:03 <DIR> --dsh--- c:\documents and settings\gemma\PrivacIE
2009-05-12 06:03 <DIR> --dsh--- c:\documents and settings\gemma\IETldCache
2009-05-12 05:50 <DIR> --d----- c:\windows\ie8updates
2009-05-12 05:49 102,400 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-05-12 05:46 <DIR> -cd-h--- c:\windows\ie8
2009-04-28 17:50 <DIR> --d----- c:\windows\system32\appmgmt
2009-04-28 05:40 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-28 05:40 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-28 05:20 <DIR> --d----- c:\program files\iPod
2009-04-28 05:20 <DIR> --d----- c:\program files\iTunes
2009-04-28 05:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-21 13:11 <DIR> --d----- c:\program files\MSXML 4.0
2009-04-21 13:08 144 a------- c:\windows\Readiris.ini
2009-04-21 13:07 <DIR> --d----- c:\program files\Readiris Pro 11 HP
2009-04-21 13:05 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-21 13:05 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-21 13:05 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-17 17:39 <DIR> --d----- c:\program files\common files\HP
2009-04-17 17:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\zvprt50
2009-04-17 17:39 608 a--sh--- c:\windows\system32\winzvprt5.sys
2009-04-17 17:39 13,385 -------- c:\windows\system32\hppfaxprintermon5.dll
2009-04-17 17:39 9,451 -------- c:\windows\system32\hppfaxprintermonui5.dll
2009-04-17 17:37 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-04-17 17:36 876,544 a----r-- c:\windows\system32\hpxp2727.dll
2009-04-17 17:36 733,184 a----r-- c:\windows\system32\hpptsp02.dll
2009-04-17 17:36 450,560 a----r-- c:\windows\system32\hppasc07.dll
2009-04-17 17:36 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-04-17 17:36 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-04-17 17:36 327,680 a----r-- c:\windows\system32\hppcpr07.dll
2009-04-17 17:36 685 a----r-- c:\windows\system32\hppapr07.dat
2009-04-17 17:36 59,928 a------- c:\windows\system32\fxcompchannel.dll
2009-04-17 17:35 138 a------- c:\windows\system32\AddPort.ini
2009-04-17 17:35 770 a------- c:\windows\hpntwksetup.ini
2009-04-17 17:32 <DIR> --d----- c:\program files\HP
2009-04-17 17:32 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-04-17 17:32 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-04-17 17:31 153,527 a------- c:\windows\hppins07.dat
2009-04-17 17:31 153,486 a------- c:\windows\system32\hppins07.dat
2009-04-17 17:31 838 -------- c:\windows\hppmdl07.dat

==================== Find3M ====================

2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-16 03:58 499,712 a------- c:\windows\system32\msvcp71.dll
2009-03-16 03:58 348,160 a------- c:\windows\system32\msvcr71.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 15:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-25 09:01 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2002-04-16 11:27 5 a--sh--- c:\windows\system32\CdI5T.drv
1998-03-20 01:00 1,048 a--sh--- c:\windows\system32\flfnlf.sys
1998-03-20 01:00 1,048 a--sh--- c:\windows\system32\rlfnlf.sys
1998-03-20 01:00 1,048 a--sh--- c:\windows\system32\TMail3FL.SYS
1998-03-20 01:00 1,048 a--sh--- c:\windows\system32\TMailRL.sys

============= FINISH: 5:33:28.75 ===============

Regards

Dene

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:07 AM

Posted 26 May 2009 - 06:03 PM

Hi ridgedale,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please give me a little time to go through your log and I will get back to you with your first instructions. Don't worry I won't abandon you.
  • Please subscribe to this topic, if you haven't already, and wait for me to get back to you.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 ridgedale

ridgedale
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 27 May 2009 - 11:29 AM

No problem, m0le. I'll be waiting ready. Sorry, I've been a bit slow on the uptake today - a bit snowed under.
Is there any chance you can let me know roughly in what time frame you will be responding to my input and what time zone you are in? It might help me respond quicker although I will respond definitely within 12-24 hours if not sooner.

Regards

Dene

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:07 AM

Posted 27 May 2009 - 02:10 PM

Is there any chance you can let me know roughly in what time frame you will be responding to my input and what time zone you are in?


Hi ridgedale,

I will aim to respond within 24 hours. I'm in GMT as I'm from the UK.

I won't close you off without bumping the topic and PMing you so don't worry.

Back later with some instructions :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:07 AM

Posted 27 May 2009 - 04:50 PM

Hi again,

Your log is clean but what you do have is Kaspersky flagging two types of thing.

The first flag is for Thunderbird email folder items. These can be removed by emptying the folders.
For example, this entry below can be removed by emptying your inbox.

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox.sbd\Spam Infected: Trojan-Downloader.Win32.Exchanger.agc 1

If you don't want to do that then you would need to remove any emails in your inbox with an attachment.

The second set of entries are like this:

C:\Program Files\RealVNC\VNC4\wm_hooks.dll/C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4

The files are legitimate but are flagged because they perform certain tasks which are also used by malware.

Please delete the Thunderbird emails and then rerun the Kaspersky scan so we can check. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#6 ridgedale

ridgedale
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 28 May 2009 - 12:07 AM

m0le,

This is going to take a while as I am going to have to divide the the contents of the affected mailbox folders until I can ascertain which emails are infected - I'm intending to 'slice and dice' the mail folders until I can establish the infected emails and deal with them individually which I have already started doing. I've cleared out all the obvious stuff and the VNC not malware flags have now gone as you will be able to see from the latest Kaspersky Online Scan below:

=============================== Kaspersky Online Scan Log ===============================

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, May 28, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, May 28, 2009 05:39:50
Records in database: 2262729
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Folder:
C:\Documents and Settings

Scan statistics:
Files scanned: 6239
Threat name: 5
Infected objects: 6
Suspicious objects: 20
Duration of the scan: 00:18:15


File name / Threat name / Threats count
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 18
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Downloader.Win32.Agent.hzc 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Email-Worm.Win32.Agent.ev 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.HTML.Halifraud.e 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox.sbd\Ian Infected: Trojan.Win32.Agent2.bl 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox.sbd\Ian.sbd\Sent to Ian Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Sent Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Sent Infected: Trojan.Win32.Agent2.bl 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Sent-Jan3109 Infected: Trojan.Win32.Agent2.bl 1

The selected area was scanned.

=============================== End of Scan Log ===============================

I will get back to you as soon as I have managed to generate a clean scan.

Thanks for your assistance.

Regards

Dene

#7 ridgedale

ridgedale
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 28 May 2009 - 02:05 AM

m0le,

Apologies, please ignore the comments regarding the VNC non-malware hits and the log provided in my earlier post as I realised I was logged in as the user rather than the administrator. Below is is the latest Kaspersky Log:

=================================== Kaspersky Online Scanner Log ===================================

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, May 28, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, May 28, 2009 05:39:50
Records in database: 2262729
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Folder:
C:\Documents and Settings

Scan statistics:
Files scanned: 10516
Threat name: 34
Infected objects: 41
Suspicious objects: 21
Duration of the scan: 01:16:26


File name / Threat name / Threats count
C:\Documents and Settings\Gemma\My Documents\Installers\vnc-4_1_2-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 4
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 18
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Downloader.Win32.Agent.hzc 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Email-Worm.Win32.Agent.ev 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.HTML.Halifraud.e 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.dip 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.dkf 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.dqu 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.dvy 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.dwr 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.dxc 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.dyx 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.ebd 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan.Win32.Crypt.lf 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.ech 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.edp 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Worm.Win32.AutoRun.lsv 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.efo 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Worm.Win32.AutoRun.lua 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.ehs 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Worm.Win32.AutoRun.luy 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.ejy 2
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Worm.Win32.AutoRun.lxg 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.eks 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Worm.Win32.AutoRun.lyo 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.enm 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.emq 2
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Worm.Win32.AutoRun.mdc 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.eod 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Worm.Win32.AutoRun.mjk 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.ero 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Worm.Win32.AutoRun.mtw 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox.sbd\Ian Infected: Trojan.Win32.Agent2.bl 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox.sbd\Ian.sbd\Sent to Ian Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Sent Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Sent Infected: Trojan.Win32.Agent2.bl 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Sent-Jan3109 Infected: Trojan.Win32.Agent2.bl 1
C:\Documents and Settings\Ian B Murray\Application Data\Thunderbird\Profiles\ahv06gf0.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.HTML.Bankfraud.od 2
C:\Documents and Settings\Ian B Murray\Application Data\Thunderbird\Profiles\ahv06gf0.default\Mail\Local Folders\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 1

The selected area was scanned.

=================================== End Of Log ===================================

As you can see, although I have removed the SPAM folder and emptied the Trash that action appears to have reinfected/uncovered infections directly in the Inbox.
I will continue with the intended procedure as mentioned in my previous post.

Regards

Dene

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:07 AM

Posted 28 May 2009 - 06:24 AM

Okay, let me know if you are having problems with that. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:07 AM

Posted 31 May 2009 - 04:20 AM

Hi ridgedale,

How is the Thunderbird clearout going?
Posted Image
m0le is a proud member of UNITE

#10 ridgedale

ridgedale
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 01 June 2009 - 06:55 AM

m0le,

Thanks or your patience and apologies for the delay in getting back to you. This has taken some time so far. I'll explain what I have done so far.

I've removed any redundant accounts from the computer - now left with the main user account and the admin account.

I logged into the main user account, launched Thunderbird and immediately set the mail client to work offline.

Then I sliced and diced the contents of the mailbox until I had removed all the mailbox infections in this user account - carrying out Kaspersky Online Scans each time I completed a chunk of the work.

I moved everything out of both the Inbox and Sent mailboxes and even deleted the Inbox altogether and restarted Thunderbird so it rebuilt the Inbox on relaunch. I rescanned the whole mailbox to confirm it was clean.

Then as a final check I logged back into the admin account and ran a full system scan - I surprised to find that the admin account still sees infections related to the user mailbox - see below!

============================== Kaspersky Online Full System Scan ============================

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, June 1, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, June 01, 2009 08:41:31
Records in database: 2289664
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 48631
Threat name: 5
Infected objects: 30
Suspicious objects: 11
Duration of the scan: 02:26:38


File name / Threat name / Threats count
C:\Program Files\RealVNC\VNC4\wm_hooks.dll/C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 18
C:\Program Files\RealVNC\VNC4\WinVNC4.exe/C:\Program Files\RealVNC\VNC4\WinVNC4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Documents and Settings\Gemma\My Documents\Installers\vnc-4_1_2-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 4
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 10
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Downloader.Win32.Agent.hzc 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Email-Worm.Win32.Agent.ev 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\MCA_Mail.sbd\Ian Infected: Trojan.Win32.Agent2.bl 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Sent Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Sent Infected: Trojan.Win32.Agent2.bl 1
C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1

The selected area was scanned.

================================== End of Scan Log ================================

The VNC not-a-virus flags are not an issue, however any thoughts on how I should proceed to resolve the remainder of the infections would be appreciated.

Regards

Dene

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:07 AM

Posted 01 June 2009 - 04:04 PM

Hi ridgedale,

This Thunderbird profile is the problem, sm0j38r3.default. You have done a great job with the other profile: ahv06gf0.default which now doesn't come up on the Kaspersky scan.

If you are no longer using this profile then delete it and rescan.

If you don't wish to delete this profile then switch profiles and then access the folders to delete the emails there.
Posted Image
m0le is a proud member of UNITE

#12 ridgedale

ridgedale
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 02 June 2009 - 12:38 PM

m0le,

Thanks for your feedback again. The non-admin user holds the all the mail for an important account which it would be best to try to salvage as much of the email, if not all, as possible. The machine has not been used since I carried out the last round of remedial work mentioned previously and running the Kaspersky Online Scanner under the machine's Admin account.

What I have since done is log into the normal user account and rerun the Kaspersky Online Scanner - remember this is the first time the machine has been logged onto since I ran the last scan - I couldn't believe the results of the log:

===================== First Kaspersky Online Scanner Log Run from User Account Today ====================

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 2, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, June 02, 2009 10:28:21
Records in database: 2295588
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 38015
Threat name: 50
Infected objects: 67
Suspicious objects: 21
Duration of the scan: 01:02:33


File name / Threat name / Threats count
C:\Program Files\RealVNC\VNC4\wm_hooks.dll/C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 12
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 20
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Downloader.Win32.Agent.hzc 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Email-Worm.Win32.Agent.ev 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.HTML.Halifraud.e 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.dip 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.dkf 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.dqu 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.dvy 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.dwr 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.dxc 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.dyx 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.ebd 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan.Win32.Crypt.lf 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.ech 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.edp 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Worm.Win32.AutoRun.lsv 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.efo 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Worm.Win32.AutoRun.lua 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.ehs 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Worm.Win32.AutoRun.luy 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.ejy 2
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Worm.Win32.AutoRun.lxg 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.eks 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Worm.Win32.AutoRun.lyo 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.enm 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.emq 2
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Worm.Win32.AutoRun.mdc 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.eod 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Worm.Win32.AutoRun.mjk 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.ero 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Worm.Win32.AutoRun.mtw 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan.Win32.FraudPack.gen 2
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Worm.Win32.AutoRun.mwb 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.etl 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.Win32.Zbot.euc 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Worm.Win32.AutoRun.ngp 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Worm.Win32.AutoRun.nox 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan.Win32.Agent.adyf 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan.Win32.Monderb.rov 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Downloader.Win32.Exchanger.agc 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Email-Worm.Win32.Druzgl.b 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan.Win32.Agent.agth 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan.Win32.Pakes.leq 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Mailfinder.Win32.Agent.vf 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan.Win32.Pakes.lin 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan.Win32.Agent.akoq 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Worm.Win32.AutoRun.rkt 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox Infected: Trojan-Downloader.Win32.Agent.ankd 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\MCA_Mail.sbd\Ian Infected: Trojan.Win32.Agent2.bl 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Sent Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Sent Infected: Trojan.Win32.Agent2.bl 1
C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1

The selected area was scanned.

========================================== END OF LOG =========================================

The infection appears to be self-fuelling?! I then as a first step moved all the email out of the Inbox as chunks into subdirectories under Mail\Local Folders\INBOXctrl and this seems to have eradicated the problems in the Inbox - or they just not getting picked up?


===================== Second Kaspersky Online Scanner Log Run from User Account Today ====================

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 2, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, June 02, 2009 13:24:25
Records in database: 2296262
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 38014
Threat name: 3
Infected objects: 19
Suspicious objects: 1
Duration of the scan: 01:52:52


File name / Threat name / Threats count
C:\Program Files\RealVNC\VNC4\wm_hooks.dll/C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 14
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\INBOXctrl-RCL.sbd\Ian Infected: Trojan.Win32.Agent2.bl 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Sent Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Sent Infected: Trojan.Win32.Agent2.bl 1
C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1

The selected area was scanned.

========================================== END OF LOG =========================================

I am wondering if it might be worth trying one of the other free anti-virus products (Avast! / Avira / AVG / Comodo / PC Tools to see if they could help clean up the infections or possible detect the individual emails causing the problems (- probably not if the contents of a folder are just a single mbox file?)! Or are they all just prevention tools?

Any thoughts would be appreciated.

Regards

Dene

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:07 AM

Posted 02 June 2009 - 01:46 PM

This could be a major problem as the profile seems to be very infected.

However, let's err on the side of caution and try another scanner and see what that picks up.

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.
Should be interesting...
Posted Image
m0le is a proud member of UNITE

#14 ridgedale

ridgedale
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 03 June 2009 - 05:34 AM

m0le,

I am a little concerned that BitDefender reported that it was to scan in excess of 55,000 files but in the end only scanned about 22,000+! I thought about running the BitDefender Online Scan again from within the User account given the variances experienced with the Kaspersky Online Scanner but have only ran it fro within the admin account. Below is a copy of the exported BitDefender Scan results as requested:

================================BitDefender Scan Log===================================

BitDefender Online Scanner

Scan report generated at: Wed, Jun 03, 2009 - 11:14:45

Scan path: A:\;C:\;D:\;

Statistics

Time

01:00:01

Files

223517

Folders

6620

Boot Sectors

0

Archives

28520

Packed Files

10727


Results

Identified Viruses

50

Infected Files

56

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

56


Engines Info

Virus Definitions

3290783

Engine build

AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins

17

Archive plugins

45

Unpack plugins

7

E-mail plugins

6

System plugins

4


Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions



Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes


Scanned File

Status

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 1030)=>[Subject: Hot pictures][Date: Fri, 25 Jan 2008 12:32:57 -0500]=>(MIME part)=>video.zip=>video.scr


Infected with: Trojan.Pandex.G

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 1030)=>[Subject: Hot pictures][Date: Fri, 25 Jan 2008 12:32:57 -0500]=>(MIME part)=>video.zip=>video.scr


Disinfection failed

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 1030)=>[Subject: Hot pictures][Date: Fri, 25 Jan 2008 12:32:57 -0500]=>(MIME part)=>video.zip=>video.scr


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 1030)=>[Subject: Hot pictures][Date: Fri, 25 Jan 2008 12:32:57 -0500]=>(MIME part)=>video.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 1030)=>[Subject: Hot pictures][Date: Fri, 25 Jan 2008 12:32:57 -0500]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 1030)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 1952)=>[Subject: Hot pictures][Date:?Sun, 27 Apr 2008 11:46:01 +0800]=>(MIME part)=>saver.zip=>saver.exe


Infected with: Trojan.Generic.1627649

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 1952)=>[Subject: Hot pictures][Date:?Sun, 27 Apr 2008 11:46:01 +0800]=>(MIME part)=>saver.zip=>saver.exe


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 1952)=>[Subject: Hot pictures][Date:?Sun, 27 Apr 2008 11:46:01 +0800]=>(MIME part)=>saver.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 1952)=>[Subject: Hot pictures][Date:?Sun, 27 Apr 2008 11:46:01 +0800]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 1952)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 2895)=>[Subject: UPS Tracking Number 8829304601][Date: Mon, 21 Jul 2008 19:10:30 -0500]=>(MIME part)=>UPS_INVOICE_978172.zip=>UPS_INVOIC奨㗴솺닕໢ꘌꓔ࿜ፑ욿륺 ნ㝳ꍌ螗箛⊑ 秅躝迢瓼⴨짊匃錋環傑嘛悴 뻇꺇 ㋂ꅁ舆㘗◱棙ᶑ庨磦숊섪 蹢䊜捗貴 ྄䈏闝᪊᫧ꖄ呰䛈肟㹇⏍ӛ簱내⿐ㄳ㤼伬伽쮿胚툿ﲱ랁啡ฟ虝䚺〴⸍奔ᑀ逝ꮇ㊡䣗蝵啅賤ᮒ섑₧蕊졪鐽鐑ﻊ⤹補㐹趚龃黨 ц勽腷ꭘ縇鯡ឣ䬾뀖ր怬ଁ쁘ᘂ肰Ⰵ ˀ࿿㱌儀乐㥀鐚僇샾쿏닿䃭ﱵ璿濳䣽ⵊ븹깴喯ၰ⛗쀽%陹쿨䐽ͧ糯Ⓓੋ烮 ܏Ⲗ㙿 缸䋰羘ޮཡ蝶鵳썽ᒹ琞칶㋆ჸ캛率Ⲓ䇁ニ趦᧫벌じᇼ翄 坿㏙롡淚쩜筚빕繏왉묥䢧뛉掤縞痤ᓍ蹍叮䄙⛖䦜斞흞ﳃ칣䐃᜔驻Ῡ퓛柼ᾬ㸿ꣲ뉃寗솵슨綹Infected with: Trojan.Spy.Wsnpoem.EF


Infected with: Trojan.Spy.Wsnpoem.EF

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 2895)=>[Subject: UPS Tracking Number 8829304601][Date: Mon, 21 Jul 2008 19:10:30 -0500]=>(MIME part)=>UPS_INVOICE_978172.zip=>UPS_INVOICS_INVOIC奨㗴솺닕໢ꘌꓔ࿜ፑ욿륺 ნ㝳ꍌ螗箛⊑ 秅躝迢瓼⴨짊匃錋環傑嘛悴 뻇꺇 ㋂ꅁ舆㘗◱棙ᶑ庨磦숊섪 蹢䊜捗貴 ྄䈏闝᪊᫧ꖄ呰䛈肟㹇⏍ӛ簱내⿐ㄳ㤼伬伽쮿胚툿ﲱ랁啡ฟ虝䚺〴⸍奔ᑀ逝ꮇ㊡䣗蝵啅賤ᮒ섑₧蕊졪鐽鐑ﻊ⤹補㐹趚龃黨 ц勽腷ꭘ縇鯡ឣ䬾뀖ր怬ଁ쁘ᘂ肰Ⰵ ˀ࿿㱌儀乐㥀鐚僇샾쿏닿䃭ﱵ璿濳䣽ⵊ븹깴喯ၰ⛗쀽%陹쿨䐽ͧ糯Ⓓੋ烮 ܏Ⲗ㙿 缸䋰羘ޮཡ蝶鵳썽ᒹ琞칶㋆ჸ캛率Ⲓ䇁ニ趦᧫벌じᇼ翄 坿㏙롡淚쩜筚빕繏왉묥䢧뛉掤縞痤ᓍ蹍叮䄙⛖䦜斞흞ﳃ칣䐃᜔驻Ῡ퓛揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 2895)=>[Subject: UPS Tracking Number 8829304601][Date: Mon, 21 Jul 2008 19:10:30 -0500]=>(MIME part)=>UPS_INVOICE_978172.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 2895)=>[Subject: UPS Tracking Number 8829304601][Date: Mon, 21 Jul 2008 19:10:30 -0500]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 2895)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 2925)=>[Subject: UPS Tracking Number 3279256499][Date: Wed, 23 Jul 2008 20:05:18 -0500]=>(MIME part)=>invoice_8712.zip=>INVOICE_8712.exeටꇌ䱘ᝧ孃䬲ᲂ㢽笜緡〄 癃ㆸ꘏஼Ꞑދቇᢼ퓭鼚אָ楜쏣獶烻ؼᝓ쒕銌ノ㡄綇额狆溌烚혪ꢗ㇛Ἱ௄④甘陴猜猇ශꌧ臮斫Д 觙읉寺의 絢䛞慣摺䄫ڟ맂 㹸腶痱戱ﹴ豼괤锗婰 ⡶졛⥢슮Į읭湜ﳏ袙氅 䲘氷悽퍡೏ퟜ봹๿앳완챒㟯濌꘩扦䜟玃璮劎䫿笤⼗᯾넗䖈戬謑쑘ᘢ袱ⱅᅢ墋⋄㿾䪀 ꈂ ⃮䏊䵔뫺乮쯺ζ䦓廿➜䟻ۛ蔏ꉐ鑉瞿뾴䑉ꑘ瑷侐뾨঩긄ꄦ酁ᇆꇇ熧㕿ึຊ軳튄彽気쏽숭苽ﲢꍽ蓡㔳္ ᱶﴂ뚂歩藹ʆ㘤浌ꭐ统芜柬嗄覷잊嫜빎░㲮鋦쥮帐녕┻ﴣ⼵粍瘷壯㏰秺辜踍圥닋ꥍ속벥줬湺䯟璫㮝矧㴹⼏壘⻣熥漻竢浰ෆ걞Ƣ歱簐닯打鵒Infected with: Trojan.Spy.Wsnpoem.EJ


Infected with: Trojan.Spy.Wsnpoem.EJ

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 2925)=>[Subject: UPS Tracking Number 3279256499][Date: Wed, 23 Jul 2008 20:05:18 -0500]=>(MIME part)=>invoice_8712.zip=>INVOICE_8712.exe8712.exeටꇌ䱘ᝧ孃䬲ᲂ㢽笜緡〄 癃ㆸ꘏஼Ꞑދቇᢼ퓭鼚אָ楜쏣獶烻ؼᝓ쒕銌ノ㡄綇额狆溌烚혪ꢗ㇛Ἱ௄④甘陴猜猇ශꌧ臮斫Д 觙읉寺의 絢䛞慣摺䄫ڟ맂 㹸腶痱戱ﹴ豼괤锗婰 ⡶졛⥢슮Į읭湜ﳏ袙氅 䲘氷悽퍡೏ퟜ봹๿앳완챒㟯濌꘩扦䜟玃璮劎䫿笤⼗᯾넗䖈戬謑쑘ᘢ袱ⱅᅢ墋⋄㿾䪀 ꈂ ⃮䏊䵔뫺乮쯺ζ䦓廿➜䟻ۛ蔏ꉐ鑉瞿뾴䑉ꑘ瑷侐뾨঩긄ꄦ酁ᇆꇇ熧㕿ึຊ軳튄彽気쏽숭苽ﲢꍽ蓡㔳္ ᱶﴂ뚂歩藹ʆ㘤浌ꭐ统芜柬嗄覷잊嫜빎░㲮鋦쥮帐녕┻ﴣ⼵粍瘷壯㏰秺辜踍圥닋ꥍ속벥줬湺䯟璫㮝矧㴹⼏壘⻣熥漻竢浰揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 2925)=>[Subject: UPS Tracking Number 3279256499][Date: Wed, 23 Jul 2008 20:05:18 -0500]=>(MIME part)=>invoice_8712.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 2925)=>[Subject: UPS Tracking Number 3279256499][Date: Wed, 23 Jul 2008 20:05:18 -0500]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 2925)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3032)=>[Subject: UPS INVOICE 1001918617][Date: Mon, 4 Aug 2008 13:29:52 -0600]=>(MIME part)=>RESU8192.zip=>RESU8192.exe


Infected with: Trojan.Agent.AJLI

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3032)=>[Subject: UPS INVOICE 1001918617][Date: Mon, 4 Aug 2008 13:29:52 -0600]=>(MIME part)=>RESU8192.zip=>RESU8192.exe


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3032)=>[Subject: UPS INVOICE 1001918617][Date: Mon, 4 Aug 2008 13:29:52 -0600]=>(MIME part)=>RESU8192.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3032)=>[Subject: UPS INVOICE 1001918617][Date: Mon, 4 Aug 2008 13:29:52 -0600]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3032)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3102)=>[Subject: Tracking N 6713426110][Date: Tue, 12 Aug 2008 10:52:22 +0800]=>(MIME part)=>WW_671282.zip=>WW_671282.exe


Infected with: Trojan.Spy.Wsnpoem.GH

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3102)=>[Subject: Tracking N 6713426110][Date: Tue, 12 Aug 2008 10:52:22 +0800]=>(MIME part)=>WW_671282.zip=>WW_671282.exe


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3102)=>[Subject: Tracking N 6713426110][Date: Tue, 12 Aug 2008 10:52:22 +0800]=>(MIME part)=>WW_671282.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3102)=>[Subject: Tracking N 6713426110][Date: Tue, 12 Aug 2008 10:52:22 +0800]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3102)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3121)=>[Subject: Tracking N_ 2356503447][Date: Tue, 12 Aug 2008 23:35:30 -0700]=>(MIME part)=>WW2_ASH182.zip=>WW2_ASH182.exe


Infected with: Trojan.Agent.AJOS

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3121)=>[Subject: Tracking N_ 2356503447][Date: Tue, 12 Aug 2008 23:35:30 -0700]=>(MIME part)=>WW2_ASH182.zip=>WW2_ASH182.exe


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3121)=>[Subject: Tracking N_ 2356503447][Date: Tue, 12 Aug 2008 23:35:30 -0700]=>(MIME part)=>WW2_ASH182.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3121)=>[Subject: Tracking N_ 2356503447][Date: Tue, 12 Aug 2008 23:35:30 -0700]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3121)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3132)=>[Subject: Tracking N 7542418285][Date: Wed, 13 Aug 2008 08:39:59 -0500]=>(MIME part)=>MB_8712.zip=>MB_8712.exe


Infected with: Trojan.Spy.ZBot.JD

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3132)=>[Subject: Tracking N 7542418285][Date: Wed, 13 Aug 2008 08:39:59 -0500]=>(MIME part)=>MB_8712.zip=>MB_8712.exe


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3132)=>[Subject: Tracking N 7542418285][Date: Wed, 13 Aug 2008 08:39:59 -0500]=>(MIME part)=>MB_8712.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3132)=>[Subject: Tracking N 7542418285][Date: Wed, 13 Aug 2008 08:39:59 -0500]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3132)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3156)=>[Subject: Auto Identification Card][Date:?Fri, 15 Aug 2008 07:42:51 +0000]=>(MIME part)=>ID76291.zip=>ID76291.exe


Infected with: Trojan.FakeAlert.Gen.1

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3156)=>[Subject: Auto Identification Card][Date:?Fri, 15 Aug 2008 07:42:51 +0000]=>(MIME part)=>ID76291.zip=>ID76291.exe


Disinfection failed

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3156)=>[Subject: Auto Identification Card][Date:?Fri, 15 Aug 2008 07:42:51 +0000]=>(MIME part)=>ID76291.zip=>ID76291.exe


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3156)=>[Subject: Auto Identification Card][Date:?Fri, 15 Aug 2008 07:42:51 +0000]=>(MIME part)=>ID76291.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3156)=>[Subject: Auto Identification Card][Date:?Fri, 15 Aug 2008 07:42:51 +0000]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3156)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3165)=>[Subject: Tracking N 2254642284][Date: Sun, 17 Aug 2008 11:15:17 +0000]=>(MIME part)=>fedex_m8712.zip=>fedex_m8712.exe


Infected with: Trojan.Spy.Wsnpoem.GS

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3165)=>[Subject: Tracking N 2254642284][Date: Sun, 17 Aug 2008 11:15:17 +0000]=>(MIME part)=>fedex_m8712.zip=>fedex_m8712.exe


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3165)=>[Subject: Tracking N 2254642284][Date: Sun, 17 Aug 2008 11:15:17 +0000]=>(MIME part)=>fedex_m8712.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3165)=>[Subject: Tracking N 2254642284][Date: Sun, 17 Aug 2008 11:15:17 +0000]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3165)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3167)=>[Subject: Your Flight Ticket N2040674][Date: Mon, 18 Aug 2008 07:49:50 +0100]=>(MIME part)=>Ticket_N141-SK.zip=>Ticket_N141-SK.e⺝至 ᡟ㺌旆갦弴榞᫬효⛍ዬꐂ筝뀀䈇頻䍀ꨃ㻸 ඲ ༰烵塘㽯聴춏⹷ߢ蓾㼐쐾ᮏ椑⊁ꈋ䙍ꆷ簪㉗↵퀢ਲ਼笕盬囖綁ᨶ퓱毪耧꥙흇훇慪ᾤ꼣课肋鑿爾ἁ秩疂槗꾿许턓义๎㖃풵⮬랧གྷ榮離 絰Ꮐ䗧냴엷祻嚲앲縢쀔欲둇鈧挶紼ુ࿺媗䜯眿㩹莺嗅㽯៞ꨮ 煅*﹗贮轡巾؂㗐퇚㢑咗ฮ뜺 ⸔깹꾭瞿ֳ࿻捑袰ᣮ᭬륯剔똌䃢ౢ熖ૌ ₵籛᰷𢡄⺀^ﹲ㯭L烎ⵘℾ嬆䀫੟ ㇳ㡟䆅ఃয়ጪﷷ颩쩱 㥟ᾡØ篁₡ 橢瞾涳⪼ჯꔾ氉ꃱ⸉䁱൥㙯ⲵ 䢬ȇἌ♘딽⧬瞬阋싅斩뀕߬匬斅卆᫋ꦀ䞊塶褶嚥듀잎뀔 销荓⯉밃ࡢ￐᫜멐߁ⵔ䷥ﭭ㣘㎈拆땩㘌㐷娈⃭繸톥Infected with: Trojan.Downloader.Agent.ZOI


Infected with: Trojan.Downloader.Agent.ZOI

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3167)=>[Subject: Your Flight Ticket N2040674][Date: Mon, 18 Aug 2008 07:49:50 +0100]=>(MIME part)=>Ticket_N141-SK.zip=>Ticket_N141-SK.e141-SK.e⺝至 ᡟ㺌旆갦弴榞᫬효⛍ዬꐂ筝뀀䈇頻䍀ꨃ㻸 ඲ ༰烵塘㽯聴춏⹷ߢ蓾㼐쐾ᮏ椑⊁ꈋ䙍ꆷ簪㉗↵퀢ਲ਼笕盬囖綁ᨶ퓱毪耧꥙흇훇慪ᾤ꼣课肋鑿爾ἁ秩疂槗꾿许턓义๎㖃풵⮬랧གྷ榮離 絰Ꮐ䗧냴엷祻嚲앲縢쀔欲둇鈧挶紼ુ࿺媗䜯眿㩹莺嗅㽯៞ꨮ 煅*﹗贮轡巾؂㗐퇚㢑咗ฮ뜺 ⸔깹꾭瞿ֳ࿻捑袰ᣮ᭬륯剔똌䃢ౢ熖ૌ ₵籛᰷𢡄⺀^ﹲ㯭L烎ⵘℾ嬆䀫੟ ㇳ㡟䆅ఃয়ጪﷷ颩쩱 㥟ᾡØ篁₡ 橢瞾涳⪼ჯꔾ氉ꃱ⸉䁱൥㙯ⲵ 䢬ȇἌ♘딽⧬瞬阋싅斩뀕߬匬斅卆᫋ꦀ䞊塶褶嚥듀잎뀔 销荓⯉밃ࡢ￐᫜멐߁ⵔ䷥ﭭ㣘㎈揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3167)=>[Subject: Your Flight Ticket N2040674][Date: Mon, 18 Aug 2008 07:49:50 +0100]=>(MIME part)=>Ticket_N141-SK.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3167)=>[Subject: Your Flight Ticket N2040674][Date: Mon, 18 Aug 2008 07:49:50 +0100]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3167)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3180)=>[Subject: TRACKING NUMBER 8315198236][Date: Mon, 18 Aug 2008 15:57:59 -0500]=>(MIME part)=>Exel_Invoice_NR719200.zip=>Exel_Invoi芲箋ꆥ員䛰薣 즊폫ꯁ㥙翴࡭荒ᤚ荈桬躧뼚䤞顅ᨬ졂뼍襈㫣娣힂䨞恨ध뒹횟☢ꔬ灅岞戫ꓭ㘧ঢ尟쏯樖恨俼择ᆿ䐺ឃ蒰㘯䈭绒〉笘䨗ᬗῳᣂ뙁㘝℔뽣ﷲ钞혮삇譏꓀弽홵䏷ꡬ픧直䟷찢宗스숍郤䵮橅桨￘麓ሌ륶示扪蚊뉮쏴좌ቓ賸჊鉿刨⁹緬浄篩萙헧Ὁㆴᙍ陾 ⍐ꡨ잤챦豌壴䱄聕Ԩ䍏ꧻ䣘翖戦穇ऎന吢ቩ㺄裟쎱㼄㽏╟㖬徉㿘⇿Ⴎ襪決翭Ԉ﵂䄶颹ꑾ鬇濷꼧㶏糽篷旺脨䶎俋緃퀣쿘訄 醅⿓৙汍ꄼ駂ꨐڂ턬៩葙쌖㶿갩땝驡₢ശ苏ⵞ㮼഍摝坩ࣗᅥ̭ꂳ㉃鍂︃蒓 ᄈ璌鋟釁蟼무㭽ႉѾ᯶ẑ⭁飢局㛌鷃 졃焥ラ땶ⱗ뼄ঔꇹ毯Infected with: Trojan.Spy.Wsnpoem.GV


Infected with: Trojan.Spy.Wsnpoem.GV

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3180)=>[Subject: TRACKING NUMBER 8315198236][Date: Mon, 18 Aug 2008 15:57:59 -0500]=>(MIME part)=>Exel_Invoice_NR719200.zip=>Exel_Invoiel_Invoi芲箋ꆥ員䛰薣 즊폫ꯁ㥙翴࡭荒ᤚ荈桬躧뼚䤞顅ᨬ졂뼍襈㫣娣힂䨞恨ध뒹횟☢ꔬ灅岞戫ꓭ㘧ঢ尟쏯樖恨俼择ᆿ䐺ឃ蒰㘯䈭绒〉笘䨗ᬗῳᣂ뙁㘝℔뽣ﷲ钞혮삇譏꓀弽홵䏷ꡬ픧直䟷찢宗스숍郤䵮橅桨￘麓ሌ륶示扪蚊뉮쏴좌ቓ賸჊鉿刨⁹緬浄篩萙헧Ὁㆴᙍ陾 ⍐ꡨ잤챦豌壴䱄聕Ԩ䍏ꧻ䣘翖戦穇ऎന吢ቩ㺄裟쎱㼄㽏╟㖬徉㿘⇿Ⴎ襪決翭Ԉ﵂䄶颹ꑾ鬇濷꼧㶏糽篷旺脨䶎俋緃퀣쿘訄 醅⿓৙汍ꄼ駂ꨐڂ턬៩葙쌖㶿갩땝驡₢ശ苏ⵞ㮼഍摝坩ࣗᅥ̭ꂳ㉃鍂︃蒓 ᄈ璌鋟釁蟼무㭽ႉѾ᯶ẑ⭁飢局㛌鷃 揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3180)=>[Subject: TRACKING NUMBER 8315198236][Date: Mon, 18 Aug 2008 15:57:59 -0500]=>(MIME part)=>Exel_Invoice_NR719200.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3180)=>[Subject: TRACKING NUMBER 8315198236][Date: Mon, 18 Aug 2008 15:57:59 -0500]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3180)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3197)=>[Subject: Fedex tracking number 4365996796][Date:?Wed, 20 Aug 2008 02:30:17 -0600]=>(MIME part)=>NFE6761525.zip=>NFE6761525.exe


Infected with: Trojan.Spy.Wsnpoem.GU

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3197)=>[Subject: Fedex tracking number 4365996796][Date:?Wed, 20 Aug 2008 02:30:17 -0600]=>(MIME part)=>NFE6761525.zip=>NFE6761525.exe


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3197)=>[Subject: Fedex tracking number 4365996796][Date:?Wed, 20 Aug 2008 02:30:17 -0600]=>(MIME part)=>NFE6761525.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3197)=>[Subject: Fedex tracking number 4365996796][Date:?Wed, 20 Aug 2008 02:30:17 -0600]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3197)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3226)=>[Subject: Statement of fees 2008/09][Date:?Thu, 21 Aug 2008 23:39:11 -0500]=>(MIME part)=>Fees_2007-2008.zip=>Fees_2007-2008.doc.轰ⲕ띝䥭ꓼચ슾튌䳧㻹츨牡᭴嶧꧟퉖ꭴ᜻ꪚ뷺叾ﵯꘪ븰㽷캕蜗磑읟㦷⦂斟⹃ꐕ电络੢陣恁ഋ稀㛱崴㡖 갰▐恦탢믗훝戫擶鞍὎겇枺䧡汣ü 蓦┍㶔ᑨ퇮擦魼铸⚸脂鬅ᚇᵊ盛珴이柶ᨘ੶扨싡茚赆ۧ詇眰夵閷㿏탯᥷ᏺ떻忕輯馊 㮸аザ㾣宩ѻ䎫昰ଶ繀恷끍缕뮬˾㶈挚ꏌፘ裑嗇欉箃┴춹뿊ⅷ呇㑝䲸훫ꕸ 矕騋 덮㷭Ჟᘁ؝ᰌ磑ᅳ퐢ብ뜵呙酐먡䃑籤覉힤儍꘹뛩F꒍飗ꣵ흓⳷ﴣ챏珪푅⇣뻪경ᷞ꫟ᷮ䪷 덦쯥团凩᢭蘇踣슨呁禍–件執∝⿚컹雂⛝ར䑑龴늇콙퀿࿛〽ㄪ勷彥뜒霙㖉 憜퀴⚲됻陻贂ⲉ鮄ᕐ뿪倍昰Ꟁڃạ㶶俨謬哮趃Infected with: Trojan.Downloader.Agent.ZOP


Infected with: Trojan.Downloader.Agent.ZOP

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3226)=>[Subject: Statement of fees 2008/09][Date:?Thu, 21 Aug 2008 23:39:11 -0500]=>(MIME part)=>Fees_2007-2008.zip=>Fees_2007-2008.doc.008.doc.轰ⲕ띝䥭ꓼચ슾튌䳧㻹츨牡᭴嶧꧟퉖ꭴ᜻ꪚ뷺叾ﵯꘪ븰㽷캕蜗磑읟㦷⦂斟⹃ꐕ电络੢陣恁ഋ稀㛱崴㡖 갰▐恦탢믗훝戫擶鞍὎겇枺䧡汣ü 蓦┍㶔ᑨ퇮擦魼铸⚸脂鬅ᚇᵊ盛珴이柶ᨘ੶扨싡茚赆ۧ詇眰夵閷㿏탯᥷ᏺ떻忕輯馊 㮸аザ㾣宩ѻ䎫昰ଶ繀恷끍缕뮬˾㶈挚ꏌፘ裑嗇欉箃┴춹뿊ⅷ呇㑝䲸훫ꕸ 矕騋 덮㷭Ჟᘁ؝ᰌ磑ᅳ퐢ብ뜵呙酐먡䃑籤覉힤儍꘹뛩F꒍飗ꣵ흓⳷ﴣ챏珪푅⇣뻪경ᷞ꫟ᷮ䪷 덦쯥团凩᢭蘇踣슨呁禍–件執∝⿚컹雂⛝ར䑑龴늇콙퀿࿛〽ㄪ勷彥뜒霙㖉 憜퀴⚲됻陻贂ⲉ鮄ᕐ뿪倍揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3226)=>[Subject: Statement of fees 2008/09][Date:?Thu, 21 Aug 2008 23:39:11 -0500]=>(MIME part)=>Fees_2007-2008.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3226)=>[Subject: Statement of fees 2008/09][Date:?Thu, 21 Aug 2008 23:39:11 -0500]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3226)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3233)=>[Subject: Fedex tracking number 2947403134][Date: Fri, 22 Aug 2008 04:13:29 -0800]=>(MIME part)=>NNMA6766122.zip=>NNMA6766122.ex௎漵ꊤᒿ़羙ﻃ㨦₌힊ᵅ᳎톽膐범䥃褘ំᩔ㓳⶧毐絝ᛓꦨ骅航솿拏㐛ף惴笠ϳ䮄ꐅ뚴昑祼綠掝鸫攖赺떬첕疱ຐ蒫琞磗癚䔼牝ﱼ䯚庂 뜾ﲖ䷮䮃䒗⃫愙뮢陼忯녫廇꽀妓餅 婨俗 犱ᛨ㪭㗬턄 巩ꆾⵆ톛扔瞜Ⴎ䍼ዿ硚覣 ∝쐧ᄄ᧖掅ᝫ嘕봙噸沘냋薵េꞎ䢌Ʈ俔暄憎隺⦣浺㽊䈪蓀濸뼌ﺡ뀞㖄䅁暴 Ḻ쇍ꕴ ⷑ缔ٓ푆稱뛈⨖ْ䊂巙ʬ杺㛁ﶂ斟 ኽ妆⽆낟㴹䁥謟鉡ᡯ盚㟽짽懮퀔苟軌탔⪿防ꊯ㻘츗ꀰẅᯤ矺﨔⒛෴允歋ㄗ촡쑿ꎒ퀗嚲쟑嬶叝顙鷩䟲깂꽂྾䍌飷 옾ᇈଖ๡全细ꉚⰼ粢ጉ묮싼ഔ蓄灙浬₡曄䤥趡뙋찿㪜糄溌뽉Infected with: Trojan.Spy.Wsnpoem.HH


Infected with: Trojan.Spy.Wsnpoem.HH

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3233)=>[Subject: Fedex tracking number 2947403134][Date: Fri, 22 Aug 2008 04:13:29 -0800]=>(MIME part)=>NNMA6766122.zip=>NNMA6766122.ex66122.ex௎漵ꊤᒿ़羙ﻃ㨦₌힊ᵅ᳎톽膐범䥃褘ំᩔ㓳⶧毐絝ᛓꦨ骅航솿拏㐛ף惴笠ϳ䮄ꐅ뚴昑祼綠掝鸫攖赺떬첕疱ຐ蒫琞磗癚䔼牝ﱼ䯚庂 뜾ﲖ䷮䮃䒗⃫愙뮢陼忯녫廇꽀妓餅 婨俗 犱ᛨ㪭㗬턄 巩ꆾⵆ톛扔瞜Ⴎ䍼ዿ硚覣 ∝쐧ᄄ᧖掅ᝫ嘕봙噸沘냋薵េꞎ䢌Ʈ俔暄憎隺⦣浺㽊䈪蓀濸뼌ﺡ뀞㖄䅁暴 Ḻ쇍ꕴ ⷑ缔ٓ푆稱뛈⨖ْ䊂巙ʬ杺㛁ﶂ斟 ኽ妆⽆낟㴹䁥謟鉡ᡯ盚㟽짽懮퀔苟軌탔⪿防ꊯ㻘츗ꀰẅᯤ矺﨔⒛෴允歋ㄗ촡쑿ꎒ퀗嚲쟑嬶叝顙鷩䟲깂꽂྾䍌飷 옾ᇈଖ๡全细ꉚⰼ粢ጉ묮싼ഔ蓄灙浬₡曄揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3233)=>[Subject: Fedex tracking number 2947403134][Date: Fri, 22 Aug 2008 04:13:29 -0800]=>(MIME part)=>NNMA6766122.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3233)=>[Subject: Fedex tracking number 2947403134][Date: Fri, 22 Aug 2008 04:13:29 -0800]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3233)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3241)=>[Subject: Statement of fees 2008/09][Date: Mon, 25 Aug 2008 06:05:01 +0100]=>(MIME part)=>Fees_2008-2009.zip=>Fees_2008-2009.doc_


Infected with: Trojan.Inject.RB

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3241)=>[Subject: Statement of fees 2008/09][Date: Mon, 25 Aug 2008 06:05:01 +0100]=>(MIME part)=>Fees_2008-2009.zip=>Fees_2008-2009.doc_


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3241)=>[Subject: Statement of fees 2008/09][Date: Mon, 25 Aug 2008 06:05:01 +0100]=>(MIME part)=>Fees_2008-2009.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3241)=>[Subject: Statement of fees 2008/09][Date: Mon, 25 Aug 2008 06:05:01 +0100]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3241)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3242)=>[Subject: Western Union MTCN #2422130883][Date: Mon, 25 Aug 2008 11:38:57 +0100]=>(MIME part)=>MTCN08662112.zip=>MTCN08662112.exe燼ﭒ霗꽗๭쭯䅚⳻颓濣䉽瓻㕜侾쎚嬽뜋孩ৈ顡䦐缫㘚鶑鵌㾲捉讀粏ᕅ鿋껊 磿魞㽣Ū歑뫓釕㤯⍧㞘皶⛛朹䵬メﴸ멏ァ咤歧崆읗왙瘤ꌰ 윏㸾䘚ףּᢴ睔姚谑⮐﷫齛ꦲﳥ⺳퍉嚽㑡쳓슅橆밺姂ꩋ⧣跬漤㾓鳎ჾ 洸莳阹嵙䈃躘䝘쳻蒶거蒏ꉰ橽↑㣗᫫ꄎ驽 궓ꐭⲎ鍢䶃ﮨɸ㏓ꂮ䑞㫣䛕ᯈ顜㧽槖圡䭈錙퍪䘎璿궇痏ᰭ㒢눛鿥ꑳ흦䬿꺥큖猊ﴥ꾟椲쒉뱋㖰퐚႐㗴䒁컿䰼舒㴍쫱憭᭎⮳溢坥仈﹦殫韺횒㔗☵뙭芃迤綣ꐚ隤黇蔓쳆攅鳆줈滯햰띕᧊╄㒵ወ䧗״榦 姑᳒伢慥車຺禮볦Ⳮ慷喆苗沐㤌띟澲侫 띚俅ﶪ䉳暒꫗쑵䤣볋喪舧꿎䣓⟋왊樷鹞Infected with: Trojan.Spy.ZBot.KE


Infected with: Trojan.Spy.ZBot.KE

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3242)=>[Subject: Western Union MTCN #2422130883][Date: Mon, 25 Aug 2008 11:38:57 +0100]=>(MIME part)=>MTCN08662112.zip=>MTCN08662112.exe2112.exe燼ﭒ霗꽗๭쭯䅚⳻颓濣䉽瓻㕜侾쎚嬽뜋孩ৈ顡䦐缫㘚鶑鵌㾲捉讀粏ᕅ鿋껊 磿魞㽣Ū歑뫓釕㤯⍧㞘皶⛛朹䵬メﴸ멏ァ咤歧崆읗왙瘤ꌰ 윏㸾䘚ףּᢴ睔姚谑⮐﷫齛ꦲﳥ⺳퍉嚽㑡쳓슅橆밺姂ꩋ⧣跬漤㾓鳎ჾ 洸莳阹嵙䈃躘䝘쳻蒶거蒏ꉰ橽↑㣗᫫ꄎ驽 궓ꐭⲎ鍢䶃ﮨɸ㏓ꂮ䑞㫣䛕ᯈ顜㧽槖圡䭈錙퍪䘎璿궇痏ᰭ㒢눛鿥ꑳ흦䬿꺥큖猊ﴥ꾟椲쒉뱋㖰퐚႐㗴䒁컿䰼舒㴍쫱憭᭎⮳溢坥仈﹦殫韺횒㔗☵뙭芃迤綣ꐚ隤黇蔓쳆攅鳆줈滯햰띕᧊╄㒵ወ䧗״榦 姑᳒伢慥車຺禮볦Ⳮ慷喆苗沐㤌띟澲侫 띚俅ﶪ䉳暒꫗쑵揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3242)=>[Subject: Western Union MTCN #2422130883][Date: Mon, 25 Aug 2008 11:38:57 +0100]=>(MIME part)=>MTCN08662112.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3242)=>[Subject: Western Union MTCN #2422130883][Date: Mon, 25 Aug 2008 11:38:57 +0100]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3242)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3257)=>[Subject: Statement of fees 2008/09][Date: Wed, 27 Aug 2008 08:02:32 +0100]=>(MIME part)=>Fees-2008_2009.zip=>Fees-2008_2009.doc.ꚅᷣ圪卋㔸쑻퉀뷉퇷같桭눲䜛祥稭戼◥䑔谙삦迪罨홻䛱⪽쑩㻦섛턓浭壘턃豟存횱Ʈ桬 뭭ㇴ㮒鷑混ꞻ먢笱펢䐞騵ⴻ杫쬤裇썯ꪚ軎˛볐ᰔ₭탊ृ稏쓪쫐꽇ꁇ葞䧂턍ῑ꿓륿螬誅暖摷袁둚扵䈙⽛塺㫐옓䧸߃纱೬˖뫚녱ꄺ宙죆䔚Ꭼ笅䙏ﱼ򡁒僲噝窡㺨驜㴝ດࢨꢰᖡ贙떁ኵῖ簭帻ᕝ逹⚇嚨檰㵫薁롲㛣ऎꣴꇳྦྷ蓟౅㡔㌯ᱢ໸ퟗ輢辗듨憭龡譿務ﵭ噔洎ᵵ 言ԇ꾡̧픀軖ﴛ궡颕ѵ࡫ꍫᖭ䘻಺汲뚂硗瀱ᇨ햍洊籼醬୐첟壁 ⟋ޡ痵黨뾀뾂 ॓ﳼ롬훈㳂왎⬇펰ꀕ貦籼祰爂ᅁ寈ܡ큏졸묢趑ꙁ謿쥟㲆ϋ閐㏎癎匃旫菌 㨐䄕Infected with: Trojan.Downloader.JKON


Infected with: Trojan.Downloader.JKON

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3257)=>[Subject: Statement of fees 2008/09][Date: Wed, 27 Aug 2008 08:02:32 +0100]=>(MIME part)=>Fees-2008_2009.zip=>Fees-2008_2009.doc.009.doc.ꚅᷣ圪卋㔸쑻퉀뷉퇷같桭눲䜛祥稭戼◥䑔谙삦迪罨홻䛱⪽쑩㻦섛턓浭壘턃豟存횱Ʈ桬 뭭ㇴ㮒鷑混ꞻ먢笱펢䐞騵ⴻ杫쬤裇썯ꪚ軎˛볐ᰔ₭탊ृ稏쓪쫐꽇ꁇ葞䧂턍ῑ꿓륿螬誅暖摷袁둚扵䈙⽛塺㫐옓䧸߃纱೬˖뫚녱ꄺ宙죆䔚Ꭼ笅䙏ﱼ򡁒僲噝窡㺨驜㴝ດࢨꢰᖡ贙떁ኵῖ簭帻ᕝ逹⚇嚨檰㵫薁롲㛣ऎꣴꇳྦྷ蓟౅㡔㌯ᱢ໸ퟗ輢辗듨憭龡譿務ﵭ噔洎ᵵ 言ԇ꾡̧픀軖ﴛ궡颕ѵ࡫ꍫᖭ䘻಺汲뚂硗瀱ᇨ햍洊籼醬୐첟壁 ⟋ޡ痵黨뾀뾂 ॓ﳼ롬훈㳂왎⬇펰ꀕ貦籼祰爂ᅁ寈ܡ큏졸묢趑ꙁ謿쥟㲆揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3257)=>[Subject: Statement of fees 2008/09][Date: Wed, 27 Aug 2008 08:02:32 +0100]=>(MIME part)=>Fees-2008_2009.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3257)=>[Subject: Statement of fees 2008/09][Date: Wed, 27 Aug 2008 08:02:32 +0100]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3257)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3275)=>[Subject: Western Union MTCN #4224281131][Date:?Wed, 27 Aug 2008 19:42:36 -0500]=>(MIME part)=>MT77232.zip=>MT77232.exe


Infected with: Trojan.Spy.Wsnpoem.HR

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3275)=>[Subject: Western Union MTCN #4224281131][Date:?Wed, 27 Aug 2008 19:42:36 -0500]=>(MIME part)=>MT77232.zip=>MT77232.exe


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3275)=>[Subject: Western Union MTCN #4224281131][Date:?Wed, 27 Aug 2008 19:42:36 -0500]=>(MIME part)=>MT77232.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3275)=>[Subject: Western Union MTCN #4224281131][Date:?Wed, 27 Aug 2008 19:42:36 -0500]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3275)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3291)=>[Subject: Western Union MTCN #7328925489][Date: Thu, 28 Aug 2008 10:34:36 -0700]=>(MIME part)=>MT77232.zip=>MT77232.exe


Infected with: Trojan.Spy.Wsnpoem.HR

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3291)=>[Subject: Western Union MTCN #7328925489][Date: Thu, 28 Aug 2008 10:34:36 -0700]=>(MIME part)=>MT77232.zip=>MT77232.exe


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3291)=>[Subject: Western Union MTCN #7328925489][Date: Thu, 28 Aug 2008 10:34:36 -0700]=>(MIME part)=>MT77232.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3291)=>[Subject: Western Union MTCN #7328925489][Date: Thu, 28 Aug 2008 10:34:36 -0700]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3291)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3294)=>[Subject: Statement of fees 2008/09][Date: Fri, 29 Aug 2008 05:04:00 +0000]=>(MIME part)=>Fees-2008_2009.zip=>Fees-2008_2009.doc.첖ܕ鄯鼮押磇阮댆뀵含Ἢ鯏뿥᱌侗ഋ輝ݕﲅ膖돖绥ꇁ⁁쎃⛰䎉繥얊暢䦎䯾陵䍸τ늏 髿잖⅋玂辟肅ᶵ㭡훵蟳피釧㒱ፓ᭙ୋ㻭䱳ꖌ⸽쐤⛒顇䲄痍ຨ宍瀇㕉ཌྷ蔍檚嗎횚ફꇗ꣩ꚾ䈪 䘨Ϯ좗쐖䀎騨ڡꙄ뗗鬦㗞粂덩恼禯ṓ⊇䑆돐Ꞓ짔䷍谹ꉪথ 噌᢯땆飸ꈹ踝䑣愛遧݄躴횈鋑ᾶ䮵㉀ⅇ僚婋䐿蕻ɨ歄엑뇓毒╢ꭍ䚐 ฆ໷ Ԣ膻ཪ騆茆श뾩乛˓鍏 ꬪ炰삄ẳ둞ȅ䥄೧照ⰼ䝿䘋腮겡ꫵ瓣థꪀἡ䩵뻓䵌ု 瓴 ᝮ䏌諩Ԋ욝궨骙쁃拤몗㔽튅䙥㖫넚貌쪖赈鹔☪匳髅쨕煀晘䪪ᆢ쐇䈄ⰽ⽓䣑쑂墤阓ꤙ裔䮗狤咽ಮ魜䪙摊ሁ聍⍞⤕ᣌꤵ檒區ᚭ␸劤ପ䳋虐兏䤲岐Infected with: Trojan.Inject.QU


Infected with: Trojan.Inject.QU

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3294)=>[Subject: Statement of fees 2008/09][Date: Fri, 29 Aug 2008 05:04:00 +0000]=>(MIME part)=>Fees-2008_2009.zip=>Fees-2008_2009.doc.009.doc.첖ܕ鄯鼮押磇阮댆뀵含Ἢ鯏뿥᱌侗ഋ輝ݕﲅ膖돖绥ꇁ⁁쎃⛰䎉繥얊暢䦎䯾陵䍸τ늏 髿잖⅋玂辟肅ᶵ㭡훵蟳피釧㒱ፓ᭙ୋ㻭䱳ꖌ⸽쐤⛒顇䲄痍ຨ宍瀇㕉ཌྷ蔍檚嗎횚ફꇗ꣩ꚾ䈪 䘨Ϯ좗쐖䀎騨ڡꙄ뗗鬦㗞粂덩恼禯ṓ⊇䑆돐Ꞓ짔䷍谹ꉪথ 噌᢯땆飸ꈹ踝䑣愛遧݄躴횈鋑ᾶ䮵㉀ⅇ僚婋䐿蕻ɨ歄엑뇓毒╢ꭍ䚐 ฆ໷ Ԣ膻ཪ騆茆श뾩乛˓鍏 ꬪ炰삄ẳ둞ȅ䥄೧照ⰼ䝿䘋腮겡ꫵ瓣థꪀἡ䩵뻓䵌ု 瓴 ᝮ䏌諩Ԋ욝궨骙쁃拤몗㔽튅䙥㖫넚貌쪖赈鹔☪匳髅쨕煀晘䪪ᆢ쐇䈄ⰽ⽓䣑쑂墤阓ꤙ裔䮗狤咽ಮ魜䪙摊ሁ聍⍞⤕ᣌꤵ檒區ᚭ揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3294)=>[Subject: Statement of fees 2008/09][Date: Fri, 29 Aug 2008 05:04:00 +0000]=>(MIME part)=>Fees-2008_2009.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3294)=>[Subject: Statement of fees 2008/09][Date: Fri, 29 Aug 2008 05:04:00 +0000]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3294)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3314)=>[Subject: AIRMAIL EXPRESS $_ 4327599756][Date: Sat, 30 Aug 2008 10:48:10 -0500]=>(MIME part)=>AIRMAIL#7661224.zip=>AIRMAIL#76612租憺꿶猋ꝿꍾ惻뿌뿆흧㤏䎁◽簬縷킔큒咙南騞㰏퟉易蝦ﶖⷧ㮪졘ແꯒ㯻垊鑵릩ᄇ밿罦뮑﬋妳㓸㳺㈑먲뙆交罦昉냹庝濍述ﲝ滧鶒誼䎅ᔝ瑂麢෕謈ᛪ䃚ޝ蝝졖틋垬Ꮧ앪柂鯶㬿锥滛䄓惫ꩽ翊滜ഘﶤ錛特֪ᷩ湴迹﫭㫌渚戴襓袕鏾 供绾濷块筑⼵鱩॔啔걂ꨣ䇉ꭧ튫䂀€϶먑ꓤ牻銣畅ힶᗑꬥ擻k讆粆輡狃䄰 ꪉ倯 Ꝯತ묓솙엟㲘㗧俔缑ᢓ嵑ﰥౄ㵄ﰟ攝턟⍿ﮀ닐㛏掐牉븼럹凕感᷇絺쟣惄͵䛥ি祹⬗要ᒇ췕㟔咞艹鴧ﱨ鹿㳮埔ቍ걂ꡗ恮牺Ꮘ瞐ꮪͩ㽏貹똄媿㺈⻂㏑傔韶❀股鐢묰湅練鄬齟췓볿돮ᄈᑈ퟉嗓㾳槾ﺨ湝鴃졗柈 ﶜ玻 ᅕ絘鍾໻뉴Infected with: Trojan.Spy.ZBot.KQ


Infected with: Trojan.Spy.ZBot.KQ

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3314)=>[Subject: AIRMAIL EXPRESS $_ 4327599756][Date: Sat, 30 Aug 2008 10:48:10 -0500]=>(MIME part)=>AIRMAIL#7661224.zip=>AIRMAIL#76612IL#76612租憺꿶猋ꝿꍾ惻뿌뿆흧㤏䎁◽簬縷킔큒咙南騞㰏퟉易蝦ﶖⷧ㮪졘ແꯒ㯻垊鑵릩ᄇ밿罦뮑﬋妳㓸㳺㈑먲뙆交罦昉냹庝濍述ﲝ滧鶒誼䎅ᔝ瑂麢෕謈ᛪ䃚ޝ蝝졖틋垬Ꮧ앪柂鯶㬿锥滛䄓惫ꩽ翊滜ഘﶤ錛特֪ᷩ湴迹﫭㫌渚戴襓袕鏾 供绾濷块筑⼵鱩॔啔걂ꨣ䇉ꭧ튫䂀€϶먑ꓤ牻銣畅ힶᗑꬥ擻k讆粆輡狃䄰 ꪉ倯 Ꝯತ묓솙엟㲘㗧俔缑ᢓ嵑ﰥౄ㵄ﰟ攝턟⍿ﮀ닐㛏掐牉븼럹凕感᷇絺쟣惄͵䛥ি祹⬗要ᒇ췕㟔咞艹鴧ﱨ鹿㳮埔ቍ걂ꡗ恮牺Ꮘ瞐ꮪͩ㽏貹똄媿㺈⻂㏑傔韶❀股鐢묰湅練鄬齟췓볿돮ᄈᑈ퟉嗓㾳槾ﺨ湝鴃졗揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3314)=>[Subject: AIRMAIL EXPRESS $_ 4327599756][Date: Sat, 30 Aug 2008 10:48:10 -0500]=>(MIME part)=>AIRMAIL#7661224.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3314)=>[Subject: AIRMAIL EXPRESS $_ 4327599756][Date: Sat, 30 Aug 2008 10:48:10 -0500]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3314)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3318)=>[Subject: Statement of fees 2008/09][Date: Sun, 31 Aug 2008 21:43:33 -0700]=>(MIME part)=>Fees_2008-2009.zip=>Fees_2008-2009.doc.㵘슱佺헴淀퀅ᳵᒩ๖쯴膥┳묹퍺幈큚ᨪ琘 ᧁ 狷 λ氝渎ꮋꞷ촃旑扜褋틌﬏膡ᘃ酥꥛朔羍늆ᒬ廸矱퍏䳗槗玅ៃ≩鉨蜱숦땗嵹⚉躢檔찢忓⫁钕눌肅誎၆ 翆䄘៎櫂䂯眹ﴥ宐␞石챣쀬筴㑛㣁 㭔︬䯶匱ئ⟨䭉缁 ଈ奌㞚딽꬛⦸憂 䛂慰ꢣ곛䧴齥 ㋉Ꙑ쬉➤騀˝奥䲰牥姙佘膌୥霦脽ὥ奡៏㙐薁㊻䞁Ĺ 픀출ٛ퉸ꀐ䡛 Ý ɜ宬셥黷ᡘႂ馸脿袪䦐₆Ꞁȫ阁나츻맢摙視䵏ᱰ焦⎈溦䡥 뜀೶⣐쿐⚉脍኎倈쓘䴄݊숉띐覩衻戻튎큇㎤搀镭盙䬳ꆢ᚝ڝ㒦譃짪 昩蘤彀し㖒달Գᄏ␞褆淦⍊胹㡇⩓헅쿑賎癉 楍᝔੗仉캃ꍰ峒菷庪䁞臂䫡㎶⁦⼷Infected with: Win32.Worm.Autorun.MD


Infected with: Win32.Worm.Autorun.MD

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3318)=>[Subject: Statement of fees 2008/09][Date: Sun, 31 Aug 2008 21:43:33 -0700]=>(MIME part)=>Fees_2008-2009.zip=>Fees_2008-2009.doc.009.doc.㵘슱佺헴淀퀅ᳵᒩ๖쯴膥┳묹퍺幈큚ᨪ琘 ᧁ 狷 λ氝渎ꮋꞷ촃旑扜褋틌﬏膡ᘃ酥꥛朔羍늆ᒬ廸矱퍏䳗槗玅ៃ≩鉨蜱숦땗嵹⚉躢檔찢忓⫁钕눌肅誎၆ 翆䄘៎櫂䂯眹ﴥ宐␞石챣쀬筴㑛㣁 㭔︬䯶匱ئ⟨䭉缁 ଈ奌㞚딽꬛⦸憂 䛂慰ꢣ곛䧴齥 ㋉Ꙑ쬉➤騀˝奥䲰牥姙佘膌୥霦脽ὥ奡៏㙐薁㊻䞁Ĺ 픀출ٛ퉸ꀐ䡛 Ý ɜ宬셥黷ᡘႂ馸脿袪䦐₆Ꞁȫ阁나츻맢摙視䵏ᱰ焦⎈溦䡥 뜀೶⣐쿐⚉脍኎倈쓘䴄݊숉띐覩衻戻튎큇㎤搀镭盙䬳ꆢ᚝ڝ㒦譃짪 昩蘤彀し㖒달Գᄏ␞褆淦⍊胹㡇⩓헅쿑賎癉 楍᝔੗仉캃ꍰ峒揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3318)=>[Subject: Statement of fees 2008/09][Date: Sun, 31 Aug 2008 21:43:33 -0700]=>(MIME part)=>Fees_2008-2009.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3318)=>[Subject: Statement of fees 2008/09][Date: Sun, 31 Aug 2008 21:43:33 -0700]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3318)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3329)=>[Subject: Airmail Tracking number #2629037][Date: Mon, 1 Sep 2008 10:16:53 -0800]=>(MIME part)=>AIRMAIL_TRACKING.doc.zip=>AIRMAIL


Infected with: Trojan.FakeAlert.Gen.2

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3329)=>[Subject: Airmail Tracking number #2629037][Date: Mon, 1 Sep 2008 10:16:53 -0800]=>(MIME part)=>AIRMAIL_TRACKING.doc.zip=>AIRMAIL


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3329)=>[Subject: Airmail Tracking number #2629037][Date: Mon, 1 Sep 2008 10:16:53 -0800]=>(MIME part)=>AIRMAIL_TRACKING.doc.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3329)=>[Subject: Airmail Tracking number #2629037][Date: Mon, 1 Sep 2008 10:16:53 -0800]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3329)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3331)=>[Subject: Airmail Tracking number #9674169][Date: Mon, 1 Sep 2008 20:48:25 -0500]=>(MIME part)=>#876712.zip=>#876712.exe


Infected with: Trojan.Spy.Wsnpoem.HY

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3331)=>[Subject: Airmail Tracking number #9674169][Date: Mon, 1 Sep 2008 20:48:25 -0500]=>(MIME part)=>#876712.zip=>#876712.exe


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3331)=>[Subject: Airmail Tracking number #9674169][Date: Mon, 1 Sep 2008 20:48:25 -0500]=>(MIME part)=>#876712.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3331)=>[Subject: Airmail Tracking number #9674169][Date: Mon, 1 Sep 2008 20:48:25 -0500]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3331)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3332)=>[Subject: Statement of fees 2008/09][Date: Tue, 2 Sep 2008 15:15:47 +0930]=>(MIME part)=>Fees_2008-2009.zip=>Fees_2008-2009.doc.e


Infected with: Win32.Worm.Autorun.MK

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3332)=>[Subject: Statement of fees 2008/09][Date: Tue, 2 Sep 2008 15:15:47 +0930]=>(MIME part)=>Fees_2008-2009.zip=>Fees_2008-2009.doc.e


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3332)=>[Subject: Statement of fees 2008/09][Date: Tue, 2 Sep 2008 15:15:47 +0930]=>(MIME part)=>Fees_2008-2009.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3332)=>[Subject: Statement of fees 2008/09][Date: Tue, 2 Sep 2008 15:15:47 +0930]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3332)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3333)=>[Subject: Airmail Tracking number #9584935][Date: Tue, 2 Sep 2008 16:27:15 +0900]=>(MIME part)=>#876712.zip=>#876712.exe


Infected with: Trojan.Spy.Wsnpoem.HY

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3333)=>[Subject: Airmail Tracking number #9584935][Date: Tue, 2 Sep 2008 16:27:15 +0900]=>(MIME part)=>#876712.zip=>#876712.exe


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3333)=>[Subject: Airmail Tracking number #9584935][Date: Tue, 2 Sep 2008 16:27:15 +0900]=>(MIME part)=>#876712.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3333)=>[Subject: Airmail Tracking number #9584935][Date: Tue, 2 Sep 2008 16:27:15 +0900]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3333)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3369)=>[Subject: Airmail Tracking number #6550127][Date: Wed, 3 Sep 2008 13:47:06 -0600]=>(MIME part)=>5322412.zip=>5322412.exe


Infected with: Trojan.Spy.ZBot.KX

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3369)=>[Subject: Airmail Tracking number #6550127][Date: Wed, 3 Sep 2008 13:47:06 -0600]=>(MIME part)=>5322412.zip=>5322412.exe


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3369)=>[Subject: Airmail Tracking number #6550127][Date: Wed, 3 Sep 2008 13:47:06 -0600]=>(MIME part)=>5322412.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3369)=>[Subject: Airmail Tracking number #6550127][Date: Wed, 3 Sep 2008 13:47:06 -0600]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3369)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3371)=>[Subject: Statement of fees 2008/09][Date:?Thu, 4 Sep 2008 16:47:12 +1000]=>(MIME part)=>Fees_2007-2008.zip=>Fees_2007-2008.doc.e


Infected with: Trojan.Crypt.EE

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3371)=>[Subject: Statement of fees 2008/09][Date:?Thu, 4 Sep 2008 16:47:12 +1000]=>(MIME part)=>Fees_2007-2008.zip=>Fees_2007-2008.doc.e


Disinfection failed

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3371)=>[Subject: Statement of fees 2008/09][Date:?Thu, 4 Sep 2008 16:47:12 +1000]=>(MIME part)=>Fees_2007-2008.zip=>Fees_2007-2008.doc.e08.doc.e


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3371)=>[Subject: Statement of fees 2008/09][Date:?Thu, 4 Sep 2008 16:47:12 +1000]=>(MIME part)=>Fees_2007-2008.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3371)=>[Subject: Statement of fees 2008/09][Date:?Thu, 4 Sep 2008 16:47:12 +1000]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3371)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3407)=>[Subject: Western Union MTCN #0366396735][Date:?Sun, 7 Sep 2008 15:36:33 -0500]=>(MIME part)=>MTCN.zip=>MTCN.exe


Infected with: Trojan.Spy.ZBot.KY

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3407)=>[Subject: Western Union MTCN #0366396735][Date:?Sun, 7 Sep 2008 15:36:33 -0500]=>(MIME part)=>MTCN.zip=>MTCN.exe


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3407)=>[Subject: Western Union MTCN #0366396735][Date:?Sun, 7 Sep 2008 15:36:33 -0500]=>(MIME part)=>MTCN.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3407)=>[Subject: Western Union MTCN #0366396735][Date:?Sun, 7 Sep 2008 15:36:33 -0500]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3407)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3412)=>[Subject: Statement of fees 2008/09][Date: Mon, 8 Sep 2008 07:43:13 +0000]=>(MIME part)=>Fees_2008-2009.zip=>Fees_2008-2009.doc.eﰿҟ佶戶㞽킊駃 Ầ㈔ܻᗺू쏖磙ﭹ蒆պ䀛큡 漷窀끃㤛ῄ灰뺆脡ꅮ㸞ባ庆똤㴏뀜鬨Ꜵ붐ﻵ쨙씻뼊k驇㊪浵ᰎ憙轢 ᥖ䣶➝ै澢낏 ˀ벥搀ᰋ˗剚䄘똊ᲂ䔹䄁歕땡偖喞魇㙇ꒀ囩릌〚緉㦌䘿쀍槢ᒿ溳 죾ﴱ局⛹ 㦷䅁䁘止︮㻬镚⇃鰿ט嵫藐ૂ䗥牑搜늄塎嬶鐇쀹芲~╍ 㑖沱갹ݧ詵닀Ꮓ닃塁㯆鐅掍꫉搣⋟ ∙倂㤽垀Ā▒䃔⏩䇐⅖溰澵庌焹愄녦肸椪উ悆Ꞃ☫阓煸츺釦坽謹賧쉳瀦쎈눤䈎̀Ṁ͐ʍ駽㊨ 錨蔉벽敐⁵馸ᙹ⛪凉鸣洨唘ޖ 筕⏰뭚틛膩孴⁊鸽ꕁ箻ʓꡂ碰ꑪ࡝쟈鎹苃璨籪뮜䁃㔼䰑㡩䏯롶큻˃쌣⏢袔悀뮪贝Ꙏ߄ݬፕ耒ᡄ耽 滧ဓInfected with: Trojan.Autorun.YM


Infected with: Trojan.Autorun.YM

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3412)=>[Subject: Statement of fees 2008/09][Date: Mon, 8 Sep 2008 07:43:13 +0000]=>(MIME part)=>Fees_2008-2009.zip=>Fees_2008-2009.doc.e09.doc.eﰿҟ佶戶㞽킊駃 Ầ㈔ܻᗺू쏖磙ﭹ蒆պ䀛큡 漷窀끃㤛ῄ灰뺆脡ꅮ㸞ባ庆똤㴏뀜鬨Ꜵ붐ﻵ쨙씻뼊k驇㊪浵ᰎ憙轢 ᥖ䣶➝ै澢낏 ˀ벥搀ᰋ˗剚䄘똊ᲂ䔹䄁歕땡偖喞魇㙇ꒀ囩릌〚緉㦌䘿쀍槢ᒿ溳 죾ﴱ局⛹ 㦷䅁䁘止︮㻬镚⇃鰿ט嵫藐ૂ䗥牑搜늄塎嬶鐇쀹芲~╍ 㑖沱갹ݧ詵닀Ꮓ닃塁㯆鐅掍꫉搣⋟ ∙倂㤽垀Ā▒䃔⏩䇐⅖溰澵庌焹愄녦肸椪উ悆Ꞃ☫阓煸츺釦坽謹賧쉳瀦쎈눤䈎̀Ṁ͐ʍ駽㊨ 錨蔉벽敐⁵馸ᙹ⛪凉鸣洨唘ޖ 筕⏰뭚틛膩孴⁊鸽ꕁ箻ʓꡂ碰ꑪ࡝쟈鎹苃璨籪뮜䁃㔼䰑㡩䏯롶큻˃쌣⏢袔悀뮪贝揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3412)=>[Subject: Statement of fees 2008/09][Date: Mon, 8 Sep 2008 07:43:13 +0000]=>(MIME part)=>Fees_2008-2009.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3412)=>[Subject: Statement of fees 2008/09][Date: Mon, 8 Sep 2008 07:43:13 +0000]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3412)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3451)=>[Subject: I received a message from your bank ][Date: Tue, 9 Sep 2008 16:36:57 -0300]=>(MIME part)=>BANK_DETAILS.zip=>BANK_DETAIL㛔Ⓢ䤊貅顐杓揿Ộ夎鈾㘋ꏓ⫉䍸彔㊕垸㱗䒿跖⚌쫀䧆鴼䪈좻੓魉㥳懷듽醿ꘪຄ⭫㉇厶큵 䮷鄞璃尹 扎噂掙긏筻点曌嵸쒃帊嵛䵣榒䅎엺誤앾ᯛ摡购馬ꔨ᪑ⴋ⁵◍ 灯턵ჱ⺌泎건频쁀꓆籦쩙䎶륇◼䴃咮ᯈ予쉧ဦ軂勫ꈛ䥢玗硓⺻믄枒໢쥽ࣽ嵝홃蜘ꥲ⻯検䰌隌啴ൡ필㍵왩挍飨栗풵╲瓱죸憭ϕ퐡鏖﬊ 쳖겁㔳犲窒蘬髃ᤞᵍ뉖鋖ӻ镾燎控눪뺟ดᗧñ崒沣ﶻ믒좋孚恊둆靎勵陃䲩俙헎륤豉ꍫ⛥⒪㐵⮩ㄔ줣ፚ冬␾鬻峞絏퀢梁騹鸌晭쾰焌휛ꉛ蕍褨稧᏷궲㝓徆䡟蹶閑ꤰ赵飔邩쐱끝♖摧䭼驉뿫떕ܟ 휶㜻㈳᭚뷵輌⣯撷옛廘徣 榬蒏蹮倬✦悟Infected with: Trojan.Spy.ZBot.LB


Infected with: Trojan.Spy.ZBot.LB

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3451)=>[Subject: I received a message from your bank ][Date: Tue, 9 Sep 2008 16:36:57 -0300]=>(MIME part)=>BANK_DETAILS.zip=>BANK_DETAILK_DETAIL㛔Ⓢ䤊貅顐杓揿Ộ夎鈾㘋ꏓ⫉䍸彔㊕垸㱗䒿跖⚌쫀䧆鴼䪈좻੓魉㥳懷듽醿ꘪຄ⭫㉇厶큵 䮷鄞璃尹 扎噂掙긏筻点曌嵸쒃帊嵛䵣榒䅎엺誤앾ᯛ摡购馬ꔨ᪑ⴋ⁵◍ 灯턵ჱ⺌泎건频쁀꓆籦쩙䎶륇◼䴃咮ᯈ予쉧ဦ軂勫ꈛ䥢玗硓⺻믄枒໢쥽ࣽ嵝홃蜘ꥲ⻯検䰌隌啴ൡ필㍵왩挍飨栗풵╲瓱죸憭ϕ퐡鏖﬊ 쳖겁㔳犲窒蘬髃ᤞᵍ뉖鋖ӻ镾燎控눪뺟ดᗧñ崒沣ﶻ믒좋孚恊둆靎勵陃䲩俙헎륤豉ꍫ⛥⒪㐵⮩ㄔ줣ፚ冬␾鬻峞絏퀢梁騹鸌晭쾰焌휛ꉛ蕍褨稧᏷궲㝓徆䡟蹶閑ꤰ赵飔邩쐱끝♖摧䭼驉뿫떕ܟ 휶㜻㈳᭚뷵輌⣯撷揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3451)=>[Subject: I received a message from your bank ][Date: Tue, 9 Sep 2008 16:36:57 -0300]=>(MIME part)=>BANK_DETAILS.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3451)=>[Subject: I received a message from your bank ][Date: Tue, 9 Sep 2008 16:36:57 -0300]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3451)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3457)=>[Subject: Credit card transaction report][Date: Wed, 10 Sep 2008 10:43:54 +0100]=>(MIME part)=>Report.zip=>Report.doc 讣 옇ᬅ墰菳ঌ棦Ẃᗆ⑱恸ᘱ磮ꎴꐋ급㐄ꂽ⚋ቨ磱蘴䝀쨸 ౝ鰽軰揸ယԭ쐒藣揆摻ኑ晨疄稡冣ᢎ漗ڴ䇢⊯ꇺ皬 ᓁ疏͆恥ɰ郞 훘뷁騁혥臚通倡콝謙嶀塾ڼ虤⏰ 낚㑓픐䊁溎歀밋옣ᯏꃰ⁣༭鰿섣緙䊑ơ蜁諒墆鮌뿆ޣ 未䂔돟덈绨ᦘ炆૭⡑웓吨כּﮣ凪螨㒿傣삔〹墧嘞䊍쒕舨캲ᑁ 公璨난᭬꾨╣숞섩聾ࣳɒ ੃ࡋ耧⿀뚖헂罳協䴊缁䗏胾닜禫懲롂鴢맆䭺䋶㩓圆뎄쁪 鴩劥콱雅凕 ﷧ 尕둗쀗 䝐鞪觗쏶 ᭵뫡롾Ὦ띜䮤꬝ጓਔ欇各ꃭ⻣尃갉 ⶨ؇⹒龲ォ㣔ꃢ䊏풵繑嘂穚᳋勑ȷ﹦ᚖ⚸溃സ쮇䘒㯸愭Ⱞ郃ꑖ䲣݀ Ӯłۿ〸Infected with: Win32.Worm.Autorun.MF


Infected with: Win32.Worm.Autorun.MF

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3457)=>[Subject: Credit card transaction report][Date: Wed, 10 Sep 2008 10:43:54 +0100]=>(MIME part)=>Report.zip=>Report.doc 讣 옇ᬅ墰菳ঌ棦Ẃᗆ⑱恸ᘱ磮ꎴꐋ급㐄ꂽ⚋ቨ磱蘴䝀쨸 ౝ鰽軰揸ယԭ쐒藣揆摻ኑ晨疄稡冣ᢎ漗ڴ䇢⊯ꇺ皬 ᓁ疏͆恥ɰ郞 훘뷁騁혥臚通倡콝謙嶀塾ڼ虤⏰ 낚㑓픐䊁溎歀밋옣ᯏꃰ⁣༭鰿섣緙䊑ơ蜁諒墆鮌뿆ޣ 未䂔돟덈绨ᦘ炆૭⡑웓吨כּﮣ凪螨㒿傣삔〹墧嘞䊍쒕舨캲ᑁ 公璨난᭬꾨╣숞섩聾ࣳɒ ੃ࡋ耧⿀뚖헂罳協䴊缁䗏胾닜禫懲롂鴢맆䭺䋶㩓圆뎄쁪 鴩劥콱雅凕 ﷧ 尕둗쀗 䝐鞪觗쏶 ᭵뫡롾Ὦ띜䮤꬝ጓਔ欇各ꃭ⻣尃갉 ⶨ؇⹒龲ォ㣔ꃢ䊏풵繑嘂穚᳋勑ȷ﹦ᚖ⚸溃സ쮇䘒㯸愭Ⱞ郃揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3457)=>[Subject: Credit card transaction report][Date: Wed, 10 Sep 2008 10:43:54 +0100]=>(MIME part)=>Report.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3457)=>[Subject: Credit card transaction report][Date: Wed, 10 Sep 2008 10:43:54 +0100]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3457)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3462)=>[Subject: I received a message from your bank ][Date: Wed, 10 Sep 2008 12:50:30 +0100]=>(MIME part)=>BANK_DETAILS.zip=>BANK_DETAI㛔Ⓢ䤊貅顐杓揿Ộ夎鈾㘋ꏓ⫉䍸彔㊕垸㱗䒿跖⚌쫀䧆鴼䪈좻੓魉㥳懷듽醿ꘪຄ⭫㉇厶큵 䮷鄞璃尹 扎噂掙긏筻点曌嵸쒃帊嵛䵣榒䅎엺誤앾ᯛ摡购馬ꔨ᪑ⴋ⁵◍ 灯턵ჱ⺌泎건频쁀꓆籦쩙䎶륇◼䴃咮ᯈ予쉧ဦ軂勫ꈛ䥢玗硓⺻믄枒໢쥽ࣽ嵝홃蜘ꥲ⻯検䰌隌啴ൡ필㍵왩挍飨栗풵╲瓱죸憭ϕ퐡鏖﬊ 쳖겁㔳犲窒蘬髃ᤞᵍ뉖鋖ӻ镾燎控눪뺟ดᗧñ崒沣ﶻ믒좋孚恊둆靎勵陃䲩俙헎륤豉ꍫ⛥⒪㐵⮩ㄔ줣ፚ冬␾鬻峞絏퀢梁騹鸌晭쾰焌휛ꉛ蕍褨稧᏷궲㝓徆䡟蹶閑ꤰ赵飔邩쐱끝♖摧䭼驉뿫떕ܟ 휶㜻㈳᭚뷵輌⣯撷옛廘徣 榬蒏蹮倬✦悟Infected with: Trojan.Spy.ZBot.LB


Infected with: Trojan.Spy.ZBot.LB

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3462)=>[Subject: I received a message from your bank ][Date: Wed, 10 Sep 2008 12:50:30 +0100]=>(MIME part)=>BANK_DETAILS.zip=>BANK_DETAINK_DETAI㛔Ⓢ䤊貅顐杓揿Ộ夎鈾㘋ꏓ⫉䍸彔㊕垸㱗䒿跖⚌쫀䧆鴼䪈좻੓魉㥳懷듽醿ꘪຄ⭫㉇厶큵 䮷鄞璃尹 扎噂掙긏筻点曌嵸쒃帊嵛䵣榒䅎엺誤앾ᯛ摡购馬ꔨ᪑ⴋ⁵◍ 灯턵ჱ⺌泎건频쁀꓆籦쩙䎶륇◼䴃咮ᯈ予쉧ဦ軂勫ꈛ䥢玗硓⺻믄枒໢쥽ࣽ嵝홃蜘ꥲ⻯検䰌隌啴ൡ필㍵왩挍飨栗풵╲瓱죸憭ϕ퐡鏖﬊ 쳖겁㔳犲窒蘬髃ᤞᵍ뉖鋖ӻ镾燎控눪뺟ดᗧñ崒沣ﶻ믒좋孚恊둆靎勵陃䲩俙헎륤豉ꍫ⛥⒪㐵⮩ㄔ줣ፚ冬␾鬻峞絏퀢梁騹鸌晭쾰焌휛ꉛ蕍褨稧᏷궲㝓徆䡟蹶閑ꤰ赵飔邩쐱끝♖摧䭼驉뿫떕ܟ 휶㜻㈳᭚뷵輌⣯撷揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3462)=>[Subject: I received a message from your bank ][Date: Wed, 10 Sep 2008 12:50:30 +0100]=>(MIME part)=>BANK_DETAILS.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3462)=>[Subject: I received a message from your bank ][Date: Wed, 10 Sep 2008 12:50:30 +0100]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3462)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3488)=>[Subject: Problems with delivery][Date:?Thu, 11 Sep 2008 14:57:21 +0000]=>(MIME part)=>ups_invoice.zip=>ups_invoice.exe


Infected with: Trojan.Spy.ZBot.LH

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3488)=>[Subject: Problems with delivery][Date:?Thu, 11 Sep 2008 14:57:21 +0000]=>(MIME part)=>ups_invoice.zip=>ups_invoice.exe


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3488)=>[Subject: Problems with delivery][Date:?Thu, 11 Sep 2008 14:57:21 +0000]=>(MIME part)=>ups_invoice.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3488)=>[Subject: Problems with delivery][Date:?Thu, 11 Sep 2008 14:57:21 +0000]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3488)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3489)=>[Subject: Reply: A report on radiation contamina][Date: Thu, 11 Sep 2008 20:31:51 -0600]=>(MIME part)=>victims.zip=>victims.exe


Infected with: Trojan.FakeAntivirus.Gen

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3489)=>[Subject: Reply: A report on radiation contamina][Date: Thu, 11 Sep 2008 20:31:51 -0600]=>(MIME part)=>victims.zip=>victims.exe


Disinfection failed

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3489)=>[Subject: Reply: A report on radiation contamina][Date: Thu, 11 Sep 2008 20:31:51 -0600]=>(MIME part)=>victims.zip=>victims.exe


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3489)=>[Subject: Reply: A report on radiation contamina][Date: Thu, 11 Sep 2008 20:31:51 -0600]=>(MIME part)=>victims.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3489)=>[Subject: Reply: A report on radiation contamina][Date: Thu, 11 Sep 2008 20:31:51 -0600]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3489)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3507)=>[Subject: Statement of fees 2008/09][Date: Fri, 12 Sep 2008 20:50:16 -0500]=>(MIME part)=>Fees_2008-2009.zip=>Fees_2008-2009.doc.


Infected with: Trojan.Spy.Agent.NYH

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3507)=>[Subject: Statement of fees 2008/09][Date: Fri, 12 Sep 2008 20:50:16 -0500]=>(MIME part)=>Fees_2008-2009.zip=>Fees_2008-2009.doc.009.doc.


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3507)=>[Subject: Statement of fees 2008/09][Date: Fri, 12 Sep 2008 20:50:16 -0500]=>(MIME part)=>Fees_2008-2009.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3507)=>[Subject: Statement of fees 2008/09][Date: Fri, 12 Sep 2008 20:50:16 -0500]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3507)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3517)=>[Subject: Permit for retirement][Date: Mon, 15 Sep 2008 08:30:01 +0000]=>(MIME part)=>contract_I1.zip=>contract_I1.doc.exe


Infected with: Win32.Worm.Autorun.MN

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3517)=>[Subject: Permit for retirement][Date: Mon, 15 Sep 2008 08:30:01 +0000]=>(MIME part)=>contract_I1.zip=>contract_I1.doc.exe


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3517)=>[Subject: Permit for retirement][Date: Mon, 15 Sep 2008 08:30:01 +0000]=>(MIME part)=>contract_I1.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3517)=>[Subject: Permit for retirement][Date: Mon, 15 Sep 2008 08:30:01 +0000]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3517)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3560)=>[Subject: Statement of fees 2008/09][Date:?Wed, 17 Sep 2008 21:41:52 +1200]=>(MIME part)=>Fees_2008-2009.zip=>Fees_2008-2009.doc.Ϣꊰ퀲뭗㴜磿쎸罝㯎큘힃콘䱚ffl鶣섐푆둎၎萉ᖖ㘢⁤驕믰䖉脐尡맧珮د쩺ꪐ鱥⽞쪦 돐➋ꉍꭥꉛ몍咀鑁 隉휛릒甌唌桀䎩䨣踮쌳丄﵀퀤芚匤═딗襢毚瓥ⶆ×ᖱ峓⧍祈嶅 紂 ⃦⿜蛉ᓓ㣾詭辻ᴳ➄᱊ꤎ蔲㪇䴋磛㰮⎖箈兏閲 ࿤觟裐ᗟ៓矤㐒ூ 䉏툂䄁ᓵ茕胫Ð Ê皮㐀隌膄㰥 ⫕Ⱉ嬺ഃᏁ용眫ꖢ傑틊 ﮢ઄尉꤈ꮜ醒僤喵茭⭾ሼ狘ワᔪ⿝ƃᛎ풩虀梈⵮⥉䄤纤擼ꈽ逢偆꛿ഏఌఌఌఌఌఌఌఌఌఌఌఌఌఌఌఌఌఌఌఌఌఌ뾌⬝๰ٜ棎ಫ殀 棙秔樀桗킳耑妯舓⭶⛴૲​돽沚紀쀋䶽鰀턩놀ᓷﱟ⿷錂㦕鹭싂窪䬑ﳤ郖ᔬ讚஗뫪侔靖䵵嶺⹛阜퉧Infected with: Trojan.Kobcka.FL


Infected with: Trojan.Kobcka.FL

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3560)=>[Subject: Statement of fees 2008/09][Date:?Wed, 17 Sep 2008 21:41:52 +1200]=>(MIME part)=>Fees_2008-2009.zip=>Fees_2008-2009.doc.009.doc.Ϣꊰ퀲뭗㴜磿쎸罝㯎큘힃콘䱚ffl鶣섐푆둎၎萉ᖖ㘢⁤驕믰䖉脐尡맧珮د쩺ꪐ鱥⽞쪦 돐➋ꉍꭥꉛ몍咀鑁 隉휛릒甌唌桀䎩䨣踮쌳丄﵀퀤芚匤═딗襢毚瓥ⶆ×ᖱ峓⧍祈嶅 紂 ⃦⿜蛉ᓓ㣾詭辻ᴳ➄᱊ꤎ蔲㪇䴋磛㰮⎖箈兏閲 ࿤觟裐ᗟ៓矤㐒ூ 䉏툂䄁ᓵ茕胫Ð Ê皮㐀隌膄㰥 ⫕Ⱉ嬺ഃᏁ용眫ꖢ傑틊 ﮢ઄尉꤈ꮜ醒僤喵茭⭾ሼ狘ワᔪ⿝ƃᛎ풩虀梈⵮⥉䄤纤擼ꈽ逢偆꛿ഏఌఌఌఌఌఌఌఌఌఌఌఌఌఌఌఌఌఌఌఌఌఌ뾌⬝๰ٜ棎ಫ殀 棙秔樀桗킳耑妯舓⭶⛴૲​돽沚紀쀋䶽鰀턩놀ᓷﱟ⿷錂㦕鹭싂窪䬑ﳤ郖ᔬ讚揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3560)=>[Subject: Statement of fees 2008/09][Date:?Wed, 17 Sep 2008 21:41:52 +1200]=>(MIME part)=>Fees_2008-2009.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3560)=>[Subject: Statement of fees 2008/09][Date:?Wed, 17 Sep 2008 21:41:52 +1200]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3560)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3719)=>[Subject: [NO-REPLY] UPS Tracking Number 3505530][Date: Mon, 29 Sep 2008 07:17:35 -0500]=>(MIME part)=>UPS_letter.zip=>UPS_letter㸵毲᫚욙☆裉뽽辞꽏廒兰휾﨧귝⨻촉鄿உ㩑噄ⶾ諏塑벅㢑薍彵鍪ꗗᔗ뾐ѐ␱貘ᖶ॑ﳯ鶬怢뚾權컶披턄ꅡᴘ鶂푝歝녻⻱噈纷𥳐芮䏍㰳葹哆Ⱦ䚻뚜Ⴡ蓑碕筻↯ナ륗貳노ﳡꈋ㑴雹遖寉嗍㕒塚⮊䞲邝鷁톊촲១ሕ男֊璅⢄㒷嚵䰣ᗧᙹ੪鉦 ᭊ썝䶃뗐莟ᖷ㲍첢廜篩糢艐襁 뺇ꎯ䁷鑑黝﫜心邅僘찞챓먥곈ؚ쮕答팝ꥹ쇥閐뾥劣⾟菣끭똍㛁ۘ惛氛涃ධ솶ῶᛚ萇ö耧쁓퀮倂ᄜଚՌæ恬 㘅弁夁鹀痖랸쌀ႜེ ~ ฀┃◀ ॸ鮌킍᭺.쁤䀷倎将娇ᆀ쁳〶 㫀 髈랣ṱ럮ꞁ郀㯇 ی聼샅‪ 븇縅䨂箂怛༾즡泀 क़֬ζ?䂅瀥 였䟌່ðʖ怒糫춽로ʗ䀵퀽ఁ⁣Ĵְͦ샮Infected with: Win32.Worm.Autorun.MV


Infected with: Win32.Worm.Autorun.MV

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3719)=>[Subject: [NO-REPLY] UPS Tracking Number 3505530][Date: Mon, 29 Sep 2008 07:17:35 -0500]=>(MIME part)=>UPS_letter.zip=>UPS_letterS_letter㸵毲᫚욙☆裉뽽辞꽏廒兰휾﨧귝⨻촉鄿உ㩑噄ⶾ諏塑벅㢑薍彵鍪ꗗᔗ뾐ѐ␱貘ᖶ॑ﳯ鶬怢뚾權컶披턄ꅡᴘ鶂푝歝녻⻱噈纷𥳐芮䏍㰳葹哆Ⱦ䚻뚜Ⴡ蓑碕筻↯ナ륗貳노ﳡꈋ㑴雹遖寉嗍㕒塚⮊䞲邝鷁톊촲១ሕ男֊璅⢄㒷嚵䰣ᗧᙹ੪鉦 ᭊ썝䶃뗐莟ᖷ㲍첢廜篩糢艐襁 뺇ꎯ䁷鑑黝﫜心邅僘찞챓먥곈ؚ쮕答팝ꥹ쇥閐뾥劣⾟菣끭똍㛁ۘ惛氛涃ධ솶ῶᛚ萇ö耧쁓퀮倂ᄜଚՌæ恬 㘅弁夁鹀痖랸쌀ႜེ ~ ฀┃◀ ॸ鮌킍᭺.쁤䀷倎将娇ᆀ쁳〶 㫀 髈랣ṱ럮ꞁ郀㯇 ی聼샅‪ 븇縅䨂箂怛༾즡泀 क़֬ζ?䂅瀥 였䟌່ðʖ怒糫춽揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3719)=>[Subject: [NO-REPLY] UPS Tracking Number 3505530][Date: Mon, 29 Sep 2008 07:17:35 -0500]=>(MIME part)=>UPS_letter.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3719)=>[Subject: [NO-REPLY] UPS Tracking Number 3505530][Date: Mon, 29 Sep 2008 07:17:35 -0500]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3719)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3906)=>[Subject: Statement of fees 2008/09][Date:?Fri, 10 Oct 2008 08:20:11 -0500]=>(MIME part)=>Fees_2008-2009.zip=>Fees_2008-2009.doc.▅ᔲ盢ꏛ䖎偙罋퇄ś㆞缉彾ቾᅪᡅ蔞⩛嬁 ᝝絸᾵ၨꖟ닎ꊏꍉ┄⦼ꋶజ䊓쉑䰟쏚屏 죹庀⮉햍띞铨髎 嚶䭧ス買ᄲ톙驷y輪퐮圑학㮜䗟窊Ώ⦗ဲ摷ⶒ鏀步䳢ᡵ㥓Ἦꃡ샐र⹡絑Ԋ뙗ꛞポ襨괊㒙奵෣ 猟ᨳ퍀䢝맷ᘀl鐟鋚瀝ৡ诡䞄民⦢䩛梷̞磁횋諭ᘘ黐是⋻陀྿䄴ㄍ취㘂겣ꓷŖ瘽✦㾞 ꧲ ꆱ泵贷腇䕬构뽅힀 訾揵䷑みಎ織笓髗ⶉ⍻燑ᓚᦽ῀⸵€⳴榅ᣩꘌ鿥婣 ᡥᛦ졄䧐짃䛤輥ⱓ꾂䌗▽⸷쫎ґ棦瀔￝ꑕ㇦띢䳊龟꣺ Ύ蜨꫊鬜㉛龄ͩ॓쳤⣙ዷ北㛲뽋巹᣿㒼笫⦑娽圎ᜪ봟ϼ૨᝝သ䊦ჾ네聅┱憙뀶ꌻ閨ᅨꀈInfected with: Win32.Worm.Autorun.NK


Infected with: Win32.Worm.Autorun.NK

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3906)=>[Subject: Statement of fees 2008/09][Date:?Fri, 10 Oct 2008 08:20:11 -0500]=>(MIME part)=>Fees_2008-2009.zip=>Fees_2008-2009.doc.009.doc.▅ᔲ盢ꏛ䖎偙罋퇄ś㆞缉彾ቾᅪᡅ蔞⩛嬁 ᝝絸᾵ၨꖟ닎ꊏꍉ┄⦼ꋶజ䊓쉑䰟쏚屏 죹庀⮉햍띞铨髎 嚶䭧ス買ᄲ톙驷y輪퐮圑학㮜䗟窊Ώ⦗ဲ摷ⶒ鏀步䳢ᡵ㥓Ἦꃡ샐र⹡絑Ԋ뙗ꛞポ襨괊㒙奵෣ 猟ᨳ퍀䢝맷ᘀl鐟鋚瀝ৡ诡䞄民⦢䩛梷̞磁횋諭ᘘ黐是⋻陀྿䄴ㄍ취㘂겣ꓷŖ瘽✦㾞 ꧲ ꆱ泵贷腇䕬构뽅힀 訾揵䷑みಎ織笓髗ⶉ⍻燑ᓚᦽ῀⸵€⳴榅ᣩꘌ鿥婣 ᡥᛦ졄䧐짃䛤輥ⱓ꾂䌗▽⸷쫎ґ棦瀔￝ꑕ㇦띢䳊龟꣺ Ύ蜨꫊鬜㉛龄ͩ॓쳤⣙ዷ北㛲뽋巹᣿㒼笫⦑娽圎ᜪ봟ϼ૨᝝သ䊦ჾ네揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3906)=>[Subject: Statement of fees 2008/09][Date:?Fri, 10 Oct 2008 08:20:11 -0500]=>(MIME part)=>Fees_2008-2009.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3906)=>[Subject: Statement of fees 2008/09][Date:?Fri, 10 Oct 2008 08:20:11 -0500]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3906)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3914)=>[Subject: [NO-REPLY] UPS Tracking Number 4630715][Date: Sun, 12 Oct 2008 15:51:50 -0700]=>(MIME part)=>UPS_Letter.zip=>UPS_Letter鲙욅ⱝ俞甏 ᵟ䐻뛓釗䡤َㆩ黼鋷⚔愪ﲲ졘琺巧ற翬ﷴ⌅賮㐦㙫㑐㑺踖㬼읢먌㹏䯗魂哬䋈膤永ᰎ蟱輸颈Ӗ獻⬨㗅经௝缒ݏ曽譼䈶꓈磗緤垉ꏐ쪾఼ 焽岑髡ꈚ㓈 ࢜碓肐‼ӥ㦞瞢怖䶟礼ᒝ笐㐐ᷚ俈雏춭㾻㉔튎૓釵뺇語櫼ⲛ࿤ﺩ詀䀝㧊 롩竵暈幱썝쐲媢쬖Ȩʈ 譐撹뢼Ӵ釸 娩἟少๳엝覎✚Ѝ䈚Ϯ쥪ñ쟎냥恺( ﮼漢炙7㈄ﶃ햯᱒繝䲄脭쀯냓畔ꀎ퀍␪꾈噔跀峁마祶疶앁簚돗蒓뭊㙋 ᭴㽿๶ 쨼箐٧輀崁ᡀ欵왴슑㡄ᕓھ嫄㬳霚麥慾漦ꩣ埈闦낇脕싁琻鲓뎀鶗竆旪⁳ᵍ뢰騖郖ၞᰌ䎟枓뼬膰篴壽餷摟將텮笭總쒖䃨Infected with: Trojan.Agent.AKOI


Infected with: Trojan.Agent.AKOI

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3914)=>[Subject: [NO-REPLY] UPS Tracking Number 4630715][Date: Sun, 12 Oct 2008 15:51:50 -0700]=>(MIME part)=>UPS_Letter.zip=>UPS_LetterS_Letter鲙욅ⱝ俞甏 ᵟ䐻뛓釗䡤َㆩ黼鋷⚔愪ﲲ졘琺巧ற翬ﷴ⌅賮㐦㙫㑐㑺踖㬼읢먌㹏䯗魂哬䋈膤永ᰎ蟱輸颈Ӗ獻⬨㗅经௝缒ݏ曽譼䈶꓈磗緤垉ꏐ쪾఼ 焽岑髡ꈚ㓈 ࢜碓肐‼ӥ㦞瞢怖䶟礼ᒝ笐㐐ᷚ俈雏춭㾻㉔튎૓釵뺇語櫼ⲛ࿤ﺩ詀䀝㧊 롩竵暈幱썝쐲媢쬖Ȩʈ 譐撹뢼Ӵ釸 娩἟少๳엝覎✚Ѝ䈚Ϯ쥪ñ쟎냥恺( ﮼漢炙7㈄ﶃ햯᱒繝䲄脭쀯냓畔ꀎ퀍␪꾈噔跀峁마祶疶앁簚돗蒓뭊㙋 ᭴㽿๶ 쨼箐٧輀崁ᡀ欵왴슑㡄ᕓھ嫄㬳霚麥慾漦ꩣ埈闦낇脕싁琻鲓뎀鶗竆旪⁳ᵍ뢰騖郖ၞᰌ䎟枓뼬膰篴壽餷揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3914)=>[Subject: [NO-REPLY] UPS Tracking Number 4630715][Date: Sun, 12 Oct 2008 15:51:50 -0700]=>(MIME part)=>UPS_Letter.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3914)=>[Subject: [NO-REPLY] UPS Tracking Number 4630715][Date: Sun, 12 Oct 2008 15:51:50 -0700]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 3914)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4008)=>[Subject: admin Report 1/1/2008 - 10/1/2008.][Date: Mon, 20 Oct 2008 09:56:15 +0100]=>(MIME part)=>Statement1-10.zip=>Statement 1鉬棒軪鴆 䯴诗㉜̣ᛲ귞蒸⍰跅ᗋㅄ霒흹ꊎ䰈ꗻ澋諵⍤穇攭슒뀉㬛〱멢៪枮擏ﳨ촰手䧻䲊쬪㝺਌ꃂ蘃點簨ꈰ懊⼗㟄鵤 쓍͞䙉볋 鼊흭﬍╱곸ᷤꣃ普蘢짰鴹∇㾣佳풢鯮玮뇗 刹쵊觢鄎 鬻㣬셪貙ᾅ攷딮此ꑶ协⨙楂䗖䬱휒婤ꉱ鄍凃ㆾ弙价⾢崪خ T㐘Ɉ 悯׈旉㴞⏗焥獋✯䝞含ᶋ 뇧暍ᔆ躻耽奬☡틂淬喔ꭲ绫纉괹萺 㥥渒ᓈ␈黖쪴ㆽ說쭌楑鍦◴瀧હ죣胘쁊ꆺ俊쯪즀앾㙰☐邾節⩟胤娢浞푬Ⱗ弧ãំ꾑倽뢗㍡歫ҽ鳶ꖃ帘ᤨﰿ㿤욗ὀ쯰娹䲐岂⢺ㅮ雓䤺⬛錆嵆䚳矑쬨醐랐⦣켉絆轚⣾ꉪ硞蜃侒뜳⊟ᳶ蛸먱餬⤦쾏枓긼쫸脅᱈뒫넀Infected with: Trojan.Kobcka.GI


Infected with: Trojan.Kobcka.GI

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4008)=>[Subject: admin Report 1/1/2008 - 10/1/2008.][Date: Mon, 20 Oct 2008 09:56:15 +0100]=>(MIME part)=>Statement1-10.zip=>Statement 1tement 1鉬棒軪鴆 䯴诗㉜̣ᛲ귞蒸⍰跅ᗋㅄ霒흹ꊎ䰈ꗻ澋諵⍤穇攭슒뀉㬛〱멢៪枮擏ﳨ촰手䧻䲊쬪㝺਌ꃂ蘃點簨ꈰ懊⼗㟄鵤 쓍͞䙉볋 鼊흭﬍╱곸ᷤꣃ普蘢짰鴹∇㾣佳풢鯮玮뇗 刹쵊觢鄎 鬻㣬셪貙ᾅ攷딮此ꑶ协⨙楂䗖䬱휒婤ꉱ鄍凃ㆾ弙价⾢崪خ T㐘Ɉ 悯׈旉㴞⏗焥獋✯䝞含ᶋ 뇧暍ᔆ躻耽奬☡틂淬喔ꭲ绫纉괹萺 㥥渒ᓈ␈黖쪴ㆽ說쭌楑鍦◴瀧હ죣胘쁊ꆺ俊쯪즀앾㙰☐邾節⩟胤娢浞푬Ⱗ弧ãំ꾑倽뢗㍡歫ҽ鳶ꖃ帘ᤨﰿ㿤욗ὀ쯰娹䲐岂⢺ㅮ雓䤺⬛錆嵆䚳矑쬨醐랐⦣켉絆轚⣾ꉪ硞蜃侒뜳⊟ᳶ蛸먱餬揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4008)=>[Subject: admin Report 1/1/2008 - 10/1/2008.][Date: Mon, 20 Oct 2008 09:56:15 +0100]=>(MIME part)=>Statement1-10.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4008)=>[Subject: admin Report 1/1/2008 - 10/1/2008.][Date: Mon, 20 Oct 2008 09:56:15 +0100]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4008)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4027)=>[Subject: Tracking N 5505512361][Date: Tue, 21 Oct 2008 15:11:45 -0500]=>(MIME part)=>INVOICE_7761662.doc.rar=>INVOICE_7761662.do專ఌᾙ殾䰙蘽ꞕ픎蝱ឋ喸霩苶蔫ℝﳡ轳掔먓̃壯藰蔨໔鋼⸇◺࿔ธẽ￾偢ꅑ蜲僔徹귨췷໽弝ᰳ픲醟þ嵼螞笌䔹彿购ᖫ噟꓏㯄뵰釦䕣㣁ꤑ肔㜶;ヶ沪뫙뽰얊左ऌ猾 쀔耘ݾ肽詥쁫穫鑮浜 聺覀ፊ쀸賿ṏ븈ၹ㰝⤀ 袔ᶐ랇⶞ᔷ݆ ᱞ' 懲쉶鼎쵢␗료㛇 뀺퀆㴨韩 叾䌱ϖᕕ꿶 指⡏戄ூ閉 ഀ悻陀똷 䀍씱ᕏ❘崀ꐍﱲ雈믢뜯ϕ鎥㬡ⵖ篨΃梣럐ᜦ 罢벳 崨司狍哼닰滆ꦏ辟飰璁竞ϟ胼쨾彼糀놙鼒哬ജ逭⼾芅撉稇⑏溩攁㜄Ꞅ∱⵭旗莐뗗ꀑ콺꯱첿韵踷ᷲ돰ﱼ㺄듆⟀즌픉쵏翍誐ᰀ譳侵❗㟟歷獯㵈ó榺Infected with: Trojan.Spy.ZBot.MM


Infected with: Trojan.Spy.ZBot.MM

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4027)=>[Subject: Tracking N 5505512361][Date: Tue, 21 Oct 2008 15:11:45 -0500]=>(MIME part)=>INVOICE_7761662.doc.rar=>INVOICE_7761662.do61662.do專ఌᾙ殾䰙蘽ꞕ픎蝱ឋ喸霩苶蔫ℝﳡ轳掔먓̃壯藰蔨໔鋼⸇◺࿔ธẽ￾偢ꅑ蜲僔徹귨췷໽弝ᰳ픲醟þ嵼螞笌䔹彿购ᖫ噟꓏㯄뵰釦䕣㣁ꤑ肔㜶;ヶ沪뫙뽰얊左ऌ猾 쀔耘ݾ肽詥쁫穫鑮浜 聺覀ፊ쀸賿ṏ븈ၹ㰝⤀ 袔ᶐ랇⶞ᔷ݆ ᱞ' 懲쉶鼎쵢␗료㛇 뀺퀆㴨韩 叾䌱ϖᕕ꿶 指⡏戄ூ閉 ഀ悻陀똷 䀍씱ᕏ❘崀ꐍﱲ雈믢뜯ϕ鎥㬡ⵖ篨΃梣럐ᜦ 罢벳 崨司狍哼닰滆ꦏ辟飰璁竞ϟ胼쨾彼糀놙鼒哬ജ逭⼾芅撉稇⑏溩攁㜄Ꞅ∱⵭旗莐뗗ꀑ콺꯱첿韵踷ᷲ돰ﱼ㺄듆⟀즌픉쵏翍誐ᰀ譳侵揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4027)=>[Subject: Tracking N 5505512361][Date: Tue, 21 Oct 2008 15:11:45 -0500]=>(MIME part)=>INVOICE_7761662.doc.rar


Update failed

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4076)=>[Subject: Admin Tracking][Date: Mon, 27 Oct 2008 08:47:10 -0400]=>(MIME part)=>Tracking_s10.08.zip=>Tracking_s10.08.doc 헣댖驙롤㞳퓑褱甩㈲鐘 䛇袓物Ⰸ荰볺皦ણ㯜覈ᴩꯂ⡭跬姼쑝Ħ 㦞냣辜魳是柟ꭃ틟ᮕ 巓漦緐꯶鲹Ǎ噢匎惯⻪ⓦ躉ᣰ駽잟甤ꑆ墕㗝뢅㈹立㎑墡뺅䯪얋㫂콓䛜呏朗嚱㉩骕┌씃羅ᘹ鳯鹸僙棪滱쪘㖫㝔뱛磣᫷ᬢ㒧澬㉆珳╄ᇍ胘᳟㝙릭睝緮臅铀㜸毫᭙朵䦿宺媢눭뇈퓁躽湷덪ȸꬋ䏎蚁똸〨꽎雦◗㪙㌴ต 죯퍔駄箢讼虉ᝣ艱藒족쌷䜡兟匦進忴얪붲ャ毅פּᾁ䪀 徜ᨧ 挃缀 疺峝埜㬃؀ࢸÔꀖヷ憢ᢀຘ聨蘏흙࡞Ҝ®職胇㮓㽑༘᷀„Ǔ逥簍滨}胻샓 ໪Čņ脓ꅈ徕ﮉ恂뀅 츅㜃ځ 鄇쏀⿊㷁 찍阇궀ǀ ㏰൐ȼ硺돢쐀嚞⮸䖁狀 ѐƔȿⴵ鶼ᎆInfected with: Trojan.Agent.AKUF


Infected with: Trojan.Agent.AKUF

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4076)=>[Subject: Admin Tracking][Date: Mon, 27 Oct 2008 08:47:10 -0400]=>(MIME part)=>Tracking_s10.08.zip=>Tracking_s10.08.doc 헣댖驙롤㞳퓑褱甩㈲鐘 䛇袓物Ⰸ荰볺皦ણ㯜覈ᴩꯂ⡭跬姼쑝Ħ 㦞냣辜魳是柟ꭃ틟ᮕ 巓漦緐꯶鲹Ǎ噢匎惯⻪ⓦ躉ᣰ駽잟甤ꑆ墕㗝뢅㈹立㎑墡뺅䯪얋㫂콓䛜呏朗嚱㉩骕┌씃羅ᘹ鳯鹸僙棪滱쪘㖫㝔뱛磣᫷ᬢ㒧澬㉆珳╄ᇍ胘᳟㝙릭睝緮臅铀㜸毫᭙朵䦿宺媢눭뇈퓁躽湷덪ȸꬋ䏎蚁똸〨꽎雦◗㪙㌴ต 죯퍔駄箢讼虉ᝣ艱藒족쌷䜡兟匦進忴얪붲ャ毅פּᾁ䪀 徜ᨧ 挃缀 疺峝埜㬃؀ࢸÔꀖヷ憢ᢀຘ聨蘏흙࡞Ҝ®職胇㮓㽑༘᷀„Ǔ逥簍滨}胻샓 ໪Čņ脓ꅈ徕ﮉ恂뀅 츅㜃ځ 鄇쏀⿊㷁 찍阇궀ǀ ㏰൐ȼ硺돢쐀嚞⮸揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4076)=>[Subject: Admin Tracking][Date: Mon, 27 Oct 2008 08:47:10 -0400]=>(MIME part)=>Tracking_s10.08.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4076)=>[Subject: Admin Tracking][Date: Mon, 27 Oct 2008 08:47:10 -0400]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4076)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4086)=>[Subject: Admin Instruction on Recovery ][Date: Tue, 28 Oct 2008 16:53:21 +0800]=>(MIME part)=>Account_instruction.zip=>Account_i뾫㜶箐︅콱ꓽ驳ꜿᓌ궇ﯮ몛 㖼 튽ᔱ낃玍箁ﷂ﹉ኅ蘯쿑蔗凌蒎ᨱﳿ흒蚫먳鎥묞鼪π૶궵앁籽즨ꋪ嚈읶鐐串浡אַ룪宍⺦ⷀ帮槺潧㄄䚹纬훼녜㽟꯷晽㻤ᳺ뒡乡땼遧霾ꉞ쓲쮙艍뚂紜 졭 磊䟋眥햳蒗鯍⢨坴渿⢣꩞곪쮬摍煝円軗Ꜻ필贾槑殑鴊ᩍ裏ᬚუ쳃๺樜歛鈜줖蹹熑鱭쏟᪦띂隩疸㛚宓ਖ쏫⍪煚媲캛䗔䰎엍啝揉벹僸銦操㜕厍잘냺늶걹᳻㒲ꪡ媳捫殘襜㥔嗏嬛푳竼万뜄ꦚ쎪꘎호⧅꣏ꨑ꿫쟽浪붪꽪뿚㫕◵ߪɸ脓삙쀇′ ᰅ਀劀 ׂ Ά䁾〨 ሁᒁ װၰ߈Ŋ倍 ㇟迒෈ 膣速줁⩀ධ૸ ܜپ﯊씿侎ꁈ䰍䈀 क़Ƥ_Infected with: Trojan.Agent.AKVO


Infected with: Trojan.Agent.AKVO

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4086)=>[Subject: Admin Instruction on Recovery ][Date: Tue, 28 Oct 2008 16:53:21 +0800]=>(MIME part)=>Account_instruction.zip=>Account_iccount_i뾫㜶箐︅콱ꓽ驳ꜿᓌ궇ﯮ몛 㖼 튽ᔱ낃玍箁ﷂ﹉ኅ蘯쿑蔗凌蒎ᨱﳿ흒蚫먳鎥묞鼪π૶궵앁籽즨ꋪ嚈읶鐐串浡אַ룪宍⺦ⷀ帮槺潧㄄䚹纬훼녜㽟꯷晽㻤ᳺ뒡乡땼遧霾ꉞ쓲쮙艍뚂紜 졭 磊䟋眥햳蒗鯍⢨坴渿⢣꩞곪쮬摍煝円軗Ꜻ필贾槑殑鴊ᩍ裏ᬚუ쳃๺樜歛鈜줖蹹熑鱭쏟᪦띂隩疸㛚宓ਖ쏫⍪煚媲캛䗔䰎엍啝揉벹僸銦操㜕厍잘냺늶걹᳻㒲ꪡ媳捫殘襜㥔嗏嬛푳竼万뜄ꦚ쎪꘎호⧅꣏ꨑ꿫쟽浪붪꽪뿚㫕◵ߪɸ脓삙쀇′ ᰅ਀劀 ׂ Ά䁾〨 ሁᒁ װၰ߈Ŋ倍 ㇟迒෈ 膣速줁⩀ධ૸ ܜپ﯊씿侎揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4086)=>[Subject: Admin Instruction on Recovery ][Date: Tue, 28 Oct 2008 16:53:21 +0800]=>(MIME part)=>Account_instruction.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4086)=>[Subject: Admin Instruction on Recovery ][Date: Tue, 28 Oct 2008 16:53:21 +0800]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4086)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4113)=>[Subject: Your Tracking # 30136510 (NO-REPLY)][Date: Wed, 29 Oct 2008 08:04:51 -0500]=>(MIME part)=>Inv#3982.zip=>Inv#3982.doc 慘ᓧ飍禕㞄⧛꘭貯읫娅ᖗ 헪绫墭杙ⴅ簢鯣ᆒɞ퍸쾘鰻蜻ὒ菱ᒲ鐒뇻眹衡矣 抔㚙쳃乱⬟ࡿ흦玝锳칔猞䝸黳㱘깜헗삊ꬓڻ깹棭肋᜻溗䤤ꎪ蝹Ḅ戅൅廣後鸼郣뚋㘶ᔱ롹ㇺ鏢ܪ䭯⭟ ᮄ鲷が貾熋 魸샥䱳ቇ뷟ၦꟺ將冸这␷崯몄ਇ紅瀝惄꿙޺끍䩽꘦ს㖣흎哴瑉됷ྺᗔռ貟 墮ꍎ瞙殧餝誩㮁茡찔Ữ䚌틹麾獄鋗痬鼰ډ㇥㱰硴⌛餄㰆 珹ꍝᔇᲜ䙏抓䨦匱ꍫ驐缻楝䓥휹䒋 섓括 ﳋ䋴팅慥퇒갿斆塚᭣⽌槅妚鮈 ⵸襫戞啚ꈄ᫪틳륂扖㰻旗끂ꤜㅸ樥蟄럊瓨唢臃踲媟秴ዑ싒쩿᳌뢞봻潻 ⷍ拲開Ϳ䍓꫆හ烙ೕ添矴눥诶谢庯퉲 ᤽藃듓棹Infected with: Trojan.Kobcka.GO


Infected with: Trojan.Kobcka.GO

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4113)=>[Subject: Your Tracking # 30136510 (NO-REPLY)][Date: Wed, 29 Oct 2008 08:04:51 -0500]=>(MIME part)=>Inv#3982.zip=>Inv#3982.doc 2.doc 慘ᓧ飍禕㞄⧛꘭貯읫娅ᖗ 헪绫墭杙ⴅ簢鯣ᆒɞ퍸쾘鰻蜻ὒ菱ᒲ鐒뇻眹衡矣 抔㚙쳃乱⬟ࡿ흦玝锳칔猞䝸黳㱘깜헗삊ꬓڻ깹棭肋᜻溗䤤ꎪ蝹Ḅ戅൅廣後鸼郣뚋㘶ᔱ롹ㇺ鏢ܪ䭯⭟ ᮄ鲷が貾熋 魸샥䱳ቇ뷟ၦꟺ將冸这␷崯몄ਇ紅瀝惄꿙޺끍䩽꘦ს㖣흎哴瑉됷ྺᗔռ貟 墮ꍎ瞙殧餝誩㮁茡찔Ữ䚌틹麾獄鋗痬鼰ډ㇥㱰硴⌛餄㰆 珹ꍝᔇᲜ䙏抓䨦匱ꍫ驐缻楝䓥휹䒋 섓括 ﳋ䋴팅慥퇒갿斆塚᭣⽌槅妚鮈 ⵸襫戞啚ꈄ᫪틳륂扖㰻旗끂ꤜㅸ樥蟄럊瓨唢臃踲媟秴ዑ싒쩿᳌뢞봻潻 ⷍ拲開Ϳ䍓꫆හ烙ೕ添矴눥揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4113)=>[Subject: Your Tracking # 30136510 (NO-REPLY)][Date: Wed, 29 Oct 2008 08:04:51 -0500]=>(MIME part)=>Inv#3982.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4113)=>[Subject: Your Tracking # 30136510 (NO-REPLY)][Date: Wed, 29 Oct 2008 08:04:51 -0500]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4113)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4156)=>[Subject: Account Operations Report][Date: Sat, 1 Nov 2008 07:43:43 -0600]=>(MIME part)=>Statment_details.zip=>Statment_details.d䭱Ẋ뎤ㄉ 埋힨붓⴯鉑楀髼怡㥥㜟ꔱ遵겝쓆꒫ꅟ➇蒱螹즦뮿⌹㞱幵掳୙⤴ڧ냎蟓昖ﶒ天裡頋Ꚏ돟릤䷹甪닖祉颐嶡꼥ጤ꺔앧࿝矜鐨┋彟㞫㉚曨蝍츫礤ᩘᖪ䥲ᄢ祥㕮羪 㞀劐㸿퍴Ꮵ嘢雔댟䗼쭦喅鋊踵㉖櫳즡㖀 ㏊셾鵐째캮ꅘ銜ᄭ㦅﹛䶒蒊괦ﯴ ᤱ믪鿖㖆⢔듋忌ꬣ㏳Ц⬙䝬덾盢꣈츽瓽㏁솪 ᖯ䉱嗎宣噪肤맶瞳蜢湆輮 䆻붬紑珇骺ꥉꊆꘌ횜脗褓ㄢᬖ홢芼ꏼ뇉Ԛ轟 ꪮ᭼獐凊♶嘐ⴹ뾺樅픫깋眲抣듴౳휳﮹嬬峛躞ꌗ㕌ⳗ墿찮槶쩮㭟䒏㍵邘ῌ锣廂ᇳ媯檳ⶶ卷㟩稳Ɑ딸໶䤧ୟ啡꧅䅘寮焯櫁阺ہ谖绯锍꒙䦷只꾦穥杷ꥣ䣓疘㧱鲃ꨦ蒹ퟴ牑㘣谾᝶Infected with: Trojan.Kobcka.GV


Infected with: Trojan.Kobcka.GV

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4156)=>[Subject: Account Operations Report][Date: Sat, 1 Nov 2008 07:43:43 -0600]=>(MIME part)=>Statment_details.zip=>Statment_details.details.d䭱Ẋ뎤ㄉ 埋힨붓⴯鉑楀髼怡㥥㜟ꔱ遵겝쓆꒫ꅟ➇蒱螹즦뮿⌹㞱幵掳୙⤴ڧ냎蟓昖ﶒ天裡頋Ꚏ돟릤䷹甪닖祉颐嶡꼥ጤ꺔앧࿝矜鐨┋彟㞫㉚曨蝍츫礤ᩘᖪ䥲ᄢ祥㕮羪 㞀劐㸿퍴Ꮵ嘢雔댟䗼쭦喅鋊踵㉖櫳즡㖀 ㏊셾鵐째캮ꅘ銜ᄭ㦅﹛䶒蒊괦ﯴ ᤱ믪鿖㖆⢔듋忌ꬣ㏳Ц⬙䝬덾盢꣈츽瓽㏁솪 ᖯ䉱嗎宣噪肤맶瞳蜢湆輮 䆻붬紑珇骺ꥉꊆꘌ횜脗褓ㄢᬖ홢芼ꏼ뇉Ԛ轟 ꪮ᭼獐凊♶嘐ⴹ뾺樅픫깋眲抣듴౳휳﮹嬬峛躞ꌗ㕌ⳗ墿찮槶쩮㭟䒏㍵邘ῌ锣廂ᇳ媯檳ⶶ卷㟩稳Ɑ딸໶䤧ୟ啡꧅䅘寮焯櫁阺ہ谖绯锍꒙䦷只꾦穥杷ꥣ䣓疘㧱揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4156)=>[Subject: Account Operations Report][Date: Sat, 1 Nov 2008 07:43:43 -0600]=>(MIME part)=>Statment_details.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4156)=>[Subject: Account Operations Report][Date: Sat, 1 Nov 2008 07:43:43 -0600]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4156)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4226)=>[Subject: Your Tracking # 0512862514][Date: Fri, 7 Nov 2008 16:12:50 -0500]=>(MIME part)=>UPSInvoice_8766155.zip=>UPSInvoice_8766룵ⱪ囐 奄忽Ḗꕯ먕ꮢ龗嬤냵휮닰띝ᦱ踧谕ꦎ靌㡔歭⿨ㆪਖ㟴䪅孎祶㏱✣毨閵劗镗淨ﲄ抗릮較騧褺ᡮ梆긫뮿䌱彿鰪ல帵ꋞ혯谽钛⛎騑쩡찐錛ࡆ㭂釮塖듨ݎ蘘桅潯┛旺鵼ׇ⏭爖鳚㱺馉⍓᥷ꁑ윽煟䮰줭똟ꪹ䋋霹̶刭ᓗ傎쭨뗧롼呆⇥夈㉭䪔પ릵鰧架㷪챹ﶧꈱ﹐쒚 ꫪ䊾繛뽉꣨끎橻 㮷 巃涵ዑ逹䧋쎳춃솼鎄蕭湼㝕省쏪挿廉靭爼⫾㵽ҿ딦㎶㫿儙咎쩷ﺐ즎릡ಝ ᗼ账嵒松岮薔ꮂ댊秿蔏祅幑ប䗥兹鑞櫿 ḉ枀 佾ݶ恎ℂ 聐뀓簃꛷余츁삷怣鯛⮨հ䃃 搌 ࣸͬ䂇 縀㔁 좈밑蘅첋⎺陱碂ႰѼ舶 ︇唇 儛曢㿮⁐댁ુᆰInfected with: Trojan.Spy.Wsnpoem.LF


Infected with: Trojan.Spy.Wsnpoem.LF

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4226)=>[Subject: Your Tracking # 0512862514][Date: Fri, 7 Nov 2008 16:12:50 -0500]=>(MIME part)=>UPSInvoice_8766155.zip=>UPSInvoice_8766ice_8766룵ⱪ囐 奄忽Ḗꕯ먕ꮢ龗嬤냵휮닰띝ᦱ踧谕ꦎ靌㡔歭⿨ㆪਖ㟴䪅孎祶㏱✣毨閵劗镗淨ﲄ抗릮較騧褺ᡮ梆긫뮿䌱彿鰪ல帵ꋞ혯谽钛⛎騑쩡찐錛ࡆ㭂釮塖듨ݎ蘘桅潯┛旺鵼ׇ⏭爖鳚㱺馉⍓᥷ꁑ윽煟䮰줭똟ꪹ䋋霹̶刭ᓗ傎쭨뗧롼呆⇥夈㉭䪔પ릵鰧架㷪챹ﶧꈱ﹐쒚 ꫪ䊾繛뽉꣨끎橻 㮷 巃涵ዑ逹䧋쎳춃솼鎄蕭湼㝕省쏪挿廉靭爼⫾㵽ҿ딦㎶㫿儙咎쩷ﺐ즎릡ಝ ᗼ账嵒松岮薔ꮂ댊秿蔏祅幑ប䗥兹鑞櫿 ḉ枀 佾ݶ恎ℂ 聐뀓簃꛷余츁삷怣鯛⮨հ䃃 搌 ࣸͬ䂇 縀㔁 좈밑蘅첋⎺陱碂ႰѼ舶 ︇唇揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4226)=>[Subject: Your Tracking # 0512862514][Date: Fri, 7 Nov 2008 16:12:50 -0500]=>(MIME part)=>UPSInvoice_8766155.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4226)=>[Subject: Your Tracking # 0512862514][Date: Fri, 7 Nov 2008 16:12:50 -0500]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4226)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4257)=>[Subject: Permission for resignation][Date: Wed, 12 Nov 2008 06:01:17 -0500]=>(MIME part)=>Contract_N45.zip=>Contract_N45.doc 볆ퟐ櫺ݦ࿑ꚵ⹦䄱炻宧즲ꖹ﫛唬傗窹띭亚彖光髦 ꭴ铝䔷㎥닋؍諸㱫婣걭駚먇㨨꾷䭞匽⷗뙒 竵嚧疵ꪔថ訳罛䨺䵵옙榤锝둁敵鬚唨蝳鲾뺫没⟈鬨凪旦毨퓽⇖茱ట諞弙䦝锔⮍ራ䍀鬩뵿着댁 ꩟땐뤈⑙惼׃泃烓틧瘅靔⃬뺒찶痁䦍帐屃好祚่ꬫ☥ ˤ曝貾뫍풬밽鶓鹤䛌䖤﷔떌鴸컉엸坛嵤嗖싊ㅴ麥㩩ו뉿쯈⪏ ⼦㽔疤쿔溢 怖곤匦蒸鿜ꇵ晙ﱿᰶ敿胉쇔죹喜띈♙嚴듩憑঺Ꚕ踶䮺贗闔Ⱋꥅ㱪컩餾峄純賙섪홤￧꼜뫶溽ﶺ洟鲫ꐁ䤑불쾈꜑蔑⪈㷄叄罄耗ࢡ쐗쐤袛装补葨ꄜꑀ ᢺ楽ౄ̜Ȱ臡螘艘赘⁐⊶⏶䞾裐Infected with: Worm.Generic.55545


Infected with: Worm.Generic.55545

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4257)=>[Subject: Permission for resignation][Date: Wed, 12 Nov 2008 06:01:17 -0500]=>(MIME part)=>Contract_N45.zip=>Contract_N45.doc .doc 볆ퟐ櫺ݦ࿑ꚵ⹦䄱炻宧즲ꖹ﫛唬傗窹띭亚彖光髦 ꭴ铝䔷㎥닋؍諸㱫婣걭駚먇㨨꾷䭞匽⷗뙒 竵嚧疵ꪔថ訳罛䨺䵵옙榤锝둁敵鬚唨蝳鲾뺫没⟈鬨凪旦毨퓽⇖茱ట諞弙䦝锔⮍ራ䍀鬩뵿着댁 ꩟땐뤈⑙惼׃泃烓틧瘅靔⃬뺒찶痁䦍帐屃好祚่ꬫ☥ ˤ曝貾뫍풬밽鶓鹤䛌䖤﷔떌鴸컉엸坛嵤嗖싊ㅴ麥㩩ו뉿쯈⪏ ⼦㽔疤쿔溢 怖곤匦蒸鿜ꇵ晙ﱿᰶ敿胉쇔죹喜띈♙嚴듩憑঺Ꚕ踶䮺贗闔Ⱋꥅ㱪컩餾峄純賙섪홤￧꼜뫶溽ﶺ洟鲫ꐁ䤑불쾈꜑蔑⪈㷄叄罄耗ࢡ쐗쐤袛装补葨ꄜꑀ ᢺ楽ౄ̜揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4257)=>[Subject: Permission for resignation][Date: Wed, 12 Nov 2008 06:01:17 -0500]=>(MIME part)=>Contract_N45.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4257)=>[Subject: Permission for resignation][Date: Wed, 12 Nov 2008 06:01:17 -0500]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4257)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4565)=>[Subject: UPS: Your Tracking # 003412724666][Date: Mon, 8 Dec 2008 07:57:19 +0100]=>(MIME part)=>ReIn86192.zip=>ReIn86192.exe


Infected with: Backdoor.Bot.68040

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4565)=>[Subject: UPS: Your Tracking # 003412724666][Date: Mon, 8 Dec 2008 07:57:19 +0100]=>(MIME part)=>ReIn86192.zip=>ReIn86192.exe


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4565)=>[Subject: UPS: Your Tracking # 003412724666][Date: Mon, 8 Dec 2008 07:57:19 +0100]=>(MIME part)=>ReIn86192.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4565)=>[Subject: UPS: Your Tracking # 003412724666][Date: Mon, 8 Dec 2008 07:57:19 +0100]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4565)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4697)=>[Subject: UPS: Your Tracking # 743478777146][Date: Mon, 15 Dec 2008 12:50:46 -0600]=>(MIME part)=>DOC651221.zip=>DOC651221.exe


Infected with: Backdoor.Bot.68422

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4697)=>[Subject: UPS: Your Tracking # 743478777146][Date: Mon, 15 Dec 2008 12:50:46 -0600]=>(MIME part)=>DOC651221.zip=>DOC651221.exe


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4697)=>[Subject: UPS: Your Tracking # 743478777146][Date: Mon, 15 Dec 2008 12:50:46 -0600]=>(MIME part)=>DOC651221.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4697)=>[Subject: UPS: Your Tracking # 743478777146][Date: Mon, 15 Dec 2008 12:50:46 -0600]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4697)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4975)=>[Subject: E-ticket #4081905962][Date: Tue, 13 Jan 2009 12:14:38 +0000]=>(MIME part)=>NorthwestAirlines.zip=>NorthwestAirlines.exe맋剄層漶韷橭谸鵦ጣ䤏曊餝橔졵ﺳ䊾噉쩕鲣鋕駲욧⿻皋绫耙豬我궢声᪌쏋蔱念Ĺ儈ᗜ䦺혧닯 돽歰罜洉㯫咊ퟷ供쑒裐藣㺊剳⾋䅢ᐶ朏鈸ೲ㬽ற莝귥䆰儻尴쫽明⏩爐ɶ䴳쏡㞯又趜昨닎줮ᦓ랙꒼﹅잒鴛⏓䔤娽嚭ⓒ늞⥓뮷 ┳鎕䧮䭚峩뤳ờ튩꩖ꈜ⤦똻皙垺ઓ疥굪౛륉⨇䞽霾鑔犾읅믦↟摰訣즟뺙뗟ᑂ揅铜著謢쾍柀둔뚴빡悥䋴鍩䗓輪횑靫껪䂂㑷先⤦ᶴ奈㶼ដ㷤쬱ꓔ躞륨㑻᰼䧧푥╏쉭鸸뒇Ӏᮞ ꐇ;䟇膊搌 ـ進ﺁ䥧笘ꎜ릏濅㟝綸ᳲ箧䬷쟯ఖ䧓謵 ᚽ켝䂩ꁍ觖ҿ졀蟺ᴇ퀖軿哌᭴螡困˻৐爰徆ǝ耎s聁h”ꐀ똂瘀縀鰄射↑脏탇Infected with: Backdoor.Bot.72756


Infected with: Backdoor.Bot.72756

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4975)=>[Subject: E-ticket #4081905962][Date: Tue, 13 Jan 2009 12:14:38 +0000]=>(MIME part)=>NorthwestAirlines.zip=>NorthwestAirlines.exeines.exe맋剄層漶韷橭谸鵦ጣ䤏曊餝橔졵ﺳ䊾噉쩕鲣鋕駲욧⿻皋绫耙豬我궢声᪌쏋蔱念Ĺ儈ᗜ䦺혧닯 돽歰罜洉㯫咊ퟷ供쑒裐藣㺊剳⾋䅢ᐶ朏鈸ೲ㬽ற莝귥䆰儻尴쫽明⏩爐ɶ䴳쏡㞯又趜昨닎줮ᦓ랙꒼﹅잒鴛⏓䔤娽嚭ⓒ늞⥓뮷 ┳鎕䧮䭚峩뤳ờ튩꩖ꈜ⤦똻皙垺ઓ疥굪౛륉⨇䞽霾鑔犾읅믦↟摰訣즟뺙뗟ᑂ揅铜著謢쾍柀둔뚴빡悥䋴鍩䗓輪횑靫껪䂂㑷先⤦ᶴ奈㶼ដ㷤쬱ꓔ躞륨㑻᰼䧧푥╏쉭鸸뒇Ӏᮞ ꐇ;䟇膊搌 ـ進ﺁ䥧笘ꎜ릏濅㟝綸ᳲ箧䬷쟯ఖ䧓謵 ᚽ켝䂩ꁍ觖ҿ졀蟺ᴇ퀖軿哌᭴螡困˻৐爰徆ǝ耎s聁h揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4975)=>[Subject: E-ticket #4081905962][Date: Tue, 13 Jan 2009 12:14:38 +0000]=>(MIME part)=>NorthwestAirlines.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4975)=>[Subject: E-ticket #4081905962][Date: Tue, 13 Jan 2009 12:14:38 +0000]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 4975)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 5055)=>[Subject: Airline Reservations #4906518845][Date:?Mon, 19 Jan 2009 15:33:44 +0700]=>(MIME part)=>19012009.zip=>19012009.exe


Infected with: Trojan.FakeAntivirus.Gen

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 5055)=>[Subject: Airline Reservations #4906518845][Date:?Mon, 19 Jan 2009 15:33:44 +0700]=>(MIME part)=>19012009.zip=>19012009.exe


Disinfection failed

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 5055)=>[Subject: Airline Reservations #4906518845][Date:?Mon, 19 Jan 2009 15:33:44 +0700]=>(MIME part)=>19012009.zip=>19012009.exe


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 5055)=>[Subject: Airline Reservations #4906518845][Date:?Mon, 19 Jan 2009 15:33:44 +0700]=>(MIME part)=>19012009.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 5055)=>[Subject: Airline Reservations #4906518845][Date:?Mon, 19 Jan 2009 15:33:44 +0700]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox=>(message 5055)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\INBOXctrl-RCL.sbd\Ian=>(message 10)=>[Subject: E-ticket #4081905962][Date: Tue, 13 Jan 2009 12:14:38 +0000]=>(MIME part)=>NorthwestAirlines.zip=>Northwe맋剄層漶韷橭谸鵦ጣ䤏曊餝橔졵ﺳ䊾噉쩕鲣鋕駲욧⿻皋绫耙豬我궢声᪌쏋蔱念Ĺ儈ᗜ䦺혧닯 돽歰罜洉㯫咊ퟷ供쑒裐藣㺊剳⾋䅢ᐶ朏鈸ೲ㬽ற莝귥䆰儻尴쫽明⏩爐ɶ䴳쏡㞯又趜昨닎줮ᦓ랙꒼﹅잒鴛⏓䔤娽嚭ⓒ늞⥓뮷 ┳鎕䧮䭚峩뤳ờ튩꩖ꈜ⤦똻皙垺ઓ疥굪౛륉⨇䞽霾鑔犾읅믦↟摰訣즟뺙뗟ᑂ揅铜著謢쾍柀둔뚴빡悥䋴鍩䗓輪횑靫껪䂂㑷先⤦ᶴ奈㶼ដ㷤쬱ꓔ躞륨㑻᰼䧧푥╏쉭鸸뒇Ӏᮞ ꐇ;䟇膊搌 ـ進ﺁ䥧笘ꎜ릏濅㟝綸ᳲ箧䬷쟯ఖ䧓謵 ᚽ켝䂩ꁍ觖ҿ졀蟺ᴇ퀖軿哌᭴螡困˻৐爰徆ǝ耎s聁h”ꐀ똂瘀縀鰄射↑脏탇Infected with: Backdoor.Bot.72756


Infected with: Backdoor.Bot.72756

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\INBOXctrl-RCL.sbd\Ian=>(message 10)=>[Subject: E-ticket #4081905962][Date: Tue, 13 Jan 2009 12:14:38 +0000]=>(MIME part)=>NorthwestAirlines.zip=>Northwe>Northwe맋剄層漶韷橭谸鵦ጣ䤏曊餝橔졵ﺳ䊾噉쩕鲣鋕駲욧⿻皋绫耙豬我궢声᪌쏋蔱念Ĺ儈ᗜ䦺혧닯 돽歰罜洉㯫咊ퟷ供쑒裐藣㺊剳⾋䅢ᐶ朏鈸ೲ㬽ற莝귥䆰儻尴쫽明⏩爐ɶ䴳쏡㞯又趜昨닎줮ᦓ랙꒼﹅잒鴛⏓䔤娽嚭ⓒ늞⥓뮷 ┳鎕䧮䭚峩뤳ờ튩꩖ꈜ⤦똻皙垺ઓ疥굪౛륉⨇䞽霾鑔犾읅믦↟摰訣즟뺙뗟ᑂ揅铜著謢쾍柀둔뚴빡悥䋴鍩䗓輪횑靫껪䂂㑷先⤦ᶴ奈㶼ដ㷤쬱ꓔ躞륨㑻᰼䧧푥╏쉭鸸뒇Ӏᮞ ꐇ;䟇膊搌 ـ進ﺁ䥧笘ꎜ릏濅㟝綸ᳲ箧䬷쟯ఖ䧓謵 ᚽ켝䂩ꁍ觖ҿ졀蟺ᴇ퀖軿哌᭴螡困˻৐爰徆ǝ耎s聁h揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\INBOXctrl-RCL.sbd\Ian=>(message 10)=>[Subject: E-ticket #4081905962][Date: Tue, 13 Jan 2009 12:14:38 +0000]=>(MIME part)=>NorthwestAirlines.zip


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\INBOXctrl-RCL.sbd\Ian=>(message 10)=>[Subject: E-ticket #4081905962][Date: Tue, 13 Jan 2009 12:14:38 +0000]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\INBOXctrl-RCL.sbd\Ian=>(message 10)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\INBOXctrl-RCL.sbd\Ian


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Sent=>(message 505)=>[Subject: [Fwd: E-ticket #4081905962]][Date: Tue, 13 Jan 2009 13:04:58 +0000]=>(MIME part)=>E-ticket #4081905962.eml=>[Subject: E-t맋剄層漶韷橭谸鵦ጣ䤏曊餝橔졵ﺳ䊾噉쩕鲣鋕駲욧⿻皋绫耙豬我궢声᪌쏋蔱念Ĺ儈ᗜ䦺혧닯 돽歰罜洉㯫咊ퟷ供쑒裐藣㺊剳⾋䅢ᐶ朏鈸ೲ㬽ற莝귥䆰儻尴쫽明⏩爐ɶ䴳쏡㞯又趜昨닎줮ᦓ랙꒼﹅잒鴛⏓䔤娽嚭ⓒ늞⥓뮷 ┳鎕䧮䭚峩뤳ờ튩꩖ꈜ⤦똻皙垺ઓ疥굪౛륉⨇䞽霾鑔犾읅믦↟摰訣즟뺙뗟ᑂ揅铜著謢쾍柀둔뚴빡悥䋴鍩䗓輪횑靫껪䂂㑷先⤦ᶴ奈㶼ដ㷤쬱ꓔ躞륨㑻᰼䧧푥╏쉭鸸뒇Ӏᮞ ꐇ;䟇膊搌 ـ進ﺁ䥧笘ꎜ릏濅㟝綸ᳲ箧䬷쟯ఖ䧓謵 ᚽ켝䂩ꁍ觖ҿ졀蟺ᴇ퀖軿哌᭴螡困˻৐爰徆ǝ耎s聁h”ꐀ똂瘀縀鰄射↑脏탇Infected with: Backdoor.Bot.72756


Infected with: Backdoor.Bot.72756

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Sent=>(message 505)=>[Subject: [Fwd: E-ticket #4081905962]][Date: Tue, 13 Jan 2009 13:04:58 +0000]=>(MIME part)=>E-ticket #4081905962.eml=>[Subject: E-tect: E-t맋剄層漶韷橭谸鵦ጣ䤏曊餝橔졵ﺳ䊾噉쩕鲣鋕駲욧⿻皋绫耙豬我궢声᪌쏋蔱念Ĺ儈ᗜ䦺혧닯 돽歰罜洉㯫咊ퟷ供쑒裐藣㺊剳⾋䅢ᐶ朏鈸ೲ㬽ற莝귥䆰儻尴쫽明⏩爐ɶ䴳쏡㞯又趜昨닎줮ᦓ랙꒼﹅잒鴛⏓䔤娽嚭ⓒ늞⥓뮷 ┳鎕䧮䭚峩뤳ờ튩꩖ꈜ⤦똻皙垺ઓ疥굪౛륉⨇䞽霾鑔犾읅믦↟摰訣즟뺙뗟ᑂ揅铜著謢쾍柀둔뚴빡悥䋴鍩䗓輪횑靫껪䂂㑷先⤦ᶴ奈㶼ដ㷤쬱ꓔ躞륨㑻᰼䧧푥╏쉭鸸뒇Ӏᮞ ꐇ;䟇膊搌 ـ進ﺁ䥧笘ꎜ릏濅㟝綸ᳲ箧䬷쟯ఖ䧓謵 ᚽ켝䂩ꁍ觖ҿ졀蟺ᴇ퀖軿哌᭴螡困˻৐爰徆ǝ耎s聁h揄 Deleted


Deleted

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Sent=>(message 505)=>[Subject: [Fwd: E-ticket #4081905962]][Date: Tue, 13 Jan 2009 13:04:58 +0000]=>(MIME part)=>E-ticket #4081905962.eml=>[Subject: E-t혧닯 돽歰罜洉㯫咊ퟷ供쑒裐藣㺊剳⾋䅢ᐶ朏鈸ೲ㬽ற莝귥䆰儻尴쫽明⏩爐ɶ䴳쏡㞯又趜昨닎줮ᦓ랙꒼﹅잒鴛⏓䔤娽嚭ⓒ늞⥓뮷 ┳鎕䧮䭚峩뤳ờ튩꩖ꈜ⤦똻皙垺ઓ疥굪౛륉⨇䞽霾鑔犾읅믦↟摰訣즟뺙뗟ᑂ揅铜著謢쾍柀둔뚴빡悥䋴鍩䗓輪횑靫껪䂂㑷先⤦ᶴ奈㶼ដ㷤쬱ꓔ躞륨㑻᰼䧧푥╏쉭鸸뒇Ӏᮞ ꐇ;䟇膊搌 ـ進ﺁ䥧笘ꎜ릏濅㟝綸ᳲ箧䬷쟯ఖ䧓謵 ᚽ켝䂩ꁍ觖ҿ졀蟺ᴇ퀖軿哌᭴螡困˻৐爰徆ǝ耎s聁h揄 Deleted


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Sent=>(message 505)=>[Subject: [Fwd: E-ticket #4081905962]][Date: Tue, 13 Jan 2009 13:04:58 +0000]=>(MIME part)=>E-ticket #4081905962.eml=>[Subject: E-t혧닯 돽歰罜洉㯫咊ퟷ供쑒裐藣㺊剳⾋䅢ᐶ朏鈸ೲ㬽ற莝귥䆰儻尴쫽明⏩爐ɶ䴳쏡㞯又趜昨닎줮ᦓ랙꒼﹅잒鴛⏓䔤娽嚭ⓒ늞⥓뮷 ┳鎕䧮䭚峩뤳ờ튩꩖ꈜ⤦똻皙垺ઓ疥굪౛륉⨇䞽霾鑔犾읅믦↟摰訣즟뺙뗟ᑂ揅铜著謢쾍柀둔뚴빡悥䋴鍩䗓輪횑靫껪䂂㑷先⤦ᶴ奈㶼ដ㷤쬱ꓔ躞륨㑻᰼䧧푥╏쉭鸸뒇Ӏᮞ ꐇ;䟇膊搌 ـ進ﺁ䥧笘ꎜ릏濅㟝綸ᳲ箧䬷쟯ఖ䧓謵 ᚽ켝䂩ꁍ觖ҿ졀蟺ᴇ퀖軿哌᭴螡困˻৐爰徆ǝ耎s聁h揄 Deleted


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Sent=>(message 505)=>[Subject: [Fwd: E-ticket #4081905962]][Date: Tue, 13 Jan 2009 13:04:58 +0000]=>(MIME part)=>E-ticket #4081905962.eml


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Sent=>(message 505)=>[Subject: [Fwd: E-ticket #4081905962]][Date: Tue, 13 Jan 2009 13:04:58 +0000]=>(MIME part)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Sent=>(message 505)


Updated

C:\Documents and Settings\Gemma_2\Application Data\Thunderbird\Profiles\sm0j38r3.default\Mail\Local Folders\Sent


Updated

======================================End of Scan Log===================================

Regards and thanks again.

Dene

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:07 AM

Posted 03 June 2009 - 06:38 AM

Hi ridgedale,

Nice!

I am a little concerned that BitDefender reported that it was to scan in excess of 55,000 files but in the end only scanned about 22,000+!


That's okay. BitDefender has run through the admin account profile (sm0j38r3.default) and disinfected/deleted all the problem emails. That profile only has 22,000+ files accessible.

Please run Kaspersky one more time just to be sure that we're clear.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users