ran norman malware cleaner and it detected kaspersky av9.exe was infected with w32/greybird.alqv and deleted. now i don't have anti-virus running since the exe is gone so i guess i should remove and reinstall my anti-virus software? actually here is the log:
Norman Malware Cleaner
Copyright © 1990 - 2009, Norman ASA. Built 2009/12/09 03:41:46
Norman Scanner Engine Version: 6.03.02
Nvcbin.def Version: 6.03.00, Date: 2009/12/09 03:41:46, Variants: 4474713
Scan started: 09/12/2009 17:32:46
Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600(Safe mode) Service Pack 3
Logged on user: ROBERTJMSCOMPUT\Owner
Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "c:\windows\system32\yaluvufa.dll" -> ""
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop -> NoChangingWallPaper = 0x00000000
Changed service configuration for "Browser" from 0x00000004 and 0x00000001 to 0x00000002 and 0xFFFFFFFF
Failed to start service "Browser" (0x0000042C)
Scanning running processes and process memory...
Number of processes/threads found: 1084
Number of processes/threads scanned: 1084
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 60s
Scanning file system...
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\220.127.116.116\avp.exe (Infected with W32/GrayBird.ALQV)
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Infected with W32/GrayBird.ALQV)
Removed registry value: HKLM\Software\Microsoft\Windows\CurrentVersion\Run -> AVP = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe""
Removed registry value: HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe:*:Enabled:avp"
Removed registry value: HKLM\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe:*:Enabled:avp"
Removed service: AVP
Running post-scan cleanup routine:
Number of files found: 159553
Number of archives unpacked: 0
Number of files scanned: 159532
Number of files not scanned: 21
Number of files skipped due to exclude list: 0
Number of infected files found: 2
Number of infected files repaired/deleted: 2
Number of infections removed: 2
Total scanning time: 1h 48m 40s
Edited by irishsooner1962, 09 December 2009 - 08:52 PM.