Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

was infected with "infostealer" now IE crashes


  • This topic is locked This topic is locked
16 replies to this topic

#1 Dave Cherne

Dave Cherne

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 13 January 2010 - 10:48 AM

A few months ago my computer was acting really strange. Keystrokes would be dropped, IE crashed repeatedly, all my restore points dissapeared and I could not create new restore points, windows update would not run. McAfee SecurityCenter found nothing; but AVG found and removed an "infostealer" trojan.

After that my keyboard worked properly and I have system restore working again but IE still crashes repeatedly. It pops up a dialog box saying "Internet Explorer has encountered a problem and needs to close."... When I click on the link to see the error report it references the ModName: mswsock32.dll. I can ignore the error message and keep woring with IE.

Also Kaspersky Online Scanner says, "C:\WINDOWS\system32\mswsock32.dll/C:\WINDOWS\system32\mswsock32.dll Infected: Trojan.Win32.Agent.dbjp".

How do I fix the last vestiges of this trojan?

Edited by Pandy, 13 January 2010 - 12:50 PM.
Moved from HijackThis Logs and Virus/Trojan/Spyware/Malware Removal as no logs were included ~Pandy


BC AdBot (Login to Remove)

 


#2 trev47

trev47

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 15 January 2010 - 12:05 AM

Download Malwarebytes from http://malwarebytes.org/ update it and run a full scan. Remove any infections found and post the results in your next reply.

#3 Dave Cherne

Dave Cherne
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 15 January 2010 - 04:58 PM

Malwarebytes was not able to find anything. Here's the report from it:

Malwarebytes' Anti-Malware 1.44
Database version: 3570
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/15/2010 1:54:42 PM
mbam-log-2010-01-15 (13-54-42).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 271528
Time elapsed: 1 hour(s), 27 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 trev47

trev47

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 16 January 2010 - 12:17 AM

Next run a scan at http://www.eset.com/onlinescan/
Post the results

Edited by trev47, 16 January 2010 - 12:17 AM.


#5 Dave Cherne

Dave Cherne
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 16 January 2010 - 05:03 AM

Eset found and deleted 1 trojan, here's the log:

C:\WINDOWS\system32\mswsock32.dll Win32/PSW.Agent.NOK trojan cleaned by deleting (after the next restart) - quarantined

This fixed the problem where; after a reboot I would have to re-log into all websites that normally store my password info, now I can reboot and those websites still remember I was logged in. So it appears that this trojan was somehow erasing cookies so that I would have to keep entering my password log-in information.

On Eset's website it lists Win32/PSW.Agent... as "a trojan that steals passwords and other sensitive information. The trojan can send the information to a remote machine." Is it possible to see what was compromised on my machine or where it was going? Also, what should I do next?

Edited by Dave Cherne, 16 January 2010 - 05:24 AM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:05 PM

Posted 16 January 2010 - 08:38 AM

Password-stealing Trojans are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes. Remote attackers use Trojans, Botnets and rootkits as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker so they can be used for fraud and identity theft.

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:How is your computer running now? Are there any more reports/alerts, signs of infection or issues with your browser?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 trev47

trev47

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 16 January 2010 - 09:28 PM

Dave,
You should definitely read the post above mine - good advice.

#8 Dave Cherne

Dave Cherne
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 17 January 2010 - 12:08 PM

Yes quietman7 and trev47 I am still have problems.

I tried to scan my system with Kaspersky Online Scanner. It gets a little more than 50% through before IE8 crashes. By that time it has found 2 problem files, here's data I copied from it's report log before it crashes:

c:\DAC Program files... Hoax.Win16.BadJoke.Stupid.A
c:\WINDOWS\system32\37D Trojan.Win32.Agent.czow

What should I do next?

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:05 PM

Posted 17 January 2010 - 12:51 PM

Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.

Please download and scan with Dr.Web CureIt - alternate download link.
Follow these instructions for performing a scan in "safe mode".
If you cannot boot into safe mode or complete a scan, then try doing it in normal mode. Be aware, this scan could take a long time to complete.
-- Post the log in your next reply. If you can't find the log, try to write down what was detected/removed before exiting Dr.WebCureIt so you can provide that information.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 Dave Cherne

Dave Cherne
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 18 January 2010 - 11:10 AM

Thanks quietman7,

I ran TFC and it did need to reboot to finish cleaning. I then ran Dr.Web CureIt in safe mode and it found 0 infections (so there is no new log file to attach).

I ran Dr.Web CureIt 3 weeks ago and it found 30 infections (but it had not found the mswsock32.dll infection that eset found and fixed, and I know that infection existed at the time Dr.Web CureIt was run).

Here is the Dr.Web CureIt .csv log from 3 weeks ago in case it is helpful:

Gift Ideas.doc;C:\Documents and Settings\Dave\My Documents;Probably Exploit.OLE2.1Table - password protected - skipped;Incurable.Moved.;
7d94131332a2130.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7d94131332a2130.bup;Trojan.Virtumod;;
7d94131332a2130.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
L;C:\Documents and Settings\Dave;Trojan.Siggen.8911;Deleted.;
SlgClientServicesRedists.exe\1.file;C:\Program Files\HP Games\Cake Mania\SlgClientServicesRedists.exe;Adware.SpywareStorm;;
SlgClientServicesRedists.exe;C:\Program Files\HP Games\Cake Mania;Archive contains infected objects;Moved.;
inetchk.exe;C:\Program Files\music_now;Trojan.Click.2093;Deleted.;
AOLCINST.EXE\core.cab\GTDOWNAO_106.ocx;C:\Program Files\Online Services\Aol\United States\AOL90\COMPS\COACH\AOLCINST.EXE;Adware.Gdown;;
AOLCINST.EXE;C:\Program Files\Online Services\Aol\United States\AOL90\COMPS\COACH;Archive contains infected objects;Moved.;
QT.EXE\unvised_2.bin;C:\Program Files\Online Services\Aol\United States\AOL90\COMPS\QT\QT.EXE;Tool.Reboot;;
QT.EXE;C:\Program Files\Online Services\Aol\United States\AOL90\COMPS\QT;Archive contains infected objects;Moved.;
SP31524.exe/musicnow1.exe\data008;C:\SWSetup\AOLMN\SP31524.exe/musicnow1.exe;Trojan.Click.2093;;
\musicnow1.exe;C:\SWSetup\AOLMN;Archive contains infected objects;;
SP31524.exe;C:\SWSetup\AOLMN;Archive contains infected objects;Moved.;
cakemania-setup.exe/SlgClientServicesRedists.exe\1.file;C:\SWSetup\HPGame\games\cakemania-setup.exe/SlgClientServicesRedists.exe;Adware.SpywareStorm;;
SlgClientServicesRedists.exe;C:\SWSetup\HPGame\games;Archive contains infected objects;;
cakemania-setup.exe;C:\SWSetup\HPGame\games;Archive contains infected objects;Moved.;
A0015090.exe\1.file;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP102\A0015090.exe;Adware.SpywareStorm;;
A0015090.exe;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP102;Archive contains infected objects;Moved.;
A0015091.exe;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP102;Trojan.Click.2093;Deleted.;
A0015092.EXE\core.cab\GTDOWNAO_106.ocx;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP102\A0015092.EXE;Adware.Gdown;;
A0015092.EXE;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP102;Archive contains infected objects;Moved.;
A0015093.EXE\unvised_2.bin;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP102\A0015093.EXE;Tool.Reboot;;
A0015093.EXE;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP102;Archive contains infected objects;Moved.;
A0015094.exe/musicnow1.exe\data008;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP102\A0015094.exe/musicnow1.exe;Trojan.Click.2093;;
\musicnow1.exe;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP102;Archive contains infected objects;;
A0015094.exe;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP102;Archive contains infected objects;Moved.;
A0015095.exe/SlgClientServicesRedists.exe\1.file;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP102\A0015095.exe/SlgClientServicesRedists.exe;Adware.SpywareStorm;;
SlgClientServicesRedists.exe;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP102;Archive contains infected objects;;
A0015095.exe;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP102;Archive contains infected objects;Moved.;

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:05 PM

Posted 18 January 2010 - 12:04 PM

Please download Norman Malware Cleaner and save to your desktop.
alternate download link
  • Be sure to print out the instructions provided on the same page.
  • Restart your computer in "Safe Mode".
  • Double-click on Norman_Malware_Cleaner.exe to start the program.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot and run the tool again to ensure that all infections are removed.
  • After the scan has finished, a log file with the date (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
Note: For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.

Now repeat your scan with Eset Online Antiivirus Scanner IF you still cannot use Kaspersky Online Virus Scanner.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 Dave Cherne

Dave Cherne
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 19 January 2010 - 03:24 AM

I can't get Norman Malware Cleaner to run in "Safe Mode". I have downloaded the program from both sites and tried changing the name when downloading. When I double-click the file name in "safe mode" Norman comes up but does not give an End User License screen, instead it goes right into the program and immediately in the "scan results" section it gives the error message "unable to load nsak.sys. Error (0x00000001).

Should I try running Norman Malware Cleaner in normal mode?

Also, your message from Norman says to "Be sure to print out the instructions provided on the same page.". I don't really see any instructions on the download page so I'm not sure what you mean by this.

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:05 PM

Posted 19 January 2010 - 08:17 AM

Seems the instructions are no longer there so you can ignore that part and try doing a scan in normal mode.

If that still does not work, then do this:

Please download Sysclean Package & save it to your desktop.
  • Create a new folder on drive "C:\" and rename it Sysclean - (C:\Sysclean).
  • Place the sysclean.com inside that folder.
  • Then download the latest Virus Pattern Files - (Pattern files are usually named lptxxx.zip, where xxx is the pattern file number)
  • Extract (unzip) the lptxxx.zip pattern file into the Sysclean folder where you put sysclean.com. (click here if you're not sure how to do this. Vista users refer to these instructions.) DO NOT scan yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Note: Some anti-virus programs will alert you of a virus attack when running sysclean so it's best to disable them before going to the next step.

Scan with Sysclean as follows: (be aware, this scan could take a long time to complete)
  • Open the Sysclean folder and double-click on sysclean.com to start the scanning process.
  • If you get a message that required files are missing. Click Ok and wait for sysclean.com to unpack them.
  • Put a check mark on the "Automatically clean or delete infected files" option by clicking in the checkbox.
  • Click the Advanced >> button.
  • The scan options appear. Select the "Scan all local fixed drives".
  • Click the "Scan button" on the Trend Micro System Cleaner console.
  • It will take some time to complete. Be patient and let it clean whatever it finds.
  • Another MS-DOS window appears containing the log file (sysclean.log) generated in the same folder where the scan is completed - C:\Sysclean.
  • To view the log, click the "View button" on the Trend Micro System Cleaner console. The Trend Micro Sysclean Package - Log window appears.
    • The Files Detected section shows the viruses that were detected by System Cleaner.
    • The Files Clean section shows the viruses that were cleaned.
    • The Clean Fail section shows the viruses that were not cleaned.
  • Exit when done, reboot normally and re-enable your anti-virus program.
How to use Sysclean Package Instructions with screenshots if needed.

-- When using Sysclean its best to use the Administrator's account or an account with "Administrative rights" otherwise you will not have access rights to scan some locations. You can Use the "Run As" Command to Start a Program as an Administrator. Even when doing that, the scanning process may result in "Access Denied" messages for some files. This is normal because these files are protected by the system.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 Dave Cherne

Dave Cherne
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 19 January 2010 - 04:06 PM

I ran Norman Malware Cleaner in "normal" mode and it found and cleaned 2 infections (full log at bottom):
C:\Program Files\Online Services\MSN90\LaunchMsn.exe (Infected with W32/Obfuscated.S!genr)
Deleted file
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP126\A0016176.exe (Infected with W32/Obfuscated.S!genr)
Deleted file

I then ran Kaspersky Online Virus Scanner and this time it did run to completion but it still shows the same 2 infections as before:
C:\DAC Program files - should back up\transfer from old computer\embarque\news\all2.zip Infected: Hoax.Win16.BadJoke.Stupid.a 1
C:\WINDOWS\system32\37D Infected: Trojan.Win32.Agent.czow 1

I have not run Sysclean yet but will do so if you think that's what I should do next.


Norman Malware Cleaner - full results:

Norman Malware Cleaner
Version 1.6.2
Copyright © 1990 - 2009, Norman ASA. Built 2010/01/16 15:21:09

Norman Scanner Engine Version: 6.04.03
Nvcbin.def Version: 6.04.00, Date: 2010/01/16 15:21:09, Variants: 4735886

Scan started: 19/01/2010 00:37:36

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3
Logged on user: DAC-HPDV6102OD\Dave

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop -> NoChangingWallPaper = 0x00000000
Set registry value: HKLM\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify = 0x00000001 -> 0x00000000

Scanning bootsectors...

Number of sectors found: 0
Number of sectors scanned: 0
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 0s


Scanning running processes and process memory...

Number of processes/threads found: 4623
Number of processes/threads scanned: 4623
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 1m 49s


Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\Program Files\Online Services\MSN90\LaunchMsn.exe (Infected with W32/Obfuscated.S!genr)
Deleted file

C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP126\A0016176.exe (Infected with W32/Obfuscated.S!genr)
Deleted file

Scanning: D:\*.*

Scanning: postscan


Running post-scan cleanup routine:

Number of files found: 251944
Number of archives unpacked: 7061
Number of files scanned: 251942
Number of files not scanned: 2
Number of files skipped due to exclude list: 0
Number of infected files found: 2
Number of infected files repaired/deleted: 2
Number of infections removed: 2
Total scanning time: 1h 39m 32s

Edited by Dave Cherne, 19 January 2010 - 10:40 PM.


#15 Dave Cherne

Dave Cherne
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 20 January 2010 - 03:10 AM

In addition to the above post about running Norman Malware Cleaner and Kaspersky Online Scanner, I ran SysClean in "safe mode". SysClean did not seem to come up with any infections but one of the first lines in the .log file says "2010-01-19, 20:20:23, Failed to initialize Rootkit Driver.".

Here is the SysClean log file:
/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2009-2010, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/
2010-01-19, 20:20:22, Auto-clean mode specified.
2010-01-19, 20:20:23, Failed to initialize Rootkit Driver.
2010-01-19, 20:20:23, Running scanner "C:\Sysclean\TSC.BIN"...
2010-01-19, 20:20:39, Scanner "C:\Sysclean\TSC.BIN" has finished running.
2010-01-19, 20:20:39, TSC Log:

’žD a m a g e C l e a n u p E n g i n e ( D C E ) 6 . 2 ( B u i l d 1 0 1 6 ) ( R C M : D r i v e r n o t r e a d y ! )

W i n d o w s X P ( B u i l d 2 6 0 0 : S e r v i c e P a c k 3 )

S t a r t t i m e : T u e J a n 1 9 2 0 1 0 2 0 : 2 0 : 2 3

L o a d D a m a g e C l e a n u p T e m p l a t e ( D C T ) " C : \ S y s c l e a n \ T M R D C T . p t n " ( v e r s i o n ) [ f a i l ]

L o a d D a m a g e C l e a n u p T e m p l a t e ( D C T ) " C : \ S y s c l e a n \ t s c . p t n " ( v e r s i o n 1 0 7 0 ) [ s u c c e s s ]

C o m p l e t e t i m e : T u e J a n 1 9 2 0 1 0 2 0 : 2 0 : 3 9

E x e c u t e p a t t e r n c o u n t ( 3 0 6 3 ) , V i r u s f o u n d c o u n t ( 0 ) , V i r u s c l e a n c o u n t ( 0 ) , C l e a n f a i l e d c o u n t ( 0 )

2010-01-19, 20:20:39, Running scanner "C:\Sysclean\VSCANTM.BIN"...
2010-01-19, 21:35:09, Scanner "C:\Sysclean\VSCANTM.BIN" has finished running.
2010-01-19, 21:35:09, VSCANTM Log:

2010-01-19, 21:35:09, Files Detected:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 1/19/2010 20:20:40
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 783 (507977/507977 Patterns) (2010/01/19) (678300)

Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR C:\*.* /P=C:\Sysclean\lpt$vpn.783

126973 files have been read.
126973 files have been checked.
126951 files have been scanned.
339053 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 1/19/2010 21:35:09 1 hour 14 minutes 26 seconds (4466.75 seconds) has elapsed.(35.179 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2010-01-19, 21:35:09, Files Clean:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 1/19/2010 20:20:40
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 783 (507977/507977 Patterns) (2010/01/19) (678300)

Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR C:\*.* /P=C:\Sysclean\lpt$vpn.783

126973 files have been read.
126973 files have been checked.
126951 files have been scanned.
339053 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 1/19/2010 21:35:09 1 hour 14 minutes 26 seconds (4466.75 seconds) has elapsed.(35.179 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2010-01-19, 21:35:09, Clean Fail:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 1/19/2010 20:20:40
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 783 (507977/507977 Patterns) (2010/01/19) (678300)

Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR C:\*.* /P=C:\Sysclean\lpt$vpn.783

126973 files have been read.
126973 files have been checked.
126951 files have been scanned.
339053 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 1/19/2010 21:35:09 1 hour 14 minutes 26 seconds (4466.75 seconds) has elapsed.(35.179 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2010-01-19, 21:35:09, Running scanner "C:\Sysclean\VSCANTM.BIN"...
2010-01-19, 21:35:40, Scanner "C:\Sysclean\VSCANTM.BIN" has finished running.
2010-01-19, 21:35:40, VSCANTM Log:

2010-01-19, 21:35:40, Files Detected:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 1/19/2010 21:35:10
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 783 (507977/507977 Patterns) (2010/01/19) (678300)

Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR D:\*.* /P=C:\Sysclean\lpt$vpn.783

1806 files have been read.
1806 files have been checked.
1806 files have been scanned.
1920 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 1/19/2010 21:35:40 27 seconds (26.94 seconds) has elapsed.(14.916 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2010-01-19, 21:35:40, Files Clean:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 1/19/2010 21:35:10
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 783 (507977/507977 Patterns) (2010/01/19) (678300)

Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR D:\*.* /P=C:\Sysclean\lpt$vpn.783

1806 files have been read.
1806 files have been checked.
1806 files have been scanned.
1920 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 1/19/2010 21:35:40 27 seconds (26.94 seconds) has elapsed.(14.916 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2010-01-19, 21:35:40, Clean Fail:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 1/19/2010 21:35:10
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 783 (507977/507977 Patterns) (2010/01/19) (678300)

Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR D:\*.* /P=C:\Sysclean\lpt$vpn.783

1806 files have been read.
1806 files have been checked.
1806 files have been scanned.
1920 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 1/19/2010 21:35:40 27 seconds (26.94 seconds) has elapsed.(14.916 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2010-01-19, 21:35:40, Running SSAPI scanner ""...
2010-01-19, 22:15:38, SSAPI Log:

SSAPI Scanner Version: 1.0.1003
SSAPI Engine Version: 5.2.1032
SSAPI Pattern Version: 8.71
SSAPI Anti-Rootkit Version: <Failed>

Spyware Scan Started: 01/19/2010 21:35:43


SSAPI requires the system to reboot.
Detected Items:
[CLEAN SUCCESS][Cookie_About] Internet Explorer Cache\about.com,Cookie:dave@about.com/,C:\Documents and Settings\Dave\Cookies\dave@about[2].txt
[CLEAN SUCCESS][Cookie_Pointroll] Internet Explorer Cache\ads.pointroll.com,Cookie:dave@ads.pointroll.com/,C:\Documents and Settings\Dave\Cookies\dave@ads.pointroll[1].txt
[CLEAN SUCCESS][Cookie_Go] Internet Explorer Cache\go.com,Cookie:dave@go.com/,C:\Documents and Settings\Dave\Cookies\dave@go[2].txt
[CLEAN SUCCESS][Cookie_Pointroll] Internet Explorer Cache\pointroll.com,Cookie:dave@pointroll.com/,C:\Documents and Settings\Dave\Cookies\dave@pointroll[2].txt
[CLEAN SUCCESS][Cookie_ServingSys] Internet Explorer Cache\serving-sys.com,Cookie:dave@serving-sys.com/,C:\Documents and Settings\Dave\Cookies\dave@serving-sys[1].txt
Detected: 5 items.
Cleaned Success: 5 items.
Clean Failed: 0 items.

Spyware Scan Ended: 01/19/2010 22:15:38
Scan Complete. Time=2398.047852.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users