Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Searches Redirect to other search engines.


  • Please log in to reply
20 replies to this topic

#1 antagon

antagon

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 25 July 2010 - 08:48 AM

I had some symptoms of an infection including browser redirecting and 'anti-virus' self-install attempts. I ran a full and quick scan of MbAM and then ran tdskiller. MbAM found many infections and tdskiller found one. I also used sysinternals autoruns to delete some remnant start-up files that I think were put there by the infection, and which were causing some rundll error messages at start-up. Subsequent scans turned up nothing... until I went online: the two programs in the title and another dll would run, and scans after the fact would turn up infections again.

I cleaned up again and deleted these files, but they come back again at start-up. I figured I should stop butchering the situation and get some advice.

Thanks in advance for your help.

BC AdBot (Login to Remove)

 


#2 antagon

antagon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 26 July 2010 - 07:26 AM

Even no unknown processes running (as far as I can tell from procexp), as soon as an internet connection is sniffed out, processes spring into action. google redirecting and pop-ups drwwin errors, etc... i am thoroughly re-infected within an hour. Prior to checking my email this morning, MbAM quick scan was clean. Now...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4342

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

7/26/2010 1:16:19 PM
mbam-log-2010-07-26 (13-16-19).txt

Scan type: Quick scan
Objects scanned: 203372
Time elapsed: 16 minute(s), 22 second(s)

Memory Processes Infected: 19
Memory Modules Infected: 3
Registry Keys Infected: 26
Registry Values Infected: 15
Registry Data Items Infected: 2
Folders Infected: 5
Files Infected: 77

Memory Processes Infected:
D:\WINDOWS\TEMP\taskmgr.exe (Trojan.Ransom) -> Unloaded process successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\c1pujx64v.exe (Trojan.Downloader) -> Unloaded process successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\winamp.exe (Trojan.Ransom) -> Unloaded process successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\win32.exe (Trojan.Ransom) -> Unloaded process successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\iexplarer.exe (Malware.Packer.Gen) -> Unloaded process successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\cmd.exe (Trojan.Ransom) -> Unloaded process successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\taskmgr.exe (Malware.Packer.Gen) -> Unloaded process successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\debug.exe (Trojan.Ransom) -> Unloaded process successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\login.exe (Malware.Packer.Gen) -> Unloaded process successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\spoolsv.exe (Malware.Packer.Gen) -> Unloaded process successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\ilhsccgwds.exe (Trojan.Downloader) -> Unloaded process successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\install.exe (Trojan.Ransom) -> Unloaded process successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\drweb.exe (Trojan.Ransom) -> Unloaded process successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\cmd.exe (Trojan.Ransom) -> Unloaded process successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\mdm.exe (Malware.Packer.Gen) -> Unloaded process successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\lsass.exe (Malware.Packer.Gen) -> Unloaded process successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\win16.exe (Malware.Packer.Gen) -> Unloaded process successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\avp32.exe (Malware.Packer.Gen) -> Unloaded process successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\winlogon.exe (Malware.Packer.Gen) -> Unloaded process successfully.

Memory Modules Infected:
D:\WINDOWS\system32\zy645.dll (Virus.Ertfor) -> Delete on reboot.
D:\Documents and Settings\ALake\Local Settings\Temp\ktecaxevd8.dll (Virus.Ertfor) -> Delete on reboot.
D:\Documents and Settings\ALake\Local Settings\Temp\bapmv3v.dll (Virus.Ertfor) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c2ba40a2-75f1-51bd-f413-04b15a2c8950} (Virus.Ertfor) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c2ba40a2-75f1-51bd-f413-04b15a2c8950} (Virus.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2ba40a2-75f1-51bd-f413-04b15a2c8950} (Virus.Ertfor) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3206c743-0d08-4577-a750-6f6b4da3b770} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{419a48f1-55b4-4409-92d8-19879c0b476e} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4e856bfc-b538-4474-b5b4-ff2442d8a1f7} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec537427-674b-4ae7-a361-e195643fa976} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{037477f5-34fd-45ba-a94d-6785c8753282} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{180d5736-f185-4b17-8c21-c7b55b81bd4a} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5e44cd04-8447-4ef0-a305-0e63bd422a8e} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d64d1c91-59d8-47a3-a6a5-7e672d705697} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c2ba40a2-75f1-51bd-f413-04b15a2c8950} (Virus.Ertfor) -> Delete on reboot.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsehf98u34i9tjioaugy987iuegdsg (Trojan.Ransom) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uiha98uiohf873yuiadnhgjesgregas (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsehf98u34i9tjioaugy987iuegdsg (Trojan.Ransom) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wkjusxwa (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mchk (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wkjusxwa (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mcexecwin (Virus.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sta (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mcexecwin (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xxsc5 (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
D:\WINDOWS\system32\config\systemprofile\Application Data\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\config\systemprofile\Application Data\Sky-Banners\skb (Adware.Adrotator) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\config\systemprofile\Application Data\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\config\systemprofile\Application Data\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully.
D:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

Files Infected:
D:\WINDOWS\system32\zy645.dll (Virus.Ertfor) -> Delete on reboot.
D:\WINDOWS\TEMP\taskmgr.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\ktecaxevd8.dll (Virus.Ertfor) -> Delete on reboot.
D:\Documents and Settings\ALake\Local Settings\Temp\c1pujx64v.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\winamp.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\win32.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\iexplarer.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\cmd.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\taskmgr.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\debug.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\login.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\spoolsv.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\bapmv3v.dll (Virus.Ertfor) -> Delete on reboot.
D:\Documents and Settings\ALake\Local Settings\Temp\ilhsccgwds.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\install.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\drweb.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\mdm.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\lsass.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\win16.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\avp32.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\winlogon.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\wkjusxwa .exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\tlvup.exe (Trojan.Adware) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\ntl.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\wkjusxwa .exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\TEMP\uqsonzmtq.dll (Virus.Ertfor) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\glvup.dll (Adware.EZlife) -> Quarantined and deleted successfully.
D:\RECYCLER\S-1-5-21-9506950740-7608177639-495130178-4068\hdav.exe (Worm.Autorun.:thumbsup: -> Delete on reboot.
D:\Documents and Settings\ALake\Start Menu\Programs\Startup\scand.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\clvup.dll (Adware.BHO) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\n011s.dll (Virus.Ertfor) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\tjdeacv3.dll (Virus.Ertfor) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\067dd7fa.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\2200918448.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\2550209104.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\4135895008.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\acgpuwna.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\eqpq4pzc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\fe14aa66.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\gamkxw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\hexdump.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\iexplorer.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\notepad.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\cploy.exe (Adware.BHO) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\csrss.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\setup.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\sysedit.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\t2i5xgd1fabbbfb.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\te13h9fzw0q.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temp\zvamc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\TEMP\4169240192.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\WINDOWS\TEMP\9413b3fa.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\WINDOWS\TEMP\avp32.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
D:\WINDOWS\TEMP\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\TEMP\debug.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
D:\WINDOWS\TEMP\hadhuh.exe (Adware.BHO) -> Quarantined and deleted successfully.
D:\WINDOWS\TEMP\iexplorer.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\WINDOWS\TEMP\lv48ld.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\TEMP\ntload.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\TEMP\rhqs.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\WINDOWS\TEMP\spoolsv.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
D:\WINDOWS\TEMP\svchost.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
D:\WINDOWS\TEMP\VRR2.tmp (Backdoor.HareBot) -> Quarantined and deleted successfully.
D:\WINDOWS\TEMP\vx4plu5st.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
D:\WINDOWS\TEMP\v772v.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temporary Internet Files\Content.IE5\BNDWE4K5\imhbjepxrz[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temporary Internet Files\Content.IE5\BNDWE4K5\sjnvpnidk[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Local Settings\Temporary Internet Files\Content.IE5\J7U919H3\cgxvqksq[1].htm (Adware.BHO) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\BUX21Z4N\loaderadv701[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\BUX21Z4N\rus[1].php (Backdoor.HareBot) -> Quarantined and deleted successfully.
D:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
D:\WINDOWS\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
D:\Documents and Settings\ALake\Start Menu\Programs\Startup\scand.lnk (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> Delete on reboot.
D:\WINDOWS\system32\ipsecndis.sys (Rootkit.Agent) -> Delete on reboot.
D:\WINDOWS\TEMP\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\TEMP\vpe0.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

#3 antagon

antagon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 28 July 2010 - 06:11 AM

Running a clean install of windows xp sp3, having downloaded firefox, when searching on google, clicking any results goes to a different page than promised. I get messages that some strange program names have crashed from windows. Any Idea what to do? I dont have an antivirus protection installed, but I am pretty sure that I have some sort of virus. Thanks for the help.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:16 PM

Posted 28 July 2010 - 12:09 PM

Was that MBAM log after the clean install also??

Reboot into Safe Mode with Networking
How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply
Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now acn you install and scan with this free AV?
Avira Antivir
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 antagon

antagon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 29 July 2010 - 10:35 PM

Thanks much for your help.

The MBAM above was before the fresh install. It is my suspicion that the internet dongle that i have might be harboring the virus, but scanning it has turned up nothing. Hard to say how I got the same damn infection after a reformat otherwise. dunno.


I have a problem: I cant seem to get on the internet in Safe Mode w/ networking. I cant download any *.exe files in regular mode. Unfortunately, I get the same problem trying to get at .reg, .scr .com and .msi files too. Are there zips for any of these files? That seems to work ok.

Before that new development, I did get MBAM back on my computer. That's about it. other than the no exe issue, I'm also barred from changing the view hidden files setting, and I have to unblock exe's before I can run them.

None of the links are downloadable on this computer. I'll see about using someone else's computer and xferring them on a CD or something. Any other ideas how I can get at those files?

#6 antagon

antagon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 29 July 2010 - 10:48 PM

well... i'm working around the exe nonsense. I've just saved link as all files xxx.nut, then changed the extension back, unblocked it and run it... I still have to do this from 'UnSafe' Mode because of the internet connection issue. should i just download the files then use them in safe mode?

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:16 PM

Posted 29 July 2010 - 11:01 PM

OK, MBAM is better in normal whereas SAS is in safe. But both will work in either form.
So let's run them. If they find and remove things it will improve the situation and we can always rerun.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 antagon

antagon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 30 July 2010 - 01:49 AM

I still get a message at startup and when i get an internet connection that VRT1.tmp has encountered a problem and needs to close.

here is the SASw log...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/30/2010 at 05:28 AM

Application Version : 4.41.1000

Core Rules Database Version : 5289
Trace Rules Database Version: 3101

Scan type : Complete Scan
Total Scan Time : 00:25:41

Memory items scanned : 376
Memory threats detected : 0
Registry items scanned : 4662
Registry threats detected : 8
File items scanned : 25781
File threats detected : 140

Trojan.Agent/Gen
[tghlig] C:\WINDOWS\SYSTEM32\MSGCIUTR.DLL
C:\WINDOWS\SYSTEM32\MSGCIUTR.DLL
HKLM\Software\AGProtect
HKLM\Software\AGProtect#Cfg
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8581348F-C16C-4824-93B3-A52A0E695370}\RP9\A0001292.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8581348F-C16C-4824-93B3-A52A0E695370}\RP9\A0001294.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8581348F-C16C-4824-93B3-A52A0E695370}\RP9\A0001295.DLL

Adware.Tracking Cookie
C:\Documents and Settings\antagon\Cookies\antagon@atdmt[1].txt
C:\Documents and Settings\antagon\Cookies\antagon@msnportal.112.2o7[1].txt
C:\Documents and Settings\antagon\Cookies\antagon@ad.wsod[2].txt
C:\Documents and Settings\antagon\Cookies\antagon@pointroll[2].txt
C:\Documents and Settings\antagon\Cookies\antagon@ads.pointroll[1].txt
a.ads2.msads.net [ C:\Documents and Settings\antagon\Application Data\Macromedia\Flash Player\#SharedObjects\EFFHD4C8 ]
ads2.msads.net [ C:\Documents and Settings\antagon\Application Data\Macromedia\Flash Player\#SharedObjects\EFFHD4C8 ]
www.naiadsystems.com [ C:\Documents and Settings\antagon\Application Data\Macromedia\Flash Player\#SharedObjects\EFFHD4C8 ]
.collective-media.net [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.adtech.de [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.apmebf.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
statse.webtrendslive.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.avgtechnologies.112.2o7.net [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.microsoftsto.112.2o7.net [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.naked.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.toplist.cz [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
click.mediadome.ru [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
click.mediadome.ru [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
click.mediadome.ru [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.tns-counter.ru [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.yadro.ru [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.yadro.ru [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
data.coremetrics.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
server.iad.liveperson.net [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\antagon\Application Data\Mozilla\Firefox\Profiles\uicr7d2y.default\cookies.sqlite ]
C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@ads.undertone[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@advertisingassistantss[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@casalemedia[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@collective-media[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@fastclick[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@interclick[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@invitemedia[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@overture[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@traveladvertising[1].txt

Adware.Flash Tracking Cookie
C:\Documents and Settings\antagon\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\EFFHD4C8\A.ADS2.MSADS.NET
C:\Documents and Settings\antagon\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\EFFHD4C8\ADS2.MSADS.NET
C:\Documents and Settings\antagon\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\EFFHD4C8\WWW.NAIADSYSTEMS.COM

Disabled.FolderOption
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED\FOLDER\HIDDEN\SHOWALL#CHECKEDVALUE

Adware.AdRotator
HKU\.DEFAULT\Software\Sky-Banners
HKU\S-1-5-18\Software\Sky-Banners
HKU\.DEFAULT\Software\Street-Ads
HKU\S-1-5-18\Software\Street-Ads

Trojan.Dropper/Gen-NV
C:\DOCUMENTS AND SETTINGS\ANTAGON\APPLICATION DATA\MACROMEDIA\DLLVCLWIN49\MSFTDM.EXE
C:\DOCUMENTS AND SETTINGS\ANTAGON\APPLICATION DATA\MACROMEDIA\DLLVCLWIN49\MSFTDM32.EXE
C:\DOCUMENTS AND SETTINGS\ANTAGON\LOCAL SETTINGS\TEMP\JY69.EXE

Trojan.Agent/Gen-FraudPack
C:\DOCUMENTS AND SETTINGS\ANTAGON\APPLICATION DATA\MACROMEDIA\DLLVCLWIN49\MSFTLDR.DLL

Trojan.Agent/Gen-Tres[Drop]
C:\DOCUMENTS AND SETTINGS\ANTAGON\LOCAL SETTINGS\TEMP\810.EXE
C:\DOCUMENTS AND SETTINGS\ANTAGON\LOCAL SETTINGS\TEMP\931.EXE

Trojan.Agent/Gen-FakeAV
C:\DOCUMENTS AND SETTINGS\ANTAGON\LOCAL SETTINGS\TEMP\8F7OZ.EXE
C:\DOCUMENTS AND SETTINGS\ANTAGON\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\SL4B4PWZ\DLL4[1].TXT
C:\RECYCLER\S-1-5-21-1060284298-1343024091-505599923-1003\DC10.EX_
C:\RECYCLER\S-1-5-21-1060284298-1343024091-505599923-1003\DC3.EXE

Trojan.Agent/Gen-Krpytik
C:\PROGRAM FILES\AUTOCAD 2002\AUTOCAD 2002 CRAK.EXE

Trojan.Agent/Gen-Frauder[Cool3b]
C:\RECYCLER\S-1-5-21-1060284298-1343024091-505599923-1003\DC21.EXE
C:\RECYCLER\S-1-5-21-1060284298-1343024091-505599923-1003\DC7.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8581348F-C16C-4824-93B3-A52A0E695370}\RP9\A0001291.EXE

Trojan.Agent/Gen-Falleg
C:\RECYCLER\S-1-5-21-1060284298-1343024091-505599923-1003\DC5.TMP

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001201.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001202.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001203.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001204.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001205.OCX
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001206.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001210.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001211.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001242.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001243.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001247.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001248.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001252.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8581348F-C16C-4824-93B3-A52A0E695370}\RP9\A0001255.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8581348F-C16C-4824-93B3-A52A0E695370}\RP9\A0001256.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8581348F-C16C-4824-93B3-A52A0E695370}\RP9\A0001257.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8581348F-C16C-4824-93B3-A52A0E695370}\RP9\A0001258.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8581348F-C16C-4824-93B3-A52A0E695370}\RP9\A0001259.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8581348F-C16C-4824-93B3-A52A0E695370}\RP9\A0001260.OCX
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8581348F-C16C-4824-93B3-A52A0E695370}\RP9\A0001263.EXE

Adware.Vundo/Variant-MSFake
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8581348F-C16C-4824-93B3-A52A0E695370}\RP9\A0001296.OCX
C:\WINDOWS\SYSTEM32\MSWINSCK.OCX

#9 antagon

antagon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 30 July 2010 - 07:41 AM

ok.. got your latest message and ran mbam in regular and SUPER in safe. here are the logs:

mbam....

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4362

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

7/30/2010 11:42:02 AM
mbam-log-2010-07-30 (11-42-02).txt

Scan type: Full scan (C:\|F:\|H:\|)
Objects scanned: 151894
Time elapsed: 23 minute(s), 58 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 3
Registry Keys Infected: 6
Registry Values Infected: 6
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 19

Memory Processes Infected:
C:\WINDOWS\Fonts\services.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\Temp\ts3wysau.exe (Trojan.LVBP) -> Unloaded process successfully.
C:\WINDOWS\system32\updata.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\szetyj67v.exe (Trojan.Dropper) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\msgciutr.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\Temp\ntload.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\MSWINSCK.OCX (Worm.Nyxem) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDORSYS (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tghlig (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\apps (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\szetyj67vx (Trojan.LVBP) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tqjusxwa (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tqjusxwa (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\szetyj67v (Trojan.Dropper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\msgciutr.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\Temp\ntload.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Fonts\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ts3wysau.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\szetyj67vx.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tqjusxwa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\antagon\ntl.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\antagon\tqjusxwa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\antagon\Start Menu\Programs\Startup\scand.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP9\A0001293.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSWINSCK.OCX (Worm.Nyxem) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRT1.tmp (Backdoor.HareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\antagon\Start Menu\Programs\Startup\scand.lnk (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsats.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ipsecndis.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\service.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\updata.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\szetyj67v.exe (Trojan.Dropper) -> Quarantined and deleted successfully.


**************************END OF MBAM****************************

i had to reboot and did so into safe mode then ran SUPER

LOG....

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/30/2010 at 12:15 PM

Application Version : 4.41.1000

Core Rules Database Version : 5286
Trace Rules Database Version: 3098

Scan type : Complete Scan
Total Scan Time : 00:27:15

Memory items scanned : 240
Memory threats detected : 0
Registry items scanned : 4637
Registry threats detected : 4
File items scanned : 25768
File threats detected : 11

Trojan.Agent/Gen-FakeAV
[7a081] C:\WINDOWS\TEMP\8F7OZ.EXE
C:\WINDOWS\TEMP\8F7OZ.EXE
C:\WINDOWS\Prefetch\8F7OZ.EXE-0F3ABC8F.pf

Trojan.Dropper/Gen-NV
[k5kkt] C:\WINDOWS\TEMP\JY69.EXE
C:\WINDOWS\TEMP\JY69.EXE
C:\WINDOWS\Prefetch\JY69.EXE-310DD74B.pf

Trojan.Agent/Gen-FakeAlert
[load] C:\WINDOWS\SVC.EXE
C:\WINDOWS\SVC.EXE
[load] C:\WINDOWS\SVC.EXE
C:\WINDOWS\Prefetch\SVC.EXE-19B6356B.pf

Adware.Tracking Cookie
C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@casalemedia[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@collective-media[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@fastclick[2].txt

*******************************END SUPER**********************************

i'll now work on that A/V program

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:16 PM

Posted 30 July 2010 - 09:09 AM

Great ,,is the VRT1.tmp has encountered a problem and needs to close message gone?

The internet is good? If so do an online scan.

ESET
Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?"".
  • Answer Yes to download and install the ActiveX controls that allows the scan to run.
  • Click Start.
  • Check Remove found threats and Scan potentially unwanted applications.
  • Click Scan to start. (please be patient as the scan could take some time to complete)
  • If offered the option to get information or buy software. Just close the window.
  • When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\ESET\ESET Online Scanner\log.txt
    folder.
  • Click Posted Image > Run..., then copy and paste this command into the open box: C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • The scan results will open in Notepad. Copy and paste the contents of log.txt in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 antagon

antagon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 02 August 2010 - 07:32 AM

I still get the message about VRT1.tmp. Essentially VRTxx.tmp, as there have been a few occaisions where another number would come up.

I have not had any luck with AVIRA. I get this message attempting to install it:
....

This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.

....

Moving on to the ESET free scan, win32virut sums that up, however there is considerable company of other infections. here is the log:

C:\Display.temp\checkver.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Display.temp\Setup.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Display.temp\R62k\Setup.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Display.temp\R6xp\Setup.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Documents and Settings\antagon\tqjusxwa.exe Win32/Virut.NBP virus cleaned - quarantined
C:\Documents and Settings\antagon\tqjusxwa.exe Win32/Virut.NBP virus cleaned - quarantined
C:\Documents and Settings\antagon\Application Data\Macromedia\dllvclwin49\msftcore.dll Win32/Agent.RLN trojan cleaned by deleting - quarantined
C:\Documents and Settings\antagon\Application Data\Macromedia\dllvclwin49\msftstp.exe Win32/Virut.NBP virus cleaned - quarantined
C:\Documents and Settings\antagon\Local Settings\Temp\05ykhhgj.exe a variant of Win32/TrojanClicker.Delf.NID trojan cleaned by deleting - quarantined
C:\Documents and Settings\antagon\Local Settings\Temp\16ra0bdf9.exe Win32/Virut.NBP virus cleaned - quarantined
C:\Documents and Settings\antagon\Local Settings\Temp\2snsdwmxz.exe Win32/Virut.NBP virus cleaned - quarantined
C:\Documents and Settings\antagon\Local Settings\Temp\DataCard_Setup.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Documents and Settings\antagon\Local Settings\Temp\ResetDevice.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Documents and Settings\antagon\Local Settings\Temp\ttfpeymw.exe a variant of Win32/Kryptik.FRZ trojan cleaned by deleting - quarantined
C:\Documents and Settings\antagon\Local Settings\Temp\{5AEB9CBA-06C1-47D5-B336-F8FA900BF546}\{A899DA1F-D626-401C-8651-F2921E3B4CB3}\IconHacker.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Documents and Settings\antagon\Local Settings\Temporary Internet Files\Content.IE5\QZ0TSXY9\dll4[1].txt a variant of Win32/VB.PAM trojan cleaned by deleting - quarantined
C:\Documents and Settings\antagon\Local Settings\Temporary Internet Files\Content.IE5\W32PA5OH\dll4[1].txt a variant of Win32/VB.PAM trojan cleaned by deleting - quarantined
C:\Program Files\Adobe\Acrobat 5.0\Acrobat\Acrobat.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\Adobe\Acrobat 5.0\Distillr\acrodist.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe a variant of Win32/Virut.NCF virus deleted (after the next restart) - quarantined
C:\Program Files\AutoCAD 2002\acad.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\AutoCAD 2002\AcStdBatch.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\AutoCAD 2002\addplwiz.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\AutoCAD 2002\assist.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\AutoCAD 2002\Crack.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\AutoCAD 2002\DwgCheckStandards.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\AutoCAD 2002\expand.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\AutoCAD 2002\hpsetup.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\AutoCAD 2002\pc3exe.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\AutoCAD 2002\sfxfe32.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\AutoCAD 2002\styexe.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\AutoCAD 2002\styshwiz.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\AutoCAD 2002\Sample\ActiveX\Facility\facility.exe Win32/Virut.NBP virus cleaned - quarantined
C:\Program Files\AutoCAD 2002\Sample\ActiveX\Facility\Setup\setup.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\AutoCAD 2002\Support\prodscan.exe Win32/Virut.NBP virus cleaned - quarantined
C:\Program Files\AutoCAD 2002\Support\BatchPlt\batchplt.exe Win32/Virut.NBP virus cleaned - quarantined
C:\Program Files\AutoCAD 2002\WebDepot\ErrorHandler\RepairToday.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\Common Files\Adobe\Web\AOM.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\Common Files\Autodesk Shared\AcHelp.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\IDriver2.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe Win32/Virut.NBP virus cleaned - quarantined
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe a variant of Win32/Virut.NCF virus unable to clean
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe a variant of Win32/Virut.NCF virus unable to clean
C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\link.exe Win32/Virut.NBP virus cleaned - quarantined
C:\Program Files\Huawei Modems\Device_Setup.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\Huawei Modems\devsetup.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\Inkscape\python\python.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\Inkscape\python\Lib\distutils\command\wininst-6.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\InstallShield Installation Information\{43801800-CFEE-11D2-A41B-006097B55AD3}\Setup.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\Internet Explorer\iedw.exe a variant of Win32/Virut.NCF virus unable to clean
C:\Program Files\Internet Explorer\IEXPLORE.EXE a variant of Win32/Virut.NCF virus unable to clean
C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe a variant of Win32/Virut.NCF virus unable to clean
C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe a variant of Win32/Virut.NCF virus unable to clean
C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe a variant of Win32/Virut.NCF virus unable to clean
C:\Program Files\Microsoft Office\Office\SELFCERT.EXE Win32/Virut.NBP virus cleaned - quarantined
C:\Program Files\Movie Maker\moviemk.exe a variant of Win32/Virut.NCF virus unable to clean
C:\Program Files\NetMeeting\conf.exe a variant of Win32/Virut.NCF virus unable to clean
C:\Program Files\NetMeeting\wb32.exe a variant of Win32/Virut.NCF virus unable to clean
C:\Program Files\Outlook Express\msimn.exe a variant of Win32/Virut.NCF virus unable to clean
C:\Program Files\Outlook Express\oemig50.exe a variant of Win32/Virut.NCF virus unable to clean
C:\Program Files\Outlook Express\setup50.exe a variant of Win32/Virut.NCF virus unable to clean
C:\Program Files\Outlook Express\wabmig.exe a variant of Win32/Virut.NCF virus unable to clean
C:\Program Files\ScanSoft\OmniPageSE4\launchop.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\setup\avira\imp64b.exe Win32/Virut.NBP virus cleaned - quarantined
C:\Program Files\SUPERAntiSpyware\BootSafe.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\Windows Media Player\migrate.exe a variant of Win32/Virut.NCF virus unable to clean
C:\Program Files\Windows Media Player\mplayer2.exe a variant of Win32/Virut.NCF virus unable to clean
C:\Program Files\Windows Media Player\setup_wm.exe a variant of Win32/Virut.NCF virus unable to clean
C:\Program Files\Windows Media Player\wmplayer.exe a variant of Win32/Virut.NCF virus unable to clean
C:\Program Files\Windows NT\dialer.exe a variant of Win32/Virut.NCF virus unable to clean
C:\Program Files\Windows NT\hypertrm.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\Program Files\Windows NT\Accessories\wordpad.exe Win32/Virut.NBP virus cleaned - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0001373.exe a variant of Win32/TrojanClicker.Delf.NID trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0001376.exe Win32/Virut.NBP virus cleaned - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002373.exe a variant of Win32/TrojanClicker.Delf.NID trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002376.exe Win32/Virut.NBP virus cleaned - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002383.exe Win32/Virut.NBP virus cleaned - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002387.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002388.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002389.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002390.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002391.exe Win32/Virut.NBP virus cleaned - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002392.dll Win32/Agent.RLN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002393.exe Win32/Virut.NBP virus cleaned - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002395.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002396.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002397.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002398.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002399.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002400.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002401.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002402.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002403.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002404.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002405.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002406.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002407.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002408.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002409.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002413.exe Win32/Virut.NBP virus cleaned - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002414.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002416.exe Win32/Virut.NBP virus cleaned - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002417.exe Win32/Virut.NBP virus cleaned - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002418.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002419.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002420.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002421.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002422.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002423.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002424.exe Win32/Virut.NBP virus cleaned - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002425.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002426.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002427.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002428.exe Win32/Virut.NBP virus cleaned - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002429.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002430.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002431.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002432.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002433.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002435.EXE Win32/Virut.NBP virus cleaned - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002436.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002437.exe Win32/Virut.NBP virus cleaned - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002438.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002439.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP11\A0002440.exe Win32/Virut.NBP virus cleaned - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP5\A0000713.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP7\A0000794.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP7\A0000796.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000797.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000800.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000803.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000812.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000813.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000814.EXE a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000815.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000816.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000817.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000818.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000819.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000822.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000823.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000825.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000826.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000827.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000828.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000829.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000830.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000831.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000832.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000833.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000834.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000835.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000836.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000837.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000838.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000839.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000840.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000841.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000842.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000843.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000845.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000846.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000847.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000848.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000849.EXE a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000850.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000851.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000852.EXE a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000853.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000854.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000855.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000856.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000857.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000858.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000860.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000861.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000862.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000864.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000865.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000866.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000867.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000868.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000869.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000871.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000872.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000873.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000874.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000875.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000876.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000877.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000878.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000879.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000880.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000881.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000882.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000883.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000884.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000885.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000886.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000887.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000888.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000889.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000890.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000891.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000892.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000893.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000894.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000895.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000896.exe Win32/Virut.NBP virus cleaned - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000897.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000898.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000899.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000901.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000902.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000903.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000904.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000905.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000906.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000907.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000908.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000909.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000910.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000911.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000912.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000913.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000914.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000915.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000916.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000918.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000919.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000920.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000921.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000922.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000923.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000924.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000925.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000926.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000927.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000928.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000929.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000930.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000931.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000933.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000934.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000935.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000936.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000937.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000938.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000940.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000941.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000942.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000943.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000945.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000946.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000947.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000948.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000949.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000950.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000951.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000952.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000953.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000954.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000955.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000956.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000957.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000958.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000959.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000960.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000961.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000962.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000963.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000964.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000965.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000966.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000967.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000968.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000969.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000970.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000971.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000972.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000973.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000974.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000975.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000976.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000977.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000978.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000979.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000980.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000981.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000982.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000983.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000984.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000985.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000986.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000987.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000988.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000989.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000990.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000991.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000992.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000993.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000994.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000995.EXE a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000996.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000997.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000998.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0000999.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001000.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001001.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001002.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001003.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001004.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001005.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001006.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001007.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001008.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001009.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001010.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001011.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001012.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001013.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001014.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001015.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001016.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001017.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001018.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001019.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001020.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001021.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001022.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001023.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001024.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001025.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001026.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001027.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001028.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001029.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001030.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001031.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001032.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001033.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001034.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001035.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001036.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001037.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001038.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001039.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001040.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001042.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001043.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001044.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001045.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001046.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001047.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001048.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001049.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001050.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001051.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001052.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001053.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001054.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001055.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001057.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001058.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001059.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001060.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001061.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001062.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001063.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001064.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001065.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001066.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001067.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001068.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001069.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001070.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001071.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001082.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001084.EXE a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001086.exe Win32/Virut.NBP virus cleaned - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001091.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001093.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001115.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001120.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001121.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001122.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001123.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001133.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001134.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001135.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001136.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001137.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001141.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001145.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001146.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001147.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001149.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001150.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001151.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001152.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001153.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001154.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001155.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001156.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001157.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001158.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001159.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001160.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001161.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001162.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001163.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001164.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001165.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001166.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001167.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001168.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001169.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001170.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001171.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001172.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001173.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001174.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001175.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001176.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001177.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001178.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001179.scr a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001180.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001181.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001182.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001183.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001184.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001185.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001186.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001187.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001188.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001189.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001190.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001191.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001192.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001193.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001194.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001195.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001196.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001197.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001198.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001199.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP8\A0001200.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP9\A0001284.exe a variant of Win32/TrojanClicker.Delf.NID trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP9\A0001300.exe Win32/Virut.NBP virus cleaned - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP9\A0001308.exe a variant of Win32/TrojanClicker.Delf.NID trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP9\A0001309.exe Win32/Virut.NBP virus cleaned - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP9\A0001310.exe a variant of Win32/TrojanClicker.Delf.NID trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP9\A0001311.exe Win32/Virut.NBP virus cleaned - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP9\A0001312.exe Win32/Agent.RLN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP9\A0001313.exe a variant of Win32/Kryptik.FRZ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP9\A0001315.exe Win32/Virut.NBP virus cleaned - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP9\A0001316.exe Win32/Virut.NBP virus cleaned - quarantined
C:\System Volume Information\_restore{8581348F-C16C-4824-93B3-A52A0E695370}\RP9\A0001317.exe a variant of Win32/TrojanClicker.Delf.NID trojan cleaned by deleting - quarantined
C:\WINDOWS\explorer.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\hh.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\IsUninst.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\msvckb.dll a variant of Win32/Kryptik.FRZ trojan cleaned by deleting - quarantined
C:\WINDOWS\NOTEPAD.EXE a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\svc.exe a variant of Win32/TrojanClicker.Delf.NID trojan cleaned by deleting - quarantined
C:\WINDOWS\TASKMAN.EXE a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\twunk_32.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\winhlp32.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\Downloaded Program Files\dwusplay.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\Fonts\services.exe Win32/Virut.NBP virus error while cleaning
C:\WINDOWS\inf\unregmp2.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\Installer\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}\NewShortcut14_27BC537B086D42E19CB39D115FA043BF.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\Installer\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}\NewShortcut15_27BC537B086D42E19CB39D115FA043BF.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\Installer\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\msagent\agentsvr.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\mui\muisetup.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\pchealth\helpctr\binaries\HscUpd.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\pchealth\helpctr\binaries\notiflag.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\pchealth\UploadLB\Binaries\UploadM.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\accwiz.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\actmovie.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\ahui.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\alg.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\arp.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\asr_fmt.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\asr_ldm.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\asr_pfu.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\at.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\ati2evxx.exe a variant of Win32/Virut.NCF virus deleted (after the next restart) - quarantined
C:\WINDOWS\system32\Ati2mdxx.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\atiiprxx.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\atiphexx.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\atiprbxx.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\atiptaxx.exe a variant of Win32/Virut.NCF virus deleted (after the next restart) - quarantined
C:\WINDOWS\system32\atmadm.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\attrib.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\auditusr.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\bootcfg.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\bootok.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\bootvrfy.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\cacls.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\calc.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\charmap.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\chkdsk.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\chkntfs.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\cidaemon.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\cipher.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\cisvc.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\ckcnv.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\cleanmgr.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\cliconfg.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\clipbrd.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\clipsrv.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\cmd.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\cmdl32.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\cmmon32.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\cmstp.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\comp.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\compact.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\conime.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\control.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\cscript.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\ctfmon.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\dcomcnfg.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\ddeshare.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\diantz.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\diskpart.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\diskperf.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\dllhost.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\dllhst3g.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\dmadmin.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\dmremote.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\doskey.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\dplaysvr.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\dpnsvr.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\dpvsetup.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\driverquery.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\drwtsn32.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\dumprep.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\dvdplay.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\dvdupgrd.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\dwwin.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\dxdiag.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\esentutl.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\eudcedit.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\eventcreate.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\eventtriggers.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\eventvwr.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\expand.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\extrac32.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\fc.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\find.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\findstr.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\finger.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\fixmapi.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\fltMc.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\fontview.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\forcedos.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\fsquirt.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\fsutil.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\ftp.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\getmac.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\gpresult.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\gpupdate.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\grpconv.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\help.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\hostname.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\ie4uinit.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\iexpress.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\imapi.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\ipconfig.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\ipsec6.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\ipv6.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\ipxroute.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\irftp.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\KzService.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\label.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\lights.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\locator.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\lodctr.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\logagent.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\logman.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\logoff.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\logonui.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\lpq.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\lpr.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\magnify.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\makecab.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\migpwd.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\mmc.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\mnmsrvc.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\mobsync.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\mountvol.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\mplay32.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\mpnotify.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\mqbkup.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\mqsvc.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\mqtgsvc.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\mrinfo.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\msdtc.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\msg.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\mshta.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\msiexec.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\mspaint.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\msswchx.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\mstinit.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\msvjidkm.dll probably a variant of Win32/PSW.WOW.NNZ trojan cleaned by deleting (after the next restart) - quarantined
C:\WINDOWS\system32\mtstack.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\napstat.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\narrator.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\nbtstat.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\nddeapir.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\net.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\net1.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\netdde.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\netsetup.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\netsh.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\netstat.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\notepad.exe Win32/Virut.NBP virus cleaned - quarantined
C:\WINDOWS\system32\nslookup.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\ntbackup.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\ntsd.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\ntvdm.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\nwscript.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\odbcad32.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\odbcconf.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\openfiles.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\osk.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\osuninst.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\packager.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\pathping.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\pentnt.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\perfmon.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\ping.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\ping6.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\powercfg.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\print.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\progman.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\proquota.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\proxycfg.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\qappsrv.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\qprocess.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\qwinsta.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\rasautou.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\rasdial.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\rasphone.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\rcimlby.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\rcp.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\rdpclip.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\rdsaddin.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\rdshost.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\recover.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\reg.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\regedt32.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\regini.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\regsvr32.exe Win32/Virut.NBP virus cleaned - quarantined
C:\WINDOWS\system32\regwiz.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\relog.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\replace.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\reset.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\rexec.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\route.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\routemon.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\rsh.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\rsm.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\rsmsink.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\rsmui.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\rsnotify.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\rsopprov.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\rsvp.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\rtcshare.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\rundll32.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\rwinsta.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\savedump.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\sc.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\scardsvr.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\schtasks.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\scrnsave.scr a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\sdbinst.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\secedit.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\sessmgr.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\sethc.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\setup.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\setupn.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\sfc.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\shadow.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\shmgrate.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\shrpubw.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\shutdown.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\sigverif.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\skeys.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\smbinst.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\smlogsvc.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\sndrec32.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\sndvol32.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\sort.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\spnpinst.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\spoolsv.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\stimon.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\subst.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\syskey.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\sysocmgr.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\systeminfo.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\systray.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\szetyj67v.exe Win32/Virut.NBP virus cleaned - quarantined
C:\WINDOWS\system32\szetyj67vx.exe probably a variant of Win32/Refpron.G trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\taskkill.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\tasklist.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\taskman.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\tcmsetup.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\tcpsvcs.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\telnet.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\tftp.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\tlntadmn.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\tlntsess.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\tlntsvr.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\tqjusxwa.exe Win32/Virut.NBP virus cleaned - quarantined
C:\WINDOWS\system32\tqjusxwa.exe Win32/Virut.NBP virus cleaned - quarantined
C:\WINDOWS\system32\tracerpt.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\tracert.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\tracert6.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\tscon.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\tsdiscon.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\tskill.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\tsshutdn.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\typeperf.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\tzchange.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\unlodctr.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\updata.exe Win32/Virut.NBP virus cleaned - quarantined
C:\WINDOWS\system32\upnpcont.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\ups.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\userinit.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\usrmlnka.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\usrprbda.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\usrshuta.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\utilman.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\verclsid.exe a variant of Win32/Virut virus deleted - quarantined
C:\WINDOWS\system32\verifier.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\vssadmin.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\vssvc.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\wextract.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\wiaacmgr.exe a variant of Win32/Virut virus unable to clean
C:\WINDOWS\system32\winhlp32.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\winmsd.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\winver.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\WISPTIS.EXE a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\wpabaln.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\wpnpinst.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\wscript.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\wuauclt.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\wuauclt1.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\wupdmgr.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\xcopy.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\Com\comrepl.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\Com\comrereg.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\dllcache\accwiz.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\actmovie.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\admin.exe Win32/Virut.NBP virus cleaned - quarantined
C:\WINDOWS\system32\dllcache\agentsvr.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\ahui.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\alg.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\arp.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\asr_fmt.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\asr_ldm.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\asr_pfu.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\at.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\atmadm.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\attrib.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\auditusr.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\author.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\bootcfg.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\bootok.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\bootvrfy.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\cacls.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\calc.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\cfgwiz.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\change.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\charmap.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\chglogon.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\chgport.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\chgusr.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\chkdsk.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\chkntfs.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\cidaemon.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\cipher.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\cisvc.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\ckcnv.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\cleanmgr.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\clipbrd.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\clipsrv.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\cmd.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\cmdl32.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\cmstp.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\comp.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\compact.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\comrepl.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\comrereg.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\conf.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\conime.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\control.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\convlog.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\cprofile.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\cscript.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\ctfmon.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\davcdata.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\dcomcnfg.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\ddeshare.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\dialer.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\diantz.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\diskpart.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\diskperf.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\dllhost.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\dllhst3g.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\dmadmin.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\dmremote.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\doskey.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\dplaysvr.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\dpnsvr.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\dpvsetup.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\drvqry.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\drwtsn32.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\dumprep.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\dvdupgrd.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\dwwin.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\dxdiag.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\esentutl.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\eudcedit.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\evcreate.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\eventvwr.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\evntcmd.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\evntwin.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\evtrig.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\expand.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\explorer.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\extrac32.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\fc.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\find.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\findstr.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\finger.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\fixmapi.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\flattemp.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\fltmc.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\fontview.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\forcedos.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\fp98sadm.exe Win32/Virut.NBP virus cleaned - quarantined
C:\WINDOWS\system32\dllcache\fp98swin.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\fpadmcgi.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\fpcount.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\fpremadm.exe Win32/Virut.NBP virus cleaned - quarantined
C:\WINDOWS\system32\dllcache\fsutil.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\ftp.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\fxsclnt.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\fxscover.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\fxssend.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\fxssvc.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\getmac.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\gprslt.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\gpupdate.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\grpconv.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\help.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\helpctr.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\helphost.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\helpsvc.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\hh.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\hostname.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\hscupd.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\icwconn2.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\icwtutor.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\ie4uinit.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\iedw.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\iexplore.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\iexpress.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\iisreset.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\iisrstas.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\iissync.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\imapi.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\imepadsv.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\inetin51.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\inetmgr.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\inetwiz.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\ipconfig.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\ipsec6.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\ipv6.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\ipxroute.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\label.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\lights.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\lnkstub.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\locator.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\lodctr.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\logman.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\logoff.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\lpq.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\lpr.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\lsass.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\magnify.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\makecab.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\migisol.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\migload.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\migrate.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\migregdb.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\migwiz.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\migwiza.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\mmc.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\mnmsrvc.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\mobsync.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\mofcomp.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\mountvol.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\moviemk.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\mplay32.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\mplayer2.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\mpnotify.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\mqbkup.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\mqsvc.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\mqtgsvc.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\mrinfo.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\msconfig.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\msdtc.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\msg.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\mshta.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\msiexec.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\msimn.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\msinfo32.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\msiregmv.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\msoobe.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\mspaint.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\msswchx.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\mstinit.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\mtstocom.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\muisetup.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\napstat.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\narrator.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\nbtstat.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\net.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\net1.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\netdde.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\netsetup.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\netsh.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\netstat.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\notepad.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\notiflag.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\nppagent.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\nslookup.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\ntbackup.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\ntsd.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\ntvdm.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\nwscript.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\odbcad32.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\odbcconf.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\oemig50.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\oobebaln.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\opnfiles.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\packager.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\pathping.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\pentnt.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\perfmon.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\ping.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\ping6.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\powercfg.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\print.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\progman.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\proquota.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\proxycfg.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\qappsrv.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\qprocess.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\query.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\quser.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\qwinsta.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\rasautou.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\rasdial.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\rasphone.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\rcp.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\rdpclip.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\rdsaddin.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\rdshost.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\recover.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\reg.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\regedit.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\regedt32.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\regini.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\register.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\regsvr32.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\regwiz.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\relog.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\replace.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\reset.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\rexec.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\route.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\routemon.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\rsh.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\rsm.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\rsmsink.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\rsmui.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\rsnotify.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\rsopprov.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\rstrui.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\rsvp.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\rtcshare.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\runas.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\rundll32.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\rwinsta.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\sapisvr.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\savedump.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\sc.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\scardsvr.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\scrcons.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\scrnsave.scr a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\sctasks.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\sdbinst.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\secedit.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\services.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\sessmgr.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\sethc.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\setup.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\setup50.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\setupn.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\setup_wm.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\sfc.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\shadow.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\shmgrate.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\shrpubw.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\shtml.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\shutdown.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\sigverif.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\skeys.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\smbinst.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\smi2smir.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\smlogsvc.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\sndrec32.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\sndvol32.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\snmp.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\snmptrap.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\sort.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\spiisupd.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\spnpinst.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\spoolsv.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\srdiag.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\stimon.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\subst.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\svchost.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\sysinfo.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\syskey.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\sysocmgr.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\systray.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\taskkill.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\tasklist.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\taskman.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\tcmsetup.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\tcpsvcs.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\tcptest.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\telnet.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\tftp.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\tlntadmn.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\tlntsess.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\tlntsvr.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\tracerpt.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\tracert.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\tracert6.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\tscon.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\tsdiscon.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\tskill.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\tsprof.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\tsshutdn.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\twunk_32.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\typeperf.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\unlodctr.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\unregmp2.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\unsecapp.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\uploadm.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\upnpcont.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\ups.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\userinit.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\utilman.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\verifier.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\vssadmin.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\vssvc.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\w32tm.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\wabmig.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\wb32.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\wbemtest.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\wextract.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\wiaacmgr.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\winhlp32.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\winhstb.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\winmgmt.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\winmsd.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\winver.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\wmiadap.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\wmiapsrv.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\wmic.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\wmiprvse.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\wmplayer.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\wordpad.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\wpnpinst.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\write.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\wscript.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\wuauclt.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\wupdmgr.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\dllcache\xcopy.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\system32\drivers\etc\hosts Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\npp\nppagent.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\oobe\msoobe.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\oobe\oobebaln.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\Restore\rstrui.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\Restore\srdiag.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\usmt\migload.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\usmt\migwiz.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\usmt\migwiza.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\wbem\mofcomp.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\wbem\scrcons.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\wbem\unsecapp.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\wbem\wbemtest.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\wbem\winmgmt.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\wbem\wmiadap.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\wbem\wmiapsrv.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\wbem\wmic.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\system32\wbem\wmiprvse.exe a variant of Win32/Virut.NCF virus unable to clean
C:\WINDOWS\Temp\1jjunpj0.exe a variant of Win32/TrojanClicker.Delf.NID trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\4mmxqsm3n.exe a variant of Win32/TrojanClicker.Delf.NID trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\5kiqv.exe Win32/Virut.NBP virus error while cleaning
C:\WINDOWS\Temp\8f7oz.exe a variant of Win32/VB.PAM trojan cleaned by deleting (after the next restart) - quarantined
C:\WINDOWS\Temp\8xsxi1r25.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\Temp\8xtyj1r25.exe probably a variant of Win32/Refpron.G trojan cleaned by deleting (after the next restart) - quarantined
C:\WINDOWS\Temp\9eq88jce8.exe a variant of Win32/TrojanClicker.Delf.NID trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\a0v0l4u57.exe probably a variant of Win32/Refpron.G trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\BN12.tmp Win32/Wigon.KQ trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\BN2.tmp Win32/Wigon.KQ trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\BN21.tmp Win32/Wigon.KQ trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\jrvs0cdrs.exe Win32/Virut.NBP virus cleaned - quarantined
C:\WINDOWS\Temp\lb6bwe4f.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\Temp\lkod8dyh.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\Temp\pfaf0i8j.exe a variant of Win32/Virut.NCF virus deleted - quarantined
C:\WINDOWS\Temp\VRT1.tmp a variant of Win32/Wigon.OJ trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\VRT11.tmp a variant of Win32/Kryptik.FQU trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\VRT2.tmp a variant of Win32/Wigon.OJ trojan cleaned by deleting - quarantined
Operating memory multiple threats

trying to open this file in notepad, i got this message:

C:\WINDOWS\system32\notepad.exe is not a valid Win32 application.

#12 antagon

antagon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 02 August 2010 - 07:33 AM

VRT1F86.tmp has encountered a problem and needs to close. We are sorry for the inconvenience, for example.

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:16 PM

Posted 02 August 2010 - 02:06 PM

UGGHH !! Yes Virut does explain it all.

Your system is infected with a nasty variant of Virut, a polymorphic file infector with IRCBot functionality which infects .exe, .scr files, downloads more malicious files to your system, and opens a back door that compromises your computer.

With this particular infection, the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

According to this Norman White Paper Assessment of W32/Virut, some variants can infect the HOSTS file and block access to security related web sites. Other variants of virut can even penetrate and infect .exe files within compressed files (.zip, .cab, rar). The Virux and Win32/Virut.17408 variants are an even more complex file infectors which can embed an iframe into the body of web-related files and infect script files (.php, .asp, .htm, .html, .xml). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair and in some instances can disable Windows File Protection. In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable. The longer virut remains on a computer, the more critical system files will become infected and corrupt so the degree of infection can vary.

The virus disables Windows File Protection by injecting code into the "winlogon.exe" process that patches system code in memory.

CA Virus detail of W32/Virut

The virus has a number of bugs in its code, and as a result it may misinfect a proportion of executable files....some W32/Virut.h infections are corrupted beyond repair.

McAfee Risk Assessment and Overview of W32/Virut

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus...Due to the damaged caused to files by virut it's possible to find repaired but corrupted files. They became corrupted by the incorrect writing of the viral code during the process of infection. undetected, corrupted files (possibly still containing part of the viral code) can also be found. this is caused by incorrectly written and non-function viral code present in these files.

AVG Overview of W32/VirutVirut is commonly spread via a flash drive (usb, pen, thumb, jump) infection using RUNDLL32.EXE and other malicious files. It is often contracted and spread by visiting remote, crack and keygen sites. These type of sites are infested with a smrgsbord of malware and a major source of system infection.

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

However, the CA Security Advisor Research Blog have found MySpace user pages carrying the malicious Virut URL. Either way you can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:Since virut is not effectively disinfectable, your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. In many cases the infected files cannot be deleted and anti-malware scanners cannot disinfect them properly. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat and reinstall the OS. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 antagon

antagon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 02 August 2010 - 03:25 PM

well, i had quite recently formatted and reinstalled windows. it shouldnt be the end of the world; i've come to peace with the data loss from the first time.

what about the potential that the usb internet dongle could be infected with virut/x how can i check the autorun and setup built into that, and if it is screwed, how can i fix it without rendering it useless?

even though this has been pretty futile, i really appreciate your help so far.

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:16 PM

Posted 02 August 2010 - 03:38 PM

Your welcome. I hate that post. Some will argue you can remove it. We at BC do NOT.

See if you can clean it with
Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users