Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spam Block List Due To Virus/trojan?


  • Please log in to reply
11 replies to this topic

#1 dietcheese

dietcheese

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:43 PM

Posted 25 October 2006 - 01:24 PM

Hi,

I have used you guys before (and donated) and you were great! Now i'm back.

My IP has been blacklisted by several spam databases (no, I'm not sending spam). It looks like I have some sort of trojan but I'm not sure which. Here is an email that was caught by a spam trap (from
hxxp://psbl.surriel.com/evidence?ip=24.58....Check+evidence
- I was hoping someone here would recognize how this might have been generated.

And here's my HIJackThis (using WIN x64):

Logfile of HijackThis v1.99.1
Scan saved at 2:16:38 PM, on 10/25/2006
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATI9LA.EXE
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\WINDOWS\system32\mswinup.exe
C:\WINDOWS\system32\winsvcup.exe
C:\WINDOWS\system32\winupsvc.exe
C:\Program Files (x86)\GetRight\GetRight.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files (x86)\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\Administrator\Desktop\stng260.exe
C:\Documents and Settings\Administrator\Desktop\FxMydoom.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [MSWindowsUpdate] C:\WINDOWS\SysWow64\mswinup.exe
O4 - HKLM\..\Run: [WindowsFirewallSvc] C:\WINDOWS\SysWow64\winsvcup.exe
O4 - HKLM\..\Run: [Windows Update Host] C:\WINDOWS\SysWow64\winupsvc.exe
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files (x86)\Offline Explorer Enterprise\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files (x86)\Offline Explorer Enterprise\Add_AllO.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files (x86)\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137461847171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137509601218
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~2\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: EFS - C:\WINDOWS\SYSTEM32\sclgntfy.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IIS Admin Service (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: TabletService - Unknown owner - C:\WINDOWS\system32\Tablet.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

I appreciate your help!

DC

Mod Edit to remove/disable bad links.

Edited by quietman7, 25 October 2006 - 02:54 PM.


BC AdBot (Login to Remove)

 


#2 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:43 PM

Posted 25 October 2006 - 03:13 PM

Hi dietcheese, :thumbsup:

We're studying your log right now and will be back to you a.s.a.p.

Thanks for your patience. :flowers:

#3 dietcheese

dietcheese
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:43 PM

Posted 25 October 2006 - 03:28 PM

Excellent! I really appreciate it :thumbsup:

#4 dietcheese

dietcheese
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:43 PM

Posted 25 October 2006 - 09:41 PM

Any ideas?

Thanks!
Dc

#5 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:43 PM

Posted 26 October 2006 - 02:53 PM

Hi dietcheese, :thumbsup:

Welcome to BleepingComputer Forums and thanks again for your patience.

Your log shows the very dangerous W32/Sdbot.worm is present on your computer! These worms typically spread via network shares and create a remote access point for attackers to exploit.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable and it would be wise to contact those same financial institutions to apprise them of your situation.

1. Unfortunately I see no firewall and AntiVirus in your runing processes which probably means that you have none. I urge you to install one of each since it's your first defense against malware.

> Firewall: there are several good but for free programmes available like:

Sygate
Kerio
Zone alarm

For a tutorial on Firewalls click: Understanding and Using Firewalls!

> AntiVirus: see this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources!

2. Run HijackThis, click Scan and checkmark the following entries:

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [MSWindowsUpdate] C:\WINDOWS\SysWow64\mswinup.exe
O4 - HKLM\..\Run: [WindowsFirewallSvc] C:\WINDOWS\SysWow64\winsvcup.exe
O4 - HKLM\..\Run: [Windows Update Host] C:\WINDOWS\SysWow64\winupsvc.exe


Close all browsers and windows, except for HijackThis and click the Fix Checked button; close HijackThis!

3. Reboot and as the computer starts up, just before Windows starts to load, tap the F8 key a few times and then choose Safe Mode from the menu that will appear.

4. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete the following files in bold if listed:

C:\WINDOWS\SysWow64\mswinup.exe
C:\WINDOWS\SysWow64\winsvcup.exe
C:\WINDOWS\SysWow64\winupsvc.exe

Let me know how this went.

5. Clean your Cache and Cookies in IE:

* Close all instances of Outlook Express and Internet Explorer
* Go to Control Panel > Internet Options > General tab
* Click the "Delete Cookies" button
* Next to it, Click the "Delete Files" button
* When prompted, place a check in: "Delete all offline content", click OK

Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

* Go to Tools > Options.
* Click Privacy in the menu on the left side of the Options window.
* Click the Clear button located to the right of each option (History, Cookies, Cache).
* Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.

Clean other Temporary files + Recycle bin

* Go to start > run and type: cleanmgr and click ok.
* Let it scan your system for files to remove.
* Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
* Press OK to remove them.

6. Please reboot to go back into Normal mode.

7. You're using an outdated version of Java (latest one is Java Runtime Environment (JRE) 5.0 Update 9). Please update and remove the older versions. Do the following:
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

    It should have next icon next to it: Posted Image
    Select it and click Remove.
  • Then Download and install the newest version from here:

    Java Runtime Environment (JRE) 5.0 Update 9
8. Do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post the Kaspersky report along with a fresh HIjackThis log.

#6 dietcheese

dietcheese
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:43 PM

Posted 26 October 2006 - 09:52 PM

eek. Scary.

I have followed your instructions up to the virus scan. Kaspersky is running and I will post when complete.

I also noticed two instances of mswinup.exe listed as unchecked exceptions in Windows Firewall. I deleted both instances.

Here is my HJT log, before the virus scan is completed:

Logfile of HijackThis v1.99.1
Scan saved at 10:47:06 PM, on 10/26/2006
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATI9LA.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\Virus Kill\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files (x86)\Common Files\Adobe\Updater\AdobeUpdater.exe
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files (x86)\Offline Explorer Enterprise\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files (x86)\Offline Explorer Enterprise\Add_AllO.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137461847171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137509601218
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~2\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: EFS - C:\WINDOWS\SYSTEM32\sclgntfy.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IIS Admin Service (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: TabletService - Unknown owner - C:\WINDOWS\system32\Tablet.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

Thanks,
DC

#7 dietcheese

dietcheese
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:43 PM

Posted 27 October 2006 - 09:30 AM

And here's my Kaspersky log:



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, October 27, 2006 10:25:35 AM
Operating System: Microsoft Windows Server 2003 family, Professional, Service Pack 1 (Build 3790)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 27/10/2006
Kaspersky Anti-Virus database records: 235336
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan Statistics:
Total number of scanned objects: 410326
Number of viruses found: 8
Number of infected objects: 32 / 0
Number of suspicious objects: 148
Duration of the scan process: 02:13:49

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sj8vbqsj.default\browserstate-logs\log-20061026-223615-718.txt Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sj8vbqsj.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sj8vbqsj.default\flashgot.log Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sj8vbqsj.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sj8vbqsj.default\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sj8vbqsj.default\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sj8vbqsj.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sj8vbqsj.default\parent.lock Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\Desktop Junk\radmin22\RADMIN22.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
C:\Documents and Settings\Administrator\Desktop\Desktop Junk\radmin22\RADMIN22.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
C:\Documents and Settings\Administrator\Desktop\Desktop Junk\radmin22\RADMIN22.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
C:\Documents and Settings\Administrator\Desktop\Desktop Junk\radmin22\RADMIN22.EXE Gentee: infected - 3 skipped
C:\Documents and Settings\Administrator\Desktop\Desktop Junk\radmin22.zip/RADMIN22.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
C:\Documents and Settings\Administrator\Desktop\Desktop Junk\radmin22.zip/RADMIN22.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
C:\Documents and Settings\Administrator\Desktop\Desktop Junk\radmin22.zip/RADMIN22.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
C:\Documents and Settings\Administrator\Desktop\Desktop Junk\radmin22.zip/RADMIN22.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
C:\Documents and Settings\Administrator\Desktop\Desktop Junk\radmin22.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Administrator\Desktop\PTP Downloads\Azureus\Essential.Apps.Pack\Mirc.V6.16\mIRC.v6.16.rar/mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\Administrator\Desktop\PTP Downloads\Azureus\Essential.Apps.Pack\Mirc.V6.16\mIRC.v6.16.rar/mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\Administrator\Desktop\PTP Downloads\Azureus\Essential.Apps.Pack\Mirc.V6.16\mIRC.v6.16.rar RAR: infected - 2 skipped
C:\Documents and Settings\Administrator\Desktop\PTP Downloads\Azureus\Windows Xp Pro + SP3 + Extras BOOTABLE\WXPOEM_EN.part01.rar/WXPOEM_EN.iso/$OEM$/$$/system32/cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Documents and Settings\Administrator\Desktop\PTP Downloads\Azureus\Windows Xp Pro + SP3 + Extras BOOTABLE\WXPOEM_EN.part01.rar/WXPOEM_EN.iso Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Documents and Settings\Administrator\Desktop\PTP Downloads\Azureus\Windows Xp Pro + SP3 + Extras BOOTABLE\WXPOEM_EN.part01.rar RAR: infected - 2 skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{F557FFD0-3FB7-4C8A-9596-CD0466E14B17} Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\sj8vbqsj.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\sj8vbqsj.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\sj8vbqsj.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\sj8vbqsj.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012006102620061027\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-07032006-100707.log Object is locked skipped
C:\Documents and Settings\Default User\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Default User\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Sti_Trace.log Object is locked skipped
C:\Documents and Settings\LocalService\wiadebug.log Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files (x86)\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{FF3D9A5A-C8A7-4DDC-8FF9-7DE804B43DEE}\RP372\A0051215.exe/Radmin 2.2-3.0/Radmin 2.2-3.0.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
C:\System Volume Information\_restore{FF3D9A5A-C8A7-4DDC-8FF9-7DE804B43DEE}\RP372\A0051215.exe/Radmin 2.2-3.0/Radmin 2.2-3.0.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
C:\System Volume Information\_restore{FF3D9A5A-C8A7-4DDC-8FF9-7DE804B43DEE}\RP372\A0051215.exe/Radmin 2.2-3.0/Radmin 2.2-3.0.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
C:\System Volume Information\_restore{FF3D9A5A-C8A7-4DDC-8FF9-7DE804B43DEE}\RP372\A0051215.exe/Radmin 2.2-3.0/Radmin 2.2-3.0.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
C:\System Volume Information\_restore{FF3D9A5A-C8A7-4DDC-8FF9-7DE804B43DEE}\RP372\A0051215.exe/Radmin 2.2-3.0/Radmin 2.2-3.0_PL.exe/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
C:\System Volume Information\_restore{FF3D9A5A-C8A7-4DDC-8FF9-7DE804B43DEE}\RP372\A0051215.exe/Radmin 2.2-3.0/Radmin 2.2-3.0_PL.exe/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
C:\System Volume Information\_restore{FF3D9A5A-C8A7-4DDC-8FF9-7DE804B43DEE}\RP372\A0051215.exe/Radmin 2.2-3.0/Radmin 2.2-3.0_PL.exe/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
C:\System Volume Information\_restore{FF3D9A5A-C8A7-4DDC-8FF9-7DE804B43DEE}\RP372\A0051215.exe/Radmin 2.2-3.0/Radmin 2.2-3.0_PL.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
C:\System Volume Information\_restore{FF3D9A5A-C8A7-4DDC-8FF9-7DE804B43DEE}\RP372\A0051215.exe ZIP: infected - 8 skipped
C:\System Volume Information\_restore{FF3D9A5A-C8A7-4DDC-8FF9-7DE804B43DEE}\RP402\A0052247.exe Infected: IRC-Worm.Win32.Drefir.c skipped
C:\System Volume Information\_restore{FF3D9A5A-C8A7-4DDC-8FF9-7DE804B43DEE}\RP402\A0052248.exe Infected: IRC-Worm.Win32.Drefir.d skipped
C:\System Volume Information\_restore{FF3D9A5A-C8A7-4DDC-8FF9-7DE804B43DEE}\RP402\A0052251.exe Infected: IRC-Worm.Win32.Drefir.c skipped
C:\System Volume Information\_restore{FF3D9A5A-C8A7-4DDC-8FF9-7DE804B43DEE}\RP405\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{4814A38F-5FB0-4613-BFB2-119B0194948C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Tasks\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/05 Jul 2002 08:20 from asdf:Japanese girl VS playboy.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/09 Jul 2002 16:54 from nor_support:.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/10 Jul 2002 04:58 from hhshepard:Spice girls' vocal concert.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/11 Jul 2002 18:06 from magazine:Darling.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/07 Jul 2002 23:21 from ariaalex:Supports only Static read.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/07 Jul 2002 23:15 from jlwolfe:.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/09 Jul 2002 06:14 from sungsim5:.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/05 Jul 2002 18:23 from chryslis:Hi,mallmall,spice girls' vocal c.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/06 Jul 2002 18:30 from mstankovic:Hello,chad,the Garden of Eden.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/06 Jul 2002 18:37 from omurphy:1997 by Microsoft Corporation. Al.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/07 Jul 2002 03:04 from mbelcher53:IN AUDIT MODE, YOU AGREE TO BE.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/07 Jul 2002 13:58 from cjsmith:Leftmargin.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/08 Jul 2002 22:55 from erichauck1423:(parseFloat(navigator.appVe.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/10 Jul 2002 00:56 from valoroso:Leftmargin.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/10 Jul 2002 01:02 from Harmac:1997 by Microsoft Corporation. All.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/11 Jul 2002 00:09 from jonjohar:.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/11 Jul 2002 23:11 from DavidSm:Please try again.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/11 Jul 2002 23:17 from maberger:Eager to see you.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/12 Jul 2002 23:01 from folta:Learn more about how we use your in.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/13 Jul 2002 02:17 from megilmor:A good tool.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/13 Jul 2002 17:49 from jclanton:Your password.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/13 Jul 2002 17:55 from ashleycouture:1997 by Microsoft Corporati.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/14 Jul 2002 18:56 from sterlingdavis29:.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/14 Jul 2002 19:02 from fancher:The Garden of Eden.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/16 Jul 2002 02:48 from takagi_satoshi:Hello,chad,sos!.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/16 Jul 2002 02:57 from jonjohar:Sos!.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/16 Jul 2002 21:19 from fhenry:Congratulations.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/16 Jul 2002 21:10 from jsuzda:Sos!.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/17 Jul 2002 23:17 from folta:To source code..rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/17 Jul 2002 23:23 from coled:Click to clear the Read.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/19 Jul 2002 05:37 from jonjohar:Web site.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/19 Jul 2002 22:35 from stultzw:.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/19 Jul 2002 22:42 from chooper59:Introduction on ADSL.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/20 Jul 2002 02:17 from dcam2:The End User License Agreement for .rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/20 Jul 2002 02:23 from gretrowe:2002 Yahoo! Inc. All rights rese.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/20 Jul 2002 17:25 from renickvirginia:MS hereby grants COMPANY a.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/20 Jul 2002 17:32 from savvry:Ummmmmmmm.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/20 Jul 2002 23:05 from kreger:In the State of Washington, U.S.A..rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/21 Jul 2002 04:07 from JDanco144:Congratulations.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/21 Jul 2002 16:45 from cjsmith53:Hi,mallmall,sos!.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/22 Jul 2002 00:32 from whiskeycyclone:Sos!.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/22 Jul 2002 02:45 from dcrehm:Hi,chad,darling.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/24 Jul 2002 00:12 from golaszew:End if %.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/07 Jul 2002 03:10 from Harmac:Congratulations.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/26 Jul 2002 02:54 from clandfried:Scrolling.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/30 Apr 2002 00:39 from rmamidwives:The Garden of Eden.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/30 Apr 2002 12:39 from nick:Spice girls' vocal concert.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/16 Jun 2002 03:12 from mutchnik:Some questions.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/23 Jun 2002 00:01 from 2knights:OnMouseOver.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/25 Jun 2002 03:21 from ssmag:Honey.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/25 Jun 2002 13:58 from philip_pistol:SFP installed catalog C.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/26 Jun 2002 22:20 from citron:Redistributable Code is the proper.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/01 Jul 2002 16:51 from jsalzman:Use a previous version or copy o.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Deleted Items/02 Jul 2002 00:31 from MAKAVELI46:Look,my beautiful girl friend.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Sent Items/03 May 2002 15:15 to crinkle:RE: Sosages.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/Sent Items/24 Jul 2002 02:27 to 'colinrenick':RE: EbStatusDesc(.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak/Personal Folders/KEEPERS/23 Jul 2002 20:33 from colinrenick:EbStatusDesc(.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.bak Mail MS Mail: suspicious - 57 skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.pst/Personal Folders/Sent Items/03 May 2002 15:15 to crinkle:RE: Sosages.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.pst/Personal Folders/Sent Items/24 Jul 2002 02:27 to 'colinrenick':RE: EbStatusDesc(.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.pst/Personal Folders/KEEPERS/23 Jul 2002 20:33 from colinrenick:EbStatusDesc(.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-aug-6-2002.pst Mail MS Mail: suspicious - 3 skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/20 Oct 2002 01:47 from TTECmuiaePoAcutenclmu:Have a excite Allha.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/21 Oct 2002 14:13 from alicia_gonzalezc:Your password.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/22 Oct 2002 17:58 from cgarces:Re:info,so cool a flash,enjoy it.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/28 Oct 2002 04:44 from Mail Delivery Subsystem:Returned mail: Ca/28 Oct 2002 01:42 to casa@casausa.org:Grownups.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/28 Oct 2002 08:42 from memberapp:Let's be friends.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/28 Oct 2002 19:07 from riQCQ6c6hqar6fhzriC:Your Web search.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/28 Oct 2002 23:58 from olavarria:Resolution.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/03 Nov 2002 01:36 from brooke-shields:Spidered.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/07 Nov 2002 20:22 from voleiboldelvalle:Please try again.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/08 Nov 2002 00:08 from outbidnotice:bleeping!.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/08 Nov 2002 20:18 from ac:LANGUAGE.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/11 Nov 2002 16:05 from tdeats:In whole or in part without permis.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/11 Nov 2002 00:45 from sem1:Sea Shell. Take this Ornate Sea Shel.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/11 Nov 2002 15:05 from tfrostgolf:Copyright iHireInc.com 2000 .rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/13 Nov 2002 13:22 from Mail Delivery Subsystem:Returned mail: Ho/13 Nov 2002 12:22 to napi28@bestratemortgageservices.com:Pavilio.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/14 Nov 2002 03:26 from casa:.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/22 Nov 2002 10:56 from support:Are listed at the bottom of this .rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/23 Nov 2002 01:28 from usa:Nov 1 2002 13.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/23 Nov 2002 01:59 from items:Here to Close Window.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/23 Nov 2002 15:45 from pcaripa:A very funny website.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/23 Nov 2002 19:47 from baelish:DAILY DOZEN.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/24 Nov 2002 08:11 from mcaripa:Spice girls' vocal concert.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/25 Nov 2002 00:40 from info:Cellspacing.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/26 Nov 2002 01:06 from johndoe:Rights reserved..rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/26 Nov 2002 10:11 from baelish:Here to Close Window.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/27 Nov 2002 01:38 from oakley:Here to Close Window.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/27 Nov 2002 17:08 from rgrfws:Welcome to my hometown.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/27 Nov 2002 17:19 from careers:Meeting notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Deleted Items/30 Nov 2002 19:54 from webmaster:OnMouseOver.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Sent Items/24 Jul 2002 02:27 to 'colinrenick':RE: EbStatusDesc(.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Sent Items/31 Oct 2002 06:03 to 'Michael Alaly':/Mail Bomber - Mass email prog.zip/Mail Bomber - Mass email prog/setup.exe/data0002 Infected: Email-Flooder.Win32.MailBomber.89 skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Sent Items/31 Oct 2002 06:03 to 'Michael Alaly':/Mail Bomber - Mass email prog.zip/Mail Bomber - Mass email prog/setup.exe Infected: Email-Flooder.Win32.MailBomber.89 skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Sent Items/31 Oct 2002 06:03 to 'Michael Alaly':/Mail Bomber - Mass email prog.zip Infected: Email-Flooder.Win32.MailBomber.89 skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/Sent Items/14 Nov 2002 03:51 to 'casa':RE: .rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst/Personal Folders/KEEPERS/23 Jul 2002 20:33 from colinrenick:EbStatusDesc(.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-dec-20-2002.pst Mail MS Mail: infected - 3, suspicious - 32 skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/24 Oct 2003 03:53 from ms storage system:failure announcement.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/24 Oct 2003 08:42 from MS Net Email Delivery Service:Report.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/24 Oct 2003 10:23 from MS Inet Delivery System:failure letter.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/24 Oct 2003 11:35 from microsoft net mail delivery system:abort .rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/24 Oct 2003 16:23 from anatlic:Have a funny Allhallowmas.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/24 Oct 2003 17:05 from Admin:.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/25 Oct 2003 04:31 from Postmaster:Bug Notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/25 Oct 2003 13:21 from inet:Happy Allhallowmas.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/25 Oct 2003 15:57 from orit008:Free Download.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/26 Oct 2003 04:50 from microsoft email delivery service:Returned.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/26 Oct 2003 10:44 from MS Net System:Abort Report.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/26 Oct 2003 12:36 from Postmaster:Message.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/26 Oct 2003 14:28 from Network Service:Advice.eml/[From "Network Service" <mailerautomat@microsoft.com>][Date Sun, 26 Oct 2003 15:23:40 +0100 (added by postmaster@libertysurf.fr)]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/26 Oct 2003 14:28 from Network Service:Advice.eml Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/26 Oct 2003 16:45 from inet:Have a new Allhallowmas.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/27 Oct 2003 08:11 from postmaster:Failure Notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/27 Oct 2003 18:39 from anatlic:Meeting notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/27 Oct 2003 18:39 from Microsoft Inet Email Storage Service:Fail.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/27 Oct 2003 19:42 from anatlic:Your password.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/27 Oct 2003 21:38 from Network Message System:Abort Message.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/27 Oct 2003 23:36 from net message storage system:error message.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/28 Oct 2003 15:20 from Admin:Failure Announcement.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/29 Oct 2003 09:02 from Network Message Service:.eml/[From "Network Message Service" <qmailrobot@bigfoot.net>][Date Wed, 29 Oct 2003 10:01:17 +0100 (CET)]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/29 Oct 2003 09:02 from Network Message Service:.eml Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/29 Oct 2003 12:06 from Mail Delivery System:Notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/29 Oct 2003 14:52 from network delivery system:Bug Report.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/29 Oct 2003 17:09 from anatlic:Have a new Allhallowmas.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/29 Oct 2003 19:05 from anatlic:Free Download.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/30 Oct 2003 06:09 from Microsoft Internet Mail Delivery System:E.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/30 Oct 2003 15:17 from Network Message System:Advice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/30 Oct 2003 16:18 from smailroutine@bigfoot.com:.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/31 Oct 2003 09:48 from Microsoft Inet Storage Service:.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/31 Oct 2003 10:47 from Microsoft Internet Message Storage System.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/31 Oct 2003 13:31 from postmaster:Returned Mail: Returned To Sen.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/31 Oct 2003 21:40 from MS Email Delivery Service:Bug Notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/01 Nov 2003 12:12 from Inet Delivery Service:announcement.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/01 Nov 2003 13:54 from Admin:announcement.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/01 Nov 2003 14:58 from mailroutine@puremail.com:Report.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/02 Nov 2003 06:05 from Administrator:Undelivered Mail: Returned .rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/02 Nov 2003 12:58 from Network Message Delivery Service:Undelive.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/02 Nov 2003 19:31 from Network System:Error Notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/02 Nov 2003 21:12 from rsalow:Fw:honey.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/03 Nov 2003 18:39 from Microsoft Inet Mail Delivery Service:Advi.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/04 Nov 2003 21:38 from Net System:Error Message.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/05 Nov 2003 23:35 from Admin:Undelivered Mail: User unknown.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/06 Nov 2003 08:23 from MS Internet Service:failure advice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/06 Nov 2003 22:24 from administrator:.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/08 Nov 2003 12:19 from Administrator:Returned Message: User unkn.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst/Personal Folders/Deleted Items/08 Nov 2003 12:37 from Administrator:Abort Letter.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-nov8-2003.pst Mail MS Mail: suspicious - 49 skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-sept-1-2002.pst/Personal Folders/Sent Items/03 May 2002 15:15 to crinkle:RE: Sosages.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-sept-1-2002.pst/Personal Folders/Sent Items/24 Jul 2002 02:27 to 'colinrenick':RE: EbStatusDesc(.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-sept-1-2002.pst/Personal Folders/KEEPERS/23 Jul 2002 20:33 from colinrenick:EbStatusDesc(.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\LCS\LCS\BACKUPS\outlook\backup-outlook-sept-1-2002.pst Mail MS Mail: suspicious - 3 skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
L:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

#8 dietcheese

dietcheese
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:43 PM

Posted 28 October 2006 - 11:45 AM

Hi,

I don't mean to bump this but I could really use a hand!

Thanks!

DC

#9 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:43 PM

Posted 29 October 2006 - 04:29 PM

Hi dietcheese, :thumbsup:

You're almost there.

1. Using Windows Explorer, please delete the following folders in bold if listed:

C:\Documents and Settings\Administrator\Desktop\Desktop Junk

.......... and file in bold if listed:

C:\Program Files (x86)\DAEMON Tools\SetupDTSB.exe

2. Clean your Cache and Cookies once more. If you're very active on the internet you may do this every two weeks, if not so active once a month.

3. Remove previous restore points and set a new one to purge any malware that may have been backed up:

Click Start>Help and Support>Undo changes to your computer with System Restore
Click Create A Restore Point then click Next. Give it a name it and then click Create

Click Start>Run and type Cleanmgr
Click the More Options Tab.
Click Clean Up in the System Restore section.

This will remove all previous restore points except the newly created one.

4. In order to prevent future infections follow these recommendations:

a. Visit Windows Update on a regular basis to stay current with critical updates.

b. It is very important that your computer has an anti-virus software running (as you have by the way). For your information see this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources!

c. Install and run the following free programs:

* Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here!

* Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found
here! Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

* SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here!

* SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here!

* IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Keep all these programs (including your anti-virus) up-to-date and run them regularly.
If you do not update regularly they will not be able to catch any of the new variants that may come out.

d. I recommend you to read Tony Klein's excellent article: So how did I get infected in the first place?

e. If you want to fight back the Malware Writers, please take a look here!

Glad I was able to help and if there are any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BleepingComputer Forums, we also help people with other computer problems! Do not forget to tell your friends about us!

Good luck! :flowers:

#10 dietcheese

dietcheese
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:43 PM

Posted 29 October 2006 - 06:28 PM

You rule! Thanks!

Can I donate some $? Where?

#11 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:43 PM

Posted 30 October 2006 - 03:55 AM

Hi dietcheese, :thumbsup:

Thanks!


You're very welcome.

Can I donate some $? Where?


Go here to see how you can support BleepingComputer.

:flowers:

#12 dietcheese

dietcheese
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:43 PM

Posted 30 October 2006 - 01:38 PM

Donated!

Thanks again,

DC




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users