Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32 Sillydi And Stration Q Infection - Cant Remove-help Needed Urgently!


  • This topic is locked This topic is locked
8 replies to this topic

#1 samantha99

samantha99

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 28 December 2006 - 09:24 PM

I am hoping for some urgent assistance please.

A VET AV scan has shown that my computer has 6 infections.
win32 SillyDi AWF(x4)
win32 SillyDi CBA
and win32 Stration Q
VET notifies me of the infections but DOES NOT clean or quarantine them

I have downloaded and run (both in safe mode and normal mode) spybot search and destroy, AVG.7.5 anti virus, Adware SE professional as well as Spy Emergency 2006 and microsoft windows malicious software removal tool, and ran an online scan with eTrust Antivirus Web Scanner.

All scans are coming up clear..... yet my VET scan continually shows infections in
C:\Documents and Settings\Samantha\Application Data\Thunderbird\Profiles\ucl9g0vq.default\Mail\Local Folders


I'm too scared to just delete this file in case it is needed (think its saved emails?)as I really dont know what I am doing! ( a bit of a techno dummy here Im sorry)

I have included a hijack this scan log and the VET log in hope that someone can assist

Thanks in advance for your time!

(Moderator edit: log post moved to HJT Team forum for review and member help. jgweed)


HIJACK THIS:
Logfile of HijackThis v1.99.1
Scan saved at 12:02:13 PM, on 29/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Netgate\FortKnox Personal Firewall 2006\FortKnoxGUI.exe
C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Netgate\Spy Emergency 2006\SpyEmergency.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
C:\Program Files\Netgate\FortKnox Personal Firewall 2006\FortKnox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\Documents and Settings\Samantha\My Documents\downloads\HIJACKTHIS\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [FortKnoxPersonalFirewall] "C:\Program Files\Netgate\FortKnox Personal Firewall 2006\FortKnoxGUI.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpyEmergency] "C:\Program Files\Netgate\Spy Emergency 2006\SpyEmergency.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159915431843
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{597CF017-7A51-4224-94F0-7FE47F443DFF}: NameServer = 203.8.183.1 192.189.54.33
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
O23 - Service: FortKnox Personal Firewall (fortknox) - NETGATE - C:\Program Files\Netgate\FortKnox Personal Firewall 2006\FortKnox.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe

VET AV SCAN LOG

Started scanning at 29/12/2006 1:50:30 AM. Engine Ver: 30.4.1. Sig Ver:3285. Sig Date: 28/12/2006.

C:\Documents and Settings\LocalService\NTUSER.DAT - scan failed.

C:\Documents and Settings\LocalService\ntuser.dat.LOG - scan failed.

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - scan failed.

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - scan failed.

C:\Documents and Settings\NetworkService\NTUSER.DAT - scan failed.

C:\Documents and Settings\NetworkService\ntuser.dat.LOG - scan failed.

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - scan failed.

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - scan failed.

C:\Documents and Settings\Samantha\NTUSER.DAT - scan failed.

C:\Documents and Settings\Samantha\ntuser.dat.LOG - scan failed.

C:\Documents and Settings\Samantha\Application Data\Thunderbird\Profiles\ucl9g0vq.default\Mail\Local Folders\Inbox <sexfotos/john-bleep02.pif> - Win32/SillyDl.AWF trojan.

C:\Documents and Settings\Samantha\Application Data\Thunderbird\Profiles\ucl9g0vq.default\Mail\Local Folders\Inbox <sexfotos/vika-vagina02.pif> - Win32/SillyDl.AWF trojan.

C:\Documents and Settings\Samantha\Application Data\Thunderbird\Profiles\ucl9g0vq.default\Mail\Local Folders\Inbox <data.msg.pif> - Win32/Stration.Q worm.

C:\Documents and Settings\Samantha\Application Data\Thunderbird\Profiles\ucl9g0vq.default\Mail\Local Folders\Inbox <sexfotos/john-bleep02.pif> - Win32/SillyDl.AWF trojan.

C:\Documents and Settings\Samantha\Application Data\Thunderbird\Profiles\ucl9g0vq.default\Mail\Local Folders\Inbox <sexfotos/vika-vagina02.pif> - Win32/SillyDl.AWF trojan.

C:\Documents and Settings\Samantha\Application Data\Thunderbird\Profiles\ucl9g0vq.default\Mail\Local Folders\Inbox <rechnung_95009.exe> - Win32/SillyDl.CBA trojan.

C:\Documents and Settings\Samantha\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_0fMlQ4Wbd9T5X0Q.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_0fvHMsrZ8TVi1vQ.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_0gOKfkEx4xagQtx.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_1e7sR4GMKKdKUgs.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_2i10rBEhPdcL2nF.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_2RAAyYL50GKvq6L.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_3pYL8RkpB4zfpLs.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_40ZZfPqHmwEQA3W.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_4HGrDAKfA9sPIRK.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_4MK1uyjoxJ21PG2.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_4n71DwcoubLp8ia.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_6IIrEGWuH4pctzj.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_7g0IicjNYufDiA1.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_7kTB7pegTQjt4Ai.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_7lbIcQ25xWu0Heu.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_8GwCpSJr8NTxx54.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_8uoPnIVgDa7jBLy.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_9hRayVEcZ9epBZU.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_aKnfbW4zXujLnJO.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_AtX5lXwGKhsnK3N.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_Bd02MXuHF4SCjjH.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_bmTstnQnojxhlo1.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_caaTaLGzoeoOTV9.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_CbjzlAkKdXgsyhd.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_cFAW3ljd6oE1VNo.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_CqGgcdKzJcUjKmj.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_cqrQOManiMTjCl7.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_d4y2QAjM18hJISj.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_dFS0byFcGkRYt85.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_DVt4L7cd3FOGhJ7.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_e03ecRdO2KdjgrW.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_elcwC9u1Wclptgc.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_elfC5SNz3eez6yt.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_eu55u2TRblPp1uH.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_exJUeZoSJDyUbT0.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_fPgdMj8h8hmQIkm.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_fTieaKvY8Hz0d9o.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_G8A79hd1JDsv1Jn.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_H7W9jztVOIcPeek.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_Hhx64xwzfLDCLuq.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_hmietdjHNyw0DAp.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_HtkOibor8U6j7Pq.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_HTzRhW0b3BY14z2.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_HzKsjUoECucBKO0.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_IMt6gZ4RoKsvsDP.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_iTJHeTF7dMOjj06.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_jhqVaX4FbWWW8lE.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_jP1HUZ1c3NWKxvg.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_jRFnVdQzxwa76kR.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_Js19gKrjRdNRWSZ.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_jZbKh84YxkKvH64.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_kf9o25cIXadmm47.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_KSeUfxSQHvdffWM.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_KTRRkP5Gb1dS0g7.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_lMsr2kh6E0xBDiY.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_Mh9Y4w8313093y2.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_mOtu5nArfLGT92g.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_mThWaGOdUvmgYCf.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_nqXRkdbHceuXim4.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_oeIGqubc4hGvIuA.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_oEyeMlsbVFG6QVa.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_oP0jdjTj828anwD.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_OSQtid099LVEdlR.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_Oyg6zKtcuFZB6fC.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_P1WKYmSguUdEvx4.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_PX3uYYRYf1R7JK6.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_q306un8Z2svSSgB.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_qyzARqZfVYAnzyh.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_rcPc9f5B3l5BIBp.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_rOTsikweMsb6yXf.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_rPGu6njencAJp8J.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_RPvlSYieI1C48wm.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_S3lD4TNL1FINmBU.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_scWBytL5XjJIxQc.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_sh9dyjcmszeYybb.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_sJZzU7f35I74BrU.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_SLQADpQN4jfDU5y.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_TBqFyIOrbOjLOqm.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_TciulUeCRDo8cO6.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_TjaYJRDfuVjsNR6.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_UbDNnCHJzmqpREH.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_uf3ej9rUtoovlYT.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_VZauhvWulkUlVaY.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_w7pDVahpjG1hsAj.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_whniCmqC3uqdRkT.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_wnXahFmDmAiaenl.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_Xd0Zw15DjDVHT9A.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_xfyDgM99RPQr59u.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_XrVqTOHsKb62O4r.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_yBf8Acmh9Obja6O.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_ZlJ1XhhIWwbvxYd.tse - scan failed.

C:\Documents and Settings\Samantha\Local Settings\Temp\tmp_ng_zzhMi9mnKhteXTE.tse - scan failed.

C:\WINDOWS\SoftwareDistribution\EventCache\{CE6CB68F-A831-4A6E-8735-5B592C1BB008}.bin - scan failed.

C:\WINDOWS\system32\CatRoot2\edb.log - scan failed.

C:\WINDOWS\system32\CatRoot2\tmp.edb - scan failed.

C:\WINDOWS\system32\config\default - scan failed.

C:\WINDOWS\system32\config\default.LOG - scan failed.

C:\WINDOWS\system32\config\SAM - scan failed.

C:\WINDOWS\system32\config\SAM.LOG - scan failed.

C:\WINDOWS\system32\config\SECURITY - scan failed.

C:\WINDOWS\system32\config\SECURITY.LOG - scan failed.

C:\WINDOWS\system32\config\software - scan failed.

C:\WINDOWS\system32\config\software.LOG - scan failed.

C:\WINDOWS\system32\config\system - scan failed.

C:\WINDOWS\system32\config\system.LOG - scan failed.

C:\WINDOWS\Temp\tmp_ng_iw7vpajVcIzirH2.tse - scan failed.

Finished scanning at 29/12/2006 2:51:45 AM.

Edited by jgweed, 28 December 2006 - 09:51 PM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:54 PM

Posted 29 December 2006 - 11:58 AM

Hi,

What your antivirus flags are infected attachements present in your inbox in Thunderbird:

C:\Documents and Settings\Samantha\Application Data\Thunderbird\Profiles\ucl9g0vq.default\Mail\Local Folders\Inbox <sexfotos/john-bleep02.pif> - Win32/SillyDl.AWF trojan.

C:\Documents and Settings\Samantha\Application Data\Thunderbird\Profiles\ucl9g0vq.default\Mail\Local Folders\Inbox <sexfotos/vika-vagina02.pif> - Win32/SillyDl.AWF trojan.

C:\Documents and Settings\Samantha\Application Data\Thunderbird\Profiles\ucl9g0vq.default\Mail\Local Folders\Inbox <data.msg.pif> - Win32/Stration.Q worm.

C:\Documents and Settings\Samantha\Application Data\Thunderbird\Profiles\ucl9g0vq.default\Mail\Local Folders\Inbox <sexfotos/john-bleep02.pif> - Win32/SillyDl.AWF trojan.

C:\Documents and Settings\Samantha\Application Data\Thunderbird\Profiles\ucl9g0vq.default\Mail\Local Folders\Inbox <sexfotos/vika-vagina02.pif> - Win32/SillyDl.AWF trojan.

C:\Documents and Settings\Samantha\Application Data\Thunderbird\Profiles\ucl9g0vq.default\Mail\Local Folders\Inbox <rechnung_95009.exe> - Win32/SillyDl.CBA trojan.

This doesn't mean that your computer is infected, because as long as you don't open the attachements, you should be ok. Ofcourse you have to delete those mails asap.
So open your Thunderbird, go to inbox and look for the mails with next attachement present and delete these mails immediately:

data.msg.pif
sexfotos/john-bleep02.pif
sexfotos/vika-vagina02.pif
rechnung_95009.exe

Then delete those from your Trash bin in thunderbird as well.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 samantha99

samantha99
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 29 December 2006 - 05:44 PM

Miekiemoes thank you so much for your reply. :thumbsup:
I am still a little stuck though as when I open thunderbird my inbox is empty.
I do however have hundreds of emails saved in their own folders but nothing in the inbox itself.
I can follow the path C:\Documents and Settings\Samantha\Application Data\Thunderbird\Profiles\ucl9g0vq.default\Mail\Local Folders
and find the inbox file (that shows it at 233 MB) but I cant open it.
Any ideas from here?

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:54 PM

Posted 29 December 2006 - 06:24 PM

Ah, it's in your Local folders.

Open your Thunderbird, and on the left you'll also find "Local Folders".
There you'll find the inbox.
If you say you already saved your other mails somewhere else, (I assume you saved them not in the Local Folders?), you may delete that inbox there. It will get recreated afterwards anyway again.
233MB is a LOT there though - wonder what ended up there if you say your mails are somewhere else.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 samantha99

samantha99
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 30 December 2006 - 07:15 AM

Hello again Miekiemoes :thumbsup:
Yes, that is the inbox that is empty (if I click Local folders I get the accounts/advanced featured options?)
Sorry, I know Im sounding a little slow here!
Is there any chance that the files that I made to store saved emails (in Local folders) is saving in the inbox file (hence the huge size?) I really scared to just go ahead and delete the inbox incase I lose my stored mail too.
Samantha

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:54 PM

Posted 30 December 2006 - 08:30 AM

Hi, if you're really scared to loose your stored email, you can save them somewhere else. That's what I do by the way...
For example, create a folder on your desktop or anywhere else with the name "mails"
Then open your Thunderbird and rightclick every mail you want to keep and select "save as" from the context menu. Save them in the mails folder you created. The mails will have the extension .eml
If you doubleclick them, it will open in your mailprogram. That way, you can also open these mails with whatever mailprogram you have installed.
I created such folder as well where I moved all my important mails into and burned them afterwards on cdrom or usb stick, so I can never loose them :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 samantha99

samantha99
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 30 December 2006 - 07:48 PM

Thank you again Miekiemoes .... Im dedicating tomorrow to backing up all my mail into a seperate folder as advised!

Re the virus:
I was given the following advice and Im happy to report all scans are now running as virus free!!!

"Try to compact the Inbox folder. If you miss this step, the moved messages are still physically present in the Inbox mailbox file even though they donít show up in Thunderbird. You can compact a folder by right-clicking on the folder name - Inbox (inside Thunderbird) and selecting Compact this folder."

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:54 PM

Posted 31 December 2006 - 05:22 AM

Hi,

"Try to compact the Inbox folder. If you miss this step, the moved messages are still physically present in the Inbox mailbox file even though they donít show up in Thunderbird. You can compact a folder by right-clicking on the folder name - Inbox (inside Thunderbird) and selecting Compact this folder."

Yes, that's an option as well, but I never used that option anyway if I really want to remove, since it's compacting and not removing.
But compacting is always a good idea.. Read here for more info why:
http://kb.mozillazine.org/Compacting_folders

If I want to remove, I just remove the file manually in explorer (after I backed up mails I want to keep). The file you removed will get recreated anyway again after you restart Thunderbird again, but this time an "empty" one. Anyway, this is how I do it if I really want to delete something.

This is also a solution when a certain mailbox gets corrupted as we see many times, where users can't open their inbox, sentbox, drafts etc... Deleting it from explorer solves it as you read here: http://8help.osu.edu/3107.html
They tell there not to delete the inbox file itself if you don't want to loose your mails, but only delete the inbox.msf file. But if you backed up your mails anyway, it doesn't matter if you remove it or not.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:54 PM

Posted 04 January 2007 - 04:10 PM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users