Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Many Popups Uncontrolable Sites


  • Please log in to reply
8 replies to this topic

#1 honda2nr

honda2nr

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 03 April 2007 - 10:51 AM

Any help would be greatly appreciated...



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:48:22 AM, on 04/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\uTorrent\utorrent.exe
C:\hjt1\HiJackThis_v2.exe
C:\hjt1\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {33e8a8fa-371e-44aa-b81e-4930e92f245a} - C:\WINDOWS\system32\job251.dll
O2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - C:\WINDOWS\system32\ipv6monl.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\tmpD.tmp.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\System32\lsasss.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-18\..\Run: [irssyncd] C:\WINDOWS\System32\irssyncd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [irssyncd] C:\WINDOWS\System32\irssyncd.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://www.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydiner...h2.1.0.0.48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163530026093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163530020625
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhelper/ve...n7/dlhelper.cab
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab
O16 - DPF: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51} (DVCDownloaderControl Object) - http://aolsvc.aol.com/onlinegames/sonydavi...aderControl.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://peaches.axiscam.net/activex/AMC.cab
O20 - Winlogon Notify: job251 - C:\WINDOWS\SYSTEM32\job251.dll
O20 - Winlogon Notify: MT4173a0 - MT4173a0.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Windows Updater - {B29BE267-3A64-4F7E-8A57-75FB5E900506} - (no file)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ieupdater22 (Microsoft IEUpdater22) - Unknown owner - C:\Documents and Settings\Owner\ie_updater.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:11 PM

Posted 03 April 2007 - 11:20 AM

Hi honda2nr, :flowers:

We're studying your log and will be back to you a.s.a.p.

Thanks for your patience. :thumbsup:

#3 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:11 PM

Posted 06 April 2007 - 01:59 AM

Hi honda2nr, :thumbsup:

Welcome to BleepingComputer Forums and thanks again for your patience!

At least two browser hijackers and downloaders called W32/Yayin-A and Troj/Cimuz-BU have been/are active on your machine. It is known that these trojans can communicate with remote computers, download and run code, send emails and redirect browser requests.

I would counsel you to disconnect this PC from the Internet immediately until it's clean. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojans have been identified there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS.

Visit the following sites for more information on internet theft and when to reformat!

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

If you have any questions before to come to a final decision, please feel free to ask.

Please let me know your decision!!

#4 honda2nr

honda2nr
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 06 April 2007 - 04:16 PM

if you believe that it is absolutely imperative that I reformat and instal the OS I can do that. Is there anyway around this? I have a lot of school work and other things on this computer that I would hate to lose. I check my balences for my banking account on this computer not many banking or personla information. Please help

#5 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:11 PM

Posted 06 April 2007 - 04:44 PM

Hi honda2nr, :thumbsup:

We can clean your computer but........se my earlier post.

So it's up to you, let me know!!

#6 honda2nr

honda2nr
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 06 April 2007 - 09:55 PM

I would like to just clean it up for now, as I have a lot of things on here that I need for school at the moment

#7 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:11 PM

Posted 09 April 2007 - 11:34 AM

Hi honda2nr, :flowers:


Sorry for the long wait. :thumbsup:

1. Download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

2. Run HijackThis, click Scan and checkmark the following entries:

O2 - BHO: (no name) - {33e8a8fa-371e-44aa-b81e-4930e92f245a} - C:\WINDOWS\system32\job251.dll
O2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - C:\WINDOWS\system32\ipv6monl.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\tmpD.tmp.dll (file missing)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\System32\lsasss.exe
O4 - HKUS\S-1-5-18\..\Run: [irssyncd] C:\WINDOWS\System32\irssyncd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [irssyncd] C:\WINDOWS\System32\irssyncd.exe (User 'Default user')
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhelper/ve...n7/dlhelper.cab
O20 - Winlogon Notify: job251 - C:\WINDOWS\SYSTEM32\job251.dll
O20 - Winlogon Notify: MT4173a0 - MT4173a0.dll (file missing)
O23 - Service: ieupdater22 (Microsoft IEUpdater22) - Unknown owner - C:\Documents and Settings\Owner\ie_updater.exe


Close all browsers and windows, except for HijackThis and click the Fix Checked button; close HijackThis!

3. Go to Start->Run, type CMD and click Ok.

Alternatively, Press Ctrl+Alt+Delete to bring the Task Manager. While holding down the Ctrl key, click on New Task. Once the MSDOS Window comes up, minimize the Task Manager.
At the prompt type the following and press Enter after each line:

SC Stop "Microsoft IEUpdater22"
SC Delete "Microsoft IEUpdater22"
Exit

4. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete the following files in bold if they exist:

C:\WINDOWS\system32\job251.dll
C:\WINDOWS\system32\ipv6monl.dll
C:\WINDOWS\System32\ALCXMNTR.EXE
C:\WINDOWS\System32\lsasss.exe<< See the 3s's in the name!! Don't delete C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\irssyncd.exe
C:\WINDOWS\System32\MT4173a0.dll
C:\Documents and Settings\Owner\ie_updater.exe

5. You're using an outdated version of Java (latest one is Java Runtime Environment (JRE) 6u1). Older versions have vulnerabilities that malware can use to infect your system. Please update and remove the older versions. Do the following:
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

    It should have next icon next to it: Posted Image
    Select it and click Remove.
  • Then Download and install the newest version from here:

    Java Runtime Environment (JRE) 6u1
6. Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

Please reboot and post C:\vundofix.txt together with F-Secure report and a new HijackThis log!

#8 honda2nr

honda2nr
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 10 April 2007 - 10:21 AM

Result: 69 malware found
Email-Worm.Win32.Zhelatin.ch (virus)
C:\WINDOWS\SYSTEM32\RSVP32_2.DLL (Renamed & Submitted)
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\VP1UMV8N\3003Z[1] (Renamed)
Exploit.HTML.Mht (virus)
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\PROM 2004\NEW FOLDER\BACKUP-20040522-230348-873 (Submitted)
HTML/Renos.A (virus)
C:\WINDOWS\GEO2.HTML (Submitted)
NetworkWorm.BX (virus)
C:\WINDOWS\RUN2.EXE (Submitted)
Packed.Win32.PePatch.dw (virus)
C:\WINDOWS\SYSTEM32\UPDATE31342824.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\E0NWWENY\WINDM[1] (Submitted)
Rootkit.Win32.Agent.ef (virus)
C:\WINDOWS\NEW_DRV.SYS (Submitted)
Stealth_file (hidden item)
C:\WINDOWS\SYSTEM32:LZX32.SYS
Tracking Cookie (spyware)
System (Disinfected)
System (Submitted)
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
Trojan-Clicker.Win32.Costrat.ah (virus)
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4OJQ16OP\WINSP4[1].EXE (Renamed & Submitted)
Trojan-Downloader.JS.Agent.dw (virus)
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\CDYFSTEN\JUST[1].HTM (Renamed & Submitted)
Trojan-Downloader.Win32.Agent.awf (virus)
C:\WINDOWS\SYSTEM32\BAK\LSASSS.EXE (Renamed & Submitted)
C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\MSMSGS.EXE (Renamed & Submitted)
C:\RECYCLER\S-1-5-21-709730831-4258633224-830553078-1003\DC39.EXE (Renamed & Submitted)
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE (Renamed & Submitted)
C:\PROGRAM FILES\SLYSOFT\ANYDVD\ANYDVD.EXE (Renamed & Submitted)
C:\PROGRAM FILES\REAL\REALONE PLAYER\REALPLAY.EXE (Renamed & Submitted)
C:\PROGRAM FILES\ITUNES\ITUNESHELPER.EXE (Renamed & Submitted)
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE (Renamed & Submitted)
C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NEROCHECK.EXE (Renamed & Submitted)
C:\PROGRAM FILES\AIM6\AIM6.EXE (Renamed & Submitted)
Trojan-Downloader.Win32.Agent.bjk (virus)
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\TMP167.TMP.EXE (Renamed & Submitted)
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\TMP3.TMP.EXE (Renamed & Submitted)
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\TMPFC9.TMP.EXE (Renamed & Submitted)
Trojan-Downloader.Win32.Small.dwc (virus)
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\BL8P505F\101010[1] (Renamed & Submitted)
Trojan-PSW.Win32.LdPinch.bgj (virus)
C:\WINDOWS\9129837.EXE (Renamed & Submitted)
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\CDYFSTEN\OUR[1] (Renamed & Submitted)
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\CDYFSTEN\OUR[2] (Renamed & Submitted)
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\CDYFSTEN\OUR[3] (Renamed & Submitted)
Trojan-Proxy.Win32.Wopla.ag (virus)
C:\WINDOWS\SYSTEM32\POOF
C:\WINDOWS\SYSTEM32\KOOS.EXE
C:\WINDOWS\SYSTEM32\KPROF
Trojan-Spy.Win32.Goldun.ms (virus)
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\CDYFSTEN\P12[1].EXE (Renamed & Submitted)
Trojan.Win32.Agent.agv (virus)
C:\WINDOWS\RQOONO.DLL (Renamed & Submitted)
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\TMP62F.TMP.EXE (Renamed & Submitted)
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\TMP65D.TMP.EXE (Renamed & Submitted)
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\BACKUPS\BACKUP-20070312-082108-278.DLL (Renamed & Submitted)
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\BACKUPS\BACKUP-20070312-140007-943.DLL (Renamed & Submitted)
Trojan.Win32.Agent.aiw (virus)
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\E0NWWENY\GOOGLE[1] (Renamed)
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4OJQ16OP\GOOGLE[1] (Renamed)
Trojan.Win32.Qhost.it (virus)
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\BL8P505F\20509[1].EXE (Renamed & Submitted)
W32/Serpo.AA (virus)
C:\WINDOWS\20040818\SETUP.EXE (Submitted)
W32/Serpo.AA.dropper (virus)
C:\WINDOWS\RUNSETUP.EXE (Submitted)
W32/Smalltroj.ZUE (virus)
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\CDYFSTEN\NA[1].EXE (Submitted)
W32/Suspicious_U.gen.dropper (virus)
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\TMP67.TMP.EXE (Submitted)
Win32.Trojan.Agent (spyware)
System
Win32.TrojanSpy.BZub (spyware)
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 129546
System: 6626
Not scanned: 4
Actions:
Disinfected: 1
Renamed: 31
Deleted: 0
None: 37
Submitted: 39
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\SETTINGS\PARTNERSHIP.DLL

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-04-04
F-Secure AVP: 7.0.171, 2007-04-09
F-Secure Orion: 1.2.37, 2007-04-09
F-Secure Blacklight: 1.0.53, 0000-00-00
F-Secure Draco: 1.0.35, 0260-02-44
F-Secure Pegasus: 1.19.0, 2007-03-02

#9 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:11 PM

Posted 10 April 2007 - 11:16 AM

Hi honda2nr, :huh:

What you posted is incomplete, :thumbsup: so could you, following the instructions, try again and post complete reports and all the reports I asked for.

Thanks. :flowers:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users