Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware that won't quite go away - 9 Hours of Hell!


  • Please log in to reply
6 replies to this topic

#1 AITP

AITP

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 15 January 2005 - 10:44 PM

Hi everyone,

I hate to make my first post to this board (which looks like it really kicks ass for people who need help) a question/complaint, but here goes.

I'm using a client's machine that has Windows XP Pro Version 2002 (no service packs, to be explained below).

He had a series of Trojan horses that kept hijacking his start page, changing favourites, etc.

The activity log NAV 2002 created is as follows:

Date: 15/01/2005, Time: 18:02:24, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:24, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:24, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:24, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:24, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:24, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:26, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:26, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:26, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:26, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:26, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:26, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:26, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:26, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:26, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:26, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:26, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:26, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:26, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:26, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:26, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:26, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:26, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:26, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:26, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:26, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:26, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:26, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:26, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:26, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:28, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:28, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:28, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:28, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:28, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:28, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:28, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:28, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:28, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:28, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:28, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:28, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:30, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:30, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:30, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:30, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:32, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:32, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:32, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:32, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:32, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:32, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:32, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:32, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:32, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:32, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:32, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:32, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:40, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:40, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:40, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:40, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:40, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:40, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:02:40, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:02:40, SYSTEM on Q6Y8G1
The file
C:\windows\system32\rsparapc.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:05:38, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:05:38, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\dllhostxp.exe
is infected with the Trojan dropper virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\dllhostxp.exe
is infected with the Trojan dropper virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\dllhostxp.exe
is infected with the Trojan dropper virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\dllhostxp.exe
is infected with the Trojan dropper virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\dllhostxp.exe
is infected with the Trojan dropper virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\dllhostxp.exe
is infected with the Trojan dropper virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\dllhostxp.exe
is infected with the Trojan dropper virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\dllhostxp.exe
is infected with the Trojan dropper virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:05:40, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:05:40, SYSTEM on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:05:40, SYSTEM on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:05:40, SYSTEM on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:05:40, SYSTEM on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:05:44, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:05:44, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:05:44, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:05:44, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:09:28, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:09:30, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:09:30, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:09:30, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:11:06, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\Software\software.exe
is infected with the Downloader.Lunii virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:11:06, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\Software\software.exe
is infected with the Downloader.Lunii virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:11:06, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\Software\software.exe
is infected with the Downloader.Lunii virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:11:06, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\Software\software.exe
is infected with the Downloader.Lunii virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:11:06, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\Software\software.exe
is infected with the Downloader.Lunii virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:11:06, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\Software\software.exe
is infected with the Downloader.Lunii virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:11:06, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\Software\software.exe
is infected with the Downloader.Lunii virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:11:06, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\Software\software.exe
is infected with the Downloader.Lunii virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:13:12, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\dllhostxp.exe
is infected with the Trojan dropper virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:13:14, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\dllhostxp.exe
is infected with the Trojan dropper virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:13:14, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\dllhostxp.exe
is infected with the Trojan dropper virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:13:14, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\dllhostxp.exe
is infected with the Trojan dropper virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:13:14, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\dllhostxp.exe
is infected with the Trojan dropper virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:13:14, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\dllhostxp.exe
is infected with the Trojan dropper virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:13:14, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\dllhostxp.exe
is infected with the Trojan dropper virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:13:14, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\dllhostxp.exe
is infected with the Trojan dropper virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:15:36, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:15:36, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:15:36, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:15:36, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:15:42, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:15:42, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:16:56, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:16:56, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:21:06, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:21:06, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:21:06, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:21:06, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:27:14, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:27:14, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:27:50, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\MSACMX.DLL12
is infected with the Backdoor.Trojan virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:27:50, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\MSACMX.DLL12
is infected with the Backdoor.Trojan virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:29:18, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:29:18, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:36:24, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:36:24, Frnk on Q6Y8G1
The file
C:\WINDOWS\SYSTEM32\TGBRFV_5.DLL
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:37:28, Frnk on Q6Y8G1
The file
C:\windows\system32\tgbrfv_.exe
is infected with the Trojan dropper virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:37:28, Frnk on Q6Y8G1
The file
C:\windows\system32\tgbrfv_.exe
is infected with the Trojan dropper virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:37:28, Frnk on Q6Y8G1
The file
C:\windows\system32\tgbrfv_.exe
is infected with the Trojan dropper virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:37:28, Frnk on Q6Y8G1
The file
C:\windows\system32\tgbrfv_.exe
is infected with the Trojan dropper virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:37:28, Frnk on Q6Y8G1
The file
C:\windows\system32\tgbrfv_.exe
is infected with the Trojan dropper virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:37:28, Frnk on Q6Y8G1
The file
C:\windows\system32\tgbrfv_.exe
is infected with the Trojan dropper virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:37:28, Frnk on Q6Y8G1
The file
C:\windows\system32\tgbrfv_.exe
is infected with the Trojan dropper virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:37:28, Frnk on Q6Y8G1
The file
C:\windows\system32\tgbrfv_.exe
is infected with the Trojan dropper virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:37:58, Frnk on Q6Y8G1
The file
C:\windows\system32\tgbrfv_5.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:37:58, Frnk on Q6Y8G1
The file
C:\windows\system32\tgbrfv_5.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:37:58, Frnk on Q6Y8G1
The file
C:\windows\system32\tgbrfv_5.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:37:58, Frnk on Q6Y8G1
The file
C:\windows\system32\tgbrfv_5.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:37:58, Frnk on Q6Y8G1
The file
C:\windows\system32\tgbrfv_5.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:37:58, Frnk on Q6Y8G1
The file
C:\windows\system32\tgbrfv_5.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:37:58, Frnk on Q6Y8G1
The file
C:\windows\system32\tgbrfv_5.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:37:58, Frnk on Q6Y8G1
The file
C:\windows\system32\tgbrfv_5.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:37:58, Frnk on Q6Y8G1
The file
C:\windows\system32\tgbrfv_5.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:37:58, Frnk on Q6Y8G1
The file
C:\windows\system32\tgbrfv_5.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:37:58, Frnk on Q6Y8G1
The file
C:\windows\system32\tgbrfv_5.dll
is infected with the Trojan.StartPage virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:37:58, Frnk on Q6Y8G1
The file
C:\windows\system32\tgbrfv_5.dll
is infected with the Trojan.StartPage virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:42:50, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:42:50, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:42:50, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:42:50, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:42:50, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:42:50, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:42:50, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:42:50, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:42:50, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:42:50, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:42:50, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:42:50, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:42:50, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:42:50, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:42:50, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:42:50, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:42:50, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:42:50, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:49:08, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\msacmx.dll
is infected with the Backdoor.Trojan virus.
Unable to repair this file.


Date: 15/01/2005, Time: 18:49:08, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\msacmx.dll
is infected with the Backdoor.Trojan virus.
Access to the file was denied.


Date: 15/01/2005, Time: 18:58:38, Administrator on Q6Y8G1
Virus scan started.

Date: 15/01/2005, Time: 19:02:08, Administrator on Q6Y8G1
Virus scan canceled.

Date: 15/01/2005, Time: 19:05:36, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Unable to repair this file.


Date: 15/01/2005, Time: 19:05:38, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Access to the file was denied.


Date: 15/01/2005, Time: 19:05:38, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Unable to repair this file.


Date: 15/01/2005, Time: 19:05:38, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Access to the file was denied.


Date: 15/01/2005, Time: 19:05:38, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Unable to repair this file.


Date: 15/01/2005, Time: 19:05:38, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Access to the file was denied.


Date: 15/01/2005, Time: 19:05:38, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Unable to repair this file.


Date: 15/01/2005, Time: 19:05:38, Frnk on Q6Y8G1
The file
C:\WINDOWS\System32\Software\software.exe
is infected with the Downloader.Lunii virus.
Access to the file was denied.


Date: 15/01/2005, Time: 19:19:52, Administrator on Q6Y8G1
Virus scan started.

Date: 15/01/2005, Time: 19:50:42, Administrator on Q6Y8G1
The file C:\WINDOWS\SYSTEM32\dllhostxp.exe is infected with the Trojan dropper virus.
The file was quarantined.



Date: 15/01/2005, Time: 19:50:42, Administrator on Q6Y8G1
The file C:\WINDOWS\SYSTEM32\Software\software.exe is infected with the Downloader.Lunii virus.
The file was quarantined.



Date: 15/01/2005, Time: 19:50:42, Administrator on Q6Y8G1
The file C:\WINDOWS\SYSTEM32\msacmx.dll12 is infected with the Backdoor.Trojan virus.
The file was quarantined.



Date: 15/01/2005, Time: 19:50:42, Administrator on Q6Y8G1
The file C:\Documents and Settings\Frnk\Local Settings\Temp\temp.fr70BD is infected with the Trojan.StartPage virus.
The file was quarantined.



Date: 15/01/2005, Time: 19:50:42, Administrator on Q6Y8G1
Virus scanning completed.
Master boot records:
Scanned: 1
Infected: 0
Repaired: 0
Boot records:
Scanned: 1
Infected: 0
Repaired: 0
Files:
Scanned: 79219
Infected: 4
Repaired: 0
Quar'ed: 4
Deleted: 0

Date: 15/01/2005, Time: 20:00:02, Administrator on Q6Y8G1
Virus scan started.

Date: 15/01/2005, Time: 20:00:04, Administrator on Q6Y8G1
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 1
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Date: 15/01/2005, Time: 20:00:06, Administrator on Q6Y8G1
Virus scan started.

Date: 15/01/2005, Time: 20:00:06, Administrator on Q6Y8G1
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 1
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0

Eventually, I was able to get rid of any Trojan horse virii that NAV 2002 would pick up (using the latest updates via Intelligent Updater) - see below:

I also ran Ad-Aware to get rid of some things, and the logs are below:


Ad-Aware SE Build 1.05
Logfile Created on:January 15, 2005 5:08:46 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R25 11.01.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):44 total references
istbar.dotcomToolbar(TAC index:5):2 total references
MRU List(TAC index:0):34 total references
Other(TAC index:5):1 total references
Possible Browser Hijack attempt(TAC index:3):23 total references
RightFinder(TAC index:3):1 total references
Tracking Cookie(TAC index:3):4 total references
Win32.Trojan.Small(TAC index:7):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


15-01-2005 5:08:46 PM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 336
ThreadCreationTime : 15-01-2005 9:59:36 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 392
ThreadCreationTime : 15-01-2005 10:01:22 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 416
ThreadCreationTime : 15-01-2005 10:01:27 PM
BasePriority : High


CoolWebSearch Object Recognized!
Type : Process
Data : TGBRFV_5.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! CoolWebSearch Object found in memory(C:\WINDOWS\System32\TGBRFV_5.dll)


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 460
ThreadCreationTime : 15-01-2005 10:01:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

CoolWebSearch Object Recognized!
Type : Process
Data : TGBRFV_5.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! CoolWebSearch Object found in memory(C:\WINDOWS\System32\TGBRFV_5.dll)


#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 472
ThreadCreationTime : 15-01-2005 10:01:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 632
ThreadCreationTime : 15-01-2005 10:01:31 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

CoolWebSearch Object Recognized!
Type : Process
Data : TGBRFV_5.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! CoolWebSearch Object found in memory(C:\WINDOWS\System32\TGBRFV_5.dll)


#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 688
ThreadCreationTime : 15-01-2005 10:01:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

CoolWebSearch Object Recognized!
Type : Process
Data : TGBRFV_5.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! CoolWebSearch Object found in memory(C:\WINDOWS\System32\TGBRFV_5.dll)


#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 804
ThreadCreationTime : 15-01-2005 10:01:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

CoolWebSearch Object Recognized!
Type : Process
Data : TGBRFV_5.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! CoolWebSearch Object found in memory(C:\WINDOWS\System32\TGBRFV_5.dll)

"C:\WINDOWS\System32\svchost.exe"Process terminated successfully

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 828
ThreadCreationTime : 15-01-2005 10:01:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

CoolWebSearch Object Recognized!
Type : Process
Data : TGBRFV_5.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! CoolWebSearch Object found in memory(C:\WINDOWS\System32\TGBRFV_5.dll)


#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 916
ThreadCreationTime : 15-01-2005 10:01:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

CoolWebSearch Object Recognized!
Type : Process
Data : TGBRFV_5.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! CoolWebSearch Object found in memory(C:\WINDOWS\System32\TGBRFV_5.dll)

"C:\WINDOWS\system32\spoolsv.exe"Process terminated successfully

#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1168
ThreadCreationTime : 15-01-2005 10:01:45 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

CoolWebSearch Object Recognized!
Type : Process
Data : TGBRFV_5.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! CoolWebSearch Object found in memory(C:\WINDOWS\System32\TGBRFV_5.dll)


#:12 [ctsvccda.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1352
ThreadCreationTime : 15-01-2005 10:01:48 PM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

CoolWebSearch Object Recognized!
Type : Process
Data : TGBRFV_5.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! CoolWebSearch Object found in memory(C:\WINDOWS\System32\TGBRFV_5.dll)

"C:\WINDOWS\System32\CTSvcCDA.exe"Process terminated successfully

#:13 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 1396
ThreadCreationTime : 15-01-2005 10:01:48 PM
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

CoolWebSearch Object Recognized!
Type : Process
Data : TGBRFV_5.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! CoolWebSearch Object found in memory(C:\WINDOWS\System32\TGBRFV_5.dll)

"C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"Process terminated successfully

#:14 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1412
ThreadCreationTime : 15-01-2005 10:01:48 PM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

CoolWebSearch Object Recognized!
Type : Process
Data : TGBRFV_5.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! CoolWebSearch Object found in memory(C:\WINDOWS\System32\TGBRFV_5.dll)

Warning! "C:\Program Files\Norton AntiVirus\navapsvc.exe"Process could not be terminated!

#:15 [nisum.exe]
FilePath : C:\Program Files\Norton Internet Security\
ProcessID : 1436
ThreadCreationTime : 15-01-2005 10:01:48 PM
BasePriority : Normal
FileVersion : 4.0.3.104
ProductVersion : 4.0
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security Stats
LegalCopyright : Copyright © 2001 Symantec Corporation

CoolWebSearch Object Recognized!
Type : Process
Data : TGBRFV_5.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! CoolWebSearch Object found in memory(C:\WINDOWS\System32\TGBRFV_5.dll)


#:16 [nisserv.exe]
FilePath : C:\Program Files\Norton Internet Security\
ProcessID : 1652
ThreadCreationTime : 15-01-2005 10:01:52 PM
BasePriority : Normal
FileVersion : 4.0.3.104
ProductVersion : 4.0
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : IAMSERV.EXE
LegalCopyright : Copyright © 2001 Symantec Corporation

CoolWebSearch Object Recognized!
Type : Process
Data : TGBRFV_5.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! CoolWebSearch Object found in memory(C:\WINDOWS\System32\TGBRFV_5.dll)

Warning! "C:\Program Files\Norton Internet Security\NISSERV.EXE"Process could not be terminated!

#:17 [symproxysvc.exe]
FilePath : C:\Program Files\Norton Internet Security\
ProcessID : 1716
ThreadCreationTime : 15-01-2005 10:01:55 PM
BasePriority : Normal
FileVersion : 4.0.3.104
ProductVersion : 4.0
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : Transparent Proxy Server
LegalCopyright : Copyright © 2001 Symantec Corporation

CoolWebSearch Object Recognized!
Type : Process
Data : TGBRFV_5.dll

BC AdBot (Login to Remove)

 


#2 AITP

AITP
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 15 January 2005 - 10:53 PM

The problems I've seen are:

1) When I first load IE, the about:blank page shows up. Now, what used to happen is that xysearch.biz would try to load, which no longer occurs. However, a DNS error occurs and a "The Page Cannot Be Displayed" message is on top.

What's really weird about this is that I can physically type about:blank into the browser address bar after having visited one or more pages, and it works fine.

2) I cannot connect to Spybot S&D, Ad-Aware, NAV 2002 LiveUpdate, or Windows Update to download updates. In the case of the latter, I can connect to Windowsupdate.microsoft.com, but cannot select updates to download (I eventually get Error number: 0x80072EFD .

3) "top-teen-sex.com" and "lovetgp.us" cannot be deleted from IE Favorites.

The things I know it isn't:

1) The hosts.sam file. This is the default file provided by Windows, with only the 127.0.0.1 line being present.

2) In the case of the Windows Uodate error, the steps used in the troubleshooter. I've gone through all of those and none worked.

3) Either msinfo.exe or m00.exe in the root directory. I've deleted both of those files.

After this, I am royally confused. Any help that can be given would be greatly appreciated. Thanks.

#3 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:04:25 PM

Posted 15 January 2005 - 11:06 PM

Read this post here, and then someone will gladly help you.... it looks like that system is quite the mess.

http://www.bleepingcomputer.com/forums/t/956/how-to-submit-a-hijackthis-log/

#4 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:05:25 PM

Posted 16 January 2005 - 01:07 AM

That machine is a mess. The easiest thing to do is to format and reprogram. It will never run properly if you just try to fix it.

Suggest you educate your client in computer security. Didn't see why no Service Packs are installed.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#5 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:04:25 PM

Posted 16 January 2005 - 10:08 AM

Oh come on, it isn't that bad. I've fixed way worse systems than that. It looks worse than it is.

#6 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:05:25 PM

Posted 16 January 2005 - 10:45 AM

It looks worse than it is.


Or is it worse than it looks? :flowers:

(no service packs, to be explained below).


Wonder why that is?

Go and do a Panda Online Scan, it gets a lot of things that others miss. Just for good measure do one from RAV and download and run a squared Trojan remover. Run that one in Safe Mode.

There you go groovicus, guess we'll just have to wait and see what happens. :thumbsup:

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#7 JSKY

JSKY

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Location:Black Hills of S.D. USA
  • Local time:06:25 PM

Posted 16 January 2005 - 12:21 PM

First thing you could try is to burn a disk with Ad-Aware, Spybot S&D, a2Squared, ewido, and Advast Anti-virus on it. Install it on your clients PC. Then boot into safe mode and try to clean it up from there. M$ has giving a cutoff date (not sure when) that they wont give updates unless you have at least SP1 installed
And then after you get things cleaned out. Do a repair install of XP.

There are two types of repair on XP When you boot with the XP disk. You will come to the first part that asks if you want to install or do a repair. This first repair is a comand prompt type for a specific repair. AT THIS POINT! If you click on install XP instead, you will see XP load files as it get ready to install the OS. When it gets done loading files, you will again be asked to install XP or to repair your current OS. At this second repair option, click to repair and sit back. XP will go through your whole system searching and repairing parts that have been changed or need to be replaced. BUT REMEMBER!! With any repair you will need your CD KEY. And you MUST go to windows update and re-download some of the updates because the repair will remove some of them.

Them download the latest version of Hijackthis. Install it in it's own folder, run it and post it in the HJT section if BCs

Hopefully this will give you a start.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users