Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something Eating My Memory


  • This topic is locked This topic is locked
16 replies to this topic

#16 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:25 AM

Posted 18 June 2007 - 12:52 PM

I don't think it did remove the viruses. That last virus scan I did said there still some and the log said skipped. Do you know what that means?



Are you refering to Kaspersky virus scanner?
As far as I know, that was the last scan you did.
OTMoveIt moved all the virures files to a quarentine folder OTMoveIt\MovedFiles\ so they will not do any damage. They can be deleted if you want.


That last virus scan I did said there still some and the log said skipped. Do you know what that means?


That is not correct. NO viruses were skipped! Kaspersky online virus scanner found them and OTMoveit put them a quarentine folder.

See here:

===== Locked Objects =====

C:\DocNeT\WorkingDocuments\TURNER LUCILLE(0).DOC
C:\Documents and Settings\Administrator\Application Data\AOL\C_America Online 9.0\IDB\Apps.Lst
C:\Documents and Settings\Administrator\Application Data\AOL\C_America Online 9.0\IDB\art.idx
C:\Documents and Settings\Administrator\Application Data\AOL\C_America Online 9.0\IDB\sap.dat
C:\Documents and Settings\Administrator\Application Data\AOL\C_America Online 9.0\IDB\spool.lst
C:\Documents and Settings\Administrator\Application Data\AOL\C_America Online 9.0\IDB\sysnews.lst
C:\Documents and Settings\Administrator\Application Data\Microsoft\Word\~WRA0005.as$
C:\Documents and Settings\Administrator\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls
C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\jobivins30@aol.com\SharingMetadata\Logs\Dfsr00005.log
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\jobivins30@aol.com\SharingMetadata\pending.dat
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\jobivins30@aol.com\SharingMetadata\Working\database_A800_2F0B_2E_E054\dfsr.db
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\jobivins30@aol.com\SharingMetadata\Working\database_A800_2F0B_2E_E054\fsr.log
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\jobivins30@aol.com\SharingMetadata\Working\database_A800_2F0B_2E_E054\fsrtmp.log
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\jobivins30@aol.com\SharingMetadata\Working\database_A800_2F0B_2E_E054\tmp.edb
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\jobivins30@aol.com\real\members.stg
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\jobivins30@aol.com\shadow\members.stg
C:\Documents and Settings\Administrator\Local Settings\Temp\me_1PwLCMkKyYhS8rg
C:\Documents and Settings\Administrator\Local Settings\Temp\me_8QcTGvlutqusMar
C:\Documents and Settings\Administrator\Local Settings\Temp\me_hXfJcHisrKl2oh0
C:\Documents and Settings\Administrator\Local Settings\Temp\me_IjdSH54DRnLFzBH
C:\Documents and Settings\Administrator\Local Settings\Temp\me_ngXOz1mvt9MEY90
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite_2gSRJgIKHAhNHRC
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite_idzWMOS2lysCUbb
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite_xsee1TbOGgREvb6
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\jobivins30\MyDB.idx
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\jobivins30\toolbar.lst
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\SNMaster.idx
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\CACHE\jobivins00
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\jobivins30
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\jobivins30.abi
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\jobivins30.aby
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls
C:\Documents and Settings\All Users\Application Data\mcafee.com personal firewall\data\IpRules.xdb
C:\Program Files\CA\PPRT\logs\2007-06-17.csv
C:\Program Files\Cisco Systems\VPN Client\Certificates\CAAAAAAA.CDX
C:\Program Files\Cisco Systems\VPN Client\Certificates\CAAAAAAA.DBF
C:\Program Files\Cisco Systems\VPN Client\Certificates\CAAAAAAA.FPT
C:\Program Files\Cisco Systems\VPN Client\Certificates\CBAAAAAA.CDX
C:\Program Files\Cisco Systems\VPN Client\Certificates\CBAAAAAA.DBF
C:\Program Files\Cisco Systems\VPN Client\Certificates\CBAAAAAA.FPT
C:\Program Files\Cisco Systems\VPN Client\Certificates\CCAAAAAA.CDX
C:\Program Files\Cisco Systems\VPN Client\Certificates\CCAAAAAA.DBF
C:\Program Files\Cisco Systems\VPN Client\Certificates\CCAAAAAA.FPT
C:\Program Files\Cisco Systems\VPN Client\Certificates\CDAAAAAA.CDX
C:\Program Files\Cisco Systems\VPN Client\Certificates\CDAAAAAA.DBF
C:\Program Files\Cisco Systems\VPN Client\Certificates\CDAAAAAA.FPT
C:\Program Files\Cisco Systems\VPN Client\Certificates\PAAAAAAA.CDX
C:\Program Files\Cisco Systems\VPN Client\Certificates\PAAAAAAA.DBF
C:\Program Files\Cisco Systems\VPN Client\Certificates\PAAAAAAA.FPT
C:\Program Files\Cisco Systems\VPN Client\Certificates\PBAAAAAA.CDX
C:\Program Files\Cisco Systems\VPN Client\Certificates\PBAAAAAA.DBF
C:\Program Files\Cisco Systems\VPN Client\Certificates\PBAAAAAA.FPT
C:\Program Files\Cisco Systems\VPN Client\Certificates\PCAAAAAA.CDX
C:\Program Files\Cisco Systems\VPN Client\Certificates\PCAAAAAA.DBF
C:\Program Files\Cisco Systems\VPN Client\Certificates\PCAAAAAA.FPT
C:\Program Files\Cisco Systems\VPN Client\Certificates\PDAAAAAA.CDX
C:\Program Files\Cisco Systems\VPN Client\Certificates\PDAAAAAA.DBF
C:\Program Files\Cisco Systems\VPN Client\Certificates\PDAAAAAA.FPT
C:\Program Files\Cisco Systems\VPN Client\Certificates\RAAAAAAA.CDX
C:\Program Files\Cisco Systems\VPN Client\Certificates\RAAAAAAA.DBF
C:\Program Files\Cisco Systems\VPN Client\Certificates\RAAAAAAA.FPT
C:\Program Files\Cisco Systems\VPN Client\Certificates\RBAAAAAA.CDX
C:\Program Files\Cisco Systems\VPN Client\Certificates\RBAAAAAA.DBF
C:\Program Files\Cisco Systems\VPN Client\Certificates\RBAAAAAA.FPT
C:\Program Files\Cisco Systems\VPN Client\Certificates\RCAAAAAA.CDX
C:\Program Files\Cisco Systems\VPN Client\Certificates\RCAAAAAA.DBF
C:\Program Files\Cisco Systems\VPN Client\Certificates\RCAAAAAA.FPT
C:\Program Files\Cisco Systems\VPN Client\Certificates\RDAAAAAA.CDX
C:\Program Files\Cisco Systems\VPN Client\Certificates\RDAAAAAA.DBF
C:\Program Files\Cisco Systems\VPN Client\Certificates\RDAAAAAA.FPT
C:\Program Files\Cisco Systems\VPN Client\Certificates\RSADB.CDX
C:\Program Files\Cisco Systems\VPN Client\Certificates\RSADB.DBF
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000011.FCS
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx

===== Infected Objects =====


===== Details =====

Number of items = 14
Number of viruses found: 2
Number of infected objects: 14
Number of suspicious objects: 0
C:\_OTMoveIt\MovedFiles\Documents and Settings\Administrator\My Documents\download programs\SpxToolbar.exe/stream/data0007 ------> Win32.Softomate.j
C:\_OTMoveIt\MovedFiles\Documents and Settings\Administrator\My Documents\download programs\SpxToolbar.exe/stream ------> Win32.Softomate.j
C:\_OTMoveIt\MovedFiles\Documents and Settings\Administrator\My Documents\download programs\SpxToolbar.exe NSIS: infected - 2
C:\_OTMoveIt\MovedFiles\WINDOWS\monterreyc_unknown.exe ------> Trojan.Win32.Kolweb.l
C:\_OTMoveIt\MovedFiles\WINDOWS\monterreyd_unknown.exe ------> Trojan.Win32.Kolweb.l
C:\_OTMoveIt\MovedFiles\WINDOWS\monterreyh_unknown.exe ------> Trojan.Win32.Kolweb.l
C:\_OTMoveIt\MovedFiles\WINDOWS\monterreyk_unknown.exe ------> Trojan.Win32.Kolweb.l
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\driverc.dll ------> Trojan.Win32.Kolweb.l
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\driverl.exe ------> Trojan.Win32.Kolweb.l
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\monterreyc_unknown.exe ------> Trojan.Win32.Kolweb.l
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\monterreyd_unknown.exe ------> Trojan.Win32.Kolweb.l
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\monterreyh_unknown.exe ------> Trojan.Win32.Kolweb.l
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\monterreyk_unknown.exe ------> Trojan.Win32.Kolweb.l
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\monterreyl_unknown.exe ------> Trojan.Win32.Kolweb.l


Edited by SifuMike, 18 June 2007 - 04:40 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

BC AdBot (Login to Remove)

 


#17 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:25 AM

Posted 25 June 2007 - 12:08 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users