Post by: godzilly on September 03, 2006, 12:21:35 PM
I originally had isoffice.exe and ismini.exe and several others
I've run ewido, smitfraud, virtumundobegone, look2m-destroyer, but I'm still experiencing
trojan.PAKES
trojan.DIALER.QY
DIALER.KOTU
Can you help me ??
Latest HJT list :
Logfile of HijackThis v1.99.1
Scan saved at 10:15:12 AM, on 9/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\QConsole.exe
C:\Documents and Settings\All Users\Desktop\DOWNLOADS\hijack\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acronis True Image Monitor] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...40%3A%3A454x107 (http://\"https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://automobiles.honda.com/models/mov_iframe_viewpt.asp?path=/images/banners/2006/cr-v/exterior_viewpoint&FrameBGColor=%23FFFFFF&ModelNameDir=crv_ext.mtz&FlashNav=whole.swf&MediaDimensions=454x240%3A%3A454x107\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128798714328 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128798714328\")
O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - C:\PROGRA~1\QUESTS~1\SQLNAV~1\RNetPin.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winmxw32 - C:\WINDOWS\SYSTEM32\winmxw32.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Post by: guestolo on September 03, 2006, 12:30:53 PM
Temporarily disable Norton's Auto Protect
From my signature below,
Use INTERNET EXPLORER
Run an online virus scan at Kaspersky's
Accept the prompt at the Welcome screen
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make sure that the following are selected:
***Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
***Scan Options:
Scan Archives
Scan Mail Bases
- Click OK
- Now under select a target to scan:
Select My Computer
- This program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
***Now click on the Save as Text button:
- Save the file to your desktop.
Could you also do the following
Right click on Hijackthis.exe >>> Rename it too analyze.exe
Run a fresh scan and save logfile and post the fresh log it produces
Post by: godzilly on September 03, 2006, 12:53:54 PM
I'm really afraid of connecting to the internet without protection since we don't know what else may be going on
Is this really the only way?
Post by: guestolo on September 03, 2006, 01:01:55 PM
Can you navigate to kapersky's from my link
Install the active X, etc....
Just before the scan temporarily turn off Norton's auto protects
If you don't feel that is safe, you can leave it running, but as mentioned may slow down the scanner
We have to flush out the bad guys
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: godzilly on September 03, 2006, 06:17:06 PM
Note: Drive F: was a drive from my old PC that I attached to my new one. Although it has Win2K on it, it is not a system disk - I never boot from it
Kapersky LOG:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, September 03, 2006 2:15:05 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 3/09/2006
Kaspersky Anti-Virus database records: 220487
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - Folders:
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 162787
Number of viruses found: 19
Number of infected objects: 421 / 0
Number of suspicious objects: 31
Duration of the scan process: 02:44:41
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-04282006-193203.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-09-03_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Desktop\DOWNLOADS\hijack\smitfraud\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\All Users\Desktop\DOWNLOADS\hijack\smitfraud\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\All Users\Desktop\DOWNLOADS\hijack\smitfraud\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\brian\Application Data\Skype\briandm99\call256.dbb Object is locked skipped
C:\Documents and Settings\brian\Application Data\Skype\briandm99\callmember256.dbb Object is locked skipped
C:\Documents and Settings\brian\Application Data\Skype\briandm99\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\brian\Application Data\Skype\briandm99\index2.dat Object is locked skipped
C:\Documents and Settings\brian\Application Data\Skype\briandm99\profile256.dbb Object is locked skipped
C:\Documents and Settings\brian\Application Data\Skype\briandm99\user1024.dbb Object is locked skipped
C:\Documents and Settings\brian\Application Data\Skype\briandm99\user256.dbb Object is locked skipped
C:\Documents and Settings\brian\Application Data\Skype\briandm99\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\brian\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\brian\Desktop\OLd Drive F\laptop\DOWNLOADS\WAR FTP\war-ftpd.exe Infected: not-a-virus:Server-FTP.Win32.PremierServer.b skipped
C:\Documents and Settings\brian\Desktop\OLd Drive F\laptop\DOWNLOADS\WAR FTP\ward165.exe/war-ftpd.exe Infected: not-a-virus:Server-FTP.Win32.PremierServer.b skipped
C:\Documents and Settings\brian\Desktop\OLd Drive F\laptop\DOWNLOADS\WAR FTP\ward165.exe ZIP: infected - 1 skipped
C:\Documents and Settings\brian\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/11 Jun 2006 05:52 to [email protected]:New Graphic Site/11 Jun 2006 05:52 from mohammad jamshidi:New Graphic Site/11 Jun 2006 05:49 from Yahoo! Groups Notification:MODERATE -- ha/11 Jun 2006 05:23 from hamed j:New Graphic Site/10 Jun 2006 10:26 to B_L_A_C_K_W_O_R_NEmail Removed:New Graphic Sit/09 Jun 2006 17:03 from salam salame:New Graphic Site/09 Jun 2006 12:01 to B_L_A_C_K_W_O_R_NEmail Removed:New Graphic Sit/09 Jun 2006 11:36 from HADI JAFARINIA:New Graphic Site/09 Jun 2006 ... Infected: Email-Worm.JS.Yamanner.a skipped
C:\Documents and Settings\brian\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Mail MS Mail: infected - 1 skipped
C:\Documents and Settings\brian\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\brian\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\brian\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{A0A9D9AD-5A3A-49D5-AE4C-A177328879B8} Object is locked skipped
C:\Documents and Settings\brian\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\brian\Local Settings\Temp\Perflib_Perfdata_f98.dat Object is locked skipped
C:\Documents and Settings\brian\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\brian\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\brian\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04F44064.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\14827E6A.exe Infected: Trojan.Win32.Dialer.pz skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\16DC4846.exe Infected: Trojan.Win32.Dialer.pz skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\18B34217.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\507A7E6C.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0169NAV~.TMP Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0675NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\ismini.exe Infected: Trojan-Downloader.Win32.Zlob.xy skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\winmxw32.dll Infected: Packed.Win32.Klone.g skipped
C:\WINDOWS\Temp\Perflib_Perfdata_1f8.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\I386\Apps\APP04843\src\da\js\LURegWMI.exe Infected: not-a-virus:AdWare.Win32.Dm.n skipped
D:\I386\Apps\APP04843\src\de\js\LURegWMI.exe Infected: not-a-virus:AdWare.Win32.Dm.n skipped
D:\I386\Apps\APP04843\src\fi\js\LURegWMI.exe Infected: not-a-virus:AdWare.Win32.Dm.n skipped
D:\I386\Apps\APP04843\src\fr\JS\LURegWMI.exe Infected: not-a-virus:AdWare.Win32.Dm.n skipped
D:\I386\Apps\APP04843\src\it\js\LURegWMI.exe Infected: not-a-virus:AdWare.Win32.Dm.n skipped
D:\I386\Apps\APP04843\src\ko\JS\LUREGWMI.EXE Infected: not-a-virus:AdWare.Win32.Dm.n skipped
D:\I386\Apps\APP04843\src\nl\js\LURegWMI.exe Infected: not-a-virus:AdWare.Win32.Dm.n skipped
D:\I386\Apps\APP04843\src\no\js\LURegWMI.exe Infected: not-a-virus:AdWare.Win32.Dm.n skipped
D:\I386\Apps\APP04843\src\pt\js\LURegWMI.exe Infected: not-a-virus:AdWare.Win32.Dm.n skipped
D:\I386\Apps\APP04843\src\sv\js\LURegWMI.exe Infected: not-a-virus:AdWare.Win32.Dm.n skipped
D:\I386\Apps\APP04843\src\zh\cn\JS\LUREGWMI.EXE Infected: not-a-virus:AdWare.Win32.Dm.n skipped
D:\I386\Apps\APP04843\src\zh\tw\JS\LURegWMI.exe Infected: not-a-virus:AdWare.Win32.Dm.n skipped
F:\Documents and Settings\All Users.WINNT\Desktop\DOWNLOADS\ot8100logo.exe/WISE0084.BIN/WISE0007.BIN Infected: not-a-virus:AdWare.Win32.BMCentral.a skipped
F:\Documents and Settings\All Users.WINNT\Desktop\DOWNLOADS\ot8100logo.exe/WISE0084.BIN Infected: not-a-virus:AdWare.Win32.BMCentral.a skipped
F:\Documents and Settings\All Users.WINNT\Desktop\DOWNLOADS\ot8100logo.exe WiseSFX: infected - 2 skipped
F:\Documents and Settings\All Users.WINNT\Desktop\DOWNLOADS\WAR FTP\war-ftpd.exe Infected: not-a-virus:Server-FTP.Win32.PremierServer.b skipped
F:\Documents and Settings\All Users.WINNT\Desktop\DOWNLOADS\WAR FTP\ward165.exe/war-ftpd.exe Infected: not-a-virus:Server-FTP.Win32.PremierServer.b skipped
F:\Documents and Settings\All Users.WINNT\Desktop\DOWNLOADS\WAR FTP\ward165.exe ZIP: infected - 1 skipped
F:\DRIVE F\laptop\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03680000.VBN Infected: EICAR-Test-File skipped
F:\DRIVE F\laptop\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03680001.VBN Infected: Email-Worm.Win32.Magistr.b skipped
F:\DRIVE F\laptop\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\036C0000.VBN Infected: EICAR-Test-File skipped
F:\DRIVE F\laptop\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800000.VBN Infected: Email-Worm.Win32.Magistr.b skipped
F:\DRIVE F\laptop\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800001.VBN Infected: Email-Worm.Win32.Magistr.b skipped
F:\DRIVE F\laptop\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03880000.VBN Infected: Email-Worm.Win32.MTX skipped
F:\DRIVE F\laptop\All Users\Desktop\DOWNLOADS\WAR FTP\war-ftpd.exe Infected: not-a-virus:Server-FTP.Win32.PremierServer.b skipped
F:\DRIVE F\laptop\All Users\Desktop\DOWNLOADS\WAR FTP\ward165.exe/war-ftpd.exe Infected: not-a-virus:Server-FTP.Win32.PremierServer.b skipped
F:\DRIVE F\laptop\All Users\Desktop\DOWNLOADS\WAR FTP\ward165.exe ZIP: infected - 1 skipped
F:\DRIVE F\laptop\DOWNLOADS\WAR FTP\war-ftpd.exe Infected: not-a-virus:Server-FTP.Win32.PremierServer.b skipped
F:\DRIVE F\laptop\DOWNLOADS\WAR FTP\ward165.exe/war-ftpd.exe Infected: not-a-virus:Server-FTP.Win32.PremierServer.b skipped
F:\DRIVE F\laptop\DOWNLOADS\WAR FTP\ward165.exe ZIP: infected - 1 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\04B0060D/[From webmasterEmail Removed][Date Tue, 28 Dec 2004 13:27:15 GMT]/yahoo_2861.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\04B0060D/[From webmasterEmail Removed][Date Tue, 28 Dec 2004 13:27:15 GMT]/yahoo_2861.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\04B0060D Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\04B0060D CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\04E17BD7/[From [email protected]][Date Tue, 28 Dec 2004 16:44:29 GMT]/oh_nono6304.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\04E17BD7/[From [email protected]][Date Tue, 28 Dec 2004 16:44:29 GMT]/oh_nono6304.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\04E17BD7 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\04E17BD7 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\053D77B6/[From [email protected]][Date Wed, 29 Dec 2004 17:56:43 GMT]/im_shocked.3733.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\053D77B6/[From [email protected]][Date Wed, 29 Dec 2004 17:56:43 GMT]/im_shocked.3733.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\053D77B6 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\053D77B6 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\058F115C/[From infoEmail Removed][Date Wed, 29 Dec 2004 20:47:30 GMT]/re_mail.7108.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\058F115C/[From infoEmail Removed][Date Wed, 29 Dec 2004 20:47:30 GMT]/re_mail.7108.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\058F115C Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\058F115C CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05956555/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 01:09:42 GMT]/re_mail.DOC.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05956555/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 01:09:42 GMT]/re_mail.DOC.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05956555 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05956555 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05A20D46/[From [email protected]][Date Thu, 30 Dec 2004 04:16:46 UTC]/mindspring5757.TXT.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05A20D46/[From [email protected]][Date Thu, 30 Dec 2004 04:16:46 UTC]/mindspring5757.TXT.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05A20D46 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05A20D46 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05AC0B3C/[From [email protected]][Date Thu, 30 Dec 2004 07:42:34 UTC]/mail.word.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05AC0B3C/[From [email protected]][Date Thu, 30 Dec 2004 07:42:34 UTC]/mail.word.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05AC0B3C Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05AC0B3C CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05B60931/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 11:28:40 GMT]/mail_253.eml.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05B60931/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 11:28:40 GMT]/mail_253.eml.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05B60931 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05B60931 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\060478DB/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 14:33:30 GMT]/auto__mail.yahoo4392.EML.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\060478DB/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 14:33:30 GMT]/auto__mail.yahoo4392.EML.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\060478DB Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\060478DB CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\06C85003/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 18:05:40 GMT]/yahoo.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\06C85003/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 18:05:40 GMT]/yahoo.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\06C85003 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\06C85003 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\06E21FE6/[From infoEmail Removed][Date Fri, 31 Dec 2004 09:40:40 UTC]/Email Removed.3464.doc.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\06E21FE6/[From infoEmail Removed][Date Fri, 31 Dec 2004 09:40:40 UTC]/Email Removed.3464.doc.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\06E21FE6 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\06E21FE6 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\06EC1DDB/[From [email protected]][Date Fri, 31 Dec 2004 12:55:29 GMT]/bigfoot.xls.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\06EC1DDB/[From [email protected]][Date Fri, 31 Dec 2004 12:55:29 GMT]/bigfoot.xls.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\06EC1DDB Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\06EC1DDB CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\06FC6FC9/[From [email protected]][Date Fri, 31 Dec 2004 16:18:28 UTC]/ilnet_7607.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\06FC6FC9/[From [email protected]][Date Fri, 31 Dec 2004 16:18:28 UTC]/ilnet_7607.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\06FC6FC9 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\06FC6FC9 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\07066DBF/[From ewnet2004Email Removed][Date Fri, 31 Dec 2004 19:21:31 UTC]/thats_hard.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\07066DBF/[From ewnet2004Email Removed][Date Fri, 31 Dec 2004 19:21:31 UTC]/thats_hard.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\07066DBF Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\07066DBF CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\070D41B7/[From [email protected]][Date Fri, 31 Dec 2004 23:09:08 GMT]/mail.xls.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\070D41B7/[From [email protected]][Date Fri, 31 Dec 2004 23:09:08 GMT]/mail.xls.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\070D41B7 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\070D41B7 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\17F73118/[From [email protected]][Date Wed, 29 Dec 2004 17:56:43 GMT]/im_shocked.3733.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\17F73118/[From [email protected]][Date Wed, 29 Dec 2004 17:56:43 GMT]/im_shocked.3733.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\17F73118 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\17F73118 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\181754F4/[From infoEmail Removed][Date Wed, 29 Dec 2004 20:47:30 GMT]/re_mail.7108.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\181754F4/[From infoEmail Removed][Date Wed, 29 Dec 2004 20:47:30 GMT]/re_mail.7108.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\181754F4 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\181754F4 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\182152E9/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 01:09:42 GMT]/re_mail.DOC.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\182152E9/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 01:09:42 GMT]/re_mail.DOC.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\182152E9 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\182152E9 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\182E7ADB/[From [email protected]][Date Thu, 30 Dec 2004 04:16:46 UTC]/mindspring5757.TXT.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\182E7ADB/[From [email protected]][Date Thu, 30 Dec 2004 04:16:46 UTC]/mindspring5757.TXT.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\182E7ADB Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\182E7ADB CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\183E4CC9/[From [email protected]][Date Thu, 30 Dec 2004 07:42:34 UTC]/mail.word.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\183E4CC9/[From [email protected]][Date Thu, 30 Dec 2004 07:42:34 UTC]/mail.word.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\183E4CC9 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\183E4CC9 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\184520C2/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 11:28:40 GMT]/mail_253.eml.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\184520C2/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 11:28:40 GMT]/mail_253.eml.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\184520C2 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\184520C2 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\184F1EB7/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 14:33:30 GMT]/auto__mail.yahoo4392.EML.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\184F1EB7/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 14:33:30 GMT]/auto__mail.yahoo4392.EML.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\184F1EB7 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\184F1EB7 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18591CAC/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 18:05:40 GMT]/yahoo.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18591CAC/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 18:05:40 GMT]/yahoo.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18591CAC Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18591CAC CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\186F4293/[From infoEmail Removed][Date Fri, 31 Dec 2004 09:40:40 UTC]/Email Removed.3464.doc.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\186F4293/[From infoEmail Removed][Date Fri, 31 Dec 2004 09:40:40 UTC]/Email Removed.3464.doc.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\186F4293 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\186F4293 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1876168C/[From [email protected]][Date Fri, 31 Dec 2004 12:55:29 GMT]/bigfoot.xls.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1876168C/[From [email protected]][Date Fri, 31 Dec 2004 12:55:29 GMT]/bigfoot.xls.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1876168C Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1876168C CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1886687A/[From [email protected]][Date Fri, 31 Dec 2004 16:18:28 UTC]/ilnet_7607.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1886687A/[From [email protected]][Date Fri, 31 Dec 2004 16:18:28 UTC]/ilnet_7607.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1886687A Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1886687A CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\188D3C73/[From ewnet2004Email Removed][Date Fri, 31 Dec 2004 19:21:31 UTC]/thats_hard.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\188D3C73/[From ewnet2004Email Removed][Date Fri, 31 Dec 2004 19:21:31 UTC]/thats_hard.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\188D3C73 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\188D3C73 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18973A68/[From [email protected]][Date Fri, 31 Dec 2004 23:09:08 GMT]/mail.xls.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18973A68/[From [email protected]][Date Fri, 31 Dec 2004 23:09:08 GMT]/mail.xls.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18973A68 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18973A68 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18AA3652/[From [email protected]][Date Sat, 01 Jan 2005 11:38:41 UTC]/auto__mail.swipnet_7741.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18AA3652/[From [email protected]][Date Sat, 01 Jan 2005 11:38:41 UTC]/auto__mail.swipnet_7741.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18AA3652 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18AA3652 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18B43448/[From Error_MailEmail Removed][Date Sat, 01 Jan 2005 15:10:33 GMT]/re_mail.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18B43448/[From Error_MailEmail Removed][Date Sat, 01 Jan 2005 15:10:33 GMT]/re_mail.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18B43448 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18B43448 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18C15C39/[From [email protected]][Date Sat, 01 Jan 2005 19:18:47 GMT]/mediaone.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18C15C39/[From [email protected]][Date Sat, 01 Jan 2005 19:18:47 GMT]/mediaone.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18C15C39 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18C15C39 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18CB5A2E/[From [email protected]][Date Sat, 01 Jan 2005 23:37:12 UTC]/mail3784.DOC.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18CB5A2E/[From [email protected]][Date Sat, 01 Jan 2005 23:37:12 UTC]/mail3784.DOC.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18CB5A2E Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18CB5A2E CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18D55824/[From [email protected]][Date Sun, 02 Jan 2005 02:20:14 GMT]/mail.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18D55824/[From [email protected]][Date Sun, 02 Jan 2005 02:20:14 GMT]/mail.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18D55824 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18D55824 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\19092B5C/[From [email protected]][Date Wed, 29 Dec 2004 17:56:43 GMT]/im_shocked.3733.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\19092B5C/[From [email protected]][Date Wed, 29 Dec 2004 17:56:43 GMT]/im_shocked.3733.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\19092B5C Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\19092B5C CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C026217/[From infoEmail Removed][Date Wed, 29 Dec 2004 20:47:30 GMT]/re_mail.7108.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C026217/[From infoEmail Removed][Date Wed, 29 Dec 2004 20:47:30 GMT]/re_mail.7108.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C026217 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C026217 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C0F0A09/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 01:09:42 GMT]/re_mail.DOC.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C0F0A09/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 01:09:42 GMT]/re_mail.DOC.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C0F0A09 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C0F0A09 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C1C31FA/[From [email protected]][Date Thu, 30 Dec 2004 04:16:46 UTC]/mindspring5757.TXT.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C1C31FA/[From [email protected]][Date Thu, 30 Dec 2004 04:16:46 UTC]/mindspring5757.TXT.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C1C31FA Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C1C31FA CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C2959EC/[From [email protected]][Date Thu, 30 Dec 2004 07:42:34 UTC]/mail.word.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C2959EC/[From [email protected]][Date Thu, 30 Dec 2004 07:42:34 UTC]/mail.word.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C2959EC Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C2959EC CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C3357E1/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 11:28:40 GMT]/mail_253.eml.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C3357E1/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 11:28:40 GMT]/mail_253.eml.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C3357E1 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C3357E1 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C392BDA/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 14:33:30 GMT]/auto__mail.yahoo4392.EML.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C392BDA/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 14:33:30 GMT]/auto__mail.yahoo4392.EML.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C392BDA Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C392BDA CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C4653CB/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 18:05:40 GMT]/yahoo.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C4653CB/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 18:05:40 GMT]/yahoo.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C4653CB Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C4653CB CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D44061C/[From [email protected]][Date Sat, 18 Dec 2004 14:37:22 GMT]/re_mail.6082.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D44061C/[From [email protected]][Date Sat, 18 Dec 2004 14:37:22 GMT]/re_mail.6082.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D44061C Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D44061C CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D55580A/[From [email protected]][Date Sun, 19 Dec 2004 07:57:17 GMT]/fast.DOC.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D55580A/[From [email protected]][Date Sun, 19 Dec 2004 07:57:17 GMT]/fast.DOC.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D55580A Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D55580A CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D6529F8/[From infoEmail Removed][Date Sun, 19 Dec 2004 12:50:59 GMT]/yahoo.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D6529F8/[From infoEmail Removed][Date Sun, 19 Dec 2004 12:50:59 GMT]/yahoo.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D6529F8 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D6529F8 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D6F27EE/[From infoEmail Removed][Date Sun, 19 Dec 2004 16:38:43 GMT]/Email Removed5215.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D6F27EE/[From infoEmail Removed][Date Sun, 19 Dec 2004 16:38:43 GMT]/Email Removed5215.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D6F27EE Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D6F27EE CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D7F79DC/[From user_infoEmail Removed][Date Mon, 20 Dec 2004 13:55:46 GMT]/yahoo.5355.word.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D7F79DC/[From user_infoEmail Removed][Date Mon, 20 Dec 2004 13:55:46 GMT]/yahoo.5355.word.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D7F79DC Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D7F79DC CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D9414DD/[From [email protected]][Date Wed, 29 Dec 2004 17:56:43 GMT]/im_shocked.3733.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D9414DD/[From [email protected]][Date Wed, 29 Dec 2004 17:56:43 GMT]/im_shocked.3733.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D9414DD Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D9414DD CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3DCF089C/[From infoEmail Removed][Date Wed, 29 Dec 2004 20:47:30 GMT]/re_mail.7108.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3DCF089C/[From infoEmail Removed][Date Wed, 29 Dec 2004 20:47:30 GMT]/re_mail.7108.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3DCF089C Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3DCF089C CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E481A17/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 01:09:42 GMT]/re_mail.DOC.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E481A17/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 01:09:42 GMT]/re_mail.DOC.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E481A17 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E481A17 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E6F11EC/[From [email protected]][Date Thu, 30 Dec 2004 04:16:46 UTC]/mindspring5757.TXT.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E6F11EC/[From [email protected]][Date Thu, 30 Dec 2004 04:16:46 UTC]/mindspring5757.TXT.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E6F11EC Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E6F11EC CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E7F63DA/[From [email protected]][Date Thu, 30 Dec 2004 07:42:34 UTC]/mail.word.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E7F63DA/[From [email protected]][Date Thu, 30 Dec 2004 07:42:34 UTC]/mail.word.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E7F63DA Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E7F63DA CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E8961CF/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 11:28:40 GMT]/mail_253.eml.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E8961CF/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 11:28:40 GMT]/mail_253.eml.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E8961CF Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E8961CF CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E935FC4/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 14:33:30 GMT]/auto__mail.yahoo4392.EML.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E935FC4/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 14:33:30 GMT]/auto__mail.yahoo4392.EML.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E935FC4 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E935FC4 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3EA007B6/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 18:05:40 GMT]/yahoo.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3EA007B6/[From webmasterEmail Removed][Date Thu, 30 Dec 2004 18:05:40 GMT]/yahoo.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3EA007B6 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3EA007B6 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\57214680/[From [email protected]][Date Tue, 07 Dec 2004 18:23:04 GMT]/re_mail5541.word.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\57214680/[From [email protected]][Date Tue, 07 Dec 2004 18:23:04 GMT]/re_mail5541.word.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\57214680 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\57214680 CryptFF: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\57620E38/[From webmasterEmail Removed.au][Date Wed, 08 Dec 2004 02:02:11 UTC]/auto__mail.yahoo3600.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\57620E38/[From webmasterEmail Removed.au][Date Wed, 08 Dec 2004 02:02:11 UTC]/auto__mail.yahoo3600.zip Infected: Email-Worm.Win32.Sober.i skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\57620E38 Mail: infected - 2 skipped
F:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\57620E38 CryptFF: infe
Post by: guestolo on September 03, 2006, 11:03:51 PM
Can you supply the bottom of the log please if that is the case, let me know
Post by: godzilly on September 03, 2006, 11:34:36 PM
That's wierd - I was sure I checked that everything was there.
I'm attaching as files
[attachment=1297:attachment]
here is kapersky
Post by: guestolo on September 04, 2006, 12:00:03 AM
Thanks for attaching the whole thing
I need you too disable a couple more protections so they won't interfere with the next fixes
Don't be worried, we can reenable them AFTER we have you clear of all malware
For Cleanup purposes, open Norton's Quarantine area and permanently delete all files in this area
Window's Defender
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
Disable Norton's Script blocking:
1. Start Norton AntiVirus.
If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program.
2. Click Options.
If you see a menu, click Norton AntiVirus.
3. In the left pane, click Script Blocking.
4. In the right pane, uncheck Enable Script Blocking (recommended).
5. Click OK.
Can you do the following please
Download The Avenger.zip (http://\"http://swandog46.geekstogo.com/avenger.zip\") by Swandog46 to your Desktop.
* Click on Avenger.zip to open the file
* Extract avenger.exe to your desktop
Copy ALL the text contained in [color=\"#3333FF\"]blue[/color] below to your Clipboard by highlighting it and pressing the (Ctrl+C) on your keyboard
[color=\"#3333FF\"]files to delete:
C:\WINDOWS\system32\winmxw32.dll
C:\WINDOWS\system32\ismini.exe
F:\DRIVE F\laptop\DOWNLOADS\WAR FTP\ward165.exe
F:\DRIVE F\laptop\DOWNLOADS\WAR FTP\war-ftpd.exe
F:\DRIVE F\laptop\All Users\Desktop\DOWNLOADS\WAR FTP\ward165.exe
C:\WINDOWS\ALCXMNTR.EXE [/color]
Now, start The Avenger program by clicking on its icon on your desktop
* Under "Script file to execute" choose "Input Script Manually".
* Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
* Paste the text copied to clipboard into this window by pressing (Ctrl+V).
* Click Done
* Now click on the Green Light to begin execution of the script
* Answer "Yes" twice when prompted.
Avenger should now Reboot your computer
Back in Windows
Post back the following
1. Post a fresh hijackthislog (analyze.exe)
2. Post the log from Avenger located here>>C:\Avenger.txt
Post by: godzilly on September 04, 2006, 01:09:51 PM
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ejhpvdnu
*******************
Script file located at: \??\C:\humnqfmp.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\winmxw32.dll deleted successfully.
File C:\WINDOWS\system32\ismini.exe deleted successfully.
File F:\DRIVE F\laptop\DOWNLOADS\WAR FTP\ward165.exe deleted successfully.
File F:\DRIVE F\laptop\DOWNLOADS\WAR FTP\war-ftpd.exe deleted successfully.
File F:\DRIVE F\laptop\All Users\Desktop\DOWNLOADS\WAR FTP\ward165.exe deleted successfully.
File C:\WINDOWS\ALCXMNTR.EXE deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of HijackThis v1.99.1
Scan saved at 11:04:29 AM, on 9/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\sm56hlpr.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\notepad.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\All Users\Desktop\DOWNLOADS\hijack\ANALYZE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acronis True Image Monitor] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...40%3A%3A454x107 (http://\"https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://automobiles.honda.com/models/mov_iframe_viewpt.asp?path=/images/banners/2006/cr-v/exterior_viewpoint&FrameBGColor=%23FFFFFF&ModelNameDir=crv_ext.mtz&FlashNav=whole.swf&MediaDimensions=454x240%3A%3A454x107\")
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128798714328 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128798714328\")
O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - C:\PROGRA~1\QUESTS~1\SQLNAV~1\RNetPin.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winmxw32 - winmxw32.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Post by: guestolo on September 04, 2006, 01:41:10 PM
Can you do the following
Open Ewido and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Exit Ewido after it has been updated
Do a "System scan only" with Hijackthis and put a check next to these entries:
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...40%3A%3A454x107 (http://\"https://components.viewpoint.com/MTSInstall...40%3A%3A454x107\")
O20 - Winlogon Notify: winmxw32 - winmxw32.dll (file missing)
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot the computer into safe mode
You can do this by tapping the F8 key before Windows loads
Choose Safe mode from the Menu
Ewido Scan
- Then click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
Ensure you are doing a complete scan, which will include drives: C>D>F
Don't use your computer while running the scan, let it complete - Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
- Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Back in Windows
Post a fresh hijackthis log and report from Ewido's
Let me know how things are running
EDIT>>I edited the above instructions, If you have already started
We'll do the above in next step
Post by: godzilly on September 04, 2006, 05:41:09 PM
So far in the last 3 hours I've had popups from Norton or Ewido
I'm hoping that you've beet the thing
Thanks for all your help
Brian
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 3:27:19 PM 9/4/2006
+ Scan result:
C:\avenger\backup.zip/avenger/ismini.exe -> Downloader.Zlob.xy : Cleaned with backup (quarantined).
C:\Documents and Settings\brian\Cookies\brian@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 3:37:26 PM, on 9/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\All Users\Desktop\DOWNLOADS\hijack\ANALYZE.EXE
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acronis True Image Monitor] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128798714328 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128798714328\")
O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - C:\PROGRA~1\QUESTS~1\SQLNAV~1\RNetPin.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Post by: guestolo on September 04, 2006, 05:44:36 PM
Quote
So far in the last 3 hours I've had popups from Norton or Ewido
Does that mean you have or haven't had popups?
Post by: godzilly on September 04, 2006, 07:54:10 PM
I've had NO warning popups from any of the security software - norton, ewdio, windows defender
Previously I would get 3 or 4 as soon as I started internet explorer
Thanks again for all your help
Post by: guestolo on September 04, 2006, 08:07:57 PM
You may want to do the following
In OUTLOOK, remove any emails you don't trust or recognize
These zip files are considered infected by Kapersky's
You may want to remove them
F:\XNEWSDOWN\BPFTP Server 2.21.zip
F:\XNEWSDOWN\FlashGet 1.40.zip
Can you run scan for me, just as a double check
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
Go to either of these links
http://www.virustotal.com/flash/index_en.html (http://\"http://www.virustotal.com/flash/index_en.html\")
OR
http://virusscan.jotti.org/ (http://\"http://virusscan.jotti.org/\")
OR
Virus.org (http://\"http://scanner.virus.org/\")
Use the browse button and navigate to this file on your harddrive
The same file is located in different folders, scan at least 2 of them please
D:\I386\Apps\APP04843\src\da\js\LURegWMI.exe Infected: not-a-virus:AdWare.Win32.Dm.n skipped
D:\I386\Apps\APP04843\src\de\js\LURegWMI.exe Infected: not-a-virus:AdWare.Win32.Dm.n skipped
D:\I386\Apps\APP04843\src\fi\js\LURegWMI.exe Infected: not-a-virus:AdWare.Win32.Dm.n skipped
D:\I386\Apps\APP04843\src\fr\JS\LURegWMI.exe Infected: not-a-virus:AdWare.Win32.Dm.n skipped
D:\I386\Apps\APP04843\src\it\js\LURegWMI.exe Infected: not-a-virus:AdWare.Win32.Dm.n skipped
D:\I386\Apps\APP04843\src\ko\JS\LUREGWMI.EXE Infected: not-a-virus:AdWare.Win32.Dm.n skipped
D:\I386\Apps\APP04843\src\nl\js\LURegWMI.exe Infected: not-a-virus:AdWare.Win32.Dm.n skipped
D:\I386\Apps\APP04843\src\no\js\LURegWMI.exe Infected: not-a-virus:AdWare.Win32.Dm.n skipped
D:\I386\Apps\APP04843\src\pt\js\LURegWMI.exe Infected: not-a-virus:AdWare.Win32.Dm.n skipped
D:\I386\Apps\APP04843\src\sv\js\LURegWMI.exe Infected: not-a-virus:AdWare.Win32.Dm.n skipped
D:\I386\Apps\APP04843\src\zh\cn\JS\LUREGWMI.EXE Infected: not-a-virus:AdWare.Win32.Dm.n skipped
D:\I386\Apps\APP04843\src\zh\tw\JS\LURegWMI.exe
Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please
Post by: godzilly on September 05, 2006, 02:33:40 AM
I've done some cleanup on drive f: based on the kaspersky scan I still have some to do. I will delete the old eudora mailboxes, etc.
drive d: is the system recovery partition that came with the PC. Is really an archive to restore winxp and the varios apps that came with the system. I had to use winrar to extract a couple of LURegWMI.exe files to scan
The various scan reports are attached
Post by: guestolo on September 05, 2006, 07:16:33 PM
That file you scanned
Did your Recovery partition also include a trial of Nortons' on it?
I think this may be a false positive related to an older file of Symantec's
Also, let me know if everything is still OK, we'll just do a quick final cleanup step
Post by: godzilly on September 05, 2006, 10:38:55 PM
The PC came with a trial version of Norton, so I assume that it is one one the apps in the recovery partition
When the trial version expired I installed NIS 2005
I was online for several hours yesterday with no sign of any virus activity
I think you have managed to get it... - YOU ARE THE BEST...
I can't thank you enough
Post by: guestolo on September 05, 2006, 11:02:35 PM
Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Create a New restore point
Name it and click create
When that's done
Open MyComputer
Right click on Local Disk C:
Select Properties>>Disk CleanUp
Let if finish calculating
Select the More Options tab
and click Cleanup under System Restore
This will clear all later restore points except for the one you just made
Ok the prompts, it may take a few seconds to remove old restore points
Ok again after it's ready and let it finish cleaning
*Install SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
- *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
If your protections from Windows Defender and Nortons are still disabled, go back and reenable them
You can go back and rehide hidden files and folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading de-select Show hidden files and folders.
* Check the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
You can go ahead and delete this text file
C:\Avenger.txt
And Avenger.exe and Avenger.zip
Avenger would of created a folder here>>C:\Avenger
Hold onto that folder for about a week, it contains backups of what we removed
If everythings still running good after that time, go ahead and delete that folder too
Take care
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: godzilly on September 05, 2006, 11:58:59 PM
Thanks again....
Post by: guestolo on September 06, 2006, 11:32:52 PM