Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - cK007

Pages: [1]
1
Tech Clinic / The file command.exe is the Trojan horse Drop.Delf
« on: July 26, 2005, 07:07:36 AM »
http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />  
The file command.exe is the Trojan horse Drop.Delf.EV.8 ! What should I do? I use AntiVir Personal Edition Clasic. My OS is XP Professional


Creation date of the report file:  Tuesday, July 26, 2005  08:30

AntiVir®/XP (2000 + NT) PersonalEdition Classic
Build 1047 vom 07.06.2005
Mainprogram 6.31.00.03 of 10.05.2005
VDF file 6.31.1.21 (0) of 26.07.2005





Scanning for 195620 virus strains and unwanted programs.



Platform:        Windows NT Workstation
Windows version: 5.1 Build 2600 ()
Username:        q
Processor:       Pentium
Working memory:  376288 KB free

Version information:
 AVWIN.DLL      : 6.31.00.03     561192  10.05.2005  16:50:16
 AVEWIN32.DLL   : 6.31.1.0       823808  19.07.2005  17:54:12
 AVGNT.EXE      : 6.31.00.01     168039  10.05.2005  16:50:16
 AVGUARD.EXE    : 6.31.00.01     238120  29.04.2005  08:07:12
 GUARDMSG.DLL   : 6.30.00.02      94248  01.02.2005  11:24:10
 AVGCMSG.DLL    : 6.31.00.00     295029  29.04.2005  08:07:16
 AVGNTDW.SYS    : 6.31.00.01      32896  29.04.2005  08:07:16
 AVPACK32.DLL   : 6.31.00.03     323664  25.05.2005  10:43:02
 AVGETVER.DLL   : 6.30.00.00      24576  28.01.2005  18:10:20
 AVWIN.DLL      : 6.31.00.03     561192  10.05.2005  16:50:16
 AVSHLEXT.DLL   : 6.30.00.01      40960  28.01.2005  18:10:22
 AVSched32.EXE  : 6.30.00.00     110632  01.02.2005  11:24:10
 AVSched32.DLL  : 6.30.00.00     122880  01.02.2005  11:24:10
 AVREG.DLL      : 6.30.00.03      41000  10.02.2005  18:47:48
 AVRep.DLL      : 6.31.01.10    1245224  22.07.2005  08:21:04
 INETUPD.EXE    : 6.31.00.02     249915  29.04.2005  08:07:14
 INETUPD.DLL    : 6.31.00.02     143360  29.04.2005  08:07:14
 CTL3D32.DLL    : 2.31.000        27136  23.08.2001  08:00:00
 MFC42.DLL      : 6.00.8665.0     995383  23.08.2001  08:00:00
 MSVCRT.DLL     : 7.0.2600.0 (xpclient.010817-1148
 MSVCRT.DLL     : 7.0.2600.0 (xp     322560  23.08.2001  08:00:00
 CTL3DV2.DLL    : No information

Configuration file:

 Name of configuration file: C:\Program Files\AVPersonal\AVWIN.INI
 Name of report file:        C:\Program Files\AVPersonal\LOGFILES\AVWIN.LOG
 Start path:                 C:\Program Files\AVPersonal
 Command line:              
 Start mode:                  unknown

 Mode of report file:
 [ ] Do not create report
 [X] Overwrite report
 [ ] Append new report

 Data in report file:
 [X] Infected files
 [ ] Infected files with paths
 [ ] All scanned files
 [ ] Full information

 Abridge report file:
 [ ] Abridge report file

 Warnings in report:
 [X] Access denied/file locked
 [X] Wrong file size in directory
 [X] Wrong creation time in directory
 [ ] COM file is too large
 [X] Invalid start address
 [X] Invalid EXE header
 [X] Possibly damaged

 Summary report:
 [X] Create summary report
     Output file: AVWIN.ACT
     Maximum number of entries: 100

 Where to search:
 [X] Memory
 [X] Boot record of selected drives
 [ ] Report unknown boot sectors
 [ ] All files
 [X] Program files
     Extensions:  .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

 Response in case of a detection:
 [X] Repair with prompt
 [ ] Repair without prompt
 [ ] Delete with prompt
 [ ] Delete without prompt
 [ ] Write in report file only
 [ ] Acoustic alarm

 Response in case of destroyed files:
 [X] Delete with prompt
 [ ] Delete without prompt
 [ ] Ignore

 Response in case of destroyed files:
 [X] No change
 [ ] Current system time
 [ ] Correct date

 Drag&drop settings:
 [X] Scan subdirectories

 Profile settings:
 [X] Scan subdirectories

 Archive options
 [X] Search archive
 [X] All archive types

 Miscellaneous options:
 Temporary path: %TEMP% -> C:\Program Files\AVPersonal\BUILD.DAT
 [X] Overwrite infected files
 [ ] Detect idle time
 [X] Allow interruptions of scan
 [ ] Load AVWin®/NT Guard on System start

 General settings:
 [X] Save options on exiting AntiVir
 Priority: medium

 Drives:
 A: Floppy drive
 C: Hard disk
 D: Hard disk
 E: Floppy drive
 F: CD-ROM

Start of scan:  Tuesday, July 26, 2005  08:30

Memory test                          OK
Master boot record of hard disk HD0   OK
Master boot record of hard disk HD1  
      The record could not be read!
      Error code: 0x0015
Boot record of drive C:            OK


C:\
  command.exe
      [DETECTION] Is the Trojan horse TR/Drop.Delf.EV.8
      Not deleted after prompt!
  hiberfil.sys
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  pagefile.sys
      Access denied! Error during file opening!
      This is a Windows swap file. This file is locked by Windows.
      Error code: 0x000D
      WARNING! Access error/file locked!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery
  Admess.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  AlexaRelated.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads1.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads10.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads11.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads12.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads13.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads14.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads15.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads16.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads17.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads18.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads19.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads2.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads20.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads21.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads22.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads23.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads24.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads25.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads26.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads27.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads28.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads29.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads3.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads30.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads31.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads32.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads33.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads34.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads35.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads36.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads37.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads4.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads5.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads6.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads7.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads8.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DownloadAcceleratorPlusads9.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DSOExploit.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DSOExploit1.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DSOExploit2.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DSOExploit3.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DSOExploit4.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  DyFuCAInternetOptimizer.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  EffectiveBandToolbar.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  eUniverseSearchNuggetToolbar.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  eUniverseSearchNuggetToolbar1.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  HaxdoorH.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  Hotbar.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  Hotbar1.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  ISearchTechISTdownloader.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  MyWebSearch.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  MyWebSearch1.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  VXFavoriteman.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  VXFavoriteman1.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
C:\Documents and Settings\q\.jpi_cache\jar\1.0
  pote.jar-3aa4664a-757131bd.zip
  ArchiveType: ZIP
      NOTE! No files to extract.
C:\Documents and Settings\q\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ELVR14P
  Type%3dclick%26FlightID%3d38828%26AdID%3d67568%26TargetID%3d1389%26Segments%3d12,729,837,962,2798,5187,5192,5193,5209%26Targets%3d9899,9209,892,1389,1204,3948%26Values%3d31,43,[1].htm
      Access denied! Error during file opening!
      Error code: 0x0016
      WARNING! Access error/file locked!
C:\Documents and Settings\q\Local Settings\Temp\Temporary Internet Files\Content.IE5\IPXPP0TB
  Type%3dclick%26FlightID%3d38828%26AdID%3d67568%26TargetID%3d1389%26Segments%3d12,712,729,754,837,962,1090,2527,2798,3282,4289,5187,5192,5193,5209,7407%26Targets%3d9899,9209,892[1].htm
      Access denied! Error during file opening!
      Error code: 0x0002
      WARNING! Access error/file locked!
C:\Documents and Settings\q\Local Settings\Temp\Temporary Internet Files\Content.IE5\PC8NDTW1
  maps_director;page=maps_director;region1=na;region2=us;region3=il;region4=chg;sr
c=fodors;pkg=future;td=;abr=!webtv;dcopt=ist;u=;sz=728x90;tile=1;ord=5695611694893020[1]
      Access denied! Error during file opening!
      Error code: 0x0002
      WARNING! Access error/file locked!
C:\Program Files\Opera7\Plugins
  npWTHost.dll
      [DETECTION] Contains signature of the SPR/WildTangent.B.1 program
C:\Program Files\WinRAR
  rarnew.dat
  ArchiveType: RAR
      NOTE! The archive is created by multiple volumes
C:\Program Files\Yahoo!\YPSR\Quarantine
  20050425041232.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  20050426015850.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  20050427213141.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  20050428035710.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  20050429042935.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  20050505034220.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
  20050505041458.zip
  ArchiveType: ZIP
      NOTE! The whole archive is password protected
C:\Scoop2004\fs2004
  fs.ini
      [DETECTION] Contains suspicious code HEURISTIC/Worm.IRCScript
Error! Could not change directory: System Volume Information
C:\WINDOWS\system32
  midad.dll
      [DETECTION] Is the Trojan horse TR/Dldr.Miewer.A.3
C:\WINDOWS\system32\config
  default
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  SAM
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  SECURITY
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  software
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!
  system
      Access denied! Error during file opening!
      Error code: 0x000D
      WARNING! Access error/file locked!

End of scan:  Tuesday, July 26, 2005  09:17
Time taken:         47:11 min


2555 directories were scanned
72054 files were scanned
  12 warning messages were issued
   0 files were deleted
   0 files were repaired
   4 detections



Kind regards,
Krisztian

Pages: [1]