http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'
\' />
The file command.exe is the Trojan horse Drop.Delf.EV.8 ! What should I do? I use AntiVir Personal Edition Clasic. My OS is XP Professional
Creation date of the report file: Tuesday, July 26, 2005 08:30
AntiVir®/XP (2000 + NT) PersonalEdition Classic
Build 1047 vom 07.06.2005
Mainprogram 6.31.00.03 of 10.05.2005
VDF file 6.31.1.21 (0) of 26.07.2005
Scanning for 195620 virus strains and unwanted programs.
Platform: Windows NT Workstation
Windows version: 5.1 Build 2600 ()
Username: q
Processor: Pentium
Working memory: 376288 KB free
Version information:
AVWIN.DLL : 6.31.00.03 561192 10.05.2005 16:50:16
AVEWIN32.DLL : 6.31.1.0 823808 19.07.2005 17:54:12
AVGNT.EXE : 6.31.00.01 168039 10.05.2005 16:50:16
AVGUARD.EXE : 6.31.00.01 238120 29.04.2005 08:07:12
GUARDMSG.DLL : 6.30.00.02 94248 01.02.2005 11:24:10
AVGCMSG.DLL : 6.31.00.00 295029 29.04.2005 08:07:16
AVGNTDW.SYS : 6.31.00.01 32896 29.04.2005 08:07:16
AVPACK32.DLL : 6.31.00.03 323664 25.05.2005 10:43:02
AVGETVER.DLL : 6.30.00.00 24576 28.01.2005 18:10:20
AVWIN.DLL : 6.31.00.03 561192 10.05.2005 16:50:16
AVSHLEXT.DLL : 6.30.00.01 40960 28.01.2005 18:10:22
AVSched32.EXE : 6.30.00.00 110632 01.02.2005 11:24:10
AVSched32.DLL : 6.30.00.00 122880 01.02.2005 11:24:10
AVREG.DLL : 6.30.00.03 41000 10.02.2005 18:47:48
AVRep.DLL : 6.31.01.10 1245224 22.07.2005 08:21:04
INETUPD.EXE : 6.31.00.02 249915 29.04.2005 08:07:14
INETUPD.DLL : 6.31.00.02 143360 29.04.2005 08:07:14
CTL3D32.DLL : 2.31.000 27136 23.08.2001 08:00:00
MFC42.DLL : 6.00.8665.0 995383 23.08.2001 08:00:00
MSVCRT.DLL : 7.0.2600.0 (xpclient.010817-1148
MSVCRT.DLL : 7.0.2600.0 (xp 322560 23.08.2001 08:00:00
CTL3DV2.DLL : No information
Configuration file:
Name of configuration file: C:\Program Files\AVPersonal\AVWIN.INI
Name of report file: C:\Program Files\AVPersonal\LOGFILES\AVWIN.LOG
Start path: C:\Program Files\AVPersonal
Command line:
Start mode: unknown
Mode of report file:
[ ] Do not create report
[X] Overwrite report
[ ] Append new report
Data in report file:
[X] Infected files
[ ] Infected files with paths
[ ] All scanned files
[ ] Full information
Abridge report file:
[ ] Abridge report file
Warnings in report:
[X] Access denied/file locked
[X] Wrong file size in directory
[X] Wrong creation time in directory
[ ] COM file is too large
[X] Invalid start address
[X] Invalid EXE header
[X] Possibly damaged
Summary report:
[X] Create summary report
Output file: AVWIN.ACT
Maximum number of entries: 100
Where to search:
[X] Memory
[X] Boot record of selected drives
[ ] Report unknown boot sectors
[ ] All files
[X] Program files
Extensions: .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
Response in case of a detection:
[X] Repair with prompt
[ ] Repair without prompt
[ ] Delete with prompt
[ ] Delete without prompt
[ ] Write in report file only
[ ] Acoustic alarm
Response in case of destroyed files:
[X] Delete with prompt
[ ] Delete without prompt
[ ] Ignore
Response in case of destroyed files:
[X] No change
[ ] Current system time
[ ] Correct date
Drag&drop settings:
[X] Scan subdirectories
Profile settings:
[X] Scan subdirectories
Archive options
[X] Search archive
[X] All archive types
Miscellaneous options:
Temporary path: %TEMP% -> C:\Program Files\AVPersonal\BUILD.DAT
[X] Overwrite infected files
[ ] Detect idle time
[X] Allow interruptions of scan
[ ] Load AVWin®/NT Guard on System start
General settings:
[X] Save options on exiting AntiVir
Priority: medium
Drives:
A: Floppy drive
C: Hard disk
D: Hard disk
E: Floppy drive
F: CD-ROM
Start of scan: Tuesday, July 26, 2005 08:30
Memory test OK
Master boot record of hard disk HD0 OK
Master boot record of hard disk HD1
The record could not be read!
Error code: 0x0015
Boot record of drive C: OK
C:\
command.exe
[DETECTION] Is the Trojan horse TR/Drop.Delf.EV.8
Not deleted after prompt!
hiberfil.sys
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
pagefile.sys
Access denied! Error during file opening!
This is a Windows swap file. This file is locked by Windows.
Error code: 0x000D
WARNING! Access error/file locked!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery
Admess.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AlexaRelated.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads10.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads11.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads12.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads13.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads14.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads15.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads16.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads17.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads18.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads19.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads20.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads21.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads22.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads23.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads24.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads25.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads26.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads27.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads28.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads29.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads30.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads31.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads32.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads33.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads34.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads35.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads36.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads37.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads7.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads8.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DownloadAcceleratorPlusads9.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DyFuCAInternetOptimizer.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
EffectiveBandToolbar.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
eUniverseSearchNuggetToolbar.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
eUniverseSearchNuggetToolbar1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
HaxdoorH.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Hotbar.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Hotbar1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISearchTechISTdownloader.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
MyWebSearch.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
MyWebSearch1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VXFavoriteman.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
VXFavoriteman1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
C:\Documents and Settings\q\.jpi_cache\jar\1.0
pote.jar-3aa4664a-757131bd.zip
ArchiveType: ZIP
NOTE! No files to extract.
C:\Documents and Settings\q\Local Settings\Temp\Temporary Internet Files\Content.IE5\4ELVR14P
Type%3dclick%26FlightID%3d38828%26AdID%3d67568%26TargetID%3d1389%26Segments%3d12,729,837,962,2798,5187,5192,5193,5209%26Targets%3d9899,9209,892,1389,1204,3948%26Values%3d31,43,[1].htm
Access denied! Error during file opening!
Error code: 0x0016
WARNING! Access error/file locked!
C:\Documents and Settings\q\Local Settings\Temp\Temporary Internet Files\Content.IE5\IPXPP0TB
Type%3dclick%26FlightID%3d38828%26AdID%3d67568%26TargetID%3d1389%26Segments%3d12,712,729,754,837,962,1090,2527,2798,3282,4289,5187,5192,5193,5209,7407%26Targets%3d9899,9209,892[1].htm
Access denied! Error during file opening!
Error code: 0x0002
WARNING! Access error/file locked!
C:\Documents and Settings\q\Local Settings\Temp\Temporary Internet Files\Content.IE5\PC8NDTW1
maps_director;page=maps_director;region1=na;region2=us;region3=il;region4=chg;sr
c=fodors;pkg=future;td=;abr=!webtv;dcopt=ist;u=;sz=728x90;tile=1;ord=5695611694893020[1]
Access denied! Error during file opening!
Error code: 0x0002
WARNING! Access error/file locked!
C:\Program Files\Opera7\Plugins
npWTHost.dll
[DETECTION] Contains signature of the SPR/WildTangent.B.1 program
C:\Program Files\WinRAR
rarnew.dat
ArchiveType: RAR
NOTE! The archive is created by multiple volumes
C:\Program Files\Yahoo!\YPSR\Quarantine
20050425041232.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
20050426015850.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
20050427213141.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
20050428035710.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
20050429042935.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
20050505034220.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
20050505041458.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
C:\Scoop2004\fs2004
fs.ini
[DETECTION] Contains suspicious code HEURISTIC/Worm.IRCScript
Error! Could not change directory: System Volume Information
C:\WINDOWS\system32
midad.dll
[DETECTION] Is the Trojan horse TR/Dldr.Miewer.A.3
C:\WINDOWS\system32\config
default
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SAM
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SECURITY
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
software
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
system
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
End of scan: Tuesday, July 26, 2005 09:17
Time taken: 47:11 min
2555 directories were scanned
72054 files were scanned
12 warning messages were issued
0 files were deleted
0 files were repaired
4 detections
Kind regards,
Krisztian
