Author Topic: Win32.P2P-Worm.Alcan.a removal (Read 1428 times)

Guest_Alex_* · « **on:** September 10, 2005, 01:58:00 PM »

I'm unsure how to get rid of this here is my adaware SE Personal scan. It was updated like 3 days ago. Plz help if you can!

Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, September 10, 2005 1:46:30 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R64 31.08.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):9 total references
Possible Browser Hijack attempt(TAC index:3):6 total references
Tracking Cookie(TAC index:3):23 total references
Win32.P2P-Worm.Alcan.a(TAC index:

:9 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):33 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

9-10-2005 1:46:30 PM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 748
ThreadCreationTime : 9-10-2005 4:15:52 PM
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 816
ThreadCreationTime : 9-10-2005 4:15:53 PM
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 840
ThreadCreationTime : 9-10-2005 4:15:54 PM
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 884
ThreadCreationTime : 9-10-2005 4:15:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 896
ThreadCreationTime : 9-10-2005 4:15:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1036
ThreadCreationTime : 9-10-2005 4:15:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1248
ThreadCreationTime : 9-10-2005 4:17:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1356
ThreadCreationTime : 9-10-2005 4:17:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [incdsrv.exe]
FilePath : C:\Program Files\Ahead\InCD\
ProcessID : 1376
ThreadCreationTime : 9-10-2005 4:17:16 PM
BasePriority : Normal
FileVersion : 4, 2, 12, 0
ProductVersion : 4, 2, 12, 0
ProductName : Ahead Software AG incdsrv
CompanyName : Ahead Software AG
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Ahead Software AG
OriginalFilename : incdsrv.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1616
ThreadCreationTime : 9-10-2005 4:17:17 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1648
ThreadCreationTime : 9-10-2005 4:17:17 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1832
ThreadCreationTime : 9-10-2005 4:17:17 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1952
ThreadCreationTime : 9-10-2005 4:17:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:14 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1992
ThreadCreationTime : 9-10-2005 4:17:23 PM
BasePriority : Normal
FileVersion : 6.14.10.7124
ProductVersion : 6.14.10.7124
ProductName : NVIDIA Driver Helper Service, Version 71.24
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 71.24
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:15 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1392
ThreadCreationTime : 9-10-2005 5:45:07 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:16 [hvuqrv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1660
ThreadCreationTime : 9-10-2005 5:45:10 PM
BasePriority : Normal
FileVersion : 1, 1, 0, 8
ProductVersion : 0, 0, 7, 0

#:17 [xitjy.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1700
ThreadCreationTime : 9-10-2005 5:45:12 PM
BasePriority : Normal

#:18 [mm_tray.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ProcessID : 164
ThreadCreationTime : 9-10-2005 5:45:12 PM
BasePriority : Normal
FileVersion : 7.20.0162
ProductVersion : 7.20.0162
ProductName : MUSICMATCH JUKEBOX
CompanyName : MUSICMATCH, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © MUSICMATCH 1998-2001
LegalTrademarks :
OriginalFilename : mm_tray.exe

#:19 [svcnet.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 176
ThreadCreationTime : 9-10-2005 5:45:12 PM
BasePriority : Normal

#:20 [sndcfg16.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 360
ThreadCreationTime : 9-10-2005 5:45:14 PM
BasePriority : Normal

#:21 [winupdates.exe]
FilePath : C:\Program Files\winupdates\
ProcessID : 612
ThreadCreationTime : 9-10-2005 5:45:20 PM
BasePriority : Normal
FileVersion : 3.06
ProductVersion : 3.06
ProductName : inno setup
CompanyName : inno setup
FileDescription : inno setup
InternalName : Setup
LegalCopyright : inno setup
LegalTrademarks : inno setup
OriginalFilename : Setup.exe
Comments : inno setup

#:22 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 632
ThreadCreationTime : 9-10-2005 5:45:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:23 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 1908
ThreadCreationTime : 9-10-2005 5:45:27 PM
BasePriority : Normal
FileVersion : 4.7.3000
ProductVersion : Version 4.7.3000
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:24 [mmjb.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ProcessID : 864
ThreadCreationTime : 9-10-2005 5:45:34 PM
BasePriority : Normal
FileVersion : 7.20.0162
ProductVersion : 7.20.0162
ProductName : MUSICMATCH Jukebox
CompanyName : MUSICMATCH, Inc.
FileDescription : MUSICMATCH Jukebox
InternalName : mmjb
LegalCopyright : Copyright © MUSICMATCH 1998-2001
LegalTrademarks :
OriginalFilename : mmjb.EXE

#:25 [mmdiag.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ProcessID : 656
ThreadCreationTime : 9-10-2005 5:45:37 PM
BasePriority : Normal
FileVersion : 7.20.0162
ProductVersion : 7.20.0162
ProductName : MUSICMATCH JUKEBOX
CompanyName : MUSICMATCH, Inc.
FileDescription : Logging and tracing manager
InternalName : MMTraceExe
LegalCopyright : Copyright © MUSICMATCH 1998-2001
LegalTrademarks :
OriginalFilename : MMTraceExe.EXE

#:26 [bartshel.exe]
FilePath : C:\Program Files\PeoplePC\ISP6130\Browser\
ProcessID : 1600
ThreadCreationTime : 9-10-2005 5:46:26 PM
BasePriority : Normal
FileVersion : 6, 0, 1, 277
ProductVersion : 6, 0, 0, 0
ProductName : PeoplePC BartShell Module
CompanyName : PeoplePC
FileDescription : BartShell Module
InternalName : BartShell
LegalCopyright : Copyright © 2005 PeoplePC
OriginalFilename : BartShel.exe

#:27 [bartshel.exe]
FilePath : C:\Program Files\PeoplePC\ISP6130\Browser\
ProcessID : 1220
ThreadCreationTime : 9-10-2005 5:46:26 PM
BasePriority : Normal
FileVersion : 6, 0, 1, 277
ProductVersion : 6, 0, 0, 0
ProductName : PeoplePC BartShell Module
CompanyName : PeoplePC
FileDescription : BartShell Module
InternalName : BartShell
LegalCopyright : Copyright © 2005 PeoplePC
OriginalFilename : BartShel.exe

#:28 [ppshared.exe]
FilePath : C:\PROGRA~1\PeoplePC\ISP6130\Browser\
ProcessID : 732
ThreadCreationTime : 9-10-2005 5:46:27 PM
BasePriority : Normal
FileVersion : 6, 0, 1, 3
ProductVersion : 6, 0, 0, 0
ProductName : PPShared Module
CompanyName : PeoplePC
FileDescription : PPShared Module
InternalName : PPShared
LegalCopyright : Copyright © 2005
OriginalFilename : PPShared.EXE

#:29 [ad-watch.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ProcessID : 3952
ThreadCreationTime : 9-10-2005 6:38:25 PM
BasePriority : Normal
FileVersion : 3.1.2.17
ProductVersion : 3.0
ProductName : Ad-aware 6
CompanyName : Lavasoft Sweden
FileDescription : Ad-watch Monitor
InternalName : Ad-watch.exe
LegalCopyright : 2001-2003 Team Lavasoft
OriginalFilename : Ad-watch.exe

#:30 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2952
ThreadCreationTime : 9-10-2005 6:46:12 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:31 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2752
ThreadCreationTime : 9-10-2005 6:46:16 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-2052111302-682003330-1004\software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-2052111302-682003330-1004\software\aurora
Value : AUL3a5stSSChckin

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-2052111302-682003330-1004\software\aurora
Value : AUL3a5stMotsSDay

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-2052111302-682003330-1004\software\aurora
Value : AUP3D5om

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-2052111302-682003330-1004\software\aurora
Value : AUB3D5om

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-2052111302-682003330-1004\software\aurora
Value : AUs3t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-2052111302-682003330-1004\software\aurora
Value : AUs3t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-2052111302-682003330-1004\software\aurora
Value : AUs3t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-2052111302-682003330-1004\software\aurora
Value : AUs3t5icky4S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-2052111302-682003330-1004\software\aurora
Value : AUE3v5nt

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-2052111302-682003330-1004\software\aurora
Value : AUT3h5rshSBath

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-2052111302-682003330-1004\software\aurora
Value : AUT3h5rshSysSInf

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-2052111302-682003330-1004\software\aurora
Value : AUT3h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-2052111302-682003330-1004\software\aurora
Value : AUT3h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-2052111302-682003330-1004\software\aurora
Value : AUL3n5Title

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-2052111302-682003330-1004\software\aurora
Value : AU3N5a7tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-2052111302-682003330-1004\software\aurora
Value : AUD3s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-2052111302-682003330-1004\software\aurora
Value : AUC3u5rrentSMode

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-2052111302-682003330-1004\software\aurora
Value : AUC3n5tFyl

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-2052111302-682003330-1004\software\aurora
Value : AUM3o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-2052111302-682003330-1004\software\aurora
Value : AUI3g5noreS

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-2052111302-682003330-1004\software\aurora
Value : AUC1o3d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-2052111302-682003330-1004\software\aurora
Value : AUT3i5m7eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-2052111302-682003330-1004\software\aurora
Value : AUI3d5OfSInst

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-2052111302-682003330-1004\software\aurora
Value : AUI3n5ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-2052111302-682003330-1004\software\aurora
Value : AUI3n5ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-2052111302-682003330-1004\software\aurora
Value : AUI3n5ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1715567821-2052111302-682003330-1004\software\aurora
Value : AUS3t5atusOfSInst

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
TAC Rating : 3
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 29
Objects found so far: 29

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : DisplayName

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : URLInfoAbout

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : Publisher

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : HelpLink

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : Contact

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 35

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 9-10-2005 1:45:48 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@realmedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:24
Value : Cookie:[email protected]/
Expires : 12-31-2020 7:00:00 PM
LastSync : Hits:24
UseCount : 0
Hits : 24

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 9-8-2010 7:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 10-30-2006 1:31:08 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@trafficmp[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:45
Value : Cookie:[email protected]/
Expires : 9-9-2006 7:22:54 PM
LastSync : Hits:45
UseCount : 0
Hits : 45

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 9-5-2006 3:44:24 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 9-8-2010 7:32:18 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:22
Value : Cookie:[email protected]/
Expires : 12-31-2009 7:00:00 PM
LastSync : Hits:22
UseCount : 0
Hits : 22

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@mediaplex[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 6-21-2009 7:00:00 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@bluestreak[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 9-3-2015 11:35:04 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@overstock[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:21
Value : Cookie:[email protected]/
Expires : 2-19-2020 9:28:00 AM
LastSync : Hits:21
UseCount : 0
Hits : 21

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 10-9-2005 7:32:18 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@tribalfusion[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:[email protected]/
Expires : 12-31-2037 7:00:00 PM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@centrport[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 12-31-2029 7:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@targetnet[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 5-17-2033 10:33:20 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 9-9-2006 7:28:12 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:66
Value : Cookie:[email protected]/
Expires : 9-9-2006 7:32:38 PM
LastSync : Hits:66
UseCount : 0
Hits : 66

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@fastclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 8-31-2007 1:37:18 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@adrevolver[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/adrevolver/
Expires : 6-5-2008 8:12:26 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@valueclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 9-3-2030 7:32:58 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 9-3-2006 11:00:00 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@casalemedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:23
Value : Cookie:[email protected]/
Expires : 9-1-2006 9:39:18 AM
LastSync : Hits:23
UseCount : 0
Hits : 23

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@adrevolver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 9-9-2006 12:12:28 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 23
Objects found so far: 58

Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 58

Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : bszip.dll
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 3.0.2.0
ProductVersion : 3.02
ProductName : BigSpeed Zip DLL
CompanyName : BigSpeedSoft
InternalName : bszip.dll
LegalCopyright : © BigSpeedSoft
LegalTrademarks : BigSpeed is a trademark of BigSpeedSoft
OriginalFilename : bszip.dll

Disk Scan Result for C:\WINDOWS\System32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 59

Disk Scan Result for C:\DOCUME~1\Alex\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 59

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 59

MRU List Object Recognized!
Location: : C:\Documents and Settings\Alex\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : S-1-5-21-1715567821-2052111302-682003330-1004\software\adobe\photoshop\7.0\visiteddirs
Description : adobe photoshop 7 recent work folders

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-1715567821-2052111302-682003330-1004\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1715567821-2052111302-682003330-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-1715567821-2052111302-682003330-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-1715567821-2052111302-682003330-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : software\musicmatch\musicmatch jukebox\4.0\mmradio
Description : information on the last station listened to using musicmatch radio

MRU List Object Recognized!
Location: : S-1-5-21-1715567821-2052111302-682003330-1004\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\control\print\monitors\zepmon

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\control\print\monitors\zepmon

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

VX2 Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

VX2 Object Recognized!
Type : File
Data : abiuninst.htm
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\

Win32.P2P-Worm.Alcan.a Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Worm
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : cmd.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\System32\

Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : netstat.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\System32\

Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : ping.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\System32\

Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : regedit.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\System32\

Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : taskkill.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\System32\

Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : tasklist.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\System32\

Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : tracert.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\System32\

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 13
Objects found so far: 81

1:47:16 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:00:45.562
Objects scanned:69495
Objects identified:72
Objects ignored:0
New critical objects:72

guestolo · « **Reply #1 on:** September 10, 2005, 02:03:50 PM »

Hi Alex, I would like to see a Hijackthis log
But I will also require you to register to the forum
It's free and simple
Afterwards, come back here
Download Hijackthis from my Signature below and save it too a permanent folder on your drive

Open Hijackthis.exe
Do a SCAN and Save a Log file---Save the log----copy and paste the WHOLE contents of the log here... Don't try and fix anything yet----It is all important

TheTechGuide Forum

News:

Author Topic: Win32.P2P-Worm.Alcan.a removal (Read 1428 times)

Guest_Alex_*

Win32.P2P-Worm.Alcan.a removal

guestolo

Win32.P2P-Worm.Alcan.a removal