-
rootkit.dayoff.process (the two logs)
Hi, I hope you can help clean up this problem. I have confidence you'll be able to. Avast, Avg antispy, adaware, trend housecall, vundofix, panda online, windows safety scan all found nothing
Spybot found "rootkit.dayoff.process" and the description explanation told me to use the "tool Gmer" to "kill the processes hidden from windows API". There was no other instruction and not knowing what the heck "gmer" was I googled it and downloaded the tool then scanned with it. Unfortunately, (maybe fortunately), I did'nt know what to do with the results so the report sits on my desktop.
So, since Spybot found the problem I looked into the forums and have been following the instructions for posting my problem and log files. The results of the kapersky scan follow here, (wow it found lots!), with the HJT report to follow shortly.
Thanking you in advance,
a.l. Sudbury, CAN
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, September 29, 2007 4:27:59 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 30/09/2007
Kaspersky Anti-Virus database records: 425657
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
Scan Statistics:
Total number of scanned objects: 52138
Number of viruses found: 7
Number of infected objects: 23
Number of suspicious objects: 0
Duration of the scan process: 00:29:50
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Alan\.housecall6.6\Quarantine\drriacdw.dll.bac_a03992 Infected: Trojan.Win32.BHO.g skipped
C:\Documents and Settings\Alan\.housecall6.6\Quarantine\eihlqllm.dll.bac_a00180 Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\Alan\.housecall6.6\Quarantine\ejmxaudm.dll.bad.bac_a03328 Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\Documents and Settings\Alan\.housecall6.6\Quarantine\eqlpygvm.dll.bac_a00180 Infected: Trojan.Win32.BHO.g skipped
C:\Documents and Settings\Alan\.housecall6.6\Quarantine\eyrtocuv.dll.bac_a00180 Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\Alan\.housecall6.6\Quarantine\gthaimfa.dll.bad.bac_a03328 Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\Documents and Settings\Alan\.housecall6.6\Quarantine\jbcvmmoy.dll.bac_a01396 Infected: Packed.Win32.Klone.j skipped
C:\Documents and Settings\Alan\.housecall6.6\Quarantine\jtyltcgh.dll.bac_a00180 Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\Alan\.housecall6.6\Quarantine\msnmsgr.exe.bac_a03992 Infected: Backdoor.Win32.MSNMaker.ag skipped
C:\Documents and Settings\Alan\.housecall6.6\Quarantine\nhsosoyw.dll.bac_a01396 Infected: Packed.Win32.Klone.j skipped
C:\Documents and Settings\Alan\.housecall6.6\Quarantine\oo.exe.bac_a00400 Infected: IM-Worm.Win32.Agent.a skipped
C:\Documents and Settings\Alan\.housecall6.6\Quarantine\sthtgpeb.dll.bac_a02236 Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\Alan\.housecall6.6\Quarantine\tohphnnd.dll.bac_a01396 Infected: Packed.Win32.Klone.j skipped
C:\Documents and Settings\Alan\.housecall6.6\Quarantine\vgodbhsi.dll.bac_a00180 Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\Alan\.housecall6.6\Quarantine\wngipqhe.dll.bac_a02584 Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\Alan\.housecall6.6\Quarantine\xcjcnisg.dll.bad.bac_a03328 Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\Documents and Settings\Alan\.housecall6.6\Quarantine\yuludtpw.dll.bac_a01396 Infected: Packed.Win32.Klone.j skipped
C:\Documents and Settings\Alan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Alan\Desktop\misc v scan aps\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Alan\Desktop\misc v scan aps\SmitfraudFix\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Alan\Desktop\misc v scan aps\SmitfraudFix\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Alan\Desktop\misc v scan aps\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Alan\Desktop\misc v scan aps\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Alan\Desktop\misc v scan aps\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Alan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Alan\ntuser.dat Object is locked skipped
C:\Documents and Settings\Alan\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F3081F63-5847-4939-91B1-D872B41C61F3}\RP8\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_698.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
