PDA

View Full Version : 17 viruses? P2P virus infection



alanus
2007-01-22, 17:53
HI, straight to the point, my incompetent sister abused limewier and now she's full of viruses. hijack this log follows:

Logfile of HijackThis v1.99.1
Scan saved at 16:52:29, on 22.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\acer\Bureau\spybot\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD0148EE-841E-4405-B9DA-6CDA11DE400B}: NameServer = 195.186.1.111,195.186.4.111
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

alanus
2007-01-22, 17:55
Kaspersky virus scan: VERY VERY LONG

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, January 22, 2007 4:45:57 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 22/01/2007
Kaspersky Anti-Virus database records: 260753
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 61555
Number of viruses found: 17
Number of infected objects: 21034 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:11:11

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\acer\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\acer\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\acer\Local Settings\Temp\~DF2DF7.tmp Object is locked skipped
C:\Documents and Settings\acer\Local Settings\Temp\~DF3283.tmp Object is locked skipped
C:\Documents and Settings\acer\Local Settings\Temp\~DFE2B6.tmp Object is locked skipped
C:\Documents and Settings\acer\Local Settings\Temp\~DFE2BD.tmp Object is locked skipped
C:\Documents and Settings\acer\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\acer\Local Settings\Historique\History.IE5\MSHist012007012220070123\index.dat Object is locked skipped
C:\Documents and Settings\acer\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\acer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\acer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\acer\Local Settings\Application Data\Microsoft\Windows Live Contacts\the_alanek@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\acer\Local Settings\Application Data\Microsoft\Windows Live Contacts\the_alanek@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\acer\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\acer\UserData\index.dat Object is locked skipped
C:\Documents and Settings\acer\Complete\Register Now.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Register Now.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Recover password.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Recover password.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\battlestar galactica.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\battlestar galactica.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\dark messiah.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\dark messiah.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\desperate housewives.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\desperate housewives.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\family guy.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\family guy.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\gilmore girls.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\gilmore girls.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\gothic 3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\gothic 3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\grey s anatomy.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\grey s anatomy.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\greys anatomy.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\greys anatomy.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\lost s03.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\lost s03.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\lost s03e04.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\lost s03e04.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\miami vice.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\miami vice.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\my chemical romance.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\my chemical romance.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\my name is earl.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\my name is earl.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\need for speed.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\need for speed.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\need for speed carbon.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\need for speed carbon.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\one tree hill.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\one tree hill.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\open season.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\open season.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\prison break.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\prison break.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\prison break s02e09.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped

alanus
2007-01-22, 17:58
C:\Documents and Settings\acer\Complete\prison break s02e09.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\pro evolution soccer 6.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\pro evolution soccer 6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\saw 3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\saw 3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\south park.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\south park.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\the departed.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\the departed.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\the office.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\the office.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\the prestige.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\the prestige.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\New layout.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\New layout.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Server Move.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Server Move.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\New York The Movie Pirate Capital.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\New York The Movie Pirate Capital.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Mininova Gets a Redesign.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Mininova Gets a Redesign.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Be a Hero, Be a Pirate!.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Be a Hero, Be a Pirate!.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Firefox plugin.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Firefox plugin.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Contact Us.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Contact Us.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Today on CNET.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Today on CNET.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Tips & Tricks.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Tips & Tricks.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\CNET TV.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\CNET TV.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Compare Prices.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Compare Prices.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\PC Games.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\PC Games.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IeUnit 2.1.238.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IeUnit 2.1.238.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IEWatch Professional 4.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IEWatch Professional 4.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ieWHUB 1.1.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ieWHUB 1.1.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\If You Believe You Can .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\If You Believe You Can .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iF-16 demo .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iF-16 demo .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iFA-18E Carrier Strike Fighter demo .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iFA-18E Carrier Strike Fighter demo .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IFA Database 01.00.01.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IFA Database 01.00.01.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iFacts 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iFacts 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IFAebook 7.7.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IFAebook 7.7.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iFastViewer 0.3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iFastViewer 0.3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iFD Bundle 1.6.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iFD Bundle 1.6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iFD Calc 1.6.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iFD Calc 1.6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iFD Christmas 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iFD Christmas 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iFD Explorer 1.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iFD Explorer 1.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iFD Formula 1.6.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iFD Formula 1.6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iFD Geometry 1.8.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iFD Geometry 1.8.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iFetcher 1.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iFetcher 1.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iFever 1.3.0.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iFever 1.3.0.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IFH - Income From Home Toolbar 4.5.85.0 (for IE 5+).zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IFH - Income From Home Toolbar 4.5.85.0 (for IE 5+).zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iFILLE 1.3.5.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iFILLE 1.3.5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iFind 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iFind 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iFlash 2.6.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iFlash 2.6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IFocus 1.01.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IFocus 1.01.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ifotoprints 3.5.189.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ifotoprints 3.5.189.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iFriendCAM 0.9.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iFriendCAM 0.9.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IFS Lab Fractal Generator 1.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IFS Lab Fractal Generator 1.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IFTA Reporting Software 3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IFTA Reporting Software 3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iFufi2 2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iFufi2 2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iFunMusic 0.34.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iFunMusic 0.34.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iFunPix 0.34.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iFunPix 0.34.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IGA 3.3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IGA 3.3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iGadget 2.0.3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iGadget 2.0.3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iGamebar 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iGamebar 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IGC SE 1.01.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IGC SE 1.01.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IGES Import for AutoCAD 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IGES Import for AutoCAD 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iGet 1.1.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iGet 1.1.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iGetter Download Manager 1.9.5.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iGetter Download Manager 1.9.5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iGetter Download Manager 2.0.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iGetter Download Manager 2.0.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iGetter Download Manager 2.5.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iGetter Download Manager 2.5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Iggle Pop 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Iggle Pop 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IGI 2 Covert Strike 1.1 - 1.2 patch (UK) .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IGI 2 Covert Strike 1.1 - 1.2 patch (UK) .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IGI 2 Covert Strike 1.1 patch (UK) .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IGI 2 Covert Strike 1.1 patch (UK) .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IGI 2 Covert Strike Safemode patch .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IGI 2 Covert Strike Safemode patch .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IGI 2 Covert Strike - Area 27 map .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IGI 2 Covert Strike - Area 27 map .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IGI 2 Covert Strike - Dockside multiplayer map .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IGI 2 Covert Strike - Dockside multiplayer map .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IGI 2 Covert Strike - Libyan Village map .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IGI 2 Covert Strike - Libyan Village map .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IGI 2 Covert Strike - Winterland map .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IGI 2 Covert Strike - Winterland map .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IGI 2 Covert Strike Single-player demo .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IGI 2 Covert Strike Single-player demo .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Ignition 2.10.0.52.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Ignition 2.10.0.52.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Ignition demo .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Ignition demo .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iGolf 1.04.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iGolf 1.04.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IGSuite Integrated Groupware Suite 3.2.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IGSuite Integrated Groupware Suite 3.2.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IgtEditor 1.22.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IgtEditor 1.22.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iHatePopups 1.5.443.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iHatePopups 1.5.443.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iHateSpam 4.0.619.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iHateSpam 4.0.619.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iHavePhotos 1.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iHavePhotos 1.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iHealth 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iHealth 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iHelp 1.5.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iHelp 1.5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iHOC Query .NET 1.0.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iHOC Query .NET 1.0.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IHRA Drag Racing 1.01 patch .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IHRA Drag Racing 1.01 patch .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IHRA Drag Racing 1.02 patch .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IHRA Drag Racing 1.02 patch .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iHub Toolbar 4.5.101.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iHub Toolbar 4.5.101.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\II WorkSchedule 5.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\II WorkSchedule 5.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iIChat Logger 2.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iIChat Logger 2.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iInventory 7.0.1.12.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iInventory 7.0.1.12.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IIS 4.0 Cumulative Security Update MS01-044.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IIS 4.0 Cumulative Security Update MS01-044.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IIS 5.0 Cumulative Security Update MS01-044.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IIS 5.0 Cumulative Security Update MS01-044.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IIS Anti-leech Sniffer Dog 3.16.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IIS Anti-leech Sniffer Dog 3.16.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IIS Metabase Explorer 1.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IIS Metabase Explorer 1.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IIS Security Audit 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IIS Security Audit 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IIS5 File-Fragment Reading via Malformed HTR Request Vulnerability Patch (MS01-004).zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IIS5 File-Fragment Reading via Malformed HTR Request Vulnerability Patch (MS01-004).zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IIS5 Malformed URL Service Failure Vulnerability Patch MS01-014 (3101).zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IIS5 Malformed URL Service Failure Vulnerability Patch MS01-014 (3101).zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IIS5 Malformed WebDAV Request Vulnerability Patch MS01-016 (30801).zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IIS5 Malformed WebDAV Request Vulnerability Patch MS01-016 (30801).zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IISGate 4.71.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IISGate 4.71.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IISGuard 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IISGuard 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IISKeeper 1.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IISKeeper 1.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IISxpress 2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IISxpress 2.zip ZIP: infected - 1 skipped

alanus
2007-01-22, 18:00
C:\Documents and Settings\acer\Complete\iISystem Wiper 2.4.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iISystem Wiper 2.4.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\II_Calendar 2.6.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\II_Calendar 2.6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iKE Office WE 7.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iKE Office WE 7.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iKey 2.0.3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iKey 2.0.3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iKeyword 0.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iKeyword 0.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iKnow Process Scanner 1.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iKnow Process Scanner 1.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Ikojo Toolbar 4.5.109.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Ikojo Toolbar 4.5.109.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IL-2 Sturmovik 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IL-2 Sturmovik 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IL-2 Sturmovik 1.0.3a patch .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IL-2 Sturmovik 1.0.3a patch .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IL-2 Sturmovik 1.0.4a patch (supplemental) .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IL-2 Sturmovik 1.0.4a patch (supplemental) .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IL-2 Sturmovik 1.1a patch .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IL-2 Sturmovik 1.1a patch .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IL-2 Sturmovik 1.2 patch .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IL-2 Sturmovik 1.2 patch .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IL-2 Sturmovik 1.2ov patch .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IL-2 Sturmovik 1.2ov patch .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IL-2 Sturmovik demo .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IL-2 Sturmovik demo .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IL-2 Sturmovik Forgotten Battles Rebirth of Honor demo .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IL-2 Sturmovik Forgotten Battles Rebirth of Honor demo .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IL-2 Sturmovik The Forgotten Battles 1.0 Patch 1.22.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IL-2 Sturmovik The Forgotten Battles 1.0 Patch 1.22.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IL-2 Sturmovik The Forgotten Battles 1.21 Patch 1.22.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IL-2 Sturmovik The Forgotten Battles 1.21 Patch 1.22.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iLab Easy Leaves 1.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iLab Easy Leaves 1.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iLab Job Manager 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iLab Job Manager 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Ilixis Image Console 2.0.3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Ilixis Image Console 2.0.3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Illuminati 1.05.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Illuminati 1.05.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Illumination 3.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Illumination 3.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Illumination 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Illumination 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Illumination 110 Lighting Console 1.02.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Illumination 110 Lighting Console 1.02.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Illustrix Butterfly Dream (Pocket) 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Illustrix Butterfly Dream (Pocket) 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Illustrix Cat Dream (Palm) 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Illustrix Cat Dream (Palm) 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Illustrix Dog Dream 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Illustrix Dog Dream 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ILook 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ILook 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ILoveVideoz Toolbar 4.5.119.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ILoveVideoz Toolbar 4.5.119.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IM Cocktails 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IM Cocktails 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IM Commander 1.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IM Commander 1.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IM Hangman 1.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IM Hangman 1.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IM Lock Home Edition 2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IM Lock Home Edition 2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IM Lock Professional 2006 2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IM Lock Professional 2006 2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IM Sniffer 0.8.42.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IM Sniffer 0.8.42.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IM Speak 3.7.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IM Speak 3.7.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IM+ Bluetooth for Symbian Series 60 2nd Edition 1.06.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IM+ Bluetooth for Symbian Series 60 2nd Edition 1.06.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IM+ for BlackBerry 4.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IM+ for BlackBerry 4.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IM+ for Palm 2.5.3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IM+ for Palm 2.5.3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IM+ for Pocket PC 4.21.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IM+ for Pocket PC 4.21.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IM+ for Sony Ericsson P900P910P910i 3.57.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IM+ for Sony Ericsson P900P910P910i 3.57.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IM+ for Symbian Series 60 2nd Edition 5.50.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IM+ for Symbian Series 60 2nd Edition 5.50.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IM+ for Symbian Series 60 3rd Edition 5.56.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IM+ for Symbian Series 60 3rd Edition 5.56.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IM+ for Symbian Series 80 1.41.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IM+ for Symbian Series 80 1.41.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iM1A2 Abrams demo .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iM1A2 Abrams demo .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IM2 Instant Messenger 1.5.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IM2 Instant Messenger 1.5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IM2001 1.3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IM2001 1.3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iMac DVD-ROM Update 1.0 (122299).zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iMac DVD-ROM Update 1.0 (122299).zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iMac Firmware Update 4.1.9.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iMac Firmware Update 4.1.9.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iMac Update 1.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iMac Update 1.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iMacros for Internet Explorer 5.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iMacros for Internet Explorer 5.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Accounting Premier 9.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Accounting Premier 9.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Accounting Standard 9.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Accounting Standard 9.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image ActiveX SDK 10.66.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image ActiveX SDK 10.66.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Albums (For Microsoft Access) 3.0.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Albums (For Microsoft Access) 3.0.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Analyzer 1.26.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Analyzer 1.26.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Anvil 2.0.5.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Anvil 2.0.5.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Armada 1.3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Armada 1.3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Assistant 2.83.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Assistant 2.83.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Broadway 5.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Broadway 5.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Browser Arctic 5.0 build 7.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Browser Arctic 5.0 build 7.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Chest 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Chest 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Comparator 1.03.01.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Comparator 1.03.01.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Comparer 2.3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Comparer 2.3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Composer 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Composer 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Compressor 5.0.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Compressor 5.0.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Constructor 1.4.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Constructor 1.4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Converter 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Converter 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Converter .EXE 2.0.77.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Converter .EXE 2.0.77.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Converter .EXE 3 Scripting Edition 3.0.36u.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Converter .EXE 3 Scripting Edition 3.0.36u.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Converter and Resizer Utility 1.3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Converter and Resizer Utility 1.3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Converter pro 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Converter pro 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Converter Pro 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Converter Pro 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Converter Utility 1.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Converter Utility 1.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Cut 1.4.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Cut 1.4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Doctor 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Doctor 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Downloader 3.31.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw

alanus
2007-01-22, 18:01
C:\Documents and Settings\acer\Complete\Image Downloader 3.31.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Downloader 1.0a.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Downloader 1.0a.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Downloader 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Downloader 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Editor 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Editor 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Effects 1.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Effects 1.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Explorer Pro 7.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Explorer Pro 7.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Exporter (PDF Edition) 1.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Exporter (PDF Edition) 1.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Filename Management System 1.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Filename Management System 1.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image for DOS 1.98.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image for DOS 1.98.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image for Windows 1.64.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image for Windows 1.64.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Format Studio 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Format Studio 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Frame 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Frame 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Genius Professional 3.0.5.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Genius Professional 3.0.5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Grabber 1.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Grabber 1.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Icon Converter 1.3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Icon Converter 1.3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image InDepth 1.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image InDepth 1.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Info Tookit 3.0.3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Info Tookit 3.0.3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Info Toolkit 1.5.1.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Info Toolkit 1.5.1.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Master 2000 1.0.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Master 2000 1.0.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Merger .EXE 1.0.0.19.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Merger .EXE 1.0.0.19.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Operation 1.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Operation 1.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Optimization SDK 4.1.9.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Optimization SDK 4.1.9.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Optimizer 4.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Optimizer 4.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Processing Wizard 1.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Processing Wizard 1.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Quick Saver 1.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Quick Saver 1.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Recognition Web Test Plugin 4.301.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Recognition Web Test Plugin 4.301.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Repainter 1.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Repainter 1.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image ReSizer 1.0.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image ReSizer 1.0.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Resizer Pro 2006 2.6.6.4.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Resizer Pro 2006 2.6.6.4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image RollNow 1.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image RollNow 1.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Scroller 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Scroller 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Server SDK 4.1.8.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Server SDK 4.1.8.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Sizer 1.03.17.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Sizer 1.03.17.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Sizer 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Sizer 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Studio Pro 5.2.60220.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Studio Pro 5.2.60220.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Styler 1 build 250.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Styler 1 build 250.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Surfer 2.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Surfer 2.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Thumbnailer and Converter 2.41.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Thumbnailer and Converter 2.41.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image To Icon 1.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image To Icon 1.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image To Icon Convertor 3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image To Icon Convertor 3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image to PDF 1.3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image to PDF 1.3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image To PDF 3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image To PDF 3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image To PDF COMSDK 3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image To PDF COMSDK 3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image To PDF COMSDK Unlimited License 3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image To PDF COMSDK Unlimited License 3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image To PDF Command Line 3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image To PDF Command Line 3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image to PDF Command Line Tool 1.3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image to PDF Command Line Tool 1.3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image to PDF Dynamic Link Library 1.3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image to PDF Dynamic Link Library 1.3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image To PDF OCR Converter (PDF E-Book Maker) 1.7.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image To PDF OCR Converter (PDF E-Book Maker) 1.7.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image To PDF(PDF E-Book Maker) 1.7.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image To PDF(PDF E-Book Maker) 1.7.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Tricks 2.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Tricks 2.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Vault 1.01.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Vault 1.01.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Video Machine 3.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Video Machine 3.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Viewer 2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Viewer 2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Viewer CP ActiveX Control 4.5.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Viewer CP ActiveX Control 4.5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Viewer CP Pro ActiveX Control 1.4.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Viewer CP Pro ActiveX Control 1.4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Viewer In Depth 1.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Viewer In Depth 1.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Voyager 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Voyager 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image Watermarks 1.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image Watermarks 1.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image-Puzzle 1.25.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image-Puzzle 1.25.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image2db 2.0.6.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image2db 2.0.6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image2PDF 1.0.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image2PDF 1.0.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image2PDF Command Line 3.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image2PDF Command Line 3.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image2SWF for Macintosh 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image2SWF for Macintosh 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Image2SWF for Windows 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Image2SWF for Windows 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImageArchivist 3.85.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ImageArchivist 3.85.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImageAssemble.exe 2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ImageAssemble.exe 2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImageBadger 4.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ImageBadger 4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImageBeagle 4.1.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ImageBeagle 4.1.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImageBox 1.4.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ImageBox 1.4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImageBuddy 3.0.5.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ImageBuddy 3.0.5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImageButton.net 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ImageButton.net 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImageCaster 2.0.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ImageCaster 2.0.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImageCD Catalog 2.7 build 140706.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ImageCD Catalog 2.7 build 140706.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\imageCLASS MF6530 Printer Driver for Windows 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\imageCLASS MF6530 Printer Driver for Windows 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\imageCLASS MF6550 Printer Driver for Windows 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\imageCLASS MF6550 Printer Driver for Windows 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\imageCLASS MF6560 Printer Driver for Windows 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\imageCLASS MF6560 Printer Driver for Windows 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\imageCLASS MF6580 Printer Driver for Windows 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\imageCLASS MF6580 Printer Driver for Windows 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImageConvert 1.4.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ImageConvert 1.4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImageConverter 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ImageConverter 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImageConverter Plus 6.3.6.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ImageConverter Plus 6.3.6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImageConvertor 1.1.0328.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ImageConvertor 1.1.0328.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImageCrush 1.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ImageCrush 1.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImageCycler 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ImageCycler 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImageDiff 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ImageDiff 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImageDIG 2.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ImageDIG 2.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImageDock 5.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ImageDock 5.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImageDupeless 1.6.3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped

alanus
2007-01-22, 18:02
C:\Documents and Settings\acer\Complete\Imesh Manager 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iMeter 1.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iMeter 1.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\imEye 1.3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\imEye 1.3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IMG-Bar 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IMG-Bar 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Img2CAD 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Img2CAD 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImgConverter 2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ImgConverter 2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImgConverter 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ImgConverter 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImGiant Instant Messenger 2.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ImGiant Instant Messenger 2.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImGiant Lite 3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ImGiant Lite 3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImgResizer 2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ImgResizer 2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImgResizer Pro 1.5.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ImgResizer Pro 1.5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImgX Controls 6.3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ImgX Controls 6.3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Imhotext 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Imhotext 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IMI Contacts 2EA 1.31.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IMI Contacts 2EA 1.31.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IMI GAL Exporter 3.05.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IMI GAL Exporter 3.05.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IMI Mailbox Statistics 2.08.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IMI Mailbox Statistics 2.08.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iMic Control 1.5.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iMic Control 1.5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IMInspector Personal Edition 1.2 build 46.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IMInspector Personal Edition 1.2 build 46.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iMiser Research Assistant 3.1 build 1073.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iMiser Research Assistant 3.1 build 1073.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Immersion TouchWare Gaming 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Immersion TouchWare Gaming 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IMMonitor AIM Spy 2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IMMonitor AIM Spy 2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IMMonitor Enterprise 2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IMMonitor Enterprise 2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IMMonitor ICQ Spy 2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IMMonitor ICQ Spy 2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IMMonitor MSN Spy 2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IMMonitor MSN Spy 2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IMMonitor Yahoo Messenger Spy 2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IMMonitor Yahoo Messenger Spy 2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Immortal Cities Children of the Nile v1.1 patch .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Immortal Cities Children of the Nile v1.1 patch .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Immortal Cities Children of the Nile v1.2 patch .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Immortal Cities Children of the Nile v1.2 patch .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Immune War 2.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Immune War 2.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IMnapper 0.9.3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IMnapper 0.9.3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iModel Predictor 2003.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iModel Predictor 2003.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iModeller 3D Web Edition 2.6.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iModeller 3D Web Edition 2.6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Imoel-cms 0.1.5.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Imoel-cms 0.1.5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iMovie 4.0.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iMovie 4.0.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iMovie Plug-in Pack 2.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iMovie Plug-in Pack 2.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iMovie Updater 2.1.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iMovie Updater 2.1.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IMP-Instant Message Personalities 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IMP-Instant Message Personalities 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iMp3 1.3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iMp3 1.3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iMP3Tunes 5.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iMP3Tunes 5.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Impact ColorFax Lite 7.02.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Impact ColorFax Lite 7.02.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Impact Fax Broadcast 5.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Impact Fax Broadcast 5.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Impact Fax on Demand 4.0.6.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Impact Fax on Demand 4.0.6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Impact Fax Server 7.04.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Impact Fax Server 7.04.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Impact IDE 1.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Impact IDE 1.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iMpeg Converter 2.15.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iMpeg Converter 2.15.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Imperial Glory demo .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Imperial Glory demo .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Imperial Training 600.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Imperial Training 600.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Imperialism demo .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Imperialism demo .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Imperialism II demo .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Imperialism II demo .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Imperium Galactica II demo .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Imperium Galactica II demo .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Imperium Galactica II Alliances 'Second chance' bonus scenario .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Imperium Galactica II Alliances 'Second chance' bonus scenario .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Impersonator 1.77.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Impersonator 1.77.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImpianaSoft myName 3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ImpianaSoft myName 3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Implanted Chips & Dips 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Implanted Chips & Dips 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Implementing and Administering a Microsoft Windows 2000 Directory Services 6.09.05.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Implementing and Administering a Microsoft Windows 2000 Directory Services 6.09.05.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Implementing and Administering a Microsoft Windows 2000 Network Infrastructure 6.10.05.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Implementing and Administering a Microsoft Windows 2000 Network Infrastructure 6.10.05.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Implementing and Administering Security in a Microsoft Windows Server 2003 Network 8.00.05.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Implementing and Administering Security in a Microsoft Windows Server 2003 Network 8.00.05.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Implementing and Administering Security in a Microsoft Windows2000 Network 7.00.05.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Implementing and Administering Security in a Microsoft Windows2000 Network 7.00.05.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network 8.00.05.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network 8.00.05.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Imploder 1.0 build 2472.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Imploder 1.0 build 2472.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Import Exchange IM Contacts 3.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Import Exchange IM Contacts 3.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Import Wizard 8.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Import Wizard 8.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Imposition Manager 1.0.5.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Imposition Manager 1.0.5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Impossible Creatures - Insect Invasion add-on 1.01 patch .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Impossible Creatures - Insect Invasion add-on 1.01 patch .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Impossible Creatures - Insect Invasion expansion .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Impossible Creatures - Insect Invasion expansion .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Impossible Creatures 1.1 patch .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Impossible Creatures 1.1 patch .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Impossible Creatures demo .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Impossible Creatures demo .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Impossible Creatures Insect Invasion v1.4 Patch .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Impossible Creatures Insect Invasion v1.4 Patch .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Impress 2.0.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Impress 2.0.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Impressionist Screensaver #1 2.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Impressionist Screensaver #1 2.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Impressionist Screensavers #2 2.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Impressionist Screensavers #2 2.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Improve Your Diet 1.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Improve Your Diet 1.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Improve Yourself for Your First Date 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Improve Yourself for Your First Date 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IMPS License Plate Recognition 1.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IMPS License Plate Recognition 1.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Imps(TM) Motion 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Imps(TM) Motion 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Impulse 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Impulse 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Impulse 1.51.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Impulse 1.51.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Impulse Responder 2.03 beta.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Impulse Responder 2.03 beta.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImRe 2.0.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ImRe 2.0.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IMS Telephone On-Hold Player 3.05.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IMS Telephone On-Hold Player 3.05.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IMsecure 1.5.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IMsecure 1.5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IMsecure Pro 1.5.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IMsecure Pro 1.5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IMSpellchecker XP 1.53.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IMSpellchecker XP 1.53.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IMSurfSentinel 2005.5.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IMSurfSentinel 2005.5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IMterrupt Home Version 2.5.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IMterrupt Home Version 2.5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IMterrupt Professional 2006 2.5.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IMterrupt Professional 2006 2.5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IMTiger 0.4.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IMTiger 0.4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\ImTranslator Plugin for Internet Explorer 3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\ImTranslator Plugin for Internet Explorer 3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IMVITE 1.8.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw

alanus
2007-01-22, 18:03
C:\Documents and Settings\acer\Complete\IMVITE 1.8.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Imvite Messenger 1.8.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Imvite Messenger 1.8.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\In a Flash Pro 3.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\In a Flash Pro 3.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\In Cold Blood demo .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\In Cold Blood demo .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\In Or Out 1.0.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\In Or Out 1.0.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\In the beginning was the Word 2.0.0.47.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\In the beginning was the Word 2.0.0.47.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\In the Chair 1.5.1.98.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\In the Chair 1.5.1.98.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\In the Jungle 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\In the Jungle 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\In the Raven Shadow 2.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\In the Raven Shadow 2.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\In This World Wallpaper 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\In This World Wallpaper 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\In Vivo - King's Knight Demo 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\In Vivo - King's Knight Demo 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\In-Fisherman Freshwater Trophies .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\In-Fisherman Freshwater Trophies .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\In-Out Board 1.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\In-Out Board 1.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\In-Tune Multi-Instrument Tuner 1.81.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\In-Tune Multi-Instrument Tuner 1.81.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\InOut Board Agent 2.3.51.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\InOut Board Agent 2.3.51.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Inadyn 1.96.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Inadyn 1.96.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Inago Rage 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Inago Rage 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\INAJ The Easy-To-Use Address Book 5.2.8.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\INAJ The Easy-To-Use Address Book 5.2.8.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\InAlbum Deluxe 2.5.41.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\InAlbum Deluxe 2.5.41.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\iNavigate Free Menu Code Edition 4.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\iNavigate Free Menu Code Edition 4.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\InB List Maker 1.05(x86).zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\InB List Maker 1.05(x86).zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\InB Spy 6.1(x86).zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\InB Spy 6.1(x86).zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Inbit Messenger 2.8.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Inbit Messenger 2.8.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\InBookmarks 1.54 build 203.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\InBookmarks 1.54 build 203.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Inbound Link Detective 1.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Inbound Link Detective 1.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Inbound Links Monitor 3.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Inbound Links Monitor 3.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Inbox100 4.318.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Inbox100 4.318.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\InBoxer for Outlook 2.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\InBoxer for Outlook 2.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\InboxRules for Rules Wizard 2.11.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\InboxRules for Rules Wizard 2.11.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\InboxRules RW Free Edition 2.10.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\InboxRules RW Free Edition 2.10.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\InboxVault 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\InboxVault 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Inca Quest 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Inca Quest 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Incadia build 137.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Incadia build 137.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Incallert (Symbian Series 60) 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Incallert (Symbian Series 60) 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IncaMS 6.1.7.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IncaMS 6.1.7.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Incidents Manager 2 2.4.2.8.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Incidents Manager 2 2.4.2.8.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\InCisif.net 1.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\InCisif.net 1.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Inclue RSS Reader 1.1.691.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Inclue RSS Reader 1.1.691.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\InCode Virus Detector 1.0.2005.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\InCode Virus Detector 1.0.2005.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Income & Expense Recorder 2006.10.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Income & Expense Recorder 2006.10.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Income and Expense Management System 1.0.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Income and Expense Management System 1.0.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Incoming demo .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Incoming demo .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Incoming Forces demo .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Incoming Forces demo .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\inContext 3.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\inContext 3.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\InControl 2.4.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\InControl 2.4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Incred--Instant Invoice, Credit Note and Payments 1.3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Incred--Instant Invoice, Credit Note and Payments 1.3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Incredi IE Manager 1.3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Incredi IE Manager 1.3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Incrediback Backup Software 2.25.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Incrediback Backup Software 2.25.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IncrediBubble 1.5.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IncrediBubble 1.5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IncrediFace 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IncrediFace 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IncrediFlash Intro and Banner Studio 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IncrediFlash Intro and Banner Studio 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Incredimail Backup PRO 1.1.5.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Incredimail Backup PRO 1.1.5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IncrediMail Password Recovery 1.0.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IncrediMail Password Recovery 1.0.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IncrediMail Xe build 5202469.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IncrediMail Xe build 5202469.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Incremental Serial Number Printer 1.0.0.7.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Incremental Serial Number Printer 1.0.0.7.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Incubation demo .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Incubation demo .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Incubation The Wilderness Missions demo .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Incubation The Wilderness Missions demo .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\IncUpdate 2.53 Build 2005.8.15.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\IncUpdate 2.53 Build 2005.8.15.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Indecision 2004 Bush Screensaver .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Indecision 2004 Bush Screensaver .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Indecision 2004 Donkeys Kick Ass Screensaver .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Indecision 2004 Donkeys Kick Ass Screensaver .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Help Center.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Help Center.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Submit Software.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Submit Software.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Free MP3s.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Free MP3s.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Spyware Removal.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Spyware Removal.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\All Software.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\All Software.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\All RSS feeds.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\All RSS feeds.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\About CNET Networks.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\About CNET Networks.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Site map.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Site map.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Privacy policy.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Privacy policy.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Terms of use.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Terms of use.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Kirby Alarm Pro 4.42.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Kirby Alarm Pro 4.42.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\KirouGallery 0.14.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\KirouGallery 0.14.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Kirsten Dunst Sex-E Screensaver 3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Kirsten Dunst Sex-E Screensaver 3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\KishKish SAM 2.0.0.22.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\KishKish SAM 2.0.0.22.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\KisMac R65.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\KisMac R65.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Kiss 7.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Kiss 7.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Kiss MyImage 1.0.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Kiss MyImage 1.0.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Kiss Now 0.3.3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Kiss Now 0.3.3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\KISS Psycho Circus demo .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\KISS Psycho Circus demo .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Kisses demo .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Kisses demo .zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\KIT 1.1.6.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\KIT 1.1.6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Kit Builders and Resellers Source Book 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Kit Builders and Resellers Source Book 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Kitchen 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Kitchen 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Kitchen Design Secrets 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Kitchen Design Secrets 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Kitchen Designs for Everyone 2.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Kitchen Designs for Everyone 2.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Kites 3D 1.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Kites 3D 1.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Kith and Kin Pro 2.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Kith and Kin Pro 2.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\KitoX Toolset 5.4.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\KitoX Toolset 5.4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Kittens & Cats Screensaver 2.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Kittens & Cats Screensaver 2.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\Kitties Screen Saver 2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\Kitties Screen Saver 2.zip ZIP: infected - 1 skipped

alanus
2007-01-22, 18:09
Just what i already posted makes up only about 10% of the total log, so im just gonna post stuff in a different folder/different virus, if you really want it all i think sending you the 5mb notepad file would be easier :P

so bla bla bla more of the same (needless to say i can't see the complete folder - i did activate display of hidden files and folders)

i did previously try scanning my computer for .zip files and deleted them all. now when i scan i don't find any suspicious ones.








C:\Documents and Settings\acer\Complete\Viva Radio 2 - 13-17 Novembre 2006.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\UltraVNC-101-Setup exe.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\UltraVNC-101-Setup exe.zip ZIP: infected - 1 skipped
C:\Documents and Settings\acer\Complete\PBS - Free to Choose.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\acer\Complete\PBS - Free to Choose.zip ZIP: infected - 1 skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\outlook\p.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Program Files\outlook\p.zip ZIP: infected - 1 skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019112.exe Infected: not-a-virus:AdWare.Win32.Hotbar.an skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019118.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019119.exe/data0019/HbTools.mlp Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019119.exe/data0019 Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019119.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019120.exe Infected: not-a-virus:AdWare.Win32.HotBar.bw skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019122.dll Infected: not-a-virus:AdWare.Win32.HotBar.bw skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019126.exe Infected: not-a-virus:AdWare.Win32.HotBar.bw skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019137.dll Infected: not-a-virus:AdWare.Win32.HotBar.bw skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019173.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019174.dll Object is locked skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019176.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019177.dll Object is locked skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019179.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.al skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019180.DLL Object is locked skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019181.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019182.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019184.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019185.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019186.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.v skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019187.DLL Object is locked skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019188.EXE Object is locked skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019189.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019190.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019191.DLL Object is locked skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019193.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.w skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019194.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019196.DLL Object is locked skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019197.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019198.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019200.EXE Object is locked skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019201.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ab skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019202.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP109\A0019203.DLL Object is locked skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP115\A0021213.cmd Infected: Trojan-Downloader.Win32.Banload.atu skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP132\change.log Object is locked skipped

Scan process completed.

Mr_JAk3
2007-01-27, 22:45
Hi alanus and sorry for the delay :)

Please post a fresh HIjackThis log and we'll begin the cleaning :bigthumb:

alanus
2007-01-29, 14:35
Logfile of HijackThis v1.99.1
Scan saved at 13:34:37, on 29.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\acer\Bureau\spybot\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [svchost] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [svchost] C:\WINDOWS\svchost.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD0148EE-841E-4405-B9DA-6CDA11DE400B}: NameServer = 195.186.1.111,195.186.4.111
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Mr_JAk3
2007-01-29, 21:13
Hi :)

You got infections there...

One or more of the identified infections steal information. If this system is used for online banking or has credit card information on it, all passwords should be changed immediately by using a different computer (not the infected one!) to make the changes. Banking and credit card institutions, if any, should be notified of the possible security breech. I suggest that you read this (http://www.dslreports.com/faq/10451) article too.

At first you need to disable a few realtime protections. These may interfere with our cleaning process.
We'll enable these when you're clean...

Disable Spybot S&D Teatimer.
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu select "Advanced Mode"
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer

Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.zip) and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

alanus
2007-01-29, 22:52
Hi :) i kind of thought i had infections when i saw the 21'000 infected files found by kaspersky ^^ my sister is NOT going to be using limewire any time soon :p:

by the way, this pc as well as the one you helped me clean before, with the backdoor trojan and iexplore.exe - server.exe are connected via lan to the same router with 2 more pcs, reckon there is any threat of infection spreading?

i wouldn't want to have to re-clean the pc we just cleaned because of this one, or so..

anyway, sdfix:


SDFix: Version 1.63

29.01.2007 - 21:44:15.07

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:

Path:


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\svchost.exe - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.

Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\System32\\usmt\\MIGWIZ.EXE"="C:\\WINDOWS\\System32\\usmt\\MIGWIZ.EXE:*:Disabled:Assistant Transfert de fichiers et de paramètres"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\WINDOWS\system32\NTIMPEG2.dll
C:\WINDOWS\system32\ntiembed.dll
C:\WINDOWS\system32\NTICDMK32.dll
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\hiberfil.sys
C:\Program Files\InterActual\InterActual Player\itiA.tmp

Finished



hijackthis:



Logfile of HijackThis v1.99.1
Scan saved at 21:52:43, on 29.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Eset\nod32kui.exe
C:\Documents and Settings\acer\Bureau\spybot\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD0148EE-841E-4405-B9DA-6CDA11DE400B}: NameServer = 195.186.1.111,195.186.4.111
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe



thx

Mr_JAk3
2007-01-30, 11:27
Hi again, we'll continue :)

There is always possibility that malware spreads via computers that are connected. If hope you installed a firewall to that other computer....
I recommend that you run some virusscanners on the other computer too....

You should print these instructions or save these to a text file. Follow these instructions carefully.

You don't seem to have a third-party firewall (http://forum.malwareremoval.com/viewtopic.php?p=56#56) installed. You must install one firewall.
It is possible that you're using the Windows XP firewall. That is of course better than nothing but I recommend that you install a more advanced firewall that gives more protection. Windows firewall doesn't eg protect your computer from inbound threats. This means that any malware on your computer is free to "phone home" for more instructions. Remember to use only one firewall at the same time. I'll give you a few alternatives if you want to install a third-party firewall:

These are good (free) firewalls: Sunbelt-Kerio (http://www.sunbelt-software.com/Kerio.cfm)
ZoneAlarm (http://www.zonelabs.com/)
Sygate (http://http://www.majorgeeks.com/download.php?det=3356)
Outpost (http://www.majorgeeks.com/download.php?det=1056)
Comodo (http://www.personalfirewall.comodo.com)
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.

Please download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop.
Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C: ) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

RIGHT-CLICK HERE (http://metallica.geekstogo.com/alcanshorty.bfu) and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Make your hidden files visible:
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Uncheck "Hide protected operating system files"
Click Apply and then the OK and close My Computer.

==================

Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.

Go to the My Computer and delete the following folder:
C:\Documents and Settings\acer\Complete

Then, please go to Start > My Computer and navigate to the C:\BFU folder.
Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon http://metallica.geekstogo.com/foldericon.png and select alcanshorty.bfu
Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.

Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

================

When you're ready, please post the following logs to here:
- AVG's report
- a fresh HijackThis log

alanus
2007-01-30, 21:38
Hi :) yes i put kerio on the other one as well as this one, and i'm gonna run virus scans on the other 2.

here is the fresh hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 20:35:53, on 30.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Documents and Settings\acer\Bureau\spybot\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [svchost] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [svchost] C:\WINDOWS\svchost.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD0148EE-841E-4405-B9DA-6CDA11DE400B}: NameServer = 195.186.1.111,195.186.4.111
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe



and the AVG log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:12:48 30.01.2007

+ Scan result:



C:\WINDOWS\system\msnmsgr.cmd -> Logger.Banker.lr : Cleaned with backup (quarantined).


::Report end

Mr_JAk3
2007-01-31, 20:21
Hi again, we'll continue :)

One more keylogger was found and some new infections too....Fortunately the Kerio should now stop the flow of malware :)

You should print these instructions or save these to a text file. Follow these instructions carefully.

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
O4 - HKLM\..\Run: [svchost] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [svchost] C:\WINDOWS\svchost.exe

Open HijackThis.
Open the Misc Tools section
Delete a file on Reboot
Copy the following line to the filenamebox and press Open; C:\WINDOWS\svchost.exe
Answer Yes
Reboot the computer if it isn't restarted automatically

Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT

Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)

Scan Options:
Scan Archives
Scan Mail Bases

Click OK
Now under select a target to scan:Select My Computer

This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post with a fresh HijackThis log

alanus
2007-01-31, 22:03
Unfortunately i have just scanned the 3rd computer and it has both a p2p worm and a backdoor trojan. I will start a new thread with that one.

here: the kaspersky and hijack this logs:

Logfile of HijackThis v1.99.1
Scan saved at 21:02:14, on 31.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\acer\Bureau\spybot\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD0148EE-841E-4405-B9DA-6CDA11DE400B}: NameServer = 195.186.1.111,195.186.4.111
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 31, 2007 9:01:26 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 31/01/2007
Kaspersky Anti-Virus database records: 263810
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 33299
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:41:37

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{067DDDC6-6F02-482D-8F3D-37F42D1961A8}.bin Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\acer\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\acer\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\acer\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\acer\Local Settings\Historique\History.IE5\MSHist012007013120070201\index.dat Object is locked skipped
C:\Documents and Settings\acer\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\acer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\acer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\acer\Cookies\index.dat Object is locked skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx Object is locked skipped
C:\System Volume Information\_restore{FED212F7-722B-403F-B7EF-16AEEFE7A67F}\RP138\change.log Object is locked skipped
C:\SDFix\apps\Process.exe Object is locked skipped

Scan process completed.

Mr_JAk3
2007-02-01, 10:37
Hi again, it is looking clean now :)

Now you can clean AVG's Quarantine:
Open AVG Anti-Spyware
Click Infections
Click Quarantine tab
Click Select all
Click Remove finally
Close the program
You can remove the tools we used.

Now you can make your hidden files hidden again.
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Check "Hide protected operating system files"
Click Apply and then the OK and close My Computer.

=============

Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
Clear your system restore (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx)
This will clear the system restore folders from possible malware that was left behind during the cleaning process.

Use ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1)
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.

Use Ad-Aware (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Download and install Ad-Aware. Update it and scan your computer regularly with it.

Use AVG Anti-Spyware (http://www.ewido.net/en/)
Update it and scan your computer regularly with it.

Use Spybot S&D (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Download and install Spybot S&D. Update it and scan your computer regularly with it.

Install SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)
SpywareBlaster will prevent spyware from being installed.

Install MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm)
This prevents your computer from connecting to harmful sites.

Use Firefox browser (http://www.mozilla.org)
Firefox is faster, safer and better browser than Internet Explorer.

Keep your systen up-to-date (http://windowsupdate.microsoft.com)
Visit Windows Update regularly.

Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.

Read this article by TonyKlein (http://forums.spybot.info/showthread.php?t=279)
So how did I get infected in the first place?

Stand Up and Be Counted ! (http://www.malwarecomplaints.info/index.php)
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.


Stay clean and be safe ;)

alanus
2007-02-02, 21:46
yep, installed evrything on this pc too. i re-ran a kaspersky scan on both computers you've helped me clean and they're now both clean :D:

only this time i thought i would run kaspersky to scan my external hard drive, and it came up with some infected file in a system hidden folder called RECYCLER , and then a folder like s21-01-10075....etc etc with a recycling bin icon image. but the zip file it said was infected and in that folder didn't exist.. so i just rebooted into safe mode and just deleted the containing folder, and then reboot into normal mode and re-ran the kaspersky scan and nothing this time, so all good it seems !!!

i guess you can lock this thread now.. oh and if you have time.. i have a 2nd sister :p: --> http://forums.spybot.info/showthread.php?t=11020

Mr_JAk3
2007-02-02, 22:41
That's great news and you're very welcome :D:

As the problem appears to be resolved this topic has been archived.

If you need it re-opened please send a private message (pm) to a forum staff member and provide a link to the thread; this applies only to the original topic starter.

Glad we could help :2thumb:

PS. I'll have a look on the 3rd pc :D: