DELF.ANE infection 2 [Archive] - Safer-Networking Forums

View Full Version : DELF.ANE infection 2

dhinton

2007-09-24, 08:49

As requested -- this will take 2 posts.

Logfile of HijackThis v1.99.1
Scan saved at 8:50:28 PM, on 23/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVGTCP~1\avgtcpsv.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\GiPo@Utilities\JIT Scheduler\schednt.exe
c:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\umonit.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\NetTime\NetTime.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\netdde.exe
C:\Program Files\GiPo@Utilities\JIT Scheduler\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Network Ice\BlackICE\IceCheck.exe
C:\Program Files\Trillian\trillian.exe
c:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
c:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\HijackThis\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Carbonite Backup] "C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe"
O4 - HKLM\..\Run: [NetTime] "C:\Program Files\NetTime\NetTime.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "c:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "c:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [JITScheduler] "C:\Program Files\GiPo@Utilities\JIT Scheduler\sched.exe"
O4 - Startup: IceCheck.lnk = C:\Program Files\Network Ice\BlackICE\IceCheck.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: boot.bat.lnk = C:\BATCH\boot.bat
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: pageme.bat.lnk = C:\BATCH\pageme.bat
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Short Mount.pif = C:\UTIL\MCMOUNT.EXE
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: iSiloX Clipper - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU)
O9 - Extra 'Tools' menuitem: iSiloX Clipper... - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181027382296
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.infuzer.com/IDC/client/player/isetup1.cab
O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} (kasRmtHlp Class) - http://quicktech.myvnc.com/inc/kaxRemote.dll
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O18 - Protocol: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: AVG7 TCP Server (AVGTCPSv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGTCP~1\avgtcpsv.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: JIT Scheduler - Gibin Software House
http://www.gibinsoft.net - C:\Program Files\GiPo@Utilities\JIT Scheduler\schednt.exe
O23 - Service: LVCOMSer - Logitech Inc. - c:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe (file missing)
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NetTime (NetTimeSvc) - Subjective Software - C:\Program Files\NetTime\NeTmSvNT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

dhinton

2007-09-24, 08:51

part 2:

*KASPERSKY ONLINE SCANNER REPORT*
Sunday, September 23, 2007 5:38:26 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2
(Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 23/09/2007
Kaspersky Anti-Virus database records: 422516

*Scan Settings*
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
*Scan Target* Folders
C:\
D:\
E:\
F:\
*Scan Statistics*
Total number of scanned objects 446194
Number of viruses found 16
Number of infected objects 118
Number of suspicious objects 0
Duration of the scan process 14:43:16

*Infected Object Name* *Virus Name* *Last Action*
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log
Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Carbonite\Carbonite
Backup\CarboniteNSE.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Carbonite\Carbonite
Backup\CarboniteUI.log Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Grisoft\Avg7Data\AvgFwLog.log Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Grisoft\Avg7Data\AvgFwLog.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Grisoft\TcpServerData\avglog.log Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Grisoft\TcpServerData\avglog.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows
NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows
NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\Dallas\Application
Data\Thunderbird\Profiles\eqz42i2j.default\abook.mab Object is locked
skipped
C:\Documents and Settings\Dallas\Application
Data\Thunderbird\Profiles\eqz42i2j.default\cert8.db Object is locked
skipped
C:\Documents and Settings\Dallas\Application
Data\Thunderbird\Profiles\eqz42i2j.default\ImapMail\imap.telus.net\INBOX.msf
Object is locked skipped
C:\Documents and Settings\Dallas\Application
Data\Thunderbird\Profiles\eqz42i2j.default\key3.db Object is locked
skipped
C:\Documents and Settings\Dallas\Application
Data\Thunderbird\Profiles\eqz42i2j.default\Mail\Local
Folders\Inbox.msf Object is locked skipped
C:\Documents and Settings\Dallas\Cookies\index.dat Object is locked
skipped
C:\Documents and Settings\Dallas\Desktop\vncviewer.exe Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
C:\Documents and Settings\Dallas\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dallas\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dallas\Local Settings\Application
Data\Mozilla\Firefox\Profiles\5c8hw03x.default\Cache\9C8F902Cd01/keyfinder.exe/data.rar/officekey.exe
Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Dallas\Local Settings\Application
Data\Mozilla\Firefox\Profiles\5c8hw03x.default\Cache\9C8F902Cd01/keyfinder.exe/data.rar
Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Dallas\Local Settings\Application
Data\Mozilla\Firefox\Profiles\5c8hw03x.default\Cache\9C8F902Cd01/keyfinder.exe
Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Dallas\Local Settings\Application
Data\Mozilla\Firefox\Profiles\5c8hw03x.default\Cache\9C8F902Cd01 ZIP:
infected - 3 skipped
C:\Documents and Settings\Dallas\Local
Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dallas\Local
Settings\History\History.IE5\MSHist012007092320070924\index.dat Object
is locked skipped
C:\Documents and Settings\Dallas\Local Settings\Temporary Internet
Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is
locked skipped
C:\Documents and Settings\Dallas\Local Settings\Temporary Internet
Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dallas\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dallas\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is
locked skipped
C:\Documents and Settings\LocalService\fb_528.lck Object is locked
skipped
C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local
Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet
Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked
skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is
locked skipped
C:\Documents and Settings\LocalService\T30DebugLogFile.txt Object is
locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked
skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is
locked skipped
C:\Program Files\Carbonite\Carbonite Backup\data\Carbonite.log Object
is locked skipped
C:\Program Files\Carbonite\Carbonite Backup\data\CarboniteConfig.DAT
Object is locked skipped
C:\Program Files\Carbonite\Carbonite Backup\data\CarboniteDelta.dat
Object is locked skipped
C:\Program Files\Carbonite\Carbonite Backup\data\CarboniteFiles.dat
Object is locked skipped
C:\Program Files\Carbonite\Carbonite Backup\data\CarboniteRestores.DAT
Object is locked skipped
C:\Program Files\Carbonite\Carbonite Backup\data\CarboniteVersions.dat
Object is locked skipped
C:\Program Files\Grisoft\AVG TCP Server\avgdb.fdb Object is locked
skipped
C:\Program Files\UltraVNC\vnchooks.dll Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
C:\Program Files\UltraVNC\vncviewer.exe Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
C:\Program Files\UltraVNC\winvnc.exe Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped
C:\Upgrades\VNC\tightvnc-1.3.9-setup.exe/data0006 Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC.1370 skipped
C:\Upgrades\VNC\tightvnc-1.3.9-setup.exe Inno: infected - 1 skipped
C:\Upgrades\Windows Key Finder\keyfinder.exe/data.rar/officekey.exe
Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Upgrades\Windows Key Finder\keyfinder.exe/data.rar Infected:
not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Upgrades\Windows Key Finder\keyfinder.exe RarSFX: infected - 2 skipped
C:\Upgrades\Windows Key
Finder\kf151.zip/keyfinder.exe/data.rar/officekey.exe Infected:
not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Upgrades\Windows Key Finder\kf151.zip/keyfinder.exe/data.rar
Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Upgrades\Windows Key Finder\kf151.zip/keyfinder.exe Infected:
not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Upgrades\Windows Key Finder\kf151.zip ZIP: infected - 3 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{14895234-D695-41A0-9A8F-1394136F0885}.crmlog
Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{8B40BABB-443D-48E5-A40D-C2FC56B2565D}.bin
Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{B7E45783-AA79-4EDD-A9EC-A11C874BBE8A}.bin
Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked
skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked
skipped
C:\WINDOWS\system32\WinVNC.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Backup\DESK WORKS\Bak_C\Documents and
Settings\Dallas\Desktop\$backup.zip/vncviewer.exe Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
D:\Backup\DESK WORKS\Bak_C\Documents and
Settings\Dallas\Desktop\$backup.zip ZIP: infected - 1 skipped
D:\Backup\DESK
WORKS\Bak_C\download\$backup.zip/UltraVNC-102-Setup.exe/file04
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
D:\Backup\DESK
WORKS\Bak_C\download\$backup.zip/UltraVNC-102-Setup.exe/file05
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
D:\Backup\DESK
WORKS\Bak_C\download\$backup.zip/UltraVNC-102-Setup.exe/file34
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
D:\Backup\DESK WORKS\Bak_C\download\$backup.zip/UltraVNC-102-Setup.exe
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
D:\Backup\DESK WORKS\Bak_C\download\$backup.zip ZIP: infected - 4 skipped
D:\Backup\DESK WORKS\Bak_C\Program
Files\UltraVNC\$backup.zip/vnchooks.dll Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Backup\DESK WORKS\Bak_C\Program
Files\UltraVNC\$backup.zip/vncviewer.exe Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
D:\Backup\DESK WORKS\Bak_C\Program
Files\UltraVNC\$backup.zip/winvnc.exe Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
D:\Backup\DESK WORKS\Bak_C\Program Files\UltraVNC\$backup.zip ZIP:
infected - 3 skipped
D:\Complete CDs\USB Key Black Bob\UltraVNC\UltraVNC\vnchooks.dll
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Complete CDs\USB Key Black
Bob\UltraVNC\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe/file130
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Complete CDs\USB Key Black
Bob\UltraVNC\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe/file131
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Complete CDs\USB Key Black
Bob\UltraVNC\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Complete CDs\USB Key Black Bob\UltraVNC\UltraVnc-101-Setup.zip ZIP:
infected - 3 skipped
D:\Complete CDs\USB Key Black
Bob\UltraVNC\UltraVnc-Upgrade-rel100-to-rel101-server.zip/UltraVNC-upgrade-rel100-to-rel101-server.exe/file4
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Complete CDs\USB Key Black
Bob\UltraVNC\UltraVnc-Upgrade-rel100-to-rel101-server.zip/UltraVNC-upgrade-rel100-to-rel101-server.exe
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Complete CDs\USB Key Black
Bob\UltraVNC\UltraVnc-Upgrade-rel100-to-rel101-server.zip ZIP: infected
- 2 skipped
D:\Complete CDs\USB Key Red Bob\UltraVNC\UltraVNC\vnchooks.dll
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Complete CDs\USB Key Red
Bob\UltraVNC\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe/file130
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Complete CDs\USB Key Red
Bob\UltraVNC\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe/file131
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Complete CDs\USB Key Red
Bob\UltraVNC\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Complete CDs\USB Key Red Bob\UltraVNC\UltraVnc-101-Setup.zip ZIP:
infected - 3 skipped
D:\Complete CDs\USB Key Red
Bob\UltraVNC\UltraVnc-Upgrade-rel100-to-rel101-server.zip/UltraVNC-upgrade-rel100-to-rel101-server.exe/file4
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Complete CDs\USB Key Red
Bob\UltraVNC\UltraVnc-Upgrade-rel100-to-rel101-server.zip/UltraVNC-upgrade-rel100-to-rel101-server.exe
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Complete CDs\USB Key Red
Bob\UltraVNC\UltraVnc-Upgrade-rel100-to-rel101-server.zip ZIP: infected
- 2 skipped
D:\Complete CDs\utility
cd\vnc\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe/file130 Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Complete CDs\utility
cd\vnc\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe/file131 Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Complete CDs\utility
cd\vnc\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Complete CDs\utility cd\vnc\UltraVnc-101-Setup.zip ZIP: infected -
3 skipped
D:\Complete CDs\utility
cd\vnc\UltraVnc-Upgrade-rel100-to-rel101-server.zip/UltraVNC-upgrade-rel100-to-rel101-server.exe/file4
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Complete CDs\utility
cd\vnc\UltraVnc-Upgrade-rel100-to-rel101-server.zip/UltraVNC-upgrade-rel100-to-rel101-server.exe
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Complete CDs\utility
cd\vnc\UltraVnc-Upgrade-rel100-to-rel101-server.zip ZIP: infected - 2
skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped

see next post

Thanks group!

Cheers, Dallas

dhinton

2007-09-24, 08:52

Kaspersky continued

E:\ exe files\KeyGen.exe.zip/Bob's
Drives/Bsatti-c/Bob/RTVNEW/Keygen.exe Infected:
Trojan-Spy.Win32.Agent.sc skipped
E:\ exe files\KeyGen.exe.zip ZIP: infected - 1 skipped
E:\Bob's
Drives\Bsatti-c\Attach\vnc-3.3.3r7_x86_win32.zip/vnc_x86_win32/vncviewer/vncviewer.exe
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
E:\Bob's Drives\Bsatti-c\Attach\vnc-3.3.3r7_x86_win32.zip ZIP: infected
- 1 skipped
E:\Bob's Drives\Bsatti-c\INBOUND\ornrr115.zip/ORiON.rar/Keygen.exe
Infected: Trojan-Spy.Win32.Agent.sc skipped
E:\Bob's Drives\Bsatti-c\INBOUND\ornrr115.zip/ORiON.rar Infected:
Trojan-Spy.Win32.Agent.sc skipped
E:\Bob's Drives\Bsatti-c\INBOUND\ornrr115.zip ZIP: infected - 2 skipped
E:\Bob's
Drives\Bsatti-c\INBOUND\vnc-3.3.3r6_x86_win32.zip/vnc_x86_win32/vncviewer/vncviewer.exe
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
E:\Bob's Drives\Bsatti-c\INBOUND\vnc-3.3.3r6_x86_win32.zip ZIP:
infected - 1 skipped
E:\Bob's
Drives\Bsatti-c\Install\BlackIce\Utilities\wotweb.zip/wotweb.exe
Infected: not-a-virus:NetTool.Win32.Wotweb.106 skipped
E:\Bob's Drives\Bsatti-c\Install\BlackIce\Utilities\wotweb.zip ZIP:
infected - 1 skipped
E:\Bob's
Drives\Bsatti-c\Install\warftp\ward166x4s-upgrade.zip/war-ftpd.exe
Infected: not-a-virus:Server-FTP.Win32.PremierServer.a skipped
E:\Bob's Drives\Bsatti-c\Install\warftp\ward166x4s-upgrade.zip ZIP:
infected - 1 skipped
E:\Bob's Drives\Bsatti-c\My Download
Files\ornrr515.zip/ORiON.rar/Keygen.exe Infected:
Trojan-Spy.Win32.Agent.sc skipped
E:\Bob's Drives\Bsatti-c\My Download Files\ornrr515.zip/ORiON.rar
Infected: Trojan-Spy.Win32.Agent.sc skipped
E:\Bob's Drives\Bsatti-c\My Download Files\ornrr515.zip ZIP: infected
- 2 skipped
E:\Bob's Drives\Bsatti-c\Program Files\Harakan
Software\VNC\omnithread_rt.dll Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC-based.g skipped
E:\Bob's Drives\Bsatti-c\Program Files\PalmVNC\UltraVNC\vnchooks.dll
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
E:\Bob's Drives\Bsatti-c\Program Files\TightVNC-unstable\VNCHooks.dll
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 skipped
E:\Bob's Drives\Bsatti-c\Program Files\UltraVNC\vnchooks.dll Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
E:\Bob's
Drives\bsatti-d\FILES\PalmVNC-UltraVNC.zip/UltraVNC/vnchooks.dll
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
E:\Bob's Drives\bsatti-d\FILES\PalmVNC-UltraVNC.zip ZIP: infected - 1
skipped
E:\Bob's
Drives\bsatti-d\FILES\Vncstuff\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe/file130
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
E:\Bob's
Drives\bsatti-d\FILES\Vncstuff\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe/file131
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
E:\Bob's
Drives\bsatti-d\FILES\Vncstuff\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
E:\Bob's Drives\bsatti-d\FILES\Vncstuff\UltraVnc-101-Setup.zip ZIP:
infected - 3 skipped
E:\Bob's
Drives\bsatti-d\FILES\Vncstuff\UltraVnc-Upgrade-rel100-to-rel101-server.zip/UltraVNC-upgrade-rel100-to-rel101-server.exe/file4
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
E:\Bob's
Drives\bsatti-d\FILES\Vncstuff\UltraVnc-Upgrade-rel100-to-rel101-server.zip/UltraVNC-upgrade-rel100-to-rel101-server.exe
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
E:\Bob's
Drives\bsatti-d\FILES\Vncstuff\UltraVnc-Upgrade-rel100-to-rel101-server.zip
ZIP: infected - 2 skipped
E:\Bob's Drives\bsatti-d\OldUnits\Bedroom\c-drive\Program Files\Harakan
Software\VNC\omnithread_rt.dll Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC-based.g skipped
E:\Bob's Drives\bsatti-d\Program Files\PalmVNC\UltraVNC\vnchooks.dll
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
E:\Bob's Drives\bsatti-d\Program Files\UltraVNC\vnchooks.dll Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped
F:\ exe files\pskill.exe.zip/upgrades/PSTools/pskill.exe Infected:
not-a-virus:RiskTool.Win32.PsKill.1101 skipped
F:\ exe files\pskill.exe.zip ZIP: infected - 1 skipped
F:\ exe files\psshutdown.exe.zip/upgrades/PSTools/psshutdown.exe
Infected: not-a-virus:RiskTool.Win32.PsShutdown.240 skipped
F:\ exe files\psshutdown.exe.zip ZIP: infected - 1 skipped
F:\ exe files\Toolbar.exe.zip/upgrades/nero/7/Nero 7.8.x/Toolbar.exe
Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
F:\ exe files\Toolbar.exe.zip ZIP: infected - 1 skipped
F:\ exe files\tskmgr.exe.zip/Bob's Drives/bsatti-d/FILES/Windows
Memory/tskmgr.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped
F:\ exe files\tskmgr.exe.zip ZIP: infected - 1 skipped
F:\ exe files\vncviewer.exe.zip/Bob's Drives/Bsatti-c/Program
Files/TightVNC-unstable/vncviewer.exe Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC-based.j skipped
F:\ exe files\vncviewer.exe.zip/Program
Files/TightVNC-unstable/vncviewer.exe Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC-based.j skipped
F:\ exe files\vncviewer.exe.zip/upgrades/vnc/1.02/vncviewer.exe
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
F:\ exe files\vncviewer.exe.zip ZIP: infected - 3 skipped
F:\ exe files\war-ftpd.exe.zip/upgrades/warftp/install/war-ftpd.exe
Infected: not-a-virus:Server-FTP.Win32.PremierServer.b skipped
F:\ exe files\war-ftpd.exe.zip ZIP: infected - 1 skipped
F:\ exe files\winvnc.exe.zip/Complete CDs/USB Key Black
Bob/UltraVNC/UltraVNC/winvnc.exe Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
F:\ exe files\winvnc.exe.zip/Complete CDs/USB Key Red
Bob/UltraVNC/UltraVNC/winvnc.exe Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
F:\ exe files\winvnc.exe.zip/Bob's Drives/Bsatti-c/Program
Files/UltraVNC/winvnc.exe Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
F:\ exe files\winvnc.exe.zip/Program Files/UltraVNC/winvnc.exe
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
F:\ exe files\winvnc.exe.zip ZIP: infected - 4 skipped
F:\Backup of C\Documents and
Settings\Dallas\Desktop\$backup.zip/vncviewer.exe Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
F:\Backup of C\Documents and Settings\Dallas\Desktop\$backup.zip ZIP:
infected - 1 skipped
F:\Backup of C\Documents and Settings\Dallas\Local Settings\Application
Data\Mozilla\Firefox\Profiles\5c8hw03x.default\Cache\$backup.zip/9C8F902Cd01/keyfinder.exe/data.rar/officekey.exe
Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
F:\Backup of C\Documents and Settings\Dallas\Local Settings\Application
Data\Mozilla\Firefox\Profiles\5c8hw03x.default\Cache\$backup.zip/9C8F902Cd01/keyfinder.exe/data.rar
Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
F:\Backup of C\Documents and Settings\Dallas\Local Settings\Application
Data\Mozilla\Firefox\Profiles\5c8hw03x.default\Cache\$backup.zip/9C8F902Cd01/keyfinder.exe
Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
F:\Backup of C\Documents and Settings\Dallas\Local Settings\Application
Data\Mozilla\Firefox\Profiles\5c8hw03x.default\Cache\$backup.zip/9C8F902Cd01
Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
F:\Backup of C\Documents and Settings\Dallas\Local Settings\Application
Data\Mozilla\Firefox\Profiles\5c8hw03x.default\Cache\$backup.zip ZIP:
infected - 4 skipped
F:\Good backup of C\Documents and
Settings\Dallas\Desktop\$backup.zip/vncviewer.exe Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
F:\Good backup of C\Documents and Settings\Dallas\Desktop\$backup.zip
ZIP: infected - 1 skipped
F:\Good backup of C\NODELIST\XLAXDIFF.EXE Object is locked skipped
F:\Good backup of C\NODELIST\XLAXNODE.EXE Object is locked skipped
F:\Good backup of C\Program Files
GOOD\UltraVNC\$backup.zip/vnchooks.dll Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
F:\Good backup of C\Program Files
GOOD\UltraVNC\$backup.zip/vncviewer.exe Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
F:\Good backup of C\Program Files GOOD\UltraVNC\$backup.zip/winvnc.exe
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
F:\Good backup of C\Program Files GOOD\UltraVNC\$backup.zip ZIP:
infected - 3 skipped
F:\Good backup of
C\Upgrades\VNC\$backup.zip/tightvnc-1.3.9-setup.exe/data0006 Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC.1370 skipped
F:\Good backup of C\Upgrades\VNC\$backup.zip/tightvnc-1.3.9-setup.exe
Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 skipped
F:\Good backup of C\Upgrades\VNC\$backup.zip ZIP: infected - 2 skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped
*Scan process completed.*

Thanks!!

Mr_JAk3

2007-09-29, 23:02

Hello dhinton and welcome to the Forums :)

What is finding this DELF.ANE ?

Kaspersky log revealed some Keygens that are infected. The usage of cracks keygens etc is illegal and gets you infected. I advice you to delete all of these.

Are you using all of these FTP server and Remote access tools? They're in the pc on purpose?

What kind of problems are you experiencing?

tashi

2007-10-09, 06:54

This topic has been moved to archives.

If you need the thread re-opened, please send me a private message (pm) and provide a link.

Applies only to the original poster, anyone else with similar problems please start your own topic.