View Full Version : Virtumondo entries reappear every night
rainhamron
2008-01-22, 12:20
Hi,
I run win xppro and CA security anti virus, I also use adaware and spybot S&D. my spybot runs every night and just about every morning I have a message telling me that 3 reg entrys have been deleted, all virtumondo related. I am also getting loads of popups ( which I use a popup killer to close immediatly ) as well as advert pannels appearing within ie pages. I have run spybot again thismorning ( in safe mode ) and it reports my system as clean, although it did delete stuff last night. I have appended my hijackthis and kaspersky reports and hope you can help me. I have produced a kaspersky report, but it wont fit on this page as it exceeds the size, neither can I attach it as it is 53kb , could you let me know how to proceed please?
many thanks in antisipation
Ron
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:58:32, on 22/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
F:\Program Files\Kontiki\KService.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
F:\Program Files\RealVNC\WinVNC\WinVNC.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
F:\Program Files\PopUp Killer\PopUpKiller.EXE
F:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Kontiki\KHost.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\Microsoft ActiveSync\wcescomm.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Microsoft Office\Office10\msoffice.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\Documents and Settings\Ron\Desktop\adware removal tools\HiJackThis.exe
F:\Program Files\CA\eTrust Internet Security Suite\ccupdate\CCUpdate.exe
F:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
O4 - HKLM\..\Run: [cctray] "F:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [PopUpKiller] F:\Program Files\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [CAVRID] "F:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [000000af] rundll32.exe "F:\WINDOWS\system32\jegftheu.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] F:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - F:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://secure.sunterra.com/europe/downloads/svideo3.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: CaCCProvSP - CA, Inc. - F:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - F:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - F:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - F:\Program Files\Kontiki\KService.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - F:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - F:\Program Files\RealVNC\WinVNC\WinVNC.exe
--
End of file - 6408 bytes
-------------------------------------------------------------------------------
rainhamron
2008-01-22, 12:27
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, January 22, 2008 8:07:50 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/01/2008
Kaspersky Anti-Virus database records: 526188
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
F:\
G:\
H:\
I:\
Scan Statistics:
Total number of scanned objects: 232129
Number of viruses found: 28
Number of infected objects: 128
Number of suspicious objects: 0
Duration of the scan process: 06:01:29
Infected Object Name / Virus Name / Last Action
F:\desk cleanup 15-4-06\vnc-E4_2_9-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
F:\desk cleanup 15-4-06\vnc-E4_2_9-x86_win32.exe Inno: infected - 1 skipped
F:\Documents and Settings\All Users\Application Data\Kontiki\error.log Object is locked skipped
F:\Documents and Settings\All Users\Documents\vnc-E4_2_9-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
F:\Documents and Settings\All Users\Documents\vnc-E4_2_9-x86_win32.exe Inno: infected - 1 skipped
F:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
F:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
F:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
F:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
F:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
F:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
F:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
F:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
F:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
F:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
F:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
F:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
F:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
F:\Documents and Settings\Ron\Cookies\index.dat Object is locked skipped
F:\Documents and Settings\Ron\Desktop\adware removal tools\OiUninstaller.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.gn skipped
F:\Documents and Settings\Ron\Desktop\adware removal tools\OiUninstaller.exe NSIS: infected - 1 skipped
F:\Documents and Settings\Ron\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Sent Items/22 Feb 2005 23:56 to virus@ca.com:I suspect this is a virus, can/ntlworld.com.zip/ntlworld.com.zip/ntlworld.com.htm .exe Infected: Email-Worm.Win32.Mydoom.am skipped
F:\Documents and Settings\Ron\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Sent Items/22 Feb 2005 23:56 to virus@ca.com:I suspect this is a virus, can/ntlworld.com.zip/ntlworld.com.zip Infected: Email-Worm.Win32.Mydoom.am skipped
F:\Documents and Settings\Ron\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Sent Items/22 Feb 2005 23:56 to virus@ca.com:I suspect this is a virus, can/ntlworld.com.zip Infected: Email-Worm.Win32.Mydoom.am skipped
F:\Documents and Settings\Ron\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/work stuff/15 Feb 2000 17:22 from Ken.Bywaters@lfcda.org.uk:/Computer Order 15022000.doc Infected: Virus.MSWord.Marker.q skipped
F:\Documents and Settings\Ron\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/work stuff/15 Feb 2000 17:21 from Ken.Bywaters@lfcda.org.uk/Computer Order 15022000.doc Infected: Virus.MSWord.Marker.q skipped
F:\Documents and Settings\Ron\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/computer problems etc/anti virus/22 Mar 2004 10:48 from joemondod@yahoo.co.uk:Forum notify.html Infected: Email-Worm.Win32.Bagle.p skipped
F:\Documents and Settings\Ron\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Masonics/egroups/Sch/St Vs/23 Aug 2004 09:59 from tummy_tickled_pink@yahoo.co.uk:[stvirgini/Info.zip/vbdpqcept.exe Infected: Virus.Win32.FunLove.4070 skipped
F:\Documents and Settings\Ron\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Masonics/egroups/Sch/St Vs/23 Aug 2004 09:59 from tummy_tickled_pink@yahoo.co.uk:[stvirgini/Info.zip Infected: Virus.Win32.FunLove.4070 skipped
F:\Documents and Settings\Ron\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Mail MS Mail: infected - 8 skipped
F:\Documents and Settings\Ron\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
F:\Documents and Settings\Ron\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
F:\Documents and Settings\Ron\Local Settings\History\History.IE5\index.dat Object is locked skipped
F:\Documents and Settings\Ron\Local Settings\History\History.IE5\MSHist012008011420080115\index.dat Object is locked skipped
F:\Documents and Settings\Ron\Local Settings\Temp\Perflib_Perfdata_810.dat Object is locked skipped
F:\Documents and Settings\Ron\Local Settings\Temp\~DF1084.tmp Object is locked skipped
F:\Documents and Settings\Ron\Local Settings\Temp\~DF1516.tmp Object is locked skipped
F:\Documents and Settings\Ron\Local Settings\Temp\~DF173.tmp Object is locked skipped
F:\Documents and Settings\Ron\Local Settings\Temp\~DFA71.tmp Object is locked skipped
F:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
F:\Documents and Settings\Ron\ntuser.dat Object is locked skipped
F:\Documents and Settings\Ron\ntuser.dat.LOG Object is locked skipped
F:\Documents and Settings\Ron\Shared\meatloaf\01 Track 1.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP804\A0112473.exe/data.rar/keygen.exe Infected: Trojan.Win32.Inject.mt skipped
F:\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP804\A0112473.exe/data.rar/crack.exe Infected: Trojan-Downloader.Win32.Small.hlr skipped
F:\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP804\A0112473.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.yz skipped
F:\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP804\A0112473.exe/data.rar/install.exe Infected: Virus.Win32.Virut.av skipped
F:\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP804\A0112473.exe/data.rar Infected: Virus.Win32.Virut.av skipped
F:\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP804\A0112473.exe RarSFX: infected - 5 skipped
F:\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP805\A0117242.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.gn skipped
F:\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP805\A0117242.exe NSIS: infected - 1 skipped
F:\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP809\A0118396.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.gn skipped
F:\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP809\A0118396.exe NSIS: infected - 1 skipped
F:\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP809\A0119408.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.gn skipped
F:\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP809\A0119408.exe NSIS: infected - 1 skipped
F:\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP810\A0119451.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dkn skipped
F:\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP810\A0119458.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.gn skipped
F:\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP810\A0119458.exe NSIS: infected - 1 skipped
F:\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP810\A0119463.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
F:\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP813\A0119585.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
F:\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP850\change.log Object is locked skipped
F:\VundoFix Backups\qommkhi.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dkn skipped
F:\WINDOWS\$_hpcst$.hpc Object is locked skipped
F:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
F:\WINDOWS\SchedLgU.Txt Object is locked skipped
F:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
F:\WINDOWS\Sti_Trace.log Object is locked skipped
F:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
F:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
F:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
F:\WINDOWS\system32\config\default Object is locked skipped
F:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
F:\WINDOWS\system32\config\SAM Object is locked skipped
F:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
F:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
F:\WINDOWS\system32\config\SECURITY Object is locked skipped
F:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
F:\WINDOWS\system32\config\software Object is locked skipped
F:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
F:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
F:\WINDOWS\system32\config\system Object is locked skipped
F:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
F:\WINDOWS\TEMP\Perflib_Perfdata_27c.dat Object is locked skipped
F:\WINDOWS\TEMP\Perflib_Perfdata_430.dat Object is locked skipped
F:\WINDOWS\wiadebug.log Object is locked skipped
F:\WINDOWS\wiaservc.log Object is locked skipped
F:\WINDOWS\WindowsUpdate.log Object is locked skipped
G:\WINDOWS\SYSTEM\in9bdlE.dll Infected: Trojan.Win32.Revop.c skipped
G:\WINDOWS\SYSTEM\setup_incred_9.exe/data0002/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped
G:\WINDOWS\SYSTEM\setup_incred_9.exe/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval skipped
G:\WINDOWS\SYSTEM\setup_incred_9.exe/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval skipped
G:\WINDOWS\SYSTEM\setup_incred_9.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped
G:\WINDOWS\SYSTEM\setup_incred_9.exe/data0003 Infected: Trojan-Downloader.Win32.Keenval.e skipped
G:\WINDOWS\SYSTEM\setup_incred_9.exe/data0004 Infected: Trojan-Downloader.Win32.Keenval.e skipped
G:\WINDOWS\SYSTEM\setup_incred_9.exe NSIS: infected - 6 skipped
G:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Sent Items/22 Feb 2005 23:56 to virus@ca.com:I suspect this is a virus, can/ntlworld.com.zip/ntlworld.com.zip/ntlworld.com.htm .exe Infected: Email-Worm.Win32.Mydoom.am skipped
G:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Sent Items/22 Feb 2005 23:56 to virus@ca.com:I suspect this is a virus, can/ntlworld.com.zip/ntlworld.com.zip Infected: Email-Worm.Win32.Mydoom.am skipped
G:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Sent Items/22 Feb 2005 23:56 to virus@ca.com:I suspect this is a virus, can/ntlworld.com.zip Infected: Email-Worm.Win32.Mydoom.am skipped
G:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/work stuff/15 Feb 2000 17:22 from Ken.Bywaters@lfcda.org.uk:/Computer Order 15022000.doc Infected: Virus.MSWord.Marker.q skipped
G:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/work stuff/15 Feb 2000 17:21 from Ken.Bywaters@lfcda.org.uk/Computer Order 15022000.doc Infected: Virus.MSWord.Marker.q skipped
G:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/computer problems etc/anti virus/22 Mar 2004 10:48 from joemondod@yahoo.co.uk:Forum notify.html Infected: Email-Worm.Win32.Bagle.p skipped
G:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Masonics/egroups/Sch/St Vs/23 Aug 2004 09:59 from tummy_tickled_pink@yahoo.co.uk:[stvirgini/Info.zip/vbdpqcept.exe Infected: Virus.Win32.FunLove.4070 skipped
G:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Masonics/egroups/Sch/St Vs/23 Aug 2004 09:59 from tummy_tickled_pink@yahoo.co.uk:[stvirgini/Info.zip Infected: Virus.Win32.FunLove.4070 skipped
G:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Mail MS Mail: infected - 8 skipped
G:\WINDOWS\roing_bbi8016.exe/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a skipped
G:\WINDOWS\roing_bbi8016.exe/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a skipped
G:\WINDOWS\roing_bbi8016.exe NSIS: infected - 2 skipped
G:\WINDOWS\optimize.exe Infected: Trojan-Downloader.Win32.Dyfuca.ak skipped
G:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
G:\Program Files\Warez P2P Client\My Shared Folder\WarezP2P_DLC.exe/stream/data0039 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
G:\Program Files\Warez P2P Client\My Shared Folder\WarezP2P_DLC.exe/stream/data0040 Infected: Packed.Win32.PolyCrypt.d skipped
rainhamron
2008-01-22, 12:28
G:\Program Files\Warez P2P Client\My Shared Folder\WarezP2P_DLC.exe/stream/data0040 Infected: Packed.Win32.PolyCrypt.d skipped
G:\Program Files\Warez P2P Client\My Shared Folder\WarezP2P_DLC.exe/stream Infected: Packed.Win32.PolyCrypt.d skipped
G:\Program Files\Warez P2P Client\My Shared Folder\WarezP2P_DLC.exe NSIS: infected - 3 skipped
G:\z from d drive\Downloads\kevlar1.3.zip Infected: not-a-virus:Dialer.Win32.gen skipped
G:\z from d drive\Downloads\gozilla.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.Aureate skipped
G:\z from d drive\Downloads\gozilla.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.Aureate skipped
G:\z from d drive\Downloads\gozilla.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
G:\z from d drive\Downloads\gozilla.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
G:\z from d drive\Downloads\gozilla.exe/WISE0022.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
G:\z from d drive\Downloads\gozilla.exe WiseSFX: infected - 5 skipped
G:\z from d drive\Downloads\e donkey overnet\overnet0.52.exe/data0014/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
G:\z from d drive\Downloads\e donkey overnet\overnet0.52.exe/data0014 Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
G:\z from d drive\Downloads\e donkey overnet\overnet0.52.exe NSIS: infected - 2 skipped
G:\z from d drive\Downloads\mIRC 603\mirc614.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
G:\z from d drive\Downloads\mIRC 603\mirc614.exe mIRC: infected - 1 skipped
G:\z from d drive\Downloads\screensaver\autumnfree.exe/asfree.exe/SAVENOWINST.EXE/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ar skipped
G:\z from d drive\Downloads\screensaver\autumnfree.exe/asfree.exe/SAVENOWINST.EXE Infected: not-a-virus:AdWare.Win32.SaveNow.ar skipped
G:\z from d drive\Downloads\screensaver\autumnfree.exe/asfree.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ar skipped
G:\z from d drive\Downloads\screensaver\autumnfree.exe ZIP: infected - 3 skipped
G:\z from d drive\Downloads\ad aware\hijack\backup-20040520-174550-955.dll Infected: Trojan-Downloader.Win32.Lemmy.u skipped
G:\z from d drive\Downloads\Download Accelerator Plus\Download Accelerator Plus .exe/WISE0021.BIN/dapiebar.dll Infected: not-a-virus:AdWare.Win32.Dap.c skipped
G:\z from d drive\Downloads\Download Accelerator Plus\Download Accelerator Plus .exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.Dap.c skipped
G:\z from d drive\Downloads\Download Accelerator Plus\Download Accelerator Plus .exe WiseSFX: infected - 2 skipped
G:\z from d drive\2nd copy of c\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Sent Items/22 Feb 2005 23:56 to virus@ca.com:I suspect this is a virus, can/ntlworld.com.zip/ntlworld.com.zip/ntlworld.com.htm .exe Infected: Email-Worm.Win32.Mydoom.am skipped
G:\z from d drive\2nd copy of c\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Sent Items/22 Feb 2005 23:56 to virus@ca.com:I suspect this is a virus, can/ntlworld.com.zip/ntlworld.com.zip Infected: Email-Worm.Win32.Mydoom.am skipped
G:\z from d drive\2nd copy of c\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Sent Items/22 Feb 2005 23:56 to virus@ca.com:I suspect this is a virus, can/ntlworld.com.zip Infected: Email-Worm.Win32.Mydoom.am skipped
G:\z from d drive\2nd copy of c\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/work stuff/15 Feb 2000 17:22 from Ken.Bywaters@lfcda.org.uk:/Computer Order 15022000.doc Infected: Virus.MSWord.Marker.q skipped
G:\z from d drive\2nd copy of c\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/work stuff/15 Feb 2000 17:21 from Ken.Bywaters@lfcda.org.uk/Computer Order 15022000.doc Infected: Virus.MSWord.Marker.q skipped
G:\z from d drive\2nd copy of c\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/computer problems etc/anti virus/22 Mar 2004 10:48 from joemondod@yahoo.co.uk:Forum notify.html Infected: Email-Worm.Win32.Bagle.p skipped
G:\z from d drive\2nd copy of c\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Masonics/egroups/Sch/St Vs/23 Aug 2004 09:59 from tummy_tickled_pink@yahoo.co.uk:[stvirgini/Info.zip/vbdpqcept.exe Infected: Virus.Win32.FunLove.4070 skipped
G:\z from d drive\2nd copy of c\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Masonics/egroups/Sch/St Vs/23 Aug 2004 09:59 from tummy_tickled_pink@yahoo.co.uk:[stvirgini/Info.zip Infected: Virus.Win32.FunLove.4070 skipped
G:\z from d drive\2nd copy of c\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Mail MS Mail: infected - 8 skipped
G:\z from d drive\2nd copy of c\Downloads\kevlar1.3.zip Infected: not-a-virus:Dialer.Win32.gen skipped
G:\z from d drive\2nd copy of c\Downloads\gozilla.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.Aureate skipped
G:\z from d drive\2nd copy of c\Downloads\gozilla.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.Aureate skipped
G:\z from d drive\2nd copy of c\Downloads\gozilla.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
G:\z from d drive\2nd copy of c\Downloads\gozilla.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
G:\z from d drive\2nd copy of c\Downloads\gozilla.exe/WISE0022.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
G:\z from d drive\2nd copy of c\Downloads\gozilla.exe WiseSFX: infected - 5 skipped
G:\z from d drive\2nd copy of c\Downloads\e donkey overnet\overnet0.52.exe/data0014/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
G:\z from d drive\2nd copy of c\Downloads\e donkey overnet\overnet0.52.exe/data0014 Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
G:\z from d drive\2nd copy of c\Downloads\e donkey overnet\overnet0.52.exe NSIS: infected - 2 skipped
G:\z from d drive\2nd copy of c\Downloads\mIRC 603\mirc614.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
G:\z from d drive\2nd copy of c\Downloads\mIRC 603\mirc614.exe mIRC: infected - 1 skipped
G:\z from d drive\2nd copy of c\Downloads\screensaver\autumnfree.exe/asfree.exe/SAVENOWINST.EXE/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ar skipped
G:\z from d drive\2nd copy of c\Downloads\screensaver\autumnfree.exe/asfree.exe/SAVENOWINST.EXE Infected: not-a-virus:AdWare.Win32.SaveNow.ar skipped
G:\z from d drive\2nd copy of c\Downloads\screensaver\autumnfree.exe/asfree.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ar skipped
G:\z from d drive\2nd copy of c\Downloads\screensaver\autumnfree.exe ZIP: infected - 3 skipped
G:\z from d drive\2nd copy of c\Downloads\ad aware\hijack\backup-20040520-174550-955.dll Infected: Trojan-Downloader.Win32.Lemmy.u skipped
G:\z from d drive\2nd copy of c\Downloads\Download Accelerator Plus\Download Accelerator Plus .exe/WISE0021.BIN/dapiebar.dll Infected: not-a-virus:AdWare.Win32.Dap.c skipped
G:\z from d drive\2nd copy of c\Downloads\Download Accelerator Plus\Download Accelerator Plus .exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.Dap.c skipped
G:\z from d drive\2nd copy of c\Downloads\Download Accelerator Plus\Download Accelerator Plus .exe WiseSFX: infected - 2 skipped
G:\z from d drive\2nd copy of c\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP6\A0004117.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.Aureate skipped
G:\z from d drive\2nd copy of c\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP6\A0004117.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.Aureate skipped
G:\z from d drive\2nd copy of c\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP6\A0004117.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
G:\z from d drive\2nd copy of c\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP6\A0004117.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
G:\z from d drive\2nd copy of c\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP6\A0004117.exe/WISE0022.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
G:\z from d drive\2nd copy of c\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP6\A0004117.exe WiseSFX: infected - 5 skipped
G:\z from d drive\2nd copy of c\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP6\A0004829.exe/data0014/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
G:\z from d drive\2nd copy of c\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP6\A0004829.exe/data0014 Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
G:\z from d drive\2nd copy of c\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP6\A0004829.exe NSIS: infected - 2 skipped
G:\z from d drive\2nd copy of c\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP6\A0005234.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
G:\z from d drive\2nd copy of c\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP6\A0005234.exe mIRC: infected - 1 skipped
G:\z from d drive\2nd copy of c\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP6\A0005948.exe/asfree.exe/SAVENOWINST.EXE/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ar skipped
G:\z from d drive\2nd copy of c\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP6\A0005948.exe/asfree.exe/SAVENOWINST.EXE Infected: not-a-virus:AdWare.Win32.SaveNow.ar skipped
G:\z from d drive\2nd copy of c\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP6\A0005948.exe/asfree.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ar skipped
G:\z from d drive\2nd copy of c\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP6\A0005948.exe ZIP: infected - 3 skipped
G:\z from d drive\2nd copy of c\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP6\A0005980.dll Infected: Trojan-Downloader.Win32.Lemmy.u skipped
G:\z from d drive\2nd copy of c\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP6\A0006039.exe/WISE0021.BIN/dapiebar.dll Infected: not-a-virus:AdWare.Win32.Dap.c skipped
G:\z from d drive\2nd copy of c\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP6\A0006039.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.Dap.c skipped
G:\z from d drive\2nd copy of c\System Volume Information\_restore{8133E9E7-9F43-40EC-A03C-0CB4BC2F3262}\RP6\A0006039.exe WiseSFX: infected - 2 skipped
Scan process completed.