View Full Version : Spyware popups - WinXP - Hijack+Kaspersky online logs inside, My IE opens up a window
jomsjoms
2006-07-24, 08:44
1) My IE opens up a window every xxx minutes and logs me in on different websites namely:
hxxp://www.greatbulletin.com/a193091070.html
hxxp://www.cheappress.com/t193091070.html
hxxp://www.oneperception.com/a193091070.html
hxxp://www.bigdispatch.com/t205561080.html
hxxp://www.newsalone.com/t205561080.html
hxxp://www.gojournalists.com/t205561080.html
I did a Hijackthis scan as well as an Online Kaspersky scan which i will post below:
HIJACKTHIS:
-------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:02:52 AM, on 7/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Yahoo!\Messenger\ypager.exe
D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
D:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program Files\iPod\bin\iPodService.exe
d:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
d:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
d:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\dwwin.exe
D:\Tools\virusremovalprograms\HijackThis\HijackThis.exe
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "d:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2786EEF7-7307-4BE4-A7C4-B1147F98FB64}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: pushow0.dll
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\dn2601fse.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - d:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - E:\Serv-U\ServUDaemon.exe (file missing)
jomsjoms
2006-07-24, 08:48
====================================================
This is my Kaspersky Online Scan Report:
-------------------------------------------------
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, July 24, 2006 10:50:41 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 24/07/2006
Kaspersky Anti-Virus database records: 209412
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 234488
Number of viruses found: 45
Number of infected objects: 256
Number of suspicious objects: 34
Duration of the scan process: 02:13:41
Infected Object Name / Virus Name / Last Action
C:\Installer3.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\ToolBar888\MyToolBar.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{4211BA11-EE69-4122-97E2-B1D3E425FC2C}\RP209\A0051692.exe Infected: Trojan-Downloader.Win32.VB.aik skipped
C:\System Volume Information\_restore{4211BA11-EE69-4122-97E2-B1D3E425FC2C}\RP209\A0052711.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{4211BA11-EE69-4122-97E2-B1D3E425FC2C}\RP213\A0052808.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{4211BA11-EE69-4122-97E2-B1D3E425FC2C}\RP213\A0052817.exe Infected: Backdoor.Win32.EggDrop.v skipped
C:\System Volume Information\_restore{4211BA11-EE69-4122-97E2-B1D3E425FC2C}\RP213\A0052818.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\System Volume Information\_restore{4211BA11-EE69-4122-97E2-B1D3E425FC2C}\RP213\A0052820.exe Infected: Trojan-Downloader.Win32.Adload.de skipped
C:\System Volume Information\_restore{4211BA11-EE69-4122-97E2-B1D3E425FC2C}\RP213\A0052821.exe Infected: Trojan-Downloader.Win32.Adload.de skipped
C:\System Volume Information\_restore{4211BA11-EE69-4122-97E2-B1D3E425FC2C}\RP213\A0052822.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{4211BA11-EE69-4122-97E2-B1D3E425FC2C}\RP213\A0052823.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{4211BA11-EE69-4122-97E2-B1D3E425FC2C}\RP213\A0052824.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{4211BA11-EE69-4122-97E2-B1D3E425FC2C}\RP213\A0052825.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{4211BA11-EE69-4122-97E2-B1D3E425FC2C}\RP213\A0052827.exe Infected: Trojan-Downloader.Win32.VB.aid skipped
C:\System Volume Information\_restore{4211BA11-EE69-4122-97E2-B1D3E425FC2C}\RP213\A0052828.exe Infected: Trojan-Clicker.Win32.VB.nh skipped
C:\System Volume Information\_restore{4211BA11-EE69-4122-97E2-B1D3E425FC2C}\RP213\A0052836.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{4211BA11-EE69-4122-97E2-B1D3E425FC2C}\RP213\A0052853.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{4211BA11-EE69-4122-97E2-B1D3E425FC2C}\RP213\A0053856.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{4211BA11-EE69-4122-97E2-B1D3E425FC2C}\RP213\A0053864.dll Infected: not-a-virus:AdWare.Win32.AdvertMen.a skipped
C:\warebundle3.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\warebundlenewer.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\bmFtZQ\asappsrv.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\WINDOWS\bmFtZQ\command.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\WINDOWS\MTE3NDI6ODoxNg.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\WINDOWS\system32\f0l02a3mgd.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\fpls0337e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\kedbu.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\movcrt.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\mutscax.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\ncsdexts.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\nucfg.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\q8860ilse8q60.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\setup.exe.tmp Infected: Trojan-Downloader.Win32.VB.aik skipped
C:\WINDOWS\system32\unrfaxa.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\__delete_on_reboot__p_u_s_h_o_w_0_._d_l_l_ Infected: not-a-virus:AdWare.Win32.AdvertMen.a skipped
D:\Backup\June012004\MTC6\Documents\MITCH\DESIGN\hotbar.exe Infected: not-a-virus:AdWare.Win32.Hotbar.k skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From sales@maktrans.com][Date Sat, 17 Apr 2004 17:14:28 +0800]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From sales@maktrans.com][Date Sat, 17 Apr 2004 17:14:28 +0800]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From sales@maktrans.com][Date Sat, 17 Apr 2004 17:14:28 +0800]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From sales@maktrans.com][Date Sat, 17 Apr 2004 17:14:28 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From sales@maktrans.com][Date Tue, 20 Apr 2004 16:20:43 +0800]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From sales@maktrans.com][Date Tue, 20 Apr 2004 16:20:43 +0800]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From sales@maktrans.com][Date Tue, 20 Apr 2004 16:20:43 +0800]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From sales@maktrans.com][Date Tue, 20 Apr 2004 16:20:43 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From sales@maktrans.com][Date Fri, 5 Mar 2004 14:30:07 +0800]/UNNAMED/document_4351.pif Infected: Email-Worm.Win32.NetSky.d skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From sales@maktrans.com][Date Fri, 5 Mar 2004 14:30:07 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From <POSTMASTER@ntl-naigai.co.jp>][Date Wed, 24 Mar 2004 20:42:22 +0900]/text/[From sales@maktrans.com][Date Wed, 24 Mar 2004 18:41:41 +0800]/UNNAMED/data.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From <POSTMASTER@ntl-naigai.co.jp>][Date Wed, 24 Mar 2004 20:42:22 +0900]/text/[From sales@maktrans.com][Date Wed, 24 Mar 2004 18:41:41 +0800]/UNNAMED/data.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From <POSTMASTER@ntl-naigai.co.jp>][Date Wed, 24 Mar 2004 20:42:22 +0900]/text/[From sales@maktrans.com][Date Wed, 24 Mar 2004 18:41:41 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From <POSTMASTER@ntl-naigai.co.jp>][Date Wed, 24 Mar 2004 20:42:22 +0900]/text Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From gama@toukaisouko.co.jp][Date Mon, 29 Mar 2004 17:15:05 +0900]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From gama@toukaisouko.co.jp][Date Mon, 29 Mar 2004 17:15:05 +0900]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From gama@toukaisouko.co.jp][Date Mon, 29 Mar 2004 17:15:05 +0900]/UNNAMED/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From gama@toukaisouko.co.jp][Date Mon, 29 Mar 2004 17:15:05 +0900]/UNNAMED Infected: Email-Worm.Win32.NetSky.r skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From dhar@newglobedel.com][Date Mon, 29 Mar 2004 17:34:07 +0900]/UNNAMED/message1278.zip/message.eml .scr Infected: Email-Worm.Win32.NetSky.r skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From dhar@newglobedel.com][Date Mon, 29 Mar 2004 17:34:07 +0900]/UNNAMED/message1278.zip Infected: Email-Worm.Win32.NetSky.r skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From dhar@newglobedel.com][Date Mon, 29 Mar 2004 17:34:07 +0900]/UNNAMED Infected: Email-Worm.Win32.NetSky.r skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From stologfng@maersk-logistics.com][Date Mon, 29 Mar 2004 16:56:26 +0800]/UNNAMED/msg29253.zip/message.eml .scr Infected: Email-Worm.Win32.NetSky.r skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From stologfng@maersk-logistics.com][Date Mon, 29 Mar 2004 16:56:26 +0800]/UNNAMED/msg29253.zip Infected: Email-Worm.Win32.NetSky.r skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From stologfng@maersk-logistics.com][Date Mon, 29 Mar 2004 16:56:26 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.r skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From Postmaster@globalex.co.kr][Date Sat, 3 Apr 2004 05:47:14 +0800]/UNNAMED/UNNAMED/[From sales@maktrans.com][Date Sat, 3 Apr 2004 05:47:14 +0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From Postmaster@globalex.co.kr][Date Sat, 3 Apr 2004 05:47:14 +0800]/UNNAMED/UNNAMED/[From sales@maktrans.com][Date Sat, 3 Apr 2004 05:47:14 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From Postmaster@globalex.co.kr][Date Sat, 3 Apr 2004 05:47:14 +0800]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From Postmaster@globalex.co.kr][Date Sat, 3 Apr 2004 05:47:14 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From sales@maktrans.com][Date Tue, 13 Apr 2004 13:30:01 +0800]/UNNAMED/game_xxo_roongroj.pif Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx/[From sales@maktrans.com][Date Tue, 13 Apr 2004 13:30:01 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Deleted Items.dbx Mail MS Outlook 5: infected - 20, suspicious - 10 skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Inbox.dbx/[From Postmaster@nichiryu.co.jp][Date Thu, 20 May 2004 14:58:14 +0800]/UNNAMED/UNNAMED/[From sales@maktrans.com][Date Thu, 20 May 2004 14:58:14 +0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Inbox.dbx/[From Postmaster@nichiryu.co.jp][Date Thu, 20 May 2004 14:58:14 +0800]/UNNAMED/UNNAMED/[From sales@maktrans.com][Date Thu, 20 May 2004 14:58:14 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Inbox.dbx/[From Postmaster@nichiryu.co.jp][Date Thu, 20 May 2004 14:58:14 +0800]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Inbox.dbx/[From Postmaster@nichiryu.co.jp][Date Thu, 20 May 2004 14:58:14 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Inbox.dbx/[From sales@maktrans.com][Date Fri, 21 May 2004 16:10:28 -0700]/UNNAMED/msg10710.zip/msg.eml .scr Infected: Email-Worm.Win32.NetSky.r skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Inbox.dbx/[From sales@maktrans.com][Date Fri, 21 May 2004 16:10:28 -0700]/UNNAMED/msg10710.zip Infected: Email-Worm.Win32.NetSky.r skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Inbox.dbx/[From sales@maktrans.com][Date Fri, 21 May 2004 16:10:28 -0700]/UNNAMED Infected: Email-Worm.Win32.NetSky.r skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Inbox.dbx/[From sales@maktrans.com][Date Sun, 23 May 2004 12:57:13 +0800]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Inbox.dbx/[From sales@maktrans.com][Date Sun, 23 May 2004 12:57:13 +0800]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Inbox.dbx/[From sales@maktrans.com][Date Sun, 23 May 2004 12:57:13 +0800]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\June012004\MTC7\Documents\EMAIL\Inbox.dbx/[From sales@maktrans.com][Date Sun, 23 May 2004 12:57:13 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
jomsjoms
2006-07-24, 08:53
KASPER CONTINUE:
D:\Backup\June012004\MTC7\Documents\EMAIL\Inbox.dbx Mail MS Outlook 5: infected - 5, suspicious - 6 skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From "Cargoplus" <cargoplus@tri-isys.com>][Date Tue, 24 Aug 2004 08:36:42 +0800]/UNNAMED/foto1.zip Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From "Cargoplus" <cargoplus@tri-isys.com>][Date Tue, 24 Aug 2004 08:36:42 +0800]/UNNAMED Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From "Imarine" <imarine@imanila.com.ph>][Date Mon, 30 Aug 2004 16:42:43 +0800]/UNNAMED/Cool_MP3.zip Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From "Imarine" <imarine@imanila.com.ph>][Date Mon, 30 Aug 2004 16:42:43 +0800]/UNNAMED Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From "Cargoplus" <cargoplus@tri-isys.com>][Date Mon, 30 Aug 2004 12:37:20 +0800]/UNNAMED/foto1.zip Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From "Cargoplus" <cargoplus@tri-isys.com>][Date Mon, 30 Aug 2004 12:37:20 +0800]/UNNAMED Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From US Bank <operator_507030284988989@usbank.com>][Date Wed, 11 Aug 2004 00:12:53 -0600]/UNNAMED/html Infected: Trojan-Spy.HTML.Usbankfraud.p skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From US Bank <operator_507030284988989@usbank.com>][Date Wed, 11 Aug 2004 00:12:53 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Usbankfraud.p skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From sales@maktrans.com][Date Fri, 5 Mar 2004 14:30:07 +0800]/UNNAMED/document_4351.pif Infected: Email-Worm.Win32.NetSky.d skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From sales@maktrans.com][Date Fri, 5 Mar 2004 14:30:07 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From <POSTMASTER@ntl-naigai.co.jp>][Date Wed, 24 Mar 2004 20:42:22 +0900]/text/[From sales@maktrans.com][Date Wed, 24 Mar 2004 18:41:41 +0800]/UNNAMED/data.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From <POSTMASTER@ntl-naigai.co.jp>][Date Wed, 24 Mar 2004 20:42:22 +0900]/text/[From sales@maktrans.com][Date Wed, 24 Mar 2004 18:41:41 +0800]/UNNAMED/data.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From <POSTMASTER@ntl-naigai.co.jp>][Date Wed, 24 Mar 2004 20:42:22 +0900]/text/[From sales@maktrans.com][Date Wed, 24 Mar 2004 18:41:41 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From <POSTMASTER@ntl-naigai.co.jp>][Date Wed, 24 Mar 2004 20:42:22 +0900]/text Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From gama@toukaisouko.co.jp][Date Mon, 29 Mar 2004 17:15:05 +0900]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From gama@toukaisouko.co.jp][Date Mon, 29 Mar 2004 17:15:05 +0900]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From gama@toukaisouko.co.jp][Date Mon, 29 Mar 2004 17:15:05 +0900]/UNNAMED/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From gama@toukaisouko.co.jp][Date Mon, 29 Mar 2004 17:15:05 +0900]/UNNAMED Infected: Email-Worm.Win32.NetSky.r skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From dhar@newglobedel.com][Date Mon, 29 Mar 2004 17:34:07 +0900]/UNNAMED/message1278.zip/message.eml .scr Infected: Email-Worm.Win32.NetSky.r skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From dhar@newglobedel.com][Date Mon, 29 Mar 2004 17:34:07 +0900]/UNNAMED/message1278.zip Infected: Email-Worm.Win32.NetSky.r skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From dhar@newglobedel.com][Date Mon, 29 Mar 2004 17:34:07 +0900]/UNNAMED Infected: Email-Worm.Win32.NetSky.r skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From stologfng@maersk-logistics.com][Date Mon, 29 Mar 2004 16:56:26 +0800]/UNNAMED/msg29253.zip/message.eml .scr Infected: Email-Worm.Win32.NetSky.r skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From stologfng@maersk-logistics.com][Date Mon, 29 Mar 2004 16:56:26 +0800]/UNNAMED/msg29253.zip Infected: Email-Worm.Win32.NetSky.r skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From stologfng@maersk-logistics.com][Date Mon, 29 Mar 2004 16:56:26 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.r skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From Postmaster@globalex.co.kr][Date Sat, 3 Apr 2004 05:47:14 +0800]/UNNAMED/UNNAMED/[From sales@maktrans.com][Date Sat, 3 Apr 2004 05:47:14 +0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From Postmaster@globalex.co.kr][Date Sat, 3 Apr 2004 05:47:14 +0800]/UNNAMED/UNNAMED/[From sales@maktrans.com][Date Sat, 3 Apr 2004 05:47:14 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From Postmaster@globalex.co.kr][Date Sat, 3 Apr 2004 05:47:14 +0800]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From Postmaster@globalex.co.kr][Date Sat, 3 Apr 2004 05:47:14 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From sales@maktrans.com][Date Tue, 13 Apr 2004 13:30:01 +0800]/UNNAMED/game_xxo_roongroj.pif Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From sales@maktrans.com][Date Tue, 13 Apr 2004 13:30:01 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From sales@maktrans.com][Date Sat, 17 Apr 2004 17:14:28 +0800]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From sales@maktrans.com][Date Sat, 17 Apr 2004 17:14:28 +0800]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From sales@maktrans.com][Date Sat, 17 Apr 2004 17:14:28 +0800]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From sales@maktrans.com][Date Sat, 17 Apr 2004 17:14:28 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From sales@maktrans.com][Date Tue, 20 Apr 2004 16:20:43 +0800]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From sales@maktrans.com][Date Tue, 20 Apr 2004 16:20:43 +0800]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From sales@maktrans.com][Date Tue, 20 Apr 2004 16:20:43 +0800]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From sales@maktrans.com][Date Tue, 20 Apr 2004 16:20:43 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From at <seadept@explorerfreight.com>][Date Sat, 26 Jun 2004]/UNNAMED/link.voicemessage.com.listen.index.php1Ab2c.pif Infected: Email-Worm.Win32.Zafi.b skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From at <seadept@explorerfreight.com>][Date Sat, 26 Jun 2004]/UNNAMED Infected: Email-Worm.Win32.Zafi.b skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From 21878@dell1.hkedcity.net][Date Wed, 30 Jun 2004 12:36:46 +0800]/UNNAMED/screensaver.txt Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From 21878@dell1.hkedcity.net][Date Wed, 30 Jun 2004 12:36:46 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From parkerlowrey@hotmail.com][Date Wed, 30 Jun 2004 12:36:40 +0800]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From parkerlowrey@hotmail.com][Date Wed, 30 Jun 2004 12:36:40 +0800]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From parkerlowrey@hotmail.com][Date Wed, 30 Jun 2004 12:36:40 +0800]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From parkerlowrey@hotmail.com][Date Wed, 30 Jun 2004 12:36:40 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From glasseyes@earthlink.net][Date Fri, 2 Jul 2004 18:05:32 +0800]/UNNAMED/id09509.txt.pif Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From glasseyes@earthlink.net][Date Fri, 2 Jul 2004 18:05:32 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From info@ymca.org.hk][Date Fri, 2 Jul 2004 18:05:24 +0800]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From info@ymca.org.hk][Date Fri, 2 Jul 2004 18:05:24 +0800]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From info@ymca.org.hk][Date Fri, 2 Jul 2004 18:05:24 +0800]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From info@ymca.org.hk][Date Fri, 2 Jul 2004 18:05:24 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From .kana@public.qd.sd.cn][Date Mon, 5 Jul 2004 11:48:17 +0800]/UNNAMED/document.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From .kana@public.qd.sd.cn][Date Mon, 5 Jul 2004 11:48:17 +0800]/UNNAMED/document.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From .kana@public.qd.sd.cn][Date Mon, 5 Jul 2004 11:48:17 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From noreply@sales][Date Mon, 19 Jul 2004 11:30:19 +0800]/UNNAMED/details.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From noreply@sales][Date Mon, 19 Jul 2004 11:30:19 +0800]/UNNAMED/details.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From noreply@sales][Date Mon, 19 Jul 2004 11:30:19 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From vj00004aed@hotmail.com][Date Sat, 17 Jul 2004 14:52:43 +0800]/UNNAMED/product.txt.scr Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From vj00004aed@hotmail.com][Date Sat, 17 Jul 2004 14:52:43 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From "Libcaptt" <libcaptt@skyinet.net>][Date Thu, 22 Jul 2004 10:06:40 +0800]/UNNAMED/Doll.zip Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From "Libcaptt" <libcaptt@skyinet.net>][Date Thu, 22 Jul 2004 10:06:40 +0800]/UNNAMED Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From "Sales" <sales@maktrans.com>][Date Mon, 26 Jul 2004 09:12:23 +0800]/UNNAMED/Dog.zip Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From "Sales" <sales@maktrans.com>][Date Mon, 26 Jul 2004 09:12:23 +0800]/UNNAMED Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From "Libcaptt" <libcaptt@skyinet.net>][Date Mon, 26 Jul 2004 09:12:21 +0800]/UNNAMED/Cool_MP3.zip Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From "Libcaptt" <libcaptt@skyinet.net>][Date Mon, 26 Jul 2004 09:12:21 +0800]/UNNAMED Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From "Jose.hernandez" <jose.hernandez@kuehne-nagel.com>][Date Mon, 26 Jul 2004 14:39:13 +0800]/UNNAMED/Garry.zip Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From "Jose.hernandez" <jose.hernandez@kuehne-nagel.com>][Date Mon, 26 Jul 2004 14:39:13 +0800]/UNNAMED Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From "Dir.newlink" <dir.newlink@iron.com.br>][Date Mon, 26 Jul 2004 10:32:00 -0600]/UNNAMED/Fish.zip Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx/[From "Dir.newlink" <dir.newlink@iron.com.br>][Date Mon, 26 Jul 2004 10:32:00 -0600]/UNNAMED Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Deleted Items.dbx Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From hggiraldi@yahoo.com][Date Sat, 17 Jul 2004 11:15:16 +0800]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From hggiraldi@yahoo.com][Date Sat, 17 Jul 2004 11:15:16 +0800]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From hggiraldi@yahoo.com][Date Sat, 17 Jul 2004 11:15:16 +0800]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From hggiraldi@yahoo.com][Date Sat, 17 Jul 2004 11:15:16 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From postmaster@gateway.skmti.com.ph][Date Mon, 19 Jul 2004 11:58:32 +0800]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From postmaster@gateway.skmti.com.ph][Date Mon, 19 Jul 2004 11:58:32 +0800]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From postmaster@gateway.skmti.com.ph][Date Mon, 19 Jul 2004 11:58:32 +0800]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From postmaster@gateway.skmti.com.ph][Date Mon, 19 Jul 2004 11:58:32 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From 8.000004.85475@gina.mcl][Date Tue, 20 Jul 2004 09:18:14 +0800]/UNNAMED/message.pif Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From 8.000004.85475@gina.mcl][Date Tue, 20 Jul 2004 09:18:14 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From "" <3Dwarehousing@maktrans.com>][Date Tue, 20 Jul 2004 10:49:25 +0800]/UNNAMED/Garry.exe Infected: Email-Worm.Win32.Bagle.ai skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From "" <3Dwarehousing@maktrans.com>][Date Tue, 20 Jul 2004 10:49:25 +0800]/UNNAMED Infected: Email-Worm.Win32.Bagle.ai skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From "Sales" <sales@maktrans.com>][Date Thu, 22 Jul 2004 10:07:00 +0800]/UNNAMED/Doll.zip Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From "Sales" <sales@maktrans.com>][Date Thu, 22 Jul 2004 10:07:00 +0800]/UNNAMED Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From "Jhun" <jhun@dfdstransport.com>][Date Thu, 22 Jul 2004 23:09:47 +0800]/UNNAMED/Dog.zip Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From "Jhun" <jhun@dfdstransport.com>][Date Thu, 22 Jul 2004 23:09:47 +0800]/UNNAMED Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From "PHILOGFINGEN" <PHILOGFINGEN@maersk-logistics.com>][Date Fri, 30 Jul 2004 16:08:30 +0000]/UNNAMED/MP3.zip Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From "PHILOGFINGEN" <PHILOGFINGEN@maersk-logistics.com>][Date Fri, 30 Jul 2004 16:08:30 +0000]/UNNAMED Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From "Sales" <sales@maktrans.com>][Date Mon, 17 May 2004 16:55:29 +0800]/UNNAMED/You_are_dismissed.com Infected: Email-Worm.Win32.Bagle.z skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From "Sales" <sales@maktrans.com>][Date Mon, 17 May 2004 16:55:29 +0800]/UNNAMED Infected: Email-Worm.Win32.Bagle.z skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From "PHILOGFINGEN" <PHILOGFINGEN@maersk-logistics.com>][Date Wed, 04 Aug 2004 09:52:44 +0000]/UNNAMED/Doll.zip Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From "PHILOGFINGEN" <PHILOGFINGEN@maersk-logistics.com>][Date Wed, 04 Aug 2004 09:52:44 +0000]/UNNAMED Infected: Email-Worm.Win32.Bagle.gen skipped
jomsjoms
2006-07-24, 08:54
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From "PHILOGFINGEN" <PHILOGFINGEN@maersk-logistics.com>][Date Sat, 07 Aug 2004 09:47:13 +0000]/UNNAMED/Cat.zip Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From "PHILOGFINGEN" <PHILOGFINGEN@maersk-logistics.com>][Date Sat, 07 Aug 2004 09:47:13 +0000]/UNNAMED Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From "PHILOGFINGEN" <PHILOGFINGEN@maersk-logistics.com>][Date Sat, 07 Aug 2004 11:48:43 +0000]/UNNAMED/Doll.zip Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From "PHILOGFINGEN" <PHILOGFINGEN@maersk-logistics.com>][Date Sat, 07 Aug 2004 11:48:43 +0000]/UNNAMED Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From jpark@uni-ocean.com][Date Mon, 16 Aug 2004 18:24:06 +0900]/UNNAMED/photos_arc.exe Infected: Email-Worm.Win32.Mydoom.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From jpark@uni-ocean.com][Date Mon, 16 Aug 2004 18:24:06 +0900]/UNNAMED Infected: Email-Worm.Win32.Mydoom.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From jpark@uni-ocean.com][Date Mon, 16 Aug 2004 18:24:06 +0900]/UNNAMED/photos_arc.exe Infected: Email-Worm.Win32.Mydoom.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From jpark@uni-ocean.com][Date Mon, 16 Aug 2004 18:24:06 +0900]/UNNAMED Infected: Email-Worm.Win32.Mydoom.q skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From "Sales.operations" <sales.operations@seajetintl.ph>][Date Wed, 25 Aug 2004 08:55:30 -0800]/UNNAMED/Cat.zip Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From "Sales.operations" <sales.operations@seajetintl.ph>][Date Wed, 25 Aug 2004 08:55:30 -0800]/UNNAMED Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From "Imarine" <imarine@imanila.com.ph>][Date Thu, 26 Aug 2004 13:33:37 +0800]/UNNAMED/Fish.zip Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From "Imarine" <imarine@imanila.com.ph>][Date Thu, 26 Aug 2004 13:33:37 +0800]/UNNAMED Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From "Sales.operations" <sales.operations@seajetintl.ph>][Date Mon, 30 Aug 2004 08:54:59 -0800]/UNNAMED/foto1.zip Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Backup\sept72004\sept 7 2004\mtc7.rar/mtc7/EMAIL/Inbox.dbx/[From "Sales.operations" <sales.operations@seajetintl.ph>][Date Mon, 30 Aug 2004 08:54:59 -0800]/UNNAMED Infected: Email-Worm.Win32.Bagle.gen skipped
Hello, sorry for the wait.
If you are still in need of assistance please post a link to this topic here:
If you have waited four days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836)
http://forums.spywareinfo.com/index.php?showtopic=80982&st=0&p=437716&#entry437716
BEFORE you post and who will advise you. Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)
Multi forum posters waste valuable volunteer resources, so please don't.
This topic is closed.