I've caught a bug :-(

[pskelley]

I will be glad to move on at your request, but understand if you read the information I posted, you would know that a simple installation can be done now, while combofix is installed, without the Windows CD. If you do not want to do this, remove combofix, C:\qoobox\quarantine\ folder, Vundofix and the C:\VundofixBackups.

Now run a new Kaspersky online scan using these settings:
* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.

Then post it here. <<< if the scan should be clean I do not need to see it.

Thanks

[OliviaS]

My apologies pskelley -- I skipped over some information on the recovery console. It is now installed (see log below). Let me know if I should now proceed with the instructions in your previous post (removing combofix, vundo, etc., and running another kaspersky report).

Thanks.

CF-RC.txt

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

[pskelley]

Yes

[OliviaS]

Hi pskelley:

Meh. Still infected, but not as bad as it was. Please see below. Thanks. ;-)

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 26, 2008 5:59:04 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/02/2008
Kaspersky Anti-Virus database records: 536122
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 66872
Number of viruses found: 3
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 03:22:59

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\comodo\Firewall Pro\cfplogdb.sdb Object is locked skipped
C:\Documents and Settings\Lindsay\Application Data\Mozilla\Firefox\Profiles\jss6veok.default\cert8.db Object is locked skipped
C:\Documents and Settings\Lindsay\Application Data\Mozilla\Firefox\Profiles\jss6veok.default\history.dat Object is locked skipped
C:\Documents and Settings\Lindsay\Application Data\Mozilla\Firefox\Profiles\jss6veok.default\key3.db Object is locked skipped
C:\Documents and Settings\Lindsay\Application Data\Mozilla\Firefox\Profiles\jss6veok.default\parent.lock Object is locked skipped
C:\Documents and Settings\Lindsay\Application Data\Mozilla\Firefox\Profiles\jss6veok.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Lindsay\Application Data\Mozilla\Firefox\Profiles\jss6veok.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Lindsay\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Lindsay\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Lindsay\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Lindsay\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Lindsay\Local Settings\Application Data\Mozilla\Firefox\Profiles\jss6veok.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Lindsay\Local Settings\Application Data\Mozilla\Firefox\Profiles\jss6veok.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Lindsay\Local Settings\Application Data\Mozilla\Firefox\Profiles\jss6veok.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Lindsay\Local Settings\Application Data\Mozilla\Firefox\Profiles\jss6veok.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Lindsay\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Lindsay\Local Settings\History\History.IE5\MSHist012008022620080227\index.dat Object is locked skipped
C:\Documents and Settings\Lindsay\Local Settings\Temp\~DFD498.tmp Object is locked skipped
C:\Documents and Settings\Lindsay\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Lindsay\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lindsay\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Lindsay\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\RECYCLER\S-1-5-21-4108108154-1726740624-833356117-1008\Dc4\C\WINDOWS\SYSTEM32\nGpxx01\nGpxx011065.exe.vir Infected: Trojan-Downloader.Win32.VB.cgu skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP802\A0144380.exe Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP806\A0145550.exe Infected: Trojan-Downloader.Win32.VB.cgu skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP806\A0146010.EXE Infected: Trojan-Dropper.Win32.Small.gq skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP807\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Antivirus.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_27c.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[pskelley]

Thanks for returning your scan results and the feedback. It's not a problem, I expect a few.

1) Empty the Recycle Bin on your Desktop

2) Restart the computer

3) Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

4) Safe surfing

Some good information for you:
http://users.telenet.be/bluepatchy/m...wcomputer.html
http://www.microsoft.com/windowsxp/u...s/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/m...revention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

[OliviaS]

All clean! Thanks again for your expertise and assistance, pskelley. I've read and bookmarked all of the links you posted and I'll definitely be making donations to safer networking and the sponsors of the other tools we used during this process.

Regards,
Lindsay

[pskelley]

Thanks Lindsay, I appreciate the feedback

Phil