Results 1 to 7 of 7

Thread: Infected shows Kaspersky

  1. 2008-03-10, 00:02 #1
    Sjtjuka
    Sjtjuka is offline
    Junior Member
    Join Date
    Jan 2007
    Posts
    12

    Default Infected shows Kaspersky

    Hi, my girlfriend brought me a memory stick which was indicated by McAfee scan to have a virus. I had a closer look at her machine to find the root of the problem, and Kaspersky log indicate 2 viruses. Kaspersky and HJT logs posted below. Once her machine is fixed I will start a new thread with scans of my own machine, just to make sure it was not infected. Please feel free to recommend any preventive measures she may need to take. Thank you v m.


    Kaspersky:
    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Sunday, March 09, 2008 7:53:35 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 9/03/2008
    Kaspersky Anti-Virus database records: 618217
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 41019
    Number of viruses found: 2
    Number of infected objects: 4
    Number of suspicious objects: 0
    Duration of the scan process: 01:07:06

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Administrator.DYER-2FP1B6RBFQ.002\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Administrator.DYER-2FP1B6RBFQ.002\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Administrator.DYER-FDC1FB623A\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Administrator.DYER-FDC1FB623A\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\All Users.WINDOWS\ntuser.dat Object is locked skipped
    C:\Documents and Settings\All Users.WINDOWS\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\dyer(2).DYER-2FP1B6RBFQ\ntuser.dat Object is locked skipped
    C:\Documents and Settings\dyer(2).DYER-2FP1B6RBFQ\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\dyer.DYER-2FP1B6RBFQ\Bureaublad\old documents\Mijn documenten\Mongsky\fowsetup.exe/WISE0037.BIN Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
    C:\Documents and Settings\dyer.DYER-2FP1B6RBFQ\Bureaublad\old documents\Mijn documenten\Mongsky\fowsetup.exe WiseSFX: infected - 1 skipped
    C:\Documents and Settings\dyer.DYER-2FP1B6RBFQ\ntuser.dat Object is locked skipped
    C:\Documents and Settings\dyer.DYER-2FP1B6RBFQ\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\dyer.DYER-4B9JBIX9M9\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\dyer.DYER-4B9JBIX9M9\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\call256.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\callmember256.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\chat512.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\chatmsg1024.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\chatmsg256.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\chatmsg512.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\chatmsg8192.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\contactgroup256.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\index2.dat Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\profile16384.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\transfer256.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\transfer512.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\user1024.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\user16384.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\voicemail256.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Incomplete\Preview-T-4183160-03 Track 3.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Incomplete\T-4183160-03 Track 3.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Geschiedenis\History.IE5\MSHist012008030920080310\index.dat Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\dyer.DYER-J57WV4Q5F4\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\dyer.DYER-J57WV4Q5F4\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY.002\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY.002\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY.002\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY.002\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY.002\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY.002\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY.002\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService.NT AUTHORITY.002\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService.NT AUTHORITY.002\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService.NT AUTHORITY.002\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService.NT AUTHORITY.002\ntuser.dat.LOG Object is locked skipped
    C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
    C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
    C:\System Volume Information\catalog.wci\00010003.ci Object is locked skipped
    C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
    C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
    C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
    C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
    C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
    C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
    C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
    C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
    C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
    C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
    C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
    C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
    C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{A62F9B41-A875-430E-BFCF-73F677A72549}\RP347\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{4E2FF8AE-9BD4-4E6E-8B39-D14F2D2B21AE}.bin Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_5f8.dat Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.


    and HJT:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:17:15, on 9/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB003" /M "Stylus Photo R240"
    O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series (Kopie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P40 "EPSON Stylus Photo R240 Series (Kopie 1)" /O6 "USB003" /M "Stylus Photo R240"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1159443478649
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1159447154453
    O16 - DPF: {BE34B056-7135-49B5-B750-238164858FD7} (EBookXP Control) - http://mview.nsumbiz.com/eMagazineCab/m4tools.cab
    O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    --
    End of file - 5349 bytes
  2. 2008-03-10, 15:04 #2
    pskelley
    pskelley is offline
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
    "BEFORE you POST" (READ this Procedure before Requesting Assistance)
    http://forums.spybot.info/showthread.php?t=288
    All advice given is taken at your own risk.
    Please make sure you have read this information so we are on the same page.

    Folks are forgetting how easy it is to get infected in this way. Where they would not download a file to their computer without scanning it, they download to the stick like mad and then share the infected files with others. If you plug one in to your computer...scan it first with your AV before you do anything else.

    These files may be tricky to find and remove, but since you have to do it, I will just show them to you.

    C:\Documents and Settings\dyer.DYER-2FP1B6RBFQ\Bureaublad\old documents\Mijn documenten\Mongsky\fowsetup.exe/WISE0037.BIN ------> Porn-Dialer.Win32.Generic skipped
    C:\Documents and Settings\dyer.DYER-2FP1B6RBFQ\Bureaublad\old documents\Mijn documenten\Mongsky\fowsetup.exe WiseSFX: infected - 1
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Incomplete\Preview-T-4183160-03 Track 3.wma ------> Trojan-Downloader.WMA.Wimad.l
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Incomplete\T-4183160-03 Track 3.wma ------> Trojan-Downloader.WMA.Wimad.l

    I would take no chances and delete the complete documents and files. I will red in what I believe should go.
    Once they have been removed, scan again with KOS to be sure they are gone.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006
  3. 2008-03-10, 22:32 #3
    Sjtjuka
    Sjtjuka is offline
    Junior Member
    Join Date
    Jan 2007
    Posts
    12

    Default

    Now the files are deleted according to my girlfriend. Here is the new KOS log, seems that there are still problems


    KASPERSKY ONLINE SCANNER REPORTKASPERSKY ONLINE SCANNER REPORT
    Monday, March 10, 2008 9:08:31 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build
    2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 10/03/2008
    Kaspersky Anti-Virus database records: 622359

    Scan Settings
    Scan using the following antivirus databaseextended
    Scan Archivestrue
    Scan Mail Basestrue
    Scan TargetMy Computer
    A:\
    C:\
    D:\
    E:\
    Scan Statistics
    Total number of scanned objects43133
    Number of viruses found1
    Number of infected objects2
    Number of suspicious objects0
    Duration of the scan process01:02:57
    Infected Object NameVirus NameLast Action
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
    Data\Skype\charlotte.dyer1\call256.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
    Data\Skype\charlotte.dyer1\callmember256.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
    Data\Skype\charlotte.dyer1\chat512.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
    Data\Skype\charlotte.dyer1\chatmsg1024.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
    Data\Skype\charlotte.dyer1\chatmsg256.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
    Data\Skype\charlotte.dyer1\chatmsg512.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
    Data\Skype\charlotte.dyer1\chatmsg8192.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
    Data\Skype\charlotte.dyer1\contactgroup256.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
    Data\Skype\charlotte.dyer1\index2.dat Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
    Data\Skype\charlotte.dyer1\profile16384.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
    Data\Skype\charlotte.dyer1\transfer256.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
    Data\Skype\charlotte.dyer1\transfer512.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
    Data\Skype\charlotte.dyer1\user1024.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
    Data\Skype\charlotte.dyer1\user16384.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
    Data\Skype\charlotte.dyer1\voicemail256.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Cookies\index.dat Object is
    locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Application
    Data\Adobe\Acrobat\8.0\Updater\updater.log Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Application
    Data\Adobe\Updater5\aumLib.log Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Application
    Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Application
    Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Application
    Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local
    Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local
    Settings\Geschiedenis\History.IE5\MSHist012008031020080311\index.dat
    Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Temporary
    Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Temporary
    Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\NTUSER.DAT Object is locked
    skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\ntuser.dat.LOG Object is
    locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY.002\Cookies\index.dat
    Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY.002\Local
    Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked
    skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY.002\Local
    Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is
    locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY.002\Local
    Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY.002\Local
    Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked
    skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY.002\NTUSER.DAT Object
    is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY.002\ntuser.dat.LOG
    Object is locked skipped
    C:\Documents and Settings\NetworkService.NT AUTHORITY.002\Local
    Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked
    skipped
    C:\Documents and Settings\NetworkService.NT AUTHORITY.002\Local
    Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is
    locked skipped
    C:\Documents and Settings\NetworkService.NT AUTHORITY.002\NTUSER.DAT
    Object is locked skipped
    C:\Documents and Settings\NetworkService.NT AUTHORITY.002\ntuser.dat.LOG
    Object is locked skipped
    C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked
    skipped
    C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked
    skipped
    C:\System Volume Information\catalog.wci\00010003.ci Object is locked
    skipped
    C:\System Volume Information\catalog.wci\cicat.fid Object is locked
    skipped
    C:\System Volume Information\catalog.wci\cicat.hsh Object is locked
    skipped
    C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked
    skipped
    C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked
    skipped
    C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked
    skipped
    C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked
    skipped
    C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked
    skipped
    C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked
    skipped
    C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked
    skipped
    C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked
    skipped
    C:\System Volume Information\catalog.wci\INDEX.000 Object is locked
    skipped
    C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked
    skipped
    C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked
    skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is
    locked skipped
    C:\System Volume
    Information\_restore{A62F9B41-A875-430E-BFCF-73F677A72549}\RP348\A0056797.exe/WISE0037.BIN
    Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
    C:\System Volume
    Information\_restore{A62F9B41-A875-430E-BFCF-73F677A72549}\RP348\A0056797.exe
    WiseSFX: infected - 1 skipped
    C:\System Volume
    Information\_restore{A62F9B41-A875-430E-BFCF-73F677A72549}\RP348\change.log
    Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{84F073A9-3B06-4552-9B26-D5C34432F9AE}.bin
    Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked
    skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked
    skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked
    skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked
    skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked
    skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked
    skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_5c4.dat Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
  4. 2008-03-10, 23:11 #4
    pskelley
    pskelley is offline
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    I don't know what was done the the Kaspersky scan results, it looks like word wrap was turned on in Notepad (formatted) and I could not scan the results. Close as I can figure, these are the items being reported and they are infected System Restore files. Follow these directions.
    http://www.microsoft.com/windowsxp/u...s/mcgill1.mspx

    C:\System Volume Information\_restore{A62F9B41-A875-430E-BFCF-73F677A72549}\RP348\A0056797.exe/WISE0037.BIN
    Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
    C:\System Volume Information\_restore{A62F9B41-A875-430E-BFCF-73F677A72549}\RP348\A0056797.exe
    WiseSFX: infected - 1 skipped

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006
  5. 2008-03-11, 15:05 #5
    Sjtjuka
    Sjtjuka is offline
    Junior Member
    Join Date
    Jan 2007
    Posts
    12

    Default

    Now that has been done, and a new log posted below. Im posting it straight from an email where the text is not wrapped, so not sure why the formatting is strange. Let me know if I should repost it in another format of some sort.

    ------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Tuesday, March 11, 2008 1:00:14 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 11/03/2008
    Kaspersky Anti-Virus database records: 623475
    -------------------------------------------------------------------------------
    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true
    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    Scan Statistics:
    Total number of scanned objects: 38914
    Number of viruses found: 0
    Number of infected objects: 0
    Number of suspicious objects: 0
    Duration of the scan process: 01:03:06
    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\call256.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\callmember256.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\chat512.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\chatmsg1024.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\chatmsg256.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\chatmsg512.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\chatmsg8192.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\contactgroup256.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\index2.dat Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\profile16384.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\transfer256.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\transfer512.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\user1024.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\user16384.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\voicemail256.dbb Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Geschiedenis\History.IE5\MSHist012008031120080312\index.dat Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\dyer.DYER-FDC1FB623A\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY.002\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY.002\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY.002\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY.002\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY.002\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY.002\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY.002\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService.NT AUTHORITY.002\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService.NT AUTHORITY.002\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService.NT AUTHORITY.002\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService.NT AUTHORITY.002\ntuser.dat.LOG Object is locked skipped
    C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
    C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
    C:\System Volume Information\catalog.wci\00010003.ci Object is locked skipped
    C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
    C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
    C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
    C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
    C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
    C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
    C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
    C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
    C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
    C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
    C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
    C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
    C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{A62F9B41-A875-430E-BFCF-73F677A72549}\RP350\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{2589ECE8-3481-45BB-B515-4C1AD6B9D189}.bin Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_5bc.dat Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    Scan process completed.
  6. 2008-03-11, 15:15 #6
    pskelley
    pskelley is offline
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Nope, that is posted perfectly and it is a clean scan:
    Total number of scanned objects: 38914
    Number of viruses found: 0
    Number of infected objects: 0
    Number of suspicious objects: 0
    So, you really did not need to post it...but thanks.

    Some good information for you:
    http://users.telenet.be/bluepatchy/m...wcomputer.html
    http://www.microsoft.com/windowsxp/u...s/mcgill1.mspx

    Here is some great information from experts in this field that will help you stay clean and safe online.
    http://users.telenet.be/bluepatchy/m...revention.html
    http://forums.spybot.info/showthread.php?t=279
    http://russelltexas.com/malware/allclear.htm
    http://forum.malwareremoval.com/viewtopic.php?t=14
    http://www.bleepingcomputer.com/forums/topict2520.html
    http://cybercoyote.org/security/not-admin.shtml

    http://www.malwarecomplaints.info/

    Thanks...pskelley
    Safer Networking Forums
    http://www.spybot.info/en/donate/index.html
    If you are reading this information...thank a teacher,
    If you are reading it in English...thank a soldier.
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006
  7. 2008-03-11, 22:56 #7
    Sjtjuka
    Sjtjuka is offline
    Junior Member
    Join Date
    Jan 2007
    Posts
    12

    Default

    Many thanks - much appreciated.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules