Astrakiller, Smitfraud-C.Toolbar888 and Virtumonde

scottydog · Aug 10, 2006

Hi there,

I am currently troubleshooting some probs on my step dads pc whereby on running spybot I keep picking up the following malware mentioned in the subject title. I fix this in spybot and run a new scan but for some reason these offending items have still not been removed. I have tried a number of things already but don't appear to be making too much progress and am getting increasingly frustrated at my lack of progress. In conjunction with spybot the pc is also running adaware and avg. I have also tried running specific fixes that I have found called SmitFraudFix and also Vundofix.exe (by S!iri) as per a similar thread that was posted by jdl155 on 8th aug and replied to by teacup. I still have to try a few things as listed in the thread including silent runners.zip and combofix.exe but I thought I would post my logfiles in the meantime whilst waiting for a reply.

I have also ran DrWebCureit which did not fix the problem. How hardful are these viruses by the way as my step dad is now extremely paranoid about putting his credit card details in to purchase anything and where could he have picked this up from? Is he right to be so paranoid? I have also attempted to download the win2000 updates but appear to be having probs downloading these also (a seperate issue that I am looking in to). I would like to think that this can be fixed without wiping the pc totally and any ideas that you could offer would be greatly appreciated.

Thanks in advance

Scott

AVG LOGFILE

<history>

<rec time="2006/04/13 11:19:50" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">iavi:317-316;</attr>
</rec>
<rec time="2006/04/14 17:36:41" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">iavi:319-317;</attr>
</rec>
<rec time="2006/04/16 09:49:12" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">iavi:320-319;</attr>
</rec>
<rec time="2006/04/17 20:02:33" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">avi:737-736;iavi:321-320;</attr>
</rec>
<rec time="2006/04/18 11:53:09" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">avi:739-737;iavi:324-321;</attr>
</rec>
<rec time="2006/04/19 10:24:53" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">avi:740-739;iavi:325-324;</attr>
</rec>
<rec time="2006/04/20 12:22:25" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">iavi:326-325;</attr>
</rec>
<rec time="2006/04/21 11:29:42" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">iavi:327-326;</attr>
</rec>
<rec time="2006/04/22 16:58:07" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">avi:741-740;iavi:328-327;</attr>
</rec>
<rec time="2006/04/23 14:54:34" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">iavi:329-328;</attr>
</rec>
<rec time="2006/04/25 10:10:13" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">avi:742-741;iavi:330-329;</attr>
</rec>
<rec time="2006/04/26 09:49:11" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">iavi:331-330;</attr>
</rec>
<rec time="2006/04/27 09:49:19" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">avi:743-742;iavi:332-331;</attr>
</rec>
<rec time="2006/04/28 15:58:43" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">avi:744-743;iavi:333-332;</attr>
</rec>
<rec time="2006/04/29 17:50:16" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">iavi:334-333;</attr>
</rec>
<rec time="2006/05/01 19:07:58" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">iavi:335-334;</attr>
</rec>
<rec time="2006/05/03 09:50:01" user="SYSTEM" source="Update">
<value>@HL_UpdateOKNeedRestart</value>
<attr
name="version">avi:745-744;core:392-381;core9x:392-381;corent:392-381;dos:392-381;helpsm:386-373;iavi:336-335;lng:389-381;setup:389-381;update:389-385;</attr
>
</rec>
<rec time="2006/05/03 15:56:33" user="Administrator" source="General">
<value>@HL_TestStarted</value>
<attr
name="testname">@TestName_02</attr>
</rec>
<rec time="2006/05/03 16:28:18" user="Administrator" source="General">
<value>@HL_TestEnded</value>
<attr
name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2006/05/04 11:41:36" user="SYSTEM" source="Update">

<value>@HL_UpdateOK</value>
<attr name="version">avi:746-745;iavi:338-336;</attr>
</rec>
<rec time="2006/05/05 10:13:53" user="SYSTEM" source="Update">

<value>@HL_UpdateOK</value>
<attr name="version">avi:747-746;iavi:339-338;</attr>
</rec>
<rec time="2006/05/07 10:16:14" user="SYSTEM" source="Update">

<value>@HL_UpdateOK</value>
<attr name="version">avi:748-747;iavi:340-339;</attr>
</rec>
<rec time="2006/05/09 15:38:59" user="SYSTEM" source="Update">

<value>@HL_UpdateOK</value>
<attr name="version">iavi:341-340;</attr>
</rec>
<rec time="2006/05/10 12:26:56" user="SYSTEM" source="Update">

<value>@HL_UpdateOK</value>
<attr name="version">iavi:342-341;</attr>
</rec>
<rec time="2006/05/12 13:33:32" user="SYSTEM" source="Update">

<value>@HL_UpdateOK</value>
<attr name="version">avi:749-748;iavi:344-342;</attr>
</rec>
<rec time="2006/05/13 09:58:57" user="SYSTEM" source="Update">

<value>@HL_UpdateOK</value>
<attr name="version">iavi:345-344;</attr>
</rec>
<rec time="2006/05/14 12:02:48" user="SYSTEM" source="Update">

<value>@HL_UpdateOK</value>
<attr name="version">iavi:346-345;</attr>
</rec>
<rec time="2006/05/15 18:51:14" user="SYSTEM" source="Update">

<value>@HL_UpdateOK</value>
<attr name="version">iavi:347-346;</attr>
</rec>
<rec time="2006/05/17 09:49:18" user="SYSTEM" source="Update">

<value>@HL_UpdateOK</value>
<attr name="version">avi:750-749;iavi:348-347;</attr>
</rec>
<rec time="2006/05/18 11:17:30" user="SYSTEM" source="Update">

<value>@HL_UpdateOK</value>
<attr name="version">iavi:349-348;</attr>
</rec>
<rec time="2006/05/19 08:00:04" user="SYSTEM" source="General">

<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2006/05/19 08:22:10" user="SYSTEM" source="General">

<value>@HL_TestStopped</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2006/05/22 08:33:27"
user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:751-750;iavi:351-349;</attr>
</rec>
<rec time="2006/05/23 09:49:13"
user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:752-751;iavi:352-351;</attr>
</rec>
<rec time="2006/05/24 11:29:29"
user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">core:394-392;core9x:394-392;corent:394-392;dos:394-392;iavi:353-352;</attr>
</rec>
<rec time="2006/05/25 10:26:44" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:753-752;iavi:354-353;</attr>
</rec>
<rec time="2006/05/28 12:57:27" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:754-753;iavi:356-354;</attr>
</rec>
<rec time="2006/05/29 19:01:44" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:756-754;iavi:358-356;</attr>
</rec>
<rec time="2006/05/31 09:49:13" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:757-756;iavi:359-358;</attr>
</rec>
<rec time="2006/06/01 18:45:52" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:758-757;iavi:361-359;</attr>
</rec>
<rec time="2006/06/02 08:00:16" user="SYSTEM"
source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2006/06/03 19:49:15" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:362-361;</attr>
</rec>
<rec time="2006/06/06 11:38:12" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:759-758;iavi:363-362;</attr>
</rec>
<rec time="2006/06/07 11:36:06" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:364-363;</attr>
</rec>
<rec time="2006/06/08 15:20:26" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:760-759;iavi:365-364;</attr>
</rec>
<rec time="2006/06/09 12:58:10" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:366-365;</attr>
</rec>
<rec time="2006/06/12 15:50:58" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:368-366;</attr>
</rec>
<rec time="2006/06/13 09:49:20" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:369-368;</attr>
</rec>
<rec time="2006/06/14 14:35:31" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:761-760;iavi:370-369;</attr>
</rec>
<rec time="2006/06/15 09:49:29" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:371-370;</attr>
</rec>
<rec time="2006/06/15 11:27:37" user="Administrator"
source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2006/06/15 12:00:53" user="Administrator"
source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec
time="2006/06/16 15:55:14" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:763-761;iavi:374-371;</attr>
</rec>
<rec
time="2006/06/18 09:25:31" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:375-374;</attr>
</rec>
<rec
time="2006/06/19 15:51:21" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:764-763;iavi:376-375;</attr>
</rec>
<rec
time="2006/06/21 19:01:30" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:765-764;iavi:379-376;</attr>
</rec>
<rec
time="2006/06/23 23:07:35" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:766-765;iavi:381-379;</attr>
</rec>
<rec
time="2006/06/26 17:27:17" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:768-766;iavi:383-381;</attr>
</rec>
<rec
time="2006/06/28 15:58:25" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:384-383;</attr>
</rec>
<rec
time="2006/06/29 16:15:41" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:769-768;iavi:385-384;</attr>
</rec>
<rec
time="2006/07/02 09:20:49" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:772-769;iavi:388-385;</attr>
</rec>
<rec
time="2006/07/04 15:18:42" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:389-388;</attr>
</rec>
<rec
time="2006/07/06 16:10:07" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:773-772;iavi:390-389;</attr>
</rec>
<rec
time="2006/07/07 17:31:35" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:774-773;iavi:391-390;</attr>
</rec>
<rec
time="2006/07/10 21:47:32" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:392-391;</attr>
</rec>
<rec
time="2006/07/12 13:03:30" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:394-392;</attr>
</rec>
<rec
time="2006/07/21 16:05:37" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:779-774;iavi:403-394;</attr>
</rec>
<rec
time="2006/07/27 21:05:03" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\WINNT\eraseme_56516.exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">BackDoor.Generic3.LY</attr>
</rec>
<rec time="2006/07/27 21:05:09" user="Administrator"
source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\WINNT\eraseme_56516.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/27 22:06:36" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\RDFX4.exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.56.J</attr>
</rec>
<rec time="2006/07/27 22:06:38" user="SYSTEM" source="Virus">

<value>@HL_ReportFindRS</value>
<attr name="filename">C:\MTE3NDI6ODoxNgnew.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.Generic.HGT</attr>
</rec>
<rec time="2006/07/27 22:06:40" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr
name="filename">C:\stub_113_4_0_4_0newer.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic2.GDZ</attr>
</rec>
<rec time="2006/07/27 22:06:52" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\RDFX4.exe</attr>

<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/27 22:07:10" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>

<attr name="filename">C:\MTE3NDI6ODoxNgnew.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/27 22:07:13" user="SYSTEM"
source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\41S9QH0F\MTE3NDI6ODoxNg[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic.HGT</attr>
</rec>
<rec time="2006/07/27 22:07:16" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and
Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8Z87I545\MTE3NDI6ODoxNg[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>

<attr name="virusname">Downloader.Generic.HGT</attr>
</rec>
<rec time="2006/07/27 22:07:25" user="Administrator" source="Virus">

<value>@HL_ActionTaken</value>
<attr name="filename">C:\stub_113_4_0_4_0newer.exe</attr>
<attr name="action">@HL_ActVVInserted</attr>
</rec>
<rec
time="2006/07/27 22:08:02" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default
User\Local Settings\Temporary Internet Files\Content.IE5\8Z87I545\MTE3NDI6ODoxNg[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec
time="2006/07/27 22:08:30" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default
User\Local Settings\Temporary Internet Files\Content.IE5\EZM5IHO7\drsmartload46a[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.Generic2.GQV</attr>
</rec>
<rec time="2006/07/27 22:08:34" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>

<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CFQ5W9Y3\drsmartload849a[1].exe</attr>

<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic2.GQV</attr>
</rec>
<rec time="2006/07/27 22:08:51" user="Administrator"
source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\EZM5IHO7\drsmartload46a[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/27 22:09:02" user="SYSTEM"
source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\MTE3NDI6ODoxNg.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.Generic.HGT</attr>
</rec>
<rec time="2006/07/27 22:09:04" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr
name="filename">C:\drsmartload46a7i.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic2.GQV</attr>
</rec>
<rec
time="2006/07/27 22:09:04" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default
User\Local Settings\Temporary Internet Files\Content.IE5\CFQ5W9Y3\drsmartload849a[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec
time="2006/07/27 22:09:05" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default
User\Local Settings\Temporary Internet Files\Content.IE5\41S9QH0F\drsmartload849a[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.Generic2.GQV</attr>
</rec>
<rec time="2006/07/27 22:09:16" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>

<attr name="filename">C:\drsmartload46a7i.exe</attr>
<attr name="action">@HL_ActVVInserted</attr>
</rec>
<rec time="2006/07/27 22:09:22"
user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary
Internet Files\Content.IE5\41S9QH0F\drsmartload849a[1].exe</attr>
<attr name="action">@HL_ActVVInserted</attr>
</rec>

scottydog · Aug 11, 2006

<rec time="2006/07/28 14:42:00"
user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\WINNT\system32\fp6603jse.dll</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">Look2me</attr>
</rec>
<rec time="2006/07/28 14:58:18" user="SYSTEM" source="Virus">

<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\8Z87I545\drsmartload46a[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic2.GQV</attr>
</rec>
<rec time="2006/07/28 14:58:25" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and
Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\EZM5IHO7\drsmartload46a[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>

<attr name="virusname">Downloader.Generic2.GQV</attr>
</rec>
<rec time="2006/07/28 14:58:31" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>

<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8Z87I545\drsmartload849a[1].exe</attr>

<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic2.GQV</attr>
</rec>
<rec time="2006/07/28 15:00:50" user="SYSTEM"
source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\WINNT\system32\g640lghm164a.dll</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">Look2me</attr>
</rec>
<rec time="2006/07/28 15:19:25" user="SYSTEM" source="Virus">

<value>@HL_ReportFindRS</value>
<attr name="filename">C:\WINNT\system32\i0lo0a33ed.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Look2me</attr>
</rec>
<rec time="2006/07/28 15:36:58" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">avi:781-779;iavi:411-403;</attr>
</rec>
<rec time="2006/07/28 15:37:02" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>

<attr name="filename">C:\dfndref_7.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Clicker.COI</attr>
</rec>
<rec
time="2006/07/28 15:37:04" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\kybrdef_7.exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.VB.FL</attr>
</rec>
<rec time="2006/07/28 15:37:07" user="SYSTEM" source="Virus">

<value>@HL_ReportFindRS</value>
<attr name="filename">C:\drsmartload1.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.VB.FK</attr>
</rec>
<rec time="2006/07/28 15:37:18" user="Administrator" source="Virus">

<value>@HL_ActionTakenRestartRequired</value>
<attr name="filename">C:\dfndref_7.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec
time="2006/07/28 15:37:34" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\dfndref_7.exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">Clicker.COI</attr>
</rec>
<rec time="2006/07/28 15:37:40" user="SYSTEM" source="Virus">

<value>@HL_ReportFindRS</value>
<attr name="filename">C:\kybrdef_7.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.VB.FL</attr>
</rec>
<rec time="2006/07/28 15:37:45" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr
name="filename">C:\drsmartload1.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.VB.FK</attr>
</rec>
<rec
time="2006/07/28 15:37:53" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default
User\Local Settings\Temporary Internet Files\Content.IE5\EZM5IHO7\drsmartload46a[2].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.Generic2.GQV</attr>
</rec>
<rec time="2006/07/28 15:38:00" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>

<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8Z87I545\drsmartload849a[2].exe</attr>

<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic2.GQV</attr>
</rec>
<rec time="2006/07/28 15:38:14" user="SYSTEM"
source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\drsmartload1.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.VB.FK</attr>
</rec>
<rec time="2006/07/28 15:38:54" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr
name="filename">C:\drsmartload1.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.VB.FK</attr>
</rec>
<rec
time="2006/07/28 15:46:17" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\kybrdef_7.exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.VB.FL</attr>
</rec>
<rec time="2006/07/28 15:47:23" user="Administrator"
source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\nwnmef_7.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.VB.FO</attr>
</rec>
<rec time="2006/07/28 16:01:14" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr
name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CFQ5W9Y3\drsmartload[1].exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.VB.FK</attr>
</rec>
<rec time="2006/07/28 16:01:43" user="Administrator"
source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\CFQ5W9Y3\drsmartload[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 16:02:05" user="SYSTEM"
source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\8Z87I545\drsmartload[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.VB.FK</attr>
</rec>
<rec
time="2006/07/28 16:02:06" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\drsmartload1.exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.VB.FK</attr>
</rec>
<rec time="2006/07/28 16:02:16" user="Administrator"
source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\8Z87I545\drsmartload[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 16:02:29" user="Administrator"
source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\drsmartload1.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec
time="2006/07/28 16:30:53" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\WINNT\system32\fpr0039me.dll</attr>

<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Look2me</attr>
</rec>
<rec time="2006/07/28 16:38:08" user="Administrator" source="Virus">

<value>@HL_ReportFindRS</value>
<attr name="filename">C:\kybrdef_7.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.VB.FL</attr>
</rec>
<rec time="2006/07/28 16:38:21" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>

<attr name="filename">C:\nwnmef_7.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.VB.FO</attr>
</rec>
<rec
time="2006/07/28 17:13:37" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\kybrdef_7.exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.VB.FL</attr>
</rec>
<rec time="2006/07/28 17:14:19" user="Administrator"
source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\kybrdef_7.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.VB.FL</attr>
</rec>
<rec time="2006/07/28 17:14:39" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>

<attr name="filename">C:\kybrdef_7.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.VB.FL</attr>
</rec>
<rec
time="2006/07/28 17:15:14" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\kybrdef_7.exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.VB.FL</attr>
</rec>
<rec time="2006/07/28 17:15:48" user="Administrator"
source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\kybrdef_7.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.VB.FL</attr>
</rec>
<rec time="2006/07/28 17:16:06" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>

<attr name="filename">C:\nwnmef_7.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.VB.FO</attr>
</rec>
<rec
time="2006/07/28 17:16:38" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\nwnmef_7.exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.VB.FO</attr>
</rec>
<rec time="2006/07/28 17:17:09" user="Administrator"
source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\nwnmef_7.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.VB.FO</attr>
</rec>
<rec time="2006/07/28 17:17:46" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>

<attr name="filename">C:\nwnmef_7.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.VB.FO</attr>
</rec>
<rec
time="2006/07/28 17:18:16" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\nwnmef_7.exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.VB.FO</attr>
</rec>
<rec time="2006/07/28 22:06:32" user="Administrator"
source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\kybrdef_7.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.VB.FL</attr>
</rec>
<rec time="2006/07/28 22:06:50" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>

scottydog · Aug 11, 2006

Astrakiller, Smitfraud-C.Toolbar888 and Virtumonde Reply to Thread

<attr name="filename">C:\nwnmef_7.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.VB.FO</attr>
</rec>
<rec
time="2006/07/28 22:08:57" user="Administrator" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec
time="2006/07/28 22:08:59" user="Administrator" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\\kybrdef_7.exe</attr>
<attr
name="type">@EID_Id_trj</attr>
<attr name="what">Downloader.VB.FL</attr>
</rec>
<rec time="2006/07/28 22:08:59" user="Administrator" source="Virus">

<value>@HL_ReportFind</value>
<attr name="where">C:\\nwnmef_7.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr
name="what">Downloader.VB.FO</attr>
</rec>
<rec time="2006/07/28 22:09:02" user="Administrator" source="Virus">
<value>@HL_ReportFind</value>
<attr
name="where">C:\ac3_0010.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Downloader.Generic2.HBY</attr>
</rec>
<rec time="2006/07/28
22:09:02" user="Administrator" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\drsmartload.exe</attr>
<attr
name="type">@EID_Id_trj</attr>
<attr name="what">Downloader.VB.FK</attr>
</rec>
<rec time="2006/07/28 22:09:02" user="Administrator" source="Virus">

<value>@HL_ReportFind</value>
<attr name="where">C:\drsmartload45a7i.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr
name="what">Downloader.VB.FM</attr>
</rec>
<rec time="2006/07/28 22:09:02" user="Administrator" source="Virus">
<value>@HL_ReportFind</value>
<attr
name="where">C:\kybrdef_7.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Downloader.VB.FL</attr>
</rec>
<rec time="2006/07/28
22:09:03" user="Administrator" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\MTE3NDI6ODoxNg.exe</attr>
<attr
name="type">@EID_Id_trj</attr>
<attr name="what">Downloader.Generic.HGT</attr>
</rec>
<rec time="2006/07/28 22:09:03" user="Administrator" source="Virus">

<value>@HL_ReportFind</value>
<attr name="where">C:\nwnmef_7.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr
name="what">Downloader.VB.FO</attr>
</rec>
<rec time="2006/07/28 22:28:58" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>
<attr
name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\41S9QH0F\dfndref_7[1].exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">Clicker.COI</attr>
</rec>
<rec time="2006/07/28 22:29:06" user="Administrator" source="Virus">

<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\41S9QH0F\nwnmef_7[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.VB.FO</attr>
</rec>
<rec
time="2006/07/28 22:29:16" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default
User\Local Settings\Temporary Internet Files\Content.IE5\41S9QH0F\dfndref_7[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec
time="2006/07/28 22:29:20" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default
User\Local Settings\Temporary Internet Files\Content.IE5\41S9QH0F\nwnmef_7[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec
time="2006/07/28 22:29:23" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default
User\Local Settings\Temporary Internet Files\Content.IE5\8Z87I545\drsmartload45a[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.VB.FM</attr>
</rec>
<rec time="2006/07/28 22:29:27" user="Administrator" source="Virus">

<value>@HL_ActionTakenRestartRequired</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\8Z87I545\drsmartload45a[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 22:29:28"
user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default User\Local
Settings\Temporary Internet Files\Content.IE5\8Z87I545\drsmartload849a[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.Generic2.GQV</attr>
</rec>
<rec time="2006/07/28 22:29:33" user="Administrator" source="Virus">

<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\8Z87I545\drsmartload849a[2].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic2.GQV</attr>
</rec>
<rec time="2006/07/28 22:29:34" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and
Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8Z87I545\drsmartload849a[1].exe</attr>
<attr
name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 22:29:39" user="Administrator" source="Virus">

<value>@HL_ActionTakenRestartRequired</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\8Z87I545\drsmartload849a[2].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 22:29:46"
user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default User\Local
Settings\Temporary Internet Files\Content.IE5\CFQ5W9Y3\kybrdef_7[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.VB.FL</attr>
</rec>
<rec time="2006/07/28 22:30:00" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>

<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CFQ5W9Y3\loader[1].exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.VB.FK</attr>
</rec>
<rec time="2006/07/28 22:30:00" user="Administrator"
source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\CFQ5W9Y3\kybrdef_7[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 22:30:08" user="Administrator"
source="Virus">
<value>@HL_ActionTakenRestartRequired</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary
Internet Files\Content.IE5\CFQ5W9Y3\loader[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 22:30:14"
user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default User\Local
Settings\Temporary Internet Files\Content.IE5\CFQ5W9Y3\RDFX4[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.Small.56.J</attr>
</rec>
<rec time="2006/07/28 22:30:15" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>

<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CFQ5W9Y3\stub_113_4_0_4_0[1].exe</attr>

<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic2.GDZ</attr>
</rec>
<rec time="2006/07/28 22:30:20" user="Administrator"
source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\CFQ5W9Y3\RDFX4[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 22:30:21" user="Administrator"
source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\EZM5IHO7\drsmartload46a[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic2.GQV</attr>
</rec>
<rec time="2006/07/28 22:30:25" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and
Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CFQ5W9Y3\stub_113_4_0_4_0[1].exe</attr>
<attr
name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 22:30:27" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>
<attr
name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\EZM5IHO7\drsmartload46a[2].exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic2.GQV</attr>
</rec>
<rec time="2006/07/28 22:30:33" user="Administrator"
source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\EZM5IHO7\drsmartload46a[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 22:30:33"
user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default User\Local
Settings\Temporary Internet Files\Content.IE5\EZM5IHO7\MTE3NDI6ODoxNg[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.Generic.HGT</attr>
</rec>
<rec time="2006/07/28 22:30:37" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>

<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\EZM5IHO7\drsmartload46a[2].exe</attr>

<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 22:30:41" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>

<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\EZM5IHO7\MTE3NDI6ODoxNg[1].exe</attr>

<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 22:30:44" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>

<attr name="filename">C:\MTE3NDI6ODoxNg.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic.HGT</attr>
</rec>
<rec time="2006/07/28 22:30:52" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\MTE3NDI6ODoxNg.exe</attr>

<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 22:33:31" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>

<attr name="filename">C:\drsmartload.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.VB.FK</attr>
</rec>
<rec
time="2006/07/28 22:33:43" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\drsmartload45a7i.exe</attr>

<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.VB.FM</attr>
</rec>
<rec time="2006/07/28 22:33:50" user="Administrator"
source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\drsmartload.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec
time="2006/07/28 22:33:55" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\kybrdef_7.exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.VB.FL</attr>
</rec>
<rec time="2006/07/28 22:34:01" user="Administrator"
source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\drsmartload45a7i.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 22:34:09" user="Administrator" source="Virus">
<value>@HL_ActionTakenRestartRequired</value>
<attr
name="filename">C:\kybrdef_7.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 22:34:09" user="Administrator"
source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\nwnmef_7.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.VB.FO</attr>
</rec>
<rec time="2006/07/28 22:34:17" user="Administrator" source="Virus">

<value>@HL_ActionTakenRestartRequired</value>
<attr name="filename">C:\nwnmef_7.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec
time="2006/07/28 22:35:19" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\nwnmef_7.exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.VB.FO</attr>
</rec>
<rec time="2006/07/28 22:35:19" user="Administrator"
source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\kybrdef_7.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.VB.FL</attr>
</rec>
<rec time="2006/07/28 22:35:19" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>

<attr name="filename">C:\ac3_0010.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic2.HBY</attr>
</rec>
<rec
time="2006/07/28 22:36:04" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\nwnmef_7.exe</attr>
<attr
name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 22:36:22" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr
name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8Z87I545\drsmartload[1].exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.VB.FK</attr>
</rec>
<rec time="2006/07/28 22:37:03" user="Administrator"
source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\kybrdef_7.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec
time="2006/07/28 22:38:43" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\ac3_0010.exe</attr>
<attr
name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 22:39:14" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr
name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8Z87I545\drsmartload[1].exe</attr>
<attr
name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 22:46:48" user="Administrator" source="Virus">
<value>@HL_ReportFind</value>
<attr
name="where">C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8Z87I545\drsmartload45a[1].exe</attr>
<attr
name="type">@EID_Id_trj</attr>
<attr name="what">Downloader.VB.FM</attr>
</rec>
<rec time="2006/07/28 22:46:49" user="Administrator" source="Virus">

<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\8Z87I545\drsmartload849a[2].exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Downloader.Generic2.GQV</attr>
</rec>
<rec time="2006/07/28 22:47:04" user="Administrator" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Default
User\Local Settings\Temporary Internet Files\Content.IE5\CFQ5W9Y3\ac3_0010[1].exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr
name="what">Downloader.Generic2.HBY</attr>
</rec>
<rec time="2006/07/28 22:47:27" user="Administrator" source="Virus">
<value>@HL_ReportFind</value>

<attr name="where">C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CFQ5W9Y3\loader[1].exe</attr>
<attr
name="type">@EID_Id_trj</attr>
<attr name="what">Downloader.VB.FK</attr>
</rec>
<rec time="2006/07/28 23:46:29" user="Administrator" source="Virus">

<value>@HL_ReportFind</value>
<attr name="where">C:\WINNT\system32\fp6603jse.dll</attr>
<attr name="type">@EID_Id_trj</attr>
<attr
name="what">Look2me</attr>
</rec>
<rec time="2006/07/28 23:46:29" user="Administrator" source="Virus">
<value>@HL_ReportFind</value>
<attr
name="where">C:\WINNT\system32\fpr0039me.dll</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Look2me</attr>
</rec>
<rec time="2006/07/28
23:46:30" user="Administrator" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\WINNT\system32\g640lghm164a.dll</attr>
<attr
name="type">@EID_Id_trj</attr>
<attr name="what">Look2me</attr>
</rec>
<rec time="2006/07/28 23:46:34" user="Administrator" source="Virus">

<value>@HL_ReportFind</value>
<attr name="where">C:\WINNT\system32\i0lo0a33ed.dll</attr>
<attr name="type">@EID_Id_trj</attr>
<attr
name="what">Look2me</attr>
</rec>
<rec time="2006/07/28 23:51:42" user="Administrator" source="General">
<value>@HL_TestEnded</value>
<attr
name="testname">@TestName_02</attr>
<attr name="infectedfiles">16</attr>
</rec>
<rec time="2006/07/28 23:51:43" user="Administrator" source="Virus">

<value>@HL_ActionTaken</value>
<attr name="filename">C:\ac3_0010.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28
23:51:43" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\drsmartload.exe</attr>
<attr
name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 23:51:43" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr
name="filename">C:\drsmartload45a7i.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 23:51:43" user="Administrator"
source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\kybrdef_7.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec
time="2006/07/28 23:51:43" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\MTE3NDI6ODoxNg.exe</attr>
<attr
name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 23:51:43" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr
name="filename">C:\nwnmef_7.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 23:51:43" user="Administrator"
source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\8Z87I545\drsmartload45a[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 23:51:44"
user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary
Internet Files\Content.IE5\8Z87I545\drsmartload849a[2].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 23:51:44"
user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary
Internet Files\Content.IE5\CFQ5W9Y3\ac3_0010[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 23:51:44"
user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary

scottydog · Aug 11, 2006

Internet Files\Content.IE5\CFQ5W9Y3\loader[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 23:51:44"
user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\WINNT\system32\fp6603jse.dll</attr>
<attr
name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 23:51:44" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr
name="filename">C:\WINNT\system32\fpr0039me.dll</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 23:51:44"
user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\WINNT\system32\g640lghm164a.dll</attr>
<attr
name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/28 23:51:45" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr
name="filename">C:\WINNT\system32\i0lo0a33ed.dll</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/29 19:18:47" user="SYSTEM"
source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\EZM5IHO7\drsmartload[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.VB.FK</attr>
</rec>
<rec
time="2006/07/29 20:33:57" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default
User\Local Settings\Temporary Internet Files\Content.IE5\EZM5IHO7\drsmartload[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.VB.FK</attr>
</rec>
<rec time="2006/07/29 20:34:37" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr
name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\EZM5IHO7\drsmartload[1].exe</attr>
<attr
name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/29 21:27:10" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr
name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8Z87I545\drsmartload[1].exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.VB.FK</attr>
</rec>
<rec time="2006/07/29 21:27:36" user="Administrator"
source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\8Z87I545\drsmartload[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/29 21:32:27" user="Administrator"
source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2006/07/29 22:35:58" user="Administrator"
source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec
time="2006/07/29 22:38:37" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:782-781;iavi:412-411;</attr>
</rec>
<rec
time="2006/07/30 18:33:22" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default
User\Local Settings\Temporary Internet Files\Content.IE5\EZM5IHO7\drsmartload[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.VB.FK</attr>
</rec>
<rec time="2006/07/30 21:07:25" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr
name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\EZM5IHO7\drsmartload[1].exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.VB.FK</attr>
</rec>
<rec time="2006/07/30 21:07:30" user="SYSTEM" source="Virus">

<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\8Z87I545\drsmartload[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.VB.FK</attr>
</rec>
<rec
time="2006/07/30 21:07:42" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default
User\Local Settings\Temporary Internet Files\Content.IE5\8Z87I545\drsmartload[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec
time="2006/07/31 14:06:15" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\MTE3NDI6ODoxNg.exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic.HGT</attr>
</rec>
<rec time="2006/07/31 14:06:26" user="Administrator"
source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\MTE3NDI6ODoxNg.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec
time="2006/07/31 14:07:24" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default
User\Local Settings\Temporary Internet Files\Content.IE5\CFQ5W9Y3\drsmartload849a[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.Generic2.GQV</attr>
</rec>
<rec time="2006/07/31 14:07:34" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>

<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CFQ5W9Y3\drsmartload849a[1].exe</attr>

<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/31 14:08:18" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr
name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CFQ5W9Y3\MTE3NDI6ODoxNg[1].exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic.HGT</attr>
</rec>
<rec time="2006/07/31 14:08:19" user="SYSTEM"
source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\MTE3NDI6ODoxNg.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.Generic.HGT</attr>
</rec>
<rec time="2006/07/31 14:08:20" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr
name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\EZM5IHO7\drsmartload849a[1].exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic2.GQV</attr>
</rec>
<rec time="2006/07/31 14:08:21" user="SYSTEM"
source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\CFQ5W9Y3\drsmartload849a[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic2.GQV</attr>
</rec>
<rec time="2006/07/31 14:08:37" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr
name="filename">C:\MTE3NDI6ODoxNg.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/31 14:08:48" user="Administrator"
source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\CFQ5W9Y3\drsmartload849a[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/31 14:57:46" user="SYSTEM"
source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\8Z87I545\MTE3NDI6ODoxNg[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic.HGT</attr>
</rec>
<rec time="2006/07/31 14:57:47" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\MTE3NDI6ODoxNg.exe</attr>

<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic.HGT</attr>
</rec>
<rec time="2006/07/31 14:58:01" user="Administrator"
source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\MTE3NDI6ODoxNg.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec
time="2006/07/31 15:57:50" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default
User\Local Settings\Temporary Internet Files\Content.IE5\CFQ5W9Y3\MTE3NDI6ODoxNg[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.Generic.HGT</attr>
</rec>
<rec time="2006/07/31 15:58:15" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>

<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CFQ5W9Y3\MTE3NDI6ODoxNg[1].exe</attr>

<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/31 16:00:01" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr
name="filename">C:\MTE3NDI6ODoxNg.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic.HGT</attr>
</rec>
<rec
time="2006/07/31 19:27:34" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\WINNT\system32\hrn0055me.dll</attr>

<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Look2me</attr>
</rec>
<rec time="2006/07/31 21:03:17" user="Administrator"
source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2006/07/31 21:03:25" user="Administrator"
source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\MTE3NDI6ODoxNg.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr
name="what">Downloader.Generic.HGT</attr>
</rec>
<rec time="2006/07/31 21:23:46" user="Administrator" source="Virus">
<value>@HL_ReportFind</value>
<attr
name="where">C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CFQ5W9Y3\MTE3NDI6ODoxNg[1].exe</attr>
<attr
name="type">@EID_Id_trj</attr>
<attr name="what">Downloader.Generic.HGT</attr>
</rec>
<rec time="2006/07/31 21:49:11" user="Administrator" source="Virus">

<value>@HL_ReportFind</value>
<attr name="where">C:\WINNT\system32\hrn0055me.dll</attr>
<attr name="type">@EID_Id_trj</attr>
<attr
name="what">Look2me</attr>
</rec>
<rec time="2006/07/31 21:53:56" user="Administrator" source="General">
<value>@HL_TestEnded</value>
<attr
name="testname">@TestName_02</attr>
<attr name="infectedfiles">3</attr>
</rec>
<rec time="2006/07/31 21:53:59" user="Administrator" source="Virus">

<value>@HL_ActionTaken</value>
<attr name="filename">C:\MTE3NDI6ODoxNg.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/31
21:53:59" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default User\Local
Settings\Temporary Internet Files\Content.IE5\CFQ5W9Y3\MTE3NDI6ODoxNg[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/31
21:53:59" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\WINNT\system32\hrn0055me.dll</attr>
<attr
name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/31 21:54:30" user="Administrator" source="General">
<value>@HL_TestStarted</value>
<attr
name="testname">@TestName_02</attr>
</rec>
<rec time="2006/07/31 22:37:42" user="Administrator" source="General">
<value>@HL_TestEnded</value>
<attr
name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2006/07/31 23:27:08" user="SYSTEM" source="Virus">

<value>@HL_ReportFindRS</value>
<attr name="filename">C:\WINNT\system32\d60m0gd1e60.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Look2me</attr>
</rec>
<rec time="2006/08/01 00:03:07" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr
name="filename">C:\WINNT\system32\d60m0gd1e60.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Look2me</attr>
</rec>
<rec
time="2006/08/01 00:03:58" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>
<attr
name="filename">C:\WINNT\system32\d60m0gd1e60.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Look2me</attr>
</rec>
<rec
time="2006/08/01 00:41:38" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>
<attr
name="filename">C:\WINNT\system32\d60m0gd1e60.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Look2me</attr>
</rec>
<rec
time="2006/08/01 00:41:56" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr
name="filename">C:\WINNT\system32\d60m0gd1e60.dll</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/08/01 15:16:39"
user="Administrator" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2006/08/01 15:17:56"
user="Administrator" source="General">
<value>@HL_TestStopped</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2006/08/01 15:18:49" user="Administrator" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2006/08/01 15:54:38" user="Administrator" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>

<attr name="infectedfiles">0</attr>
</rec>
<rec time="2006/08/02 19:02:03" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">iavi:415-412;</attr>
</rec>
<rec time="2006/08/03 15:07:56" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>
<attr
name="filename">C:\dfndrfg_7.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Clicker.COO</attr>
</rec>
<rec time="2006/08/03
15:08:24" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\dfndrfg_7.exe</attr>
<attr
name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/08/03 15:10:25" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>
<attr
name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\41S9QH0F\drsmartload46a[1].exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic2.IBN</attr>

scottydog · Aug 11, 2006

</rec>
<rec time="2006/08/03 15:10:29" user="Administrator"
source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\8Z87I545\drsmartload45a[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic2.IBN</attr>
</rec>
<rec time="2006/08/03 15:10:30" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and
Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8Z87I545\kybrdfg_7[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.Generic2.HTV</attr>
</rec>
<rec time="2006/08/03 15:10:30" user="Administrator" source="Virus">

<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\8Z87I545\nwnmfg_7[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic2.IMX</attr>
</rec>
<rec time="2006/08/03 15:10:35" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and
Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\EZM5IHO7\dfndrfg_7[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Clicker.COO</attr>
</rec>
<rec time="2006/08/03 15:10:35" user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>
<attr
name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\EZM5IHO7\drsmartload849a[1].exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic2.IBN</attr>
</rec>
<rec time="2006/08/03 15:10:45" user="Administrator"
source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\41S9QH0F\drsmartload46a[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/08/03 15:10:59"
user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary
Internet Files\Content.IE5\8Z87I545\drsmartload45a[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/08/03 15:11:04"
user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary
Internet Files\Content.IE5\8Z87I545\kybrdfg_7[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/08/03 15:11:09"
user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary
Internet Files\Content.IE5\8Z87I545\nwnmfg_7[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/08/03 15:11:15"
user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary
Internet Files\Content.IE5\EZM5IHO7\dfndrfg_7[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/08/03 15:11:30"
user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary
Internet Files\Content.IE5\EZM5IHO7\drsmartload849a[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/08/03 15:11:44"
user="Administrator" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\kybrdfg_7.exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic2.HTV</attr>
</rec>
<rec time="2006/08/03 15:11:48" user="Administrator"
source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\kybrdfg_7.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec
time="2006/08/03 16:11:17" user="Administrator" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec
time="2006/08/03 16:48:42" user="Administrator" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr
name="infectedfiles">0</attr>
</rec>
<rec time="2006/08/03 19:41:14" user="Administrator" source="General">
<value>@HL_TestStarted</value>
<attr
name="testname">@TestName_02</attr>
</rec>
<rec time="2006/08/03 19:44:49" user="Administrator" source="General">
<value>@HL_TestStopped</value>
<attr
name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2006/08/10 14:09:06" user="SYSTEM" source="Update">

<value>@HL_UpdateOK</value>
<attr name="version">avi:786-782;iavi:424-415;</attr>
</rec>
<rec time="2006/08/10 14:11:26" user="Administrator"
source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2006/08/10 14:11:31" user="Administrator"
source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec
time="2006/08/10 14:11:55" user="Administrator" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec
time="2006/08/10 14:11:57" user="Administrator" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\abcd.exe</attr>
<attr
name="type">@EID_Id_trj</attr>
<attr name="what">Downloader.Generic2.ISM</attr>
</rec>
<rec time="2006/08/10 14:11:58" user="Administrator"
source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\files.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr
name="what">Downloader.Generic2.ISM</attr>
</rec>
<rec time="2006/08/10 15:07:55" user="Administrator" source="General">
<value>@HL_TestEnded</value>

<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">2</attr>
</rec>
<rec time="2006/08/10 15:49:11" user="Administrator"
source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2006/08/10 15:52:27" user="Administrator"
source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\WINNT\winlogon.exe_tobedeleted</attr>
<attr name="type">@EID_Id_trj</attr>
<attr
name="what">IRC/BackDoor.SdBot2.FQW</attr>
</rec>
<rec time="2006/08/10 16:08:05" user="Administrator" source="Virus">
<value>@HL_ReportFind</value>

<attr name="where">C:\WINNT\system32\config\drxvp.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Downloader.Generic2.ISM</attr>
</rec>
<rec time="2006/08/10 16:11:11" user="Administrator" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>

<attr name="infectedfiles">2</attr>
</rec>
<rec time="2006/08/10 16:11:13" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr
name="filename">C:\WINNT\winlogon.exe_tobedeleted</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/08/10 16:11:14"
user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\WINNT\system32\config\drxvp.exe</attr>
<attr
name="action">@HL_ActCleaned</attr>
</rec>
</history>

HIJACKTHIS LOGFILE

Logfile of HijackThis v1.99.1
Scan saved at 16:11:05, on 8/10/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\internat.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Common Files\EPSON\EBAPI\STMS.exe
C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SmartPopupBlocker\SmartPopupBlockerTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [AtiDisplayDrv] atidrvxx.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunServices: [AtiDisplayDrv] atidrvxx.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\Common Files\EPSON\EBAPI\STMS.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Event Planner Reminder.lnk = C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxuk01842GB
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?7dd756f4c050475095894f2a9ec4c84b
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?7dd756f4c050475095894f2a9ec4c84b
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/180solutions/ie/bridge-c15.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123833643750
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f012.mail.lycos.co.uk/app/uploader/FileUploader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

LonnyRJones · Aug 16, 2006

Hi

That avg log is illegible

Yes post a combofix log but first re-download it, it will likely have been updated.

scottydog · Aug 18, 2006

Please feel free to go ahead and close this thread. Unfortunately after many hours and days of ripping my hair out I finally decided to wipe the pc. Not ideal I know and I did feel somewhat defeated but I had spent in excess of 20 hours trying to fix the damn problem. Thanks for your help anyway.

Regards

Scott

LonnyRJones · Aug 19, 2006

Thanks for letting us know

Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month

To help avoid reinfection see
http://forums.spybot.info/showthread.php?t=279

tashi · Aug 25, 2006

This topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread.
Applies only to the original topic starter.

Astrakiller, Smitfraud-C.Toolbar888 and Virtumonde

scottydog

New member

scottydog

New member

scottydog

New member

scottydog

New member

scottydog

New member

LonnyRJones

Security Expert-Emeritus

scottydog

New member

LonnyRJones

Security Expert-Emeritus

tashi

Member of Team Spybot