Can't Remove Look2Me

Nothing bad in particular there. You can go ahead and delete the !Killbox - folder, it contains KillBox backups.

It seems your PC should be clean out of anything major at this point.. Delete the cookies though ;)

I'll just check the Kaspersky scan and then I'll point out some preventive maintenance for future.
 
Sounds good. It will be awhile for the Kaspersky results. I accidentally closed the scan window when it was at 3%. I restarted it about an hour ago -- it is at 2% as I write. I'm guessing it will finish some time tomorrow...
 
Yes it has, but I had not deleted anything between the last Panda scan and the Kaspersky scan, so it's hard to tell if there is anything new yet.
 
Well, if you deleted the !KillBox folder and cookies, then there shouldn't be much left of the last Panda scan..
 
It's here! :) Some notes:

1) I said the PC has over a million files on it. That was based on what Panda was reporting. From the Kapersky scan, it appears that Panda was counting the files inside of files and Kapersky was not.

2) Veracru.ex_ -- known already (I suppose I should delete it though! :rolleyes:)

3) The .pst files are not a threat to this PC as I don't have Outlook installed on it. Nevertheless it's good to know about what's there.

4) We know about the Killbox and the Avenger files.

5) The only other new items are files which have been quarantined by Symantec AntiVirus.

Looks like we made it? Looking forward to your reply! :)

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, April 08, 2006 12:59:32
Operating System: Microsoft Windows 2000 Professional, Service Pack 2 (Build 2195)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 7/04/2006
Kaspersky Anti-Virus database records: 175547
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
R:\
S:\

Scan Statistics:
Total number of scanned objects: 88943
Number of viruses found: 17
Number of infected objects: 32
Number of suspicious objects: 18
Duration of the scan process: 86888 sec

Infected Object Name - Virus Name
C:\Veracruz.ex_/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk
C:\Veracruz.ex_/data0002 Infected: Trojan-Dropper.Win32.VB.kk
C:\Veracruz.ex_ Infected: Trojan-Dropper.Win32.VB.kk
D:\Data\2001.pst/2001/Inbox/19 Sep 2001 01:08 from cajun@cajuninc.com:Fwd: CERT Advisory CA-.eml Infected: Net-Worm.Win32.Nimda
D:\Data\2001.pst Infected: Net-Worm.Win32.Nimda
D:\Data\2002.pst/2002/Inbox/28 Jul 2002 03:57 from postmaster:BOTTOM.html.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Data\2002.pst/2002/Inbox/22 Jul 2002 02:58 from webmaster:A WinXP patch.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Data\2002.pst/2002/Sent Items/16 Apr 2002 20:00 to 'Luis Chanu':RE: Odd request, but what's ne/EICAR.COM Infected: EICAR-Test-File
D:\Data\2002.pst Infected: EICAR-Test-File
D:\Data\2003.pst/2003/Inbox/Virus/28 Jan 2003 05:46 from bedeprosse:Please try again.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Data\2003.pst/2003/Inbox/Virus/28 Jan 2003 05:16 from lisardo:TempPair.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Data\2003.pst/2003/Inbox/Virus/28 Jan 2003 06:26 from cindysundberg:Scrolling.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Data\2003.pst/2003/Inbox/Virus/24 Jan 2003 21:10 from reginajrichardson:HrResponseHdr .rtf Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Data\2003.pst/2003/Inbox/Virus/27 Jan 2003 17:15 from lisardo:Questionnaire.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Data\2003.pst/2003/Inbox/Virus/27 Jan 2003 16:59 from cbrophy:MainType.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Data\2003.pst/2003/Inbox/Virus/28 Jan 2003 02:05 from Jeffsherry:Hello,welcome to my ho.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Data\2003.pst/2003/Inbox/Virus/28 Jan 2003 04:45 from cbrophy:MainType.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Data\2003.pst/2003/Sent Items/28 Jan 2003 02:37 to 'insightnet@attbi.com':FW: MainType.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Data\2003.pst/2003/Sent Items/28 Jan 2003 02:37 to Brad Doster:FW: MainType.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Data\2003.pst Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Data\RedHat.pst/Message store/Inbox/@RedHat/20 Sep 2001 22:55 from Chuck Mead:Re: procmail vs NIMDA - workin.eml/[From <253cfa.gpr9eiv.1jig81c@ifi.uio.no>][Date Tue, 18 Sep 2001 09:57:43 -0400 (EDT)]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Data\RedHat.pst/Message store/Inbox/@RedHat/20 Sep 2001 22:55 from Chuck Mead:Re: procmail vs NIMDA - workin.eml/[From <253cfa.gpr9eiv.1jig81c@ifi.uio.no>][Date Tue, 18 Sep 2001 09:57:43 -0400 (EDT)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Data\RedHat.pst/Message store/Inbox/@RedHat/20 Sep 2001 22:55 from Chuck Mead:Re: procmail vs NIMDA - workin.eml Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Data\RedHat.pst/Message store/Inbox/@RedHat/20 Sep 2001 22:55 from Chuck Mead:Re: procmail vs NIMDA - workin.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Data\RedHat.pst Suspicious: Exploit.HTML.Iframe.FileDownload
F:\!KillBox\brsags.exe Infected: Trojan-Downloader.Win32.Qoologic.bj
F:\!KillBox\hohdr.dat Infected: Trojan-Downloader.Win32.Qoologic.bj
F:\!KillBox\hysawbh.dll Infected: Trojan-Downloader.Win32.Qoologic.bj
F:\!KillBox\rbjef.exe Infected: Trojan-Downloader.Win32.Qoologic.bj
F:\!KillBox\tyebm.exe Infected: Trojan-Downloader.Win32.Qoologic.bj
F:\avenger\backup.zip/avenger/rbjef.exe Infected: Trojan-Downloader.Win32.Qoologic.bj
F:\avenger\backup.zip Infected: Trojan-Downloader.Win32.Qoologic.bj
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D80000.VBN Infected: Trojan-Downloader.Win32.Small.cpu
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05EC0000.VBN Infected: Trojan-Downloader.Win32.Qoologic.bj
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06CC0000.VBN Infected: Trojan-Downloader.Win32.Agent.acd
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06D80000.VBN Infected: Trojan-Downloader.Win32.VB.nw
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06DC0000.VBN Infected: Trojan-Spy.Win32.Small.dg
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06E00000.VBN Infected: Trojan-Downloader.Win32.Ani.c
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06E40000.VBN Infected: Trojan-Clicker.Win32.Small.jf
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06E40001.VBN Infected: Trojan-Downloader.Win32.Agent.agy
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06E80000.VBN Infected: Trojan-Spy.Win32.Small.dg
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06EC0000.VBN Infected: Trojan-Clicker.Win32.VB.ij
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08400000.VBN Infected: Trojan-Downloader.Win32.Small.cpa
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08440000.VBN Infected: Trojan-Spy.Win32.Small.dg
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08480000.VBN Infected: Trojan-Dropper.Win32.Small.amd
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\084C0000.VBN Infected: Trojan-Proxy.Win32.Small.bo
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08640000.VBN Infected: Trojan-Downloader.Win32.Small.ckj
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08680000.VBN Infected: Trojan-Downloader.Win32.Small.ckj
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08740000.VBN/data0002 Infected: Trojan-Clicker.Win32.Small.jf
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08740000.VBN Infected: Trojan-Clicker.Win32.Small.jf

Scan process completed.
 
Go ahead and delete: Avenger's backup zip; !KillBox folder; items in your Antivirus Quarantine; C:\Veracruz.ex_

What about this one? D:\Data\RedHat.pst

If you can find it.. Remove it too. Then finally empty recycle bin. We should be done. ;)

==

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Here's some tips for future to prevent spyware;

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed. (My favourite)
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Other necessary Programs:
  • AntiVirus Program <= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kaspersky, this is a must have.
  • Firewall <= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox.
And also see TonyKlein's good advice;
So how did I get infected in the first place? (My favourite)
 
Well, Thank you! Thank you! Thank you! :D

The Redhat.pst is another Outlook archive, so I need to be careful with it.

The MVPS Hosts file is a cool idea -- thanks! And I grabbed Sypwareblaster as well -- I was not aware of that one.

So, did I say thanks yet? THANKS! :bigthumb:
 
Since this issue is now resolved, this Topic has been archived. Should you need it reopened for any reason, please PM an Staff member with it's address and request. This only applies to the Original poster. Glad we were able to help. :)
 
You must log in or register to reply here.
Back
Top