Help Remove Win32/NSAnti!!
- Thread starter amoghk
- Start date
Shaba
Security Expert: Emeritus
Hi
No, I don't think it's because of that.
You should not let anyone use that stick or cleaning process makes no sense.
No, I don't think it's because of that.
You should not let anyone use that stick or cleaning process makes no sense.
- Double click OTMoveIt.exe to launch it.
- Copy/Paste the contents of the box below into the left hand pane of OTMoveIt.
- Click the Move It button.
- The list will be processed and the results will appear in the right hand pane.
- If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
- When finished click Exit to exit the programme.
- A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).
- Post back a contents of that file, please.
C:\autorun.inf moved successfully.
File/Folder C:\semo2x.exe not found.
File/Folder C:\u.bat not found.
C:\tio8x6.cmd moved successfully.
File/Folder C:\d.com not found.
D:\autorun.inf moved successfully.
File/Folder D:\semo2x.exe not found.
File/Folder D:\u.bat not found.
D:\tio8x6.cmd moved successfully.
File/Folder D:\d.com not found.
File/Folder E:\semo2x.exe not found.
E:\autorun.inf moved successfully.
File/Folder E:\u.bat not found.
E:\tio8x6.cmd moved successfully.
File/Folder E:\d.com not found.
Created on 01/19/2008 20:12:49
This is the report..i have also ensured that noone will use any usb drives or sitcks next time...what do i do next..?
File/Folder C:\semo2x.exe not found.
File/Folder C:\u.bat not found.
C:\tio8x6.cmd moved successfully.
File/Folder C:\d.com not found.
D:\autorun.inf moved successfully.
File/Folder D:\semo2x.exe not found.
File/Folder D:\u.bat not found.
D:\tio8x6.cmd moved successfully.
File/Folder D:\d.com not found.
File/Folder E:\semo2x.exe not found.
E:\autorun.inf moved successfully.
File/Folder E:\u.bat not found.
E:\tio8x6.cmd moved successfully.
File/Folder E:\d.com not found.
Created on 01/19/2008 20:12:49
This is the report..i have also ensured that noone will use any usb drives or sitcks next time...what do i do next..?
HiJack Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:02:43 PM, on 1/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3C587AA-6F6F-4B8E-874E-5CB879A6C0A1}: NameServer = 218.248.255.145,61.1.64.65
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 3263 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:02:43 PM, on 1/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3C587AA-6F6F-4B8E-874E-5CB879A6C0A1}: NameServer = 218.248.255.145,61.1.64.65
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 3263 bytes
Sunday, January 20, 2008 2:28:51 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/01/2008
Kaspersky Anti-Virus database records: 524621
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 31549
Number of viruses found 11
Number of infected objects 130
Number of suspicious objects 0
Duration of the scan process 00:21:40
Infected Object Name Virus Name Last Action
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008012020080121\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\autorun.inf.vir Infected: Worm.Win32.AutoRun.bua skipped
C:\QooBox\Quarantine\C\d.com.vir Infected: Worm.Win32.AutoRun.bss skipped
C:\QooBox\Quarantine\C\tio8x6.cmd.vir Infected: Worm.Win32.AutoRun.bpn skipped
C:\QooBox\Quarantine\C\u.bat.vir Infected: Worm.Win32.AutoRun.bnw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\amvo.exe.vir Infected: Worm.Win32.AutoRun.bpn skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\amvo0.dll.vir Infected: Worm.Win32.AutoRun.bpn skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\amvo1.dll.vir Infected: Trojan-PSW.Win32.OnLineGames.okv skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP42\A0071503.dll Infected: not-a-virus:Monitor.Win32.Hooker.e skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071611.bat Infected: Trojan-PSW.Win32.OnLineGames.ngm skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071612.inf Infected: Worm.Win32.AutoRun.bnq skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071630.bat Infected: Trojan-PSW.Win32.OnLineGames.ngm skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071631.inf Infected: Worm.Win32.AutoRun.bnq skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071646.bat Infected: Trojan-PSW.Win32.OnLineGames.ngm skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071647.inf Infected: Worm.Win32.AutoRun.bnq skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071652.exe Infected: Trojan-PSW.Win32.OnLineGames.ngm skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071663.bat Infected: Worm.Win32.AutoRun.bnq skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071664.inf Infected: Worm.Win32.AutoRun.bnq skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071681.dll Infected: Worm.Win32.AutoRun.bnq skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071682.bat Infected: Worm.Win32.AutoRun.bnq skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071683.inf Infected: Worm.Win32.AutoRun.bnq skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071688.exe Infected: Worm.Win32.AutoRun.bnq skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071689.dll Infected: Worm.Win32.AutoRun.bnq skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071694.dll Infected: Worm.Win32.AutoRun.bnq skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071695.bat Infected: Worm.Win32.AutoRun.bnw skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071696.inf Infected: Worm.Win32.AutoRun.bnq skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071705.dll Infected: Worm.Win32.AutoRun.bnw skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071706.bat Infected: Worm.Win32.AutoRun.bnw skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071707.inf Infected: Worm.Win32.AutoRun.bnq skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071712.exe Infected: Worm.Win32.AutoRun.bnw skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071713.dll Infected: Worm.Win32.AutoRun.bnw skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071728.dll Infected: Worm.Win32.AutoRun.bnw skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071729.cmd Infected: Worm.Win32.AutoRun.bpn skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071742.dll Infected: Worm.Win32.AutoRun.bpn skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071743.cmd Infected: Worm.Win32.AutoRun.bpn skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071755.dll Infected: Worm.Win32.AutoRun.bpn skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071756.cmd Infected: Worm.Win32.AutoRun.bpn skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071762.exe Infected: Worm.Win32.AutoRun.bpn skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071771.dll Infected: Trojan-PSW.Win32.OnLineGames.nst skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071772.com Infected: Trojan-PSW.Win32.OnLineGames.nst skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071773.inf Infected: Worm.Win32.AutoRun.bua skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071778.exe Infected: Trojan-PSW.Win32.OnLineGames.nst skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071779.dll Infected: Worm.Win32.AutoRun.bpn skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071807.exe Infected: Worm.Win32.AutoRun.bts skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071808.dll Infected: Trojan-PSW.Win32.OnLineGames.nst skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071809.com Infected: Worm.Win32.AutoRun.bts skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071810.inf Infected: Worm.Win32.AutoRun.bua skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071815.dll Infected: Trojan-PSW.Win32.OnLineGames.osj skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071820.dll Infected: Trojan-PSW.Win32.OnLineGames.osj skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071821.com Infected: Worm.Win32.AutoRun.bss skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071822.inf Infected: Worm.Win32.AutoRun.bua skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071831.dll Infected: Trojan-PSW.Win32.OnLineGames.okv skipped
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/01/2008
Kaspersky Anti-Virus database records: 524621
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 31549
Number of viruses found 11
Number of infected objects 130
Number of suspicious objects 0
Duration of the scan process 00:21:40
Infected Object Name Virus Name Last Action
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008012020080121\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\autorun.inf.vir Infected: Worm.Win32.AutoRun.bua skipped
C:\QooBox\Quarantine\C\d.com.vir Infected: Worm.Win32.AutoRun.bss skipped
C:\QooBox\Quarantine\C\tio8x6.cmd.vir Infected: Worm.Win32.AutoRun.bpn skipped
C:\QooBox\Quarantine\C\u.bat.vir Infected: Worm.Win32.AutoRun.bnw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\amvo.exe.vir Infected: Worm.Win32.AutoRun.bpn skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\amvo0.dll.vir Infected: Worm.Win32.AutoRun.bpn skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\amvo1.dll.vir Infected: Trojan-PSW.Win32.OnLineGames.okv skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP42\A0071503.dll Infected: not-a-virus:Monitor.Win32.Hooker.e skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071611.bat Infected: Trojan-PSW.Win32.OnLineGames.ngm skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071612.inf Infected: Worm.Win32.AutoRun.bnq skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071630.bat Infected: Trojan-PSW.Win32.OnLineGames.ngm skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071631.inf Infected: Worm.Win32.AutoRun.bnq skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071646.bat Infected: Trojan-PSW.Win32.OnLineGames.ngm skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071647.inf Infected: Worm.Win32.AutoRun.bnq skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071652.exe Infected: Trojan-PSW.Win32.OnLineGames.ngm skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071663.bat Infected: Worm.Win32.AutoRun.bnq skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071664.inf Infected: Worm.Win32.AutoRun.bnq skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071681.dll Infected: Worm.Win32.AutoRun.bnq skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071682.bat Infected: Worm.Win32.AutoRun.bnq skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071683.inf Infected: Worm.Win32.AutoRun.bnq skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071688.exe Infected: Worm.Win32.AutoRun.bnq skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071689.dll Infected: Worm.Win32.AutoRun.bnq skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071694.dll Infected: Worm.Win32.AutoRun.bnq skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071695.bat Infected: Worm.Win32.AutoRun.bnw skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071696.inf Infected: Worm.Win32.AutoRun.bnq skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071705.dll Infected: Worm.Win32.AutoRun.bnw skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071706.bat Infected: Worm.Win32.AutoRun.bnw skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071707.inf Infected: Worm.Win32.AutoRun.bnq skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071712.exe Infected: Worm.Win32.AutoRun.bnw skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071713.dll Infected: Worm.Win32.AutoRun.bnw skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071728.dll Infected: Worm.Win32.AutoRun.bnw skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071729.cmd Infected: Worm.Win32.AutoRun.bpn skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071742.dll Infected: Worm.Win32.AutoRun.bpn skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071743.cmd Infected: Worm.Win32.AutoRun.bpn skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071755.dll Infected: Worm.Win32.AutoRun.bpn skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071756.cmd Infected: Worm.Win32.AutoRun.bpn skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071762.exe Infected: Worm.Win32.AutoRun.bpn skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071771.dll Infected: Trojan-PSW.Win32.OnLineGames.nst skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071772.com Infected: Trojan-PSW.Win32.OnLineGames.nst skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071773.inf Infected: Worm.Win32.AutoRun.bua skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071778.exe Infected: Trojan-PSW.Win32.OnLineGames.nst skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071779.dll Infected: Worm.Win32.AutoRun.bpn skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071807.exe Infected: Worm.Win32.AutoRun.bts skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071808.dll Infected: Trojan-PSW.Win32.OnLineGames.nst skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071809.com Infected: Worm.Win32.AutoRun.bts skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071810.inf Infected: Worm.Win32.AutoRun.bua skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071815.dll Infected: Trojan-PSW.Win32.OnLineGames.osj skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071820.dll Infected: Trojan-PSW.Win32.OnLineGames.osj skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071821.com Infected: Worm.Win32.AutoRun.bss skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071822.inf Infected: Worm.Win32.AutoRun.bua skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071831.dll Infected: Trojan-PSW.Win32.OnLineGames.okv skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071832.com Infected: Worm.Win32.AutoRun.bss skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071833.inf Infected: Worm.Win32.AutoRun.bua skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP44\A0071839.exe Infected: Worm.Win32.AutoRun.bss skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP44\A0071840.dll Infected: Trojan-PSW.Win32.OnLineGames.okv skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP44\A0071841.dll Infected: Trojan-PSW.Win32.OnLineGames.okv skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0071898.inf Infected: Worm.Win32.AutoRun.bua skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0071899.com Infected: Worm.Win32.AutoRun.bss skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0071901.cmd Infected: Worm.Win32.AutoRun.bpn skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0071902.bat Infected: Worm.Win32.AutoRun.bnw skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0072075.inf Infected: Worm.Win32.AutoRun.bua skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0072076.cmd Infected: Worm.Win32.AutoRun.bpn skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0072079.cmd Infected: Worm.Win32.AutoRun.bpn skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\sam Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\security Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\d.com Infected: Worm.Win32.AutoRun.bss skipped
C:\_OTMoveIt\MovedFiles\tio8x6.cmd Infected: Worm.Win32.AutoRun.bpn skipped
C:\_OTMoveIt\MovedFiles\u.bat Infected: Worm.Win32.AutoRun.bnw skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071613.bat Infected: Trojan-PSW.Win32.OnLineGames.ngm skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071614.inf Infected: Worm.Win32.AutoRun.bnq skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071632.bat Infected: Trojan-PSW.Win32.OnLineGames.ngm skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071633.inf Infected: Worm.Win32.AutoRun.bnq skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071648.bat Infected: Trojan-PSW.Win32.OnLineGames.ngm skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071649.inf Infected: Worm.Win32.AutoRun.bnq skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071665.bat Infected: Worm.Win32.AutoRun.bnq skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071666.inf Infected: Worm.Win32.AutoRun.bnq skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071671.bat Infected: Worm.Win32.AutoRun.bnq skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071672.inf Infected: Worm.Win32.AutoRun.bnq skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071684.bat Infected: Worm.Win32.AutoRun.bnq skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071685.inf Infected: Worm.Win32.AutoRun.bnq skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071697.bat Infected: Worm.Win32.AutoRun.bnw skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071698.inf Infected: Worm.Win32.AutoRun.bnq skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071708.bat Infected: Worm.Win32.AutoRun.bnw skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071709.inf Infected: Worm.Win32.AutoRun.bnq skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071731.cmd Infected: Worm.Win32.AutoRun.bpn skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071745.cmd Infected: Worm.Win32.AutoRun.bpn skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071758.cmd Infected: Worm.Win32.AutoRun.bpn skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071774.com Infected: Trojan-PSW.Win32.OnLineGames.nst skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071775.inf Infected: Worm.Win32.AutoRun.bua skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071811.com Infected: Worm.Win32.AutoRun.bts skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071812.inf Infected: Worm.Win32.AutoRun.bua skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071823.com Infected: Worm.Win32.AutoRun.bss skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071824.inf Infected: Worm.Win32.AutoRun.bua skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071834.com Infected: Worm.Win32.AutoRun.bss skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071835.inf Infected: Worm.Win32.AutoRun.bua skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0072019.inf Infected: Worm.Win32.AutoRun.bua skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0072020.bat Infected: Worm.Win32.AutoRun.bnw skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0072021.cmd Infected: Worm.Win32.AutoRun.bpn skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0072022.com Infected: Worm.Win32.AutoRun.bss skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0072080.cmd Infected: Worm.Win32.AutoRun.bpn skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071615.bat Infected: Trojan-PSW.Win32.OnLineGames.ngm skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071616.inf Infected: Worm.Win32.AutoRun.bnq skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071634.bat Infected: Trojan-PSW.Win32.OnLineGames.ngm skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071635.inf Infected: Worm.Win32.AutoRun.bnq skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071650.bat Infected: Trojan-PSW.Win32.OnLineGames.ngm skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071651.inf Infected: Worm.Win32.AutoRun.bnq skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071667.bat Infected: Worm.Win32.AutoRun.bnq skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071668.inf Infected: Worm.Win32.AutoRun.bnq skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071673.bat Infected: Worm.Win32.AutoRun.bnq skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071674.inf Infected: Worm.Win32.AutoRun.bnq skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071686.bat Infected: Worm.Win32.AutoRun.bnq skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071687.inf Infected: Worm.Win32.AutoRun.bnq skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071699.bat Infected: Worm.Win32.AutoRun.bnw skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071700.inf Infected: Worm.Win32.AutoRun.bnq skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071710.bat Infected: Worm.Win32.AutoRun.bnw skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071711.inf Infected: Worm.Win32.AutoRun.bnq skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071733.cmd Infected: Worm.Win32.AutoRun.bpn skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071747.cmd Infected: Worm.Win32.AutoRun.bpn skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071760.cmd Infected: Worm.Win32.AutoRun.bpn skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071776.com Infected: Trojan-PSW.Win32.OnLineGames.nst skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071777.inf Infected: Worm.Win32.AutoRun.bua skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071813.com Infected: Worm.Win32.AutoRun.bts skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071814.inf Infected: Worm.Win32.AutoRun.bua skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071825.com Infected: Worm.Win32.AutoRun.bss skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071826.inf Infected: Worm.Win32.AutoRun.bua skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071836.com Infected: Worm.Win32.AutoRun.bss skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071837.inf Infected: Worm.Win32.AutoRun.bua skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0072023.inf Infected: Worm.Win32.AutoRun.bua skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0072024.bat Infected: Worm.Win32.AutoRun.bnw skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0072025.cmd Infected: Worm.Win32.AutoRun.bpn skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0072026.com Infected: Worm.Win32.AutoRun.bss skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0072082.cmd Infected: Worm.Win32.AutoRun.bpn skipped
Scan process completed.
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071833.inf Infected: Worm.Win32.AutoRun.bua skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP44\A0071839.exe Infected: Worm.Win32.AutoRun.bss skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP44\A0071840.dll Infected: Trojan-PSW.Win32.OnLineGames.okv skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP44\A0071841.dll Infected: Trojan-PSW.Win32.OnLineGames.okv skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0071898.inf Infected: Worm.Win32.AutoRun.bua skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0071899.com Infected: Worm.Win32.AutoRun.bss skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0071901.cmd Infected: Worm.Win32.AutoRun.bpn skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0071902.bat Infected: Worm.Win32.AutoRun.bnw skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0072075.inf Infected: Worm.Win32.AutoRun.bua skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0072076.cmd Infected: Worm.Win32.AutoRun.bpn skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0072079.cmd Infected: Worm.Win32.AutoRun.bpn skipped
C:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\sam Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\security Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\d.com Infected: Worm.Win32.AutoRun.bss skipped
C:\_OTMoveIt\MovedFiles\tio8x6.cmd Infected: Worm.Win32.AutoRun.bpn skipped
C:\_OTMoveIt\MovedFiles\u.bat Infected: Worm.Win32.AutoRun.bnw skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071613.bat Infected: Trojan-PSW.Win32.OnLineGames.ngm skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071614.inf Infected: Worm.Win32.AutoRun.bnq skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071632.bat Infected: Trojan-PSW.Win32.OnLineGames.ngm skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071633.inf Infected: Worm.Win32.AutoRun.bnq skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071648.bat Infected: Trojan-PSW.Win32.OnLineGames.ngm skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071649.inf Infected: Worm.Win32.AutoRun.bnq skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071665.bat Infected: Worm.Win32.AutoRun.bnq skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071666.inf Infected: Worm.Win32.AutoRun.bnq skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071671.bat Infected: Worm.Win32.AutoRun.bnq skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071672.inf Infected: Worm.Win32.AutoRun.bnq skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071684.bat Infected: Worm.Win32.AutoRun.bnq skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071685.inf Infected: Worm.Win32.AutoRun.bnq skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071697.bat Infected: Worm.Win32.AutoRun.bnw skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071698.inf Infected: Worm.Win32.AutoRun.bnq skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071708.bat Infected: Worm.Win32.AutoRun.bnw skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071709.inf Infected: Worm.Win32.AutoRun.bnq skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071731.cmd Infected: Worm.Win32.AutoRun.bpn skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071745.cmd Infected: Worm.Win32.AutoRun.bpn skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071758.cmd Infected: Worm.Win32.AutoRun.bpn skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071774.com Infected: Trojan-PSW.Win32.OnLineGames.nst skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071775.inf Infected: Worm.Win32.AutoRun.bua skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071811.com Infected: Worm.Win32.AutoRun.bts skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071812.inf Infected: Worm.Win32.AutoRun.bua skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071823.com Infected: Worm.Win32.AutoRun.bss skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071824.inf Infected: Worm.Win32.AutoRun.bua skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071834.com Infected: Worm.Win32.AutoRun.bss skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071835.inf Infected: Worm.Win32.AutoRun.bua skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0072019.inf Infected: Worm.Win32.AutoRun.bua skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0072020.bat Infected: Worm.Win32.AutoRun.bnw skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0072021.cmd Infected: Worm.Win32.AutoRun.bpn skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0072022.com Infected: Worm.Win32.AutoRun.bss skipped
D:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0072080.cmd Infected: Worm.Win32.AutoRun.bpn skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071615.bat Infected: Trojan-PSW.Win32.OnLineGames.ngm skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071616.inf Infected: Worm.Win32.AutoRun.bnq skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071634.bat Infected: Trojan-PSW.Win32.OnLineGames.ngm skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071635.inf Infected: Worm.Win32.AutoRun.bnq skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071650.bat Infected: Trojan-PSW.Win32.OnLineGames.ngm skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071651.inf Infected: Worm.Win32.AutoRun.bnq skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071667.bat Infected: Worm.Win32.AutoRun.bnq skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071668.inf Infected: Worm.Win32.AutoRun.bnq skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071673.bat Infected: Worm.Win32.AutoRun.bnq skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071674.inf Infected: Worm.Win32.AutoRun.bnq skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071686.bat Infected: Worm.Win32.AutoRun.bnq skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071687.inf Infected: Worm.Win32.AutoRun.bnq skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071699.bat Infected: Worm.Win32.AutoRun.bnw skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071700.inf Infected: Worm.Win32.AutoRun.bnq skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071710.bat Infected: Worm.Win32.AutoRun.bnw skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071711.inf Infected: Worm.Win32.AutoRun.bnq skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071733.cmd Infected: Worm.Win32.AutoRun.bpn skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071747.cmd Infected: Worm.Win32.AutoRun.bpn skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071760.cmd Infected: Worm.Win32.AutoRun.bpn skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071776.com Infected: Trojan-PSW.Win32.OnLineGames.nst skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071777.inf Infected: Worm.Win32.AutoRun.bua skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071813.com Infected: Worm.Win32.AutoRun.bts skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071814.inf Infected: Worm.Win32.AutoRun.bua skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071825.com Infected: Worm.Win32.AutoRun.bss skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071826.inf Infected: Worm.Win32.AutoRun.bua skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071836.com Infected: Worm.Win32.AutoRun.bss skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP43\A0071837.inf Infected: Worm.Win32.AutoRun.bua skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0072023.inf Infected: Worm.Win32.AutoRun.bua skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0072024.bat Infected: Worm.Win32.AutoRun.bnw skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0072025.cmd Infected: Worm.Win32.AutoRun.bpn skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0072026.com Infected: Worm.Win32.AutoRun.bss skipped
E:\System Volume Information\_restore{B16E9466-2541-44C7-B790-318717F9D664}\RP45\A0072082.cmd Infected: Worm.Win32.AutoRun.bpn skipped
Scan process completed.
Shaba
Security Expert: Emeritus
Hi
Wonderful, no more active autorun worms :bigthumb:
Empty these folders:
C:\_OTMoveIt\MovedFiles
C:\QooBox\Quarantine
Empty Recycle Bin.
All other viruses are in system restore and inactive.
I give you later instructions how to empty it.
Other than that, any problems left?
Wonderful, no more active autorun worms :bigthumb:
Empty these folders:
C:\_OTMoveIt\MovedFiles
C:\QooBox\Quarantine
Empty Recycle Bin.
All other viruses are in system restore and inactive.
I give you later instructions how to empty it.
Other than that, any problems left?
Shaba
Security Expert: Emeritus
Hi
Yes you will.
You have practically two choices:
1) Stop using that completely and get a new one (easier way)
2) Connect it to your computer which means that you get re-infected and we can attempt to clean both pendrive and your computer (harder way).
I recommend option 1
Yes you will.
You have practically two choices:
1) Stop using that completely and get a new one (easier way)
2) Connect it to your computer which means that you get re-infected and we can attempt to clean both pendrive and your computer (harder way).
I recommend option 1
Last edited:
Shaba
Security Expert: Emeritus
Due to the lack of feedback this Topic is closed.
If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.
Everyone else please begin a New Topic.
If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.
Everyone else please begin a New Topic.