I have virtumondes!

Status
Not open for further replies.
Here are the anti virus results from after all the fixes, as I said MBAM was totally clear!

4/10/2009 10:11:55 AM Detect C:\32788R22FWJFW\n.com Unclassified Malware@8411805 Success
4/10/2009 10:12:03 AM Detect C:\32788R22FWJFW\n.com Unclassified Malware@8411805 Success
4/10/2009 10:12:04 AM Detect C:\32788R22FWJFW\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 10:12:04 AM Quarantine C:\32788R22FWJFW\n.com Unclassified Malware@8411805 Success
4/10/2009 10:12:05 AM Quarantine C:\32788R22FWJFW\n.com Unclassified Malware@8411805 Success
4/10/2009 10:12:08 AM Detect C:\32788R22FWJFW\NirCmd.cfexe Unclassified Malware@8411805 Success
4/10/2009 10:12:08 AM Quarantine C:\32788R22FWJFW\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 10:12:12 AM Detect C:\32788R22FWJFW\psexec.cfexe ApplicUnsaf.Win32.Adware.PsExec.A@1640490 Success
4/10/2009 10:12:13 AM Remove C:\32788R22FWJFW\NirCmd.cfexe Unclassified Malware@8411805 Success
4/10/2009 10:12:13 AM Remove C:\32788R22FWJFW\psexec.cfexe ApplicUnsaf.Win32.Adware.PsExec.A@1640490 Success
4/10/2009 10:13:45 AM Detect C:\32788R22FWJFW\n.com Unclassified Malware@8411805 Success
4/10/2009 10:13:52 AM Detect C:\32788R22FWJFW\n.com Unclassified Malware@8411805 Success
4/10/2009 10:14:07 AM Ignore C:\32788R22FWJFW\n.com Unclassified Malware@8411805 Success
4/10/2009 10:14:07 AM Detect C:\32788R22FWJFW\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 10:14:10 AM Ignore C:\32788R22FWJFW\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 10:14:10 AM Detect C:\32788R22FWJFW\NirCmd.cfexe Unclassified Malware@8411805 Success
4/10/2009 10:14:12 AM Ignore C:\32788R22FWJFW\NirCmd.cfexe Unclassified Malware@8411805 Success
4/10/2009 10:14:12 AM Detect C:\32788R22FWJFW\psexec.cfexe ApplicUnsaf.Win32.Adware.PsExec.A@1640490 Success
4/10/2009 10:14:14 AM Ignore C:\32788R22FWJFW\psexec.cfexe ApplicUnsaf.Win32.Adware.PsExec.A@1640490 Success
4/10/2009 10:14:16 AM Detect C:\32788R22FWJFW\n.com Unclassified Malware@8411805 Success
4/10/2009 10:14:19 AM Ignore C:\32788R22FWJFW\n.com Unclassified Malware@8411805 Success
4/10/2009 10:14:20 AM Detect C:\32788R22FWJFW\n.com Unclassified Malware@8411805 Success
4/10/2009 10:14:20 AM Detect C:\32788R22FWJFW\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 10:14:22 AM Ignore C:\32788R22FWJFW\n.com Unclassified Malware@8411805 Success
4/10/2009 10:14:24 AM Ignore C:\32788R22FWJFW\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 10:14:24 AM Detect C:\32788R22FWJFW\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 10:14:27 AM Ignore C:\32788R22FWJFW\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 10:14:27 AM Detect C:\32788R22FWJFW\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 10:14:27 AM Detect C:\32788R22FWJFW\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 10:14:28 AM Ignore C:\32788R22FWJFW\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 10:14:28 AM Detect C:\32788R22FWJFW\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 10:14:30 AM Ignore C:\32788R22FWJFW\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 10:14:30 AM Detect C:\32788R22FWJFW\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 10:14:30 AM Detect C:\32788R22FWJFW\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 10:15:06 AM Ignore C:\32788R22FWJFW\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 10:15:06 AM Detect C:\32788R22FWJFW\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 10:15:06 AM Detect C:\32788R22FWJFW\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 10:15:07 AM Ignore C:\32788R22FWJFW\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 10:15:08 AM Detect C:\32788R22FWJFW\n.com Unclassified Malware@8411805 Success
4/10/2009 10:15:08 AM Detect C:\32788R22FWJFW\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 10:15:08 AM Detect C:\32788R22FWJFW\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 10:15:32 AM Remove C:\32788R22FWJFW\n.com Unclassified Malware@8411805 Success
4/10/2009 10:15:32 AM Remove C:\32788R22FWJFW\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 10:15:32 AM Quarantine C:\32788R22FWJFW\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 12:42:35 PM Detect C:\32788R22FWJFW\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 12:42:36 PM Detect C:\32788R22FWJFW\n.com Unclassified Malware@8411805 Success
4/10/2009 12:42:36 PM Detect C:\32788R22FWJFW\NirCmd.cfexe Unclassified Malware@8411805 Success
4/10/2009 12:42:36 PM Detect C:\32788R22FWJFW\psexec.cfexe ApplicUnsaf.Win32.Adware.PsExec.A@1640490 Success
4/10/2009 12:42:39 PM Detect C:\32788R22FWJFW.0.tmp\NirCmd.cfexe Unclassified Malware@8411805 Success
4/10/2009 12:42:39 PM Detect C:\32788R22FWJFW.0.tmp\psexec.cfexe ApplicUnsaf.Win32.Adware.PsExec.A@1640490 Success
4/10/2009 12:42:41 PM Detect C:\32788R22FWJFW.1.tmp\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 12:42:42 PM Detect C:\32788R22FWJFW.1.tmp\n.com Unclassified Malware@8411805 Success
4/10/2009 12:42:42 PM Detect C:\32788R22FWJFW.1.tmp\NirCmd.cfexe Unclassified Malware@8411805 Success
4/10/2009 12:42:42 PM Detect C:\32788R22FWJFW.1.tmp\psexec.cfexe ApplicUnsaf.Win32.Adware.PsExec.A@1640490 Success
4/10/2009 1:48:29 PM Detect C:\32788R22FWJFW\n.com Unclassified Malware@8411805 Success
4/10/2009 5:48:08 PM Detect C:\32788R22FWJFW\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 5:48:09 PM Detect C:\32788R22FWJFW\n.com Unclassified Malware@8411805 Success
4/10/2009 5:48:09 PM Detect C:\32788R22FWJFW\NirCmd.cfexe Unclassified Malware@8411805 Success
4/10/2009 5:48:09 PM Detect C:\32788R22FWJFW\psexec.cfexe ApplicUnsaf.Win32.Adware.PsExec.A@1640490 Success
4/10/2009 5:48:10 PM Detect C:\32788R22FWJFW.0.tmp\NirCmd.cfexe Unclassified Malware@8411805 Success
4/10/2009 5:48:11 PM Detect C:\32788R22FWJFW.0.tmp\psexec.cfexe ApplicUnsaf.Win32.Adware.PsExec.A@1640490 Success
4/10/2009 5:48:12 PM Detect C:\32788R22FWJFW.1.tmp\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 5:48:12 PM Detect C:\32788R22FWJFW.1.tmp\n.com Unclassified Malware@8411805 Success
4/10/2009 5:48:12 PM Detect C:\32788R22FWJFW.1.tmp\NirCmd.cfexe Unclassified Malware@8411805 Success
4/10/2009 5:48:13 PM Detect C:\32788R22FWJFW.1.tmp\psexec.cfexe ApplicUnsaf.Win32.Adware.PsExec.A@1640490 Success
4/10/2009 6:52:25 PM Detect C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}(2)\RP36\A0013060.EXE Unclassified Malware@8327233 Success
4/10/2009 6:52:25 PM Detect C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}(2)\RP36\A0013101.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 6:52:25 PM Detect C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}(2)\RP36\A0013111.com Unclassified Malware@8411805 Success
4/10/2009 6:52:25 PM Detect C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}(2)\RP36\A0013108.com Unclassified Malware@8411805 Success
4/10/2009 6:52:28 PM Detect C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}(2)\RP37\A0013310.exe Unclassified Malware@8411805 Success
4/10/2009 6:52:30 PM Detect C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}(2)\RP38\A0013448.EXE Unclassified Malware@8327233 Success
4/10/2009 6:52:31 PM Detect C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}(2)\RP38\A0013487.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/10/2009 6:52:31 PM Detect C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}(2)\RP38\A0013494.com Unclassified Malware@8411805 Success
4/10/2009 6:52:31 PM Detect C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}(2)\RP38\A0013497.com Unclassified Malware@8411805 Success
4/10/2009 7:03:23 PM Detect C:\WINDOWS\NIRCMD.exe Unclassified Malware@8411805 Success
4/12/2009 4:09:58 PM Detect C:\32788R22FWJFW\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/12/2009 4:09:58 PM Detect C:\32788R22FWJFW\n.com Unclassified Malware@8411805 Success
4/12/2009 4:09:58 PM Detect C:\32788R22FWJFW\NirCmd.cfexe Unclassified Malware@8411805 Success
4/12/2009 4:09:59 PM Detect C:\32788R22FWJFW\psexec.cfexe ApplicUnsaf.Win32.Adware.PsExec.A@1640490 Success
4/12/2009 4:09:59 PM Detect C:\32788R22FWJFW.0.tmp\NirCmd.cfexe Unclassified Malware@8411805 Success
4/12/2009 4:10:00 PM Detect C:\32788R22FWJFW.0.tmp\psexec.cfexe ApplicUnsaf.Win32.Adware.PsExec.A@1640490 Success
4/12/2009 4:10:00 PM Detect C:\32788R22FWJFW.1.tmp\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/12/2009 4:10:01 PM Detect C:\32788R22FWJFW.1.tmp\n.com Unclassified Malware@8411805 Success
4/12/2009 4:10:01 PM Detect C:\32788R22FWJFW.1.tmp\NirCmd.cfexe Unclassified Malware@8411805 Success
4/12/2009 4:10:01 PM Detect C:\32788R22FWJFW.1.tmp\psexec.cfexe ApplicUnsaf.Win32.Adware.PsExec.A@1640490 Success
4/12/2009 5:14:34 PM Detect C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}(2)\RP36\A0013060.EXE Unclassified Malware@8327233 Success
4/12/2009 5:14:34 PM Detect C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}(2)\RP36\A0013101.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/12/2009 5:14:35 PM Detect C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}(2)\RP36\A0013108.com Unclassified Malware@8411805 Success
4/12/2009 5:14:35 PM Detect C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}(2)\RP36\A0013111.com Unclassified Malware@8411805 Success
4/12/2009 5:14:36 PM Detect C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}(2)\RP37\A0013310.exe Unclassified Malware@8411805 Success
4/12/2009 5:14:37 PM Detect C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}(2)\RP38\A0013448.EXE Unclassified Malware@8327233 Success
4/12/2009 5:14:38 PM Detect C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}(2)\RP38\A0013487.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/12/2009 5:14:38 PM Detect C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}(2)\RP38\A0013494.com Unclassified Malware@8411805 Success
4/12/2009 5:14:38 PM Detect C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}(2)\RP38\A0013497.com Unclassified Malware@8411805 Success
4/12/2009 5:24:59 PM Detect C:\WINDOWS\NIRCMD.exe Unclassified Malware@8411805 Success
4/12/2009 5:55:44 PM Remove C:\32788R22FWJFW\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/12/2009 5:55:44 PM Remove C:\32788R22FWJFW\n.com Unclassified Malware@8411805 Success
4/12/2009 5:55:44 PM Remove C:\32788R22FWJFW\NirCmd.cfexe Unclassified Malware@8411805 Success
4/12/2009 5:55:44 PM Remove C:\32788R22FWJFW\psexec.cfexe ApplicUnsaf.Win32.Adware.PsExec.A@1640490 Success
4/12/2009 5:55:44 PM Remove C:\32788R22FWJFW.0.tmp\NirCmd.cfexe Unclassified Malware@8411805 Success
4/12/2009 5:55:44 PM Remove C:\32788R22FWJFW.0.tmp\psexec.cfexe ApplicUnsaf.Win32.Adware.PsExec.A@1640490 Success
4/12/2009 5:55:44 PM Remove C:\32788R22FWJFW.1.tmp\hidec.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/12/2009 5:55:44 PM Remove C:\32788R22FWJFW.1.tmp\n.com Unclassified Malware@8411805 Success
4/12/2009 5:55:44 PM Remove C:\32788R22FWJFW.1.tmp\NirCmd.cfexe Unclassified Malware@8411805 Success
4/12/2009 5:55:44 PM Remove C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}(2)\RP36\A0013060.EXE Unclassified Malware@8327233 Success
4/12/2009 5:55:44 PM Remove C:\32788R22FWJFW.1.tmp\psexec.cfexe ApplicUnsaf.Win32.Adware.PsExec.A@1640490 Success
4/12/2009 5:55:44 PM Remove C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}(2)\RP36\A0013108.com Unclassified Malware@8411805 Success
4/12/2009 5:55:44 PM Remove C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}(2)\RP36\A0013101.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/12/2009 5:55:44 PM Remove C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}(2)\RP37\A0013310.exe Unclassified Malware@8411805 Success
4/12/2009 5:55:44 PM Remove C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}(2)\RP36\A0013111.com Unclassified Malware@8411805 Success
4/12/2009 5:55:44 PM Remove C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}(2)\RP38\A0013448.EXE Unclassified Malware@8327233 Success
4/12/2009 5:55:44 PM Remove C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}(2)\RP38\A0013487.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/12/2009 5:55:44 PM Remove C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}(2)\RP38\A0013494.com Unclassified Malware@8411805 Success
4/12/2009 5:55:44 PM Remove C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}(2)\RP38\A0013497.com Unclassified Malware@8411805 Success
4/12/2009 5:55:44 PM Remove C:\WINDOWS\NIRCMD.exe Unclassified Malware@8411805 Success
4/12/2009 7:50:50 PM Detect C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0000655.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/12/2009 7:51:25 PM Detect C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0000656.com Unclassified Malware@8411805 Success
4/12/2009 7:51:28 PM Remove C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0000655.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/12/2009 7:51:28 PM Detect C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0000657.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/12/2009 7:51:29 PM Remove C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0000656.com Unclassified Malware@8411805 Success
4/12/2009 7:51:31 PM Detect C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0000658.com Unclassified Malware@8411805 Success
4/12/2009 7:51:31 PM Remove C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0000657.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
4/12/2009 7:51:31 PM Detect C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0000659.exe Unclassified Malware@8411805 Success
4/12/2009 7:51:32 PM Remove C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0000658.com Unclassified Malware@8411805 Success
4/12/2009 7:51:32 PM Remove C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0000659.exe Unclassified Malware@8411805 Success
End of The Report
 
I have not used a Comodo product, you can ask your questions here:
http://forums.comodo.com/index.php

I looked at the log and it appears the antivirus was successful in removing what it found, the word "Success" follows each item. I wish to point out that these:
4/12/2009 5:14:34 PM Detect C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}(2)\RP36\A0013060.EXE Unclassified Malware@8327233 Success
and there are quite a lot of them, are infected System Restore files. In my post #16 I posted instructions to:
Clean the System Restore files like this:
Click to expand...
If those instructions were followed in the order I posted them, the C:\System Volume Information\_restore would have been clean and Comodo would not have found those items.

It is also possible, if you ran Comodo before you removed combofix, that Comodo was seeing infected files in the combofix quarantine, which was removed in the instructions (along with combofix)

Safe Surfing:)
 
Hi, Comodo did run before I removed anything, and I thought I had followed your instructions properly (I even printed them out!) and I have since run a comodo scan which was clean, so it all seems ok now , so thanks again!
 
Status
Not open for further replies.
Back
Top