First a funny thing I've noticed is that everytime I go to google (offline mode) his inetexplorer isn't being redirected but if I go to
www.dr.dk I'll be redirected EACH time...
Okay as I went online I logged online to msn where a script bug appeared, I said I didn't want to have scripts running from it. Then I installed firefox to see what happent. it didn't seem like it was infected so that might mean he can use that explorer instead... dunno. Then I went to the kaspersky webpage (with internet explorer, since I wasn't sure if he had to be using inetexplorer as you have to with panda) and did a full system scan.
I choosed extended scan method and scanned "my computer", also I updated the newest patches for xp that he didn't have (simultanously). I didn't have avg activated as I did the scan but ewido was activated (this might cause a problem as I noticed the first time I did a panda scan I got a popup with a virus which I then removed with avg but this time I didn't have it running so if something poppuped up that avg actually could remove, it didn't.
Well here is the report:
Saturday, July 15, 2006 3:49:39 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 15/07/2006
Kaspersky Anti-Virus database records: 207536
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 87269
Number of viruses found 1
Number of infected objects 6 / 0
Number of suspicious objects 0
Duration of the scan process 00:36:33
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokale indstillinger\Oversigt\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Theis Gaarsmand\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Theis Gaarsmand\Lokale indstillinger\Application Data\ApplicationHistory\cli.exe.843bf18c.ini.inuse Object is locked skipped
C:\Documents and Settings\Theis Gaarsmand\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Theis Gaarsmand\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Theis Gaarsmand\Lokale indstillinger\Oversigt\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Theis Gaarsmand\Lokale indstillinger\Temp\Perflib_Perfdata_56c.dat Object is locked skipped
C:\Documents and Settings\Theis Gaarsmand\Lokale indstillinger\Temp\Perflib_Perfdata_a1c.dat Object is locked skipped
C:\Documents and Settings\Theis Gaarsmand\Lokale indstillinger\Temp\Perflib_Perfdata_a28.dat Object is locked skipped
C:\Documents and Settings\Theis Gaarsmand\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Theis Gaarsmand\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Theis Gaarsmand\ntuser.dat.LOG Object is locked skipped
C:\Programmer\BitTorrent\uninstall.exe/stream/data0002 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Programmer\BitTorrent\uninstall.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Programmer\BitTorrent\uninstall.exe NSIS: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Upload\BitTorrent-4.0.3.exe/stream/data0003 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Upload\BitTorrent-4.0.3.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Upload\BitTorrent-4.0.3.exe NSIS: infected - 2 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Also my littlebrother was smart enough to press restart while the scan was running but it continued till the scan ended. When it ended and the report was ended I wanted to see if I could use kaspersky to delete the infections so I clicked on the "all" button above the detail screen, then the computer suddenly just rebooted.
After the computer startet up it came with an windows error report, the files that caused the error was:
C:\DOCUME~1\THEISG~1\LOKALE~1\Temp\WERcf38.dir00\Mini071506-01.dmp
C:\DOCUME~1\THEISG~1\LOKALE~1\Temp\WERcf38.dir00\sysdata.xml
Also the error that accured in msn accured again and this is what it said:
This is translatet from danish:
An error accured in the script on the page
Line: 42
Symbol: 3
Error: An object was waitet
code: 0
URL:
http://rad.msn.com/adsadclient31.dll?getad?og=imsdmd?sc=hf
Gotta go will do a panda scan later
will close you in a few days.
really appreciated it, learned a lot.