Stuck at SpyBot, Spyware Blaster

[Aspirex]

OK, shaba. I have done what you asked.

I am ready to run combofix & hijackthis but first I would like to ask you something. While deleting those files in the System32 folder, I also noticed that all dll files also has a dllbox file.
E.g. C:\WINDOWS\system32\unykyzmh.dllbox
and also C:\sugpw.exe~ which is separate from sugpw.exe which I have deleted as you requested.

Should I delete all these also?

 

[Shaba]

Hi

Yes, please

 

[Aspirex]

Thanks for helping me with this, Shaba

Here are reports: (Are things looking better? :fear

HIJACKTHIS
==========

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:00 AM, on 10/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\Program Files\j2 Messenger 4.2\J2GTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Aspirex1.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6E333001-C05F-408C-9AB3-BC7A855AF8FC} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [pccguide.exe] C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [j2 4.2] "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: j2 4.2.lnk = C:\Program Files\j2 Messenger 4.2\J2GTray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - WWW Prefix:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

--
End of file - 4765 bytes




COMBOFIX
========

ComboFix 07-10-17.8@ - XP 2007-10-23 10:51:21.5 - NTFSx86
Script execution time was exceeded on script "C:\ComboFix\osid.vbs".
Script execution was terminated.
Running from: C:\Documents and Settings\XP\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-23 to 2007-10-23 )))))))))))))))))))))))))))))))
.

2007-10-19 15:06 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-19 11:59 32,768 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-10-19 11:42 <DIR> d-------- C:\VundoFix Backups
2007-10-18 15:12 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-18 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-18 15:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-18 11:32 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-10-17 20:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-17 17:38 <DIR> d-------- C:\WINDOWS\pss
2007-10-16 10:11 <DIR> d-------- C:\Program Files\Free Download Manager
2007-10-16 10:11 <DIR> d-------- C:\Documents and Settings\XP\Application Data\Free Download Manager
2007-10-15 10:39 8,192 --a--c--- C:\WINDOWS\system32\dllcache\changer.sys
2007-10-15 10:39 106 --ahs---- C:\WINDOWS\system32\340418025.dat
2007-10-13 17:40 94,208 --a------ C:\WINDOWS\unvise32qt.exe
2007-10-13 17:39 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-10-13 17:39 <DIR> d-------- C:\Program Files\QuickTime
2007-10-13 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-18 10:34 --------- d-----w C:\Program Files\Trend Micro
2007-10-16 09:04 --------- d-----w C:\Program Files\Infogrames Interactive
2007-10-16 09:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-14 15:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-05-14 14:26 1,622 ----a-w C:\Program Files\INSTALL.LOG
2001-09-28 09:00 171,520 ----a-w C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((( snapshot@2007-10-20_18.24.38.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-20 10:19:37 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-10-23 02:38:33 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-10-20 10:19:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-10-23 02:38:33 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-10-20 10:19:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-23 02:38:33 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E333001-C05F-408C-9AB3-BC7A855AF8FC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe" [2006-08-25 11:25]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-13 17:40]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"j2 4.2"="C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" [2006-07-15 04:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE"="C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [2006-08-18 13:06]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2005-01-07 08:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
j2 4.2.lnk - C:\Program Files\j2 Messenger 4.2\J2GTray.exe [2006-09-27 13:52:37]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-09-14 00:25:15]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1783a936-47e0-11db-b4cb-806d6172696f}]
AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68162f83-4341-11db-8f27-806d6172696f}]
AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b0aef79-49f6-11db-b4d6-98d035f3ea85}]
AutoRun\command - F:\autorun.exe

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-23 10:56:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-23 10:59:05
C:\ComboFix2.txt ... 2007-10-22 15:31
C:\ComboFix3.txt ... 2007-10-20 18:27
.
--- E O F ---

 

[Shaba]

Hi

Yes, they are

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then start to download the latest definition files.
• Once the scanner is installed and the definitions downloaded, click Next.
• Now click on Scan Settings
• In the scan settings make sure that the following are selected:
  
  o Scan using the following Anti-Virus database:
  
  + Extended (If available otherwise Standard)
  
  o Scan Options:
  
  + Scan Archives
  + Scan Mail Bases
  
• Click OK
• Now under select a target to scan select My Computer
• The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
• Now click on the Save as Text button
• Save the file to your desktop.
• Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report

 

[Aspirex]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:00 PM, on 10/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\Program Files\j2 Messenger 4.2\J2GTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\Aspirex1.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6E333001-C05F-408C-9AB3-BC7A855AF8FC} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [pccguide.exe] C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [j2 4.2] "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: j2 4.2.lnk = C:\Program Files\j2 Messenger 4.2\J2GTray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - WWW Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

--
End of file - 4947 bytes

 

[Aspirex]

My Kaspersky report is over several posts due to its length:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, October 23, 2007 7:12:58 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/10/2007
Kaspersky Anti-Virus database records: 443070
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 170754
Number of viruses found: 15
Number of infected objects: 8400
Number of suspicious objects: 0
Duration of the scan process: 02:06:33

Infected Object Name / Virus Name / Last Action
C:\!KillBox\unykyzmh.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped
C:\BJPrinter\CNMWINDOWS\Canon i255 Installer\Driver2\CNMPV.EXE Infected: Virus.Win32.Virut.ae skipped
C:\BJPrinter\CNMWINDOWS\Canon i255 Installer\Driver2\CNMQUEUE.EXE Infected: Virus.Win32.Virut.ae skipped
C:\BJPrinter\CNMWINDOWS\Canon i255 Installer\Driver2\CNMSMSD.EXE Infected: Virus.Win32.Virut.ae skipped
C:\BJPrinter\CNMWINDOWS\Canon i255 Installer\Driver2\CNMSTMN.EXE Infected: Virus.Win32.Virut.ae skipped
C:\BJPrinter\CNMWINDOWS\Canon i255 Installer\Inst2\helpkicker.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\All Users\Application Data\Trend Micro\OE\auhome\patch.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\lb31wda3.default\cert8.db Object is locked skipped
C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\lb31wda3.default\history.dat Object is locked skipped
C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\lb31wda3.default\key3.db Object is locked skipped
C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\lb31wda3.default\parent.lock Object is locked skipped
C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\lb31wda3.default\search.sqlite Object is locked skipped
C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\lb31wda3.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\XP\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\XP\Desktop\cwshredder.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\Desktop\KillBox.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\Desktop\utorrent.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\Desktop\VundoFix.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Mozilla\Firefox\Profiles\lb31wda3.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Mozilla\Firefox\Profiles\lb31wda3.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Mozilla\Firefox\Profiles\lb31wda3.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Mozilla\Firefox\Profiles\lb31wda3.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Mozilla\Firefox\Profiles\lb31wda3.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\XP\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\XP\Local Settings\Temp\Free Download Manager\tic8E.tmp Object is locked skipped
C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\XP\My Documents\install.exe~ Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\Bible\healing2(1).exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\Bible\healing2.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\Bible\prayer.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\chktrust.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\ebks\ftssite\ebook\EbookBuilder4.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\ebks\ftssite\ebook\ebookcover\uninstal.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\ebks\ftssite\ebook\WebsiteEbooksRebrander.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\ebks\impact-popup.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\ebks\javamachine1.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\ebks\PDFBrand.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\ebks\RARebook\MORE_REPORTS\BULKEMAILPROGRAM\STEALTH.EXE Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\ebks\RARebook\MORE_REPORTS\GOV_AUCTION_INSIDER_S_GUIDE\SNIPES.EXE Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\imarketingC\dna.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\imarketingC\domains2dollars\CDROMs\iper3pro\Eng\client\f\eBooksWriterFREE_e.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\imarketingC\domains2dollars\CDROMs\iper3pro\Eng\client\f\EbookUtils\eBooksReader_e.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\imarketingC\domains2dollars\CDROMs\iper3pro\Eng\client\f\EbookUtils\SfxEbkE.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\imarketingC\domains2dollars\CDROMs\iper3pro\Eng\client\f\MiDeinst.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\imarketingC\ezyads-rebrand.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\imarketingC\howsellwebsite\howsoldsite.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\rgbc\CompactDraw V1.03 Reg-Maker.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\XP\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig708\ENU_\setup.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig708\ENU__\setup.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\ENU\setup.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\CoverDesigner\CoverDes.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\ImageDrive\ImageDrive.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\Nero\nero.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\Nero\NeroCmd.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\Nero\Uninstall\UNNero.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\Nero BackItUp\BackItUp.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\Nero BackItUp\NBR.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\Nero SoundTrax\SoundTrax.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\Nero Toolkit\CDSpeed.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\Nero Toolkit\DriveSpeed.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\Nero Toolkit\InfoTool.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\Nero Wave Editor\DXEnum.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\Nero Wave Editor\WaveEdit.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\WMPBurn\WMPBurn.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Alcohol Soft\Alcohol 120\Patch.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Analog Devices\SoundMAX\AEEnable.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Analog Devices\SoundMAX\DLSLoader.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Analog Devices\SoundMAX\install.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Analog Devices\SoundMAX\RemADI.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Analog Devices\SoundMAX\Remove.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Analog Devices\SoundMAX\SMAgentI.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Analog Devices\SoundMAX\SMAgentX.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Analog Devices\SoundMAX\_iscppr.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Common Files\Ahead\Lib\specialoffer.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Domain Finder Full\DomainFinderFull.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\everGirl Photo Manager\Photags.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\everGirl Photo Manager\PTGetVideoFrame.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\everGirl Photo Manager\PTWebCam.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\everGirl Photo Manager\Setup.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\everGirl Photo Manager\VCDTools\jpeg2yuv.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\everGirl Photo Manager\VCDTools\mpeg2enc.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\everGirl Photo Manager\VCDTools\mplex.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\everGirl Photo Manager\VCDTools\PTCueBurn.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\everGirl Photo Manager\VCDTools\PTMpegEncode.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\everGirl Photo Manager\VCDTools\PTVCDPrepare.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\everGirl Photo Manager\VCDTools\vcdimager.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\everGirl Photo Manager\VCDTools\vcdxbuild.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Free Download Manager\Updater.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Impact PopUp\ImpactPopup.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Infogrames Interactive\Civilization III\Civ3Edit.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\InstallShield Installation Information\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}\Setup.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\Setup.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Internet Explorer\iedw.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Internet Explorer\IEXPLORE.EXE Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\j2 Messenger 4.2\J2GMail.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\j2 Messenger 4.2\J2GMailWiz.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\j2 Messenger 4.2\J2GPBook.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\j2 Messenger 4.2\J2GPfcOle.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\j2 Messenger 4.2\J2GPlus.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\j2 Messenger 4.2\J2GTray.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Macromedia\Dreamweaver MX\JVM\bin\java.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Macromedia\Dreamweaver MX\JVM\bin\javac.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Macromedia\Dreamweaver MX\JVM\bin\javaw.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Macromedia\Dreamweaver MX\JVM\bin\keytool.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Macromedia\Dreamweaver MX\JVM\bin\policytool.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Macromedia\Dreamweaver MX\JVM\bin\rmid.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Macromedia\Dreamweaver MX\JVM\bin\rmiregistry.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Macromedia\Dreamweaver MX\JVM\bin\tnameserv.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Macromedia\Extension Manager\Extension Manager.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Macromedia\Extension Manager\Replace.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Mars\MR97310\DPInst.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Messenger\msmsgs.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Movie Maker\moviemk.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\MSN\MSNIA\msniasvc.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\MSN\MSNIA\prestp.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\MSN\MsnInstaller\msninst.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\MSN Gaming Zone\Windows\zClientm.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\NetMeeting\cb32.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\NetMeeting\conf.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\NetMeeting\wb32.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Outlook Express\msimn.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Outlook Express\oemig50.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Outlook Express\setup50.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Outlook Express\wab.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Outlook Express\wabmig.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\QuickTime\QTInfo.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\QuickTime\qttask.exe Infected: Virus.Win32.Virut.ae skipped

 

[Aspirex]

C:\Program Files\QuickTime\QuickTimeUpdater.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\HijackThis\Aspirex.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\HijackThis\Aspirex1.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\drivers\CfwDriver\ncfg.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\drivers\MbdDriver\Install.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\drivers\TdiDriver\tdiins.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\PCCBrows.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\PccEULA.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\PccHCMS.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\pcclient.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\PccLog.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\pccmain.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\PcCmdCom.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\PcCmdIM.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\PccRBMsg.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\PCCTool.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\PccUpdUI.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\PCCVScan.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\PcFstStr.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\282.tmp Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2F7.tmp Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A7.tmp Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\B.tmp Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\BB.tmp Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Program Files\Trend Micro\Internet Security 2007\remove.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\Temp\aupcc\product\PcCtlCom.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\Temp\aupcc\product\TMAS_OE\TMAS_OE.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\Temp\aupcc\TscEngine\tsc.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_Det.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\auhome\patch.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OE.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEImp.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_WM.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_WMImp.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_WMMon.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OL\auhome\patch.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OL\TMAS_OL.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OL\TMAS_OLImp.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OL\TMAS_OLSentry.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TMOAgent.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TRIALMSG.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TSC.EXE Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Autorun.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\HtmlView.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\PCCBrows.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\PccEULA.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\pccguide.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\PccHCMS.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\PCClient.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\PccLog.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\pccmain.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\PcCmdCom.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\PcCmdIM.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\PccRBMsg.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\PcCtlCom.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\PCCTool.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\PccUpdUI.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\PCCVScan.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\PcFstStr.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\PcScnSrv.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\remove.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\TMAS_Det.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\Tmntsrv.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\TMOAgent.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\TmPfw.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\tmproxy.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\TRIALMSG.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\TSC.EXE Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\setup.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\System32\drivers\im\ncfg.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\System32\drivers\Install.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\System32\drivers\tdiins.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Tools\ncfg.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Tools\PCCTool.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\bin\settlershok.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\Support\Detection\s5detection.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\Support\Register\RegistrationReminder.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\UNWISE.EXE Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Web CEO\BIN\gbak.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Web CEO\BIN\wceodbm.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Web CEO\BIN\webceo.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Windows Media Player\migrate.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Windows Media Player\mplayer2.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Windows Media Player\setup_wm.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Windows Media Player\wmplayer.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Windows NT\Accessories\wordpad.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Windows NT\dialer.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Windows NT\hypertrm.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Windows NT\Pinball\PINBALL.EXE Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\WinRAR\Rar.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\WinRAR\RarExtLoader.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\WinRAR\Uninstall.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\WinRAR\UnRAR.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\WinRAR\WinRAR.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\WinZip\WINZIP32.EXE Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\WinZip\WZMSG.EXE Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\WinZip\WZQKPICK.EXE Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\WinZip\WZSEPE32.EXE Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\WS_FTP\WS_FTP95.exe Infected: Virus.Win32.Virut.ae skipped
C:\qoobox\Quarantine\C\Program Files\Hammer.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\ip6fw.sys.vir Infected: Trojan-Downloader.Win32.Agent.acl skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\nbsfoivs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aea skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ofdnlmhv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aea skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\winrkp32.dll.vir Infected: Trojan.Win32.Dialer.qn skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\wqbvysci.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\wvimxyxc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped

 

[Aspirex]

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040813.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040814.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040815.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040816.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040817.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040818.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040820.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040821.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040822.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040823.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040824.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040825.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040826.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040827.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040828.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040829.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040830.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040831.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040833.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040834.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040836.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040837.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040838.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040839.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040840.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040841.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040842.EXE Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040843.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040844.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040846.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040847.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040848.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040849.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040850.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040853.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040854.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040855.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040857.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040859.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040860.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040861.EXE Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040862.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040863.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040864.EXE Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040865.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040866.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040867.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040868.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040869.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040870.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040871.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040872.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040873.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040874.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040875.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040876.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040877.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040878.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040879.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040880.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040881.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040882.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040890.EXE Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040905.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040906.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040909.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040910.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040911.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040912.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040913.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040914.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040916.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040917.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040918.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040919.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040920.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040921.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040923.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040926.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040927.EXE Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040930.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040931.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040933.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040934.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040938.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040949.dll Infected: Trojan.Win32.Pakes.su skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040955.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040956.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040957.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040958.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040959.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040960.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040961.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040963.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040964.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040967.dll Infected: Trojan-Downloader.Win32.Agent.bnm skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040968.sys Infected: Trojan-Downloader.Win32.Agent.bnm skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040969.dll Infected: Trojan-Downloader.Win32.Agent.bnm skipped

 

[Aspirex]

O dear!
Shaba, there's still a lot more of the report...:blink:

Shall I go on or is there another way that would be more comvenient for you?

 

[Aspirex]

OK. I just figured out that I can attach the Kaspersky txt file here. (Even then I have to zip it due to it's size ~ 2 MB)

 

[Shaba]

Hi

I have very bad news for you

You have virut, a file infector which has most likely infected all your executable files.

Practically only way to get rid of it is re-formatting (if you try use some cleaning programs it will infect them,too).

 

[Aspirex]

:sad: OK Shaba. I really appreciate your kind help & the time you put into working with me on this.

I would like to save my data files from C: before I reformat. Can you tell me if data files (especially html files) are also affected?

I thought I could save D:, but from Kaspersky's report, it looks like my D: is also infected. Am I correct? Which means I have to re-format the whole harddisk?

Here's a small sample of Kaspersky pertaining to D:
==============================
D:\Bible\e-Sword.exe Infected: Virus.Win32.Virut.ae skipped
D:\Championship Manager 4\cm4.exe Infected: Virus.Win32.Virut.ae skipped
D:\Desktop\utorrent.exe Infected: Virus.Win32.Virut.ae skipped
D:\FaxVoice\messenger.exe Infected: Virus.Win32.Virut.ae skipped
D:\FM2006\fm data editor.exe Infected: Virus.Win32.Virut.ae skipped
D:\New Folder\ebks\ftssite\ebook\EbookBuilder4.exe Infected: Virus.Win32.Virut.ae skipped
D:\Outlook Express\msimn.exe Infected: Virus.Win32.Virut.ae skipped
D:\Outlook Express\oemig50.exe Infected: Virus.Win32.Virut.ae skipped
D:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0042124.exe Infected: Virus.Win32.Virut.ae skipped
D:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0042127.exe Infected: Virus.Win32.Virut.ae skipped
================================

 

[Shaba]

Hi

All .exe and .scr files are likely infected so you can't save any of those files or you will get immediately re-infected.

But you save eg. pictures, documents and so.

Yes, you will need re-format entire hard disk.

 

[Shaba]

Hi

As this seems to be "resolved", I just give some tips for the future:

• Make your Internet Explorer more secure - This can be done by following these simple instructions:
• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
  
• Change the Download unsigned ActiveX controls to Disable
  
• Change the Initialize and script ActiveX controls not marked as safe to Disable
  
• Change the Installation of desktop items to Prompt
  
• Change the Launching programs and files in an IFRAME to Prompt
  
• Change the Navigate sub-frames across different domains to Prompt
  
• When all these settings have been made, click on the OK button.
  
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
• Next press the Apply button and then the OK to exit the Internet Properties page.

• Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources

• Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  
  
• Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
  
  For a tutorial on Firewalls and a listing of some available ones see the link below:
  
  Understanding and Using Firewalls
  
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
• Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
  
  A tutorial on installing & using this product can be found here:
  
  Using SpywareBlaster to protect your computer from Spyware and Malware
  
  
• Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

• IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
• Google Toolbar <= Get the free google toolbar to help stop pop up windows.
• Comodo BOCLEAN <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
• Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
  Using Winpatrol to protect your computer from malicious software

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

 

[Aspirex]

Thanks again Shaba.
I've implemented your suggestions.

 

[Shaba]

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.