Virtumonde and Virtumonde.generic

new combofix log

Now having Kaspersky scan...


ComboFix 07-11-30.4 - HP_Owner 2007-11-30 17:09:00.2 - NTFSx86
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point

FILE
D:\I386\Apps\APP07885\src\HPSummer2005.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\I386\Apps\APP07885\src\HPSummer2005.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 )))))))))))))))))))))))))))))))
.

2007-11-27 21:37 . 2007-11-27 21:37 1,042 --a------ C:\net_save.dna
2007-11-27 21:36 . 2007-11-27 22:03 <DIR> d-------- C:\Program Files\support.com
2007-11-27 20:42 . 2007-11-27 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Support.com
2007-11-27 18:33 . 2007-11-27 18:33 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\InterVideo
2007-11-27 08:03 . 2007-11-27 08:03 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-27 08:03 . 2007-11-27 18:29 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\AVG7
2007-11-27 08:03 . 2007-11-27 08:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-27 08:03 . 2007-11-30 12:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-11-27 02:17 . 2007-11-27 02:18 <DIR> d-------- C:\Program Files\Philips
2007-11-27 02:04 . 2005-01-28 13:44 5,525,504 --a------ C:\WINDOWS\system32\setb8.tmp
2007-11-27 01:53 . 2004-04-23 00:00 116,736 --a------ C:\WINDOWS\system32\CNMLM5y.DLL
2007-11-27 01:53 . 2004-04-23 00:00 7,680 --a------ C:\WINDOWS\system32\CNMVS5y.DLL
2007-11-27 01:52 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-11-27 01:52 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-11-26 21:31 . 2007-11-26 21:31 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-26 18:06 . 2007-11-26 18:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-26 18:05 . 2007-11-26 18:05 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-22 01:00 . 2007-11-22 01:00 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Creative
2007-11-22 00:34 . 1999-10-10 12:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-11-22 00:28 . 1999-12-12 12:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2007-11-22 00:28 . 1999-11-17 12:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2007-11-22 00:27 . 2007-11-22 00:33 <DIR> d--h----- C:\Program Files\Creative Installation Information
2007-11-22 00:27 . 2007-11-22 00:27 <DIR> d-------- C:\Program Files\Common Files\Creative
2007-11-22 00:24 . 2007-11-22 00:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2007-11-22 00:20 . 2007-11-22 00:34 <DIR> d-------- C:\Program Files\Creative
2007-11-21 23:40 . 2007-11-21 23:40 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-11-21 23:40 . 2007-11-21 23:40 917,504 --a------ C:\WINDOWS\system32\FLASH.OCX
2007-11-21 08:20 . 2007-11-21 08:20 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-11-21 00:49 . 2007-11-21 02:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-21 00:15 . 2007-11-27 07:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-20 08:47 . 2007-11-20 08:47 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-11-20 08:47 . 2007-11-20 08:47 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2007-11-20 08:45 . 2007-11-20 08:47 <DIR> d-------- C:\Program Files\WinTV
2007-11-20 08:45 . 2004-02-13 15:58 65,536 --a------ C:\WINDOWS\system32\hcwdlg.ocx
2007-11-20 08:43 . 2007-11-20 08:46 855 --a------ C:\WINDOWS\HCWPNP.INI
2007-11-20 04:49 . 2001-08-17 16:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-11-20 04:49 . 2001-08-17 17:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-11-20 04:47 . 2007-11-30 00:00 246 --a------ C:\WINDOWS\system\hpsysdrv.dat
2007-11-20 04:45 . 2007-11-20 03:14 <DIR> d-------- C:\WINDOWS\I386
2007-11-20 04:36 . 2007-11-21 08:24 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2007-11-20 04:35 . 2007-11-27 02:13 <DIR> dr-hs---- C:\WINDOWS\system32\dllcache
2007-11-20 03:57 . 2007-11-20 03:57 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-20 03:24 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\kswdmcap.ax
2007-11-20 03:24 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\dllcache\kswdmcap.ax
2007-11-20 03:24 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2007-11-20 03:24 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\dllcache\kstvtune.ax
2007-11-20 03:24 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-11-20 03:24 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-11-20 03:24 . 2004-08-03 23:08 48,640 --a------ C:\WINDOWS\system32\stream.sys
2007-11-20 03:24 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2007-11-20 03:24 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\dllcache\ksxbar.ax
2007-11-20 03:24 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2007-11-20 03:24 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\dllcache\vidcap.ax
2007-11-20 03:15 . 2004-08-04 07:00 260,272 -r-hs---- C:\cmldr
2007-11-20 03:15 . 2007-11-20 02:53 213 -rahs---- C:\BOOT.BAK
2007-11-20 03:12 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-11-20 03:11 . 2007-11-20 03:11 <DIR> d--hs---- C:\Documents and Settings\HP_Owner\UserData
2007-11-20 03:04 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-20 02:56 . 2004-08-04 07:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-11-20 02:56 . 2005-01-23 12:30 163,840 --a------ C:\WINDOWS\system32\igfxres.dll
2007-11-20 02:56 . 2007-11-20 02:56 1,837 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_PX743AA-ABA a1110n_YC_0Pavi_QCNH522_E53NAheBLU2_47_IGuppy_SASUSTek Computer INC._V1.03_B3.08_T050509_WXH2_L409_M504_J160_7Intel_8Celeron_93.07_#050919_N10EC8139_Z11C1048C_G80862562_OHP DVD Writer 640b.MRK
2007-11-20 02:55 . 2005-05-06 02:12 <DIR> d-------- C:\Documents and Settings\HP_Owner\WINDOWS
2007-11-20 02:55 . 2005-05-06 02:36 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Symantec
2007-11-20 02:55 . 2005-05-06 02:27 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\SampleView
2007-11-20 02:55 . 2005-05-06 02:32 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\InterMute
2007-11-20 02:55 . 2005-05-06 02:11 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2007-11-20 02:54 . 2005-05-06 02:12 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2007-11-20 02:53 . 2007-11-20 02:53 <DIR> d-a------ C:\Program Files\Common Files\LightScribe
2007-11-20 02:53 . 2005-05-06 02:12 <DIR> d-------- C:\Documents and Settings\Default User\WINDOWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-21 07:10]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 10:06]
"PhilipsLime"="C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe" [2005-09-08 16:10]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 12:31]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 00:34]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 15:54]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-05-06 01:59]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 16:48]
"PhilipsDM"="C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2005-09-14 23:12]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-27 08:03]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-27 08:03]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoStart IR.lnk - C:\Program Files\WinTV\Ir.exe [2007-11-20 08:46:32]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 04:28:24]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2005-05-06 02:15:24]

R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66e386e7-9743-11dc-a849-0013d41e6fd1}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-30 17:11:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-30 17:12:21
C:\ComboFix2.txt ... 2007-11-29 23:21
.
--- E O F ---
 
new Kaspersky scan

So I don't think things happened as planned...still 1 virus found and 6 infected files


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, November 30, 2007 7:26:20 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/12/2007
Kaspersky Anti-Virus database records: 469622
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 72994
Number of viruses found: 1
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 01:12:19

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\HP_Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\MSHist012007113020071201\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Acr12.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Acr14.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Acr6.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\YPMRAP4V\80CBJF1QX[2].flv Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\YVOJM21R\D4O2G90ID[2].flv Object is locked skipped
C:\Documents and Settings\HP_Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\HP_Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\L0000001.FCS Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\storydb.idx Object is locked skipped
C:\qoobox\Quarantine\D\I386\Apps\APP07885\src\HPSummer2005.exe.vir/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
C:\qoobox\Quarantine\D\I386\Apps\APP07885\src\HPSummer2005.exe.vir WiseSFX: infected - 1 skipped
C:\qoobox\Quarantine\D\I386\Apps\APP07885\src\HPSummer2005.exe.vir WiseSFX Dropper: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP26\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP26\change.log Object is locked skipped
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP26\A0003791.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP26\A0003791.exe WiseSFX: infected - 1 skipped
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP26\A0003791.exe WiseSFX Dropper: infected - 1 skipped

Scan process completed.
 
aicstpnin said:
So I don't think things happened as planned...still 1 virus found and 6 infected files
Click to expand...

:laugh:

Actually they did ... ;)

Number of viruses found: 1
Number of infected objects: 6

C:\qoobox\Quarantine\D\I386\Apps\APP07885\src\HPSummer2005.exe.vir/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
C:\qoobox\Quarantine\D\I386\Apps\APP07885\src\HPSummer2005.exe.vir WiseSFX: infected - 1 skipped
C:\qoobox\Quarantine\D\I386\Apps\APP07885\src\HPSummer2005.exe.vir WiseSFX Dropper: infected - 1 skipped

D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP26\A0003791.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP26\A0003791.exe WiseSFX: infected - 1 skipped
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP26\A0003791.exe WiseSFX Dropper: infected - 1 skipped

This is what happened ...

Combofix deleted the file (3 infected objects) from your HP restore partition here :-

D:\I386\Apps\APP07885\src\HPSummer2005.exe

But before it deleted the files it did 2 things ...

Created a restore point .... in which we now find these :-

D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP26\A0003791.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP26\A0003791.exe WiseSFX: infected - 1 skipped
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP26\A0003791.exe WiseSFX Dropper: infected - 1 skipped

Then it backed up the file in it's own quarantine folder :-

C:\qoobox\Quarantine\D\I386\Apps\APP07885\src\HPSummer2005.exe.vir/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
C:\qoobox\Quarantine\D\I386\Apps\APP07885\src\HPSummer2005.exe.vir WiseSFX: infected - 1 skipped
C:\qoobox\Quarantine\D\I386\Apps\APP07885\src\HPSummer2005.exe.vir WiseSFX Dropper: infected - 1 skipped

So to be finally rid of it we now need to do 2 last things ...

1. Delete the C:\qoobox ... folder

2. Purge system restore ...

This will clear all your infected restore points...

Turn off (Disable) System Restore in XP :-

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer.

Then...

Turn on (enable) System Restore :-

Follow the same procedure, but this time uncheck Turn off System Restore

if you have any problem with this... here's a link to instructions :-


Disabling or enabling Windows XP System Restore >

http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

Run a new KASPERSKY ONLINE SCAN & I guarantee it will be clean this time

steam
 
And you're correct!

Thanks so much again, Steam, for all your help. Couldn't have done it without you (obviously) :bigthumb:

One last side question -- can you recommend any firewall programs for Vista? Or just stick with Windows Firewall?

Thanks,
Mitch
 
Hi

You're very welcome ...

I've always been very satisfied with Zonealarm free firewalls both on XP & before that on my win98 ...

I know they've had a lot of teething troubles with running it with vista, but I believe most if them are worked out, though I know some people still have trouble running it with vista...

Zonealarm Free 7.1.100.000 - Size / OS: 17.5 MB, Windows 2K/XP/Vista

http://www.softpedia.com/get/Security/Firewall/ZoneAlarm-Free.shtml

The FREE Comodo Firewall is supposed to work well with vista .. But I can't guarantee it, some people can't get it to work either ...

http://www.bestvistadownloads.com/software/t-free-comodo-firewall-pro-download-gfybevki.html

steam
 
You must log in or register to reply here.
Back
Top