;*********************************************************************************************************************************************************************************** ANALYSIS: 2008-04-09 12:07:30 PROTECTIONS: 1 MALWARE: 13 SUSPECTS: 1 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== Symantec AntiVirus Corporate Edition 10.1.5.5000 Yes Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Peter Bougie\Application Data\Mozilla\Firefox\Profiles\d8fcm3j3.default\cookies.txt[.doubleclick.net/] 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Peter Bougie\Application Data\Mozilla\Firefox\Profiles\d8fcm3j3.default\cookies.txt[.atdmt.com/] 00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Peter Bougie\Desktop\Anti-Stuff\SmitfraudFix\Process.exe 00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Peter Bougie\Desktop\Anti-Stuff\smitRem.exe[smitRem/Process.exe] 00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Peter Bougie\Desktop\Anti-Stuff\smitRem\Process.exe 00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Peter Bougie\Local Settings\Application Data\Mozilla\Firefox\Profiles\d8fcm3j3.default\Cache\3EFBEAA3d01[smitRem/Process.exe] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Peter Bougie\Application Data\Mozilla\Firefox\Profiles\d8fcm3j3.default\cookies.txt[.tribalfusion.com/] 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Peter Bougie\Application Data\Mozilla\Firefox\Profiles\d8fcm3j3.default\cookies.txt[.mediaplex.com/] 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Peter Bougie\Application Data\Mozilla\Firefox\Profiles\d8fcm3j3.default\cookies.txt[.com.com/] 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Peter Bougie\Application Data\Mozilla\Firefox\Profiles\d8fcm3j3.default\cookies.txt[.xiti.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Peter Bougie\Application Data\Mozilla\Firefox\Profiles\d8fcm3j3.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Peter Bougie\Application Data\Mozilla\Firefox\Profiles\d8fcm3j3.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Peter Bougie\Application Data\Mozilla\Firefox\Profiles\d8fcm3j3.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Peter Bougie\Application Data\Mozilla\Firefox\Profiles\d8fcm3j3.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Peter Bougie\Application Data\Mozilla\Firefox\Profiles\d8fcm3j3.default\cookies.txt[.advertising.com/] 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Peter Bougie\Application Data\Mozilla\Firefox\Profiles\d8fcm3j3.default\cookies.txt[.questionmarket.com/] 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Peter Bougie\Application Data\Mozilla\Firefox\Profiles\d8fcm3j3.default\cookies.txt[.questionmarket.com/] 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Peter Bougie\Application Data\Mozilla\Firefox\Profiles\d8fcm3j3.default\cookies.txt[.atwola.com/] 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Peter Bougie\Application Data\Mozilla\Firefox\Profiles\d8fcm3j3.default\cookies.txt[.atwola.com/] 00517584 Application/SuperFast HackTools No 0 Yes No C:\Documents and Settings\Peter Bougie\Desktop\Anti-Stuff\SmitfraudFix\restart.exe 02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Peter Bougie\Desktop\Anti-Stuff\SmitfraudFix\Reboot.exe 02887532 Cookie/XPAntivirusPro TrackingCookie No 0 Yes No C:\Documents and Settings\Peter Bougie\Cookies\peter bougie@www.safenavweb[1].txt ;=================================================================================================================================================================================== SUSPECTS Sent Location žk ;=================================================================================================================================================================================== No C:\WINDOWS\QDNKEWFA.DLL žk ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description žk ;=================================================================================================================================================================================== ;===================================================================================================================================================================================