;*********************************************************************************************************************************************************************************** ANALYSIS: 2008-05-31 02:59:57 PROTECTIONS: 1 MALWARE: 30 SUSPECTS: 0 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== CA Anti-Virus 9.0.0.170 Yes Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\jordan herrick\Cookies\jordan_herrick@doubleclick[1].txt 01343387 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\Installer\58479.msi[unk_0029] 02164907 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP137\A0096541.exe 02634745 Application/Playmp3z HackTools No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP64\A0028796.exe 02891362 Adware/Yazzle Adware No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP126\A0094123.exe 02891362 Adware/Yazzle Adware No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP147\A0108062.exe 02913339 Adware/InternetSpeedMonitor Adware No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP136\A0096470.exe 02913341 Adware/InternetSpeedMonitor Adware No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP136\A0096489.exe 02936016 Adware/Insider Adware No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP122\A0092061.exe 02936016 Adware/Insider Adware No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP126\A0094128.exe 02936016 Adware/Insider Adware No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP126\A0094126.exe 02936956 Adware/SideSearch Adware No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP136\A0096471.dll 02938171 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP126\A0094129.dll 02938171 Spyware/Virtumonde Spyware No 1 No No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP126\A0094131.exe[■%%\²¬Ç] 02938552 Adware/InternetSpeedMonitor Adware No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP136\A0096472.exe 02938563 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP126\A0094124.exe 02938823 Spyware/AdClicker Spyware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP136\A0096500.exe 02938979 Adware/JavaCore Adware No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP136\A0096503.exe 02939362 Adware/AccesMembre Adware No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP126\A0094134.exe 02941829 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP126\A0094195.dll 02942191 Adware/WebSearch Adware No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP136\A0096506.exe 02942192 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP147\A0108056.exe 02952450 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\nmcvvmfk.dll 02952450 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\endicuqn.dll 02952450 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\elmmcoqr.dll 02952450 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\uhfmrdfe.dll 02952971 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP147\A0108058.dll 02952971 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP147\A0108059.dll 02952971 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP147\A0108060.dll 02952971 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP147\A0108061.dll 02952973 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP137\A0096547.dll 02952973 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP137\A0096549.dll 02952973 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP138\A0096566.dll 02952973 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP137\A0096551.dll 02960420 Adware/GoodSearchNow Adware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP126\A0094145.sys 02992298 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\bpqvahme.dll 02992299 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\kgvqiqya.dll 02992299 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\mriijagk.dll 02992299 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\esxpqpum.dll 02992300 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\ufibgppm.dll 02992301 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP138\A0096588.dll 02992301 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP138\A0096586.dll 02992302 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\tncavnyt.dll 02992302 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\aecgyxik.dll 02992302 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\iuemnjng.dll 02992716 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\uexjdtks.dll 02992716 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\gggcvcxw.dll 02995628 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\dggpsdjj.dll.bad 02995628 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP147\A0108021.dll 02995630 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\tnjfaafb.dll ;=================================================================================================================================================================================== SUSPECTS Sent Location ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description ;=================================================================================================================================================================================== 108742 MEDIUM MS06-006 ;===================================================================================================================================================================================