;*********************************************************************************************************************************************************************************** ANALYSIS: 2008-06-16 09:46:44 PROTECTIONS: 0 MALWARE: 28 SUSPECTS: 0 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00003992 spyware/adclicker Spyware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00110011-4b0b-44d5-9718-90c88817369b} 00013512 adware/searchaid Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} 00013512 adware/searchaid Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{587DBF2D-9145-4C9E-92C2-1F953DA73773} 00029036 adware/superspider Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{467FAEB2-5F5B-4C81-BAE0-2A4752CA7F4E} 00029343 adware/mssearch Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} 00029343 adware/mssearch Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{fd9bc004-8331-4457-b830-4759ff704c22} 00035633 adware/cws.nfo Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E3EEBBE8-9CAB-4C76-B26A-747E25EBB4C6} 00036156 adware/winres Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D38A51A-23C9-48a1-A33C-48675AA2B494} 00039204 adware/cws Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} 00039204 adware/cws Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{bc97b254-b2b9-4d40-971d-78e0978f5f26} 00039204 adware/cws Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} 00039204 adware/cws Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{150fa160-130d-451f-b863-b655061432ba} 00040007 adware/cws.yexe Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5321E378-FFAD-4999-8C62-03CA8155F0B3} 00103389 adware/noname Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{cf021f40-3e14-23a5-cba2-717765721306} 00110532 spyware/clientman Spyware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB} 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Bea Olivieri\Cookies\bea_olivieri@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Bea Olivieri\Cookies\bea_olivieri@atdmt[2].txt 00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Bea Olivieri\Desktop\VirtumundoBeGone.exe[²ƒÇ] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Bea Olivieri\Cookies\bea_olivieri@ad.yieldmanager[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Bea Olivieri\Cookies\bea_olivieri@advertising[2].txt 00177226 spyware/lefeat Spyware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B847676D-72AC-4393-BFFF-43A1EB979352} 00226936 adware/cws.payfortraffic Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98DBBF16-CA43-4c33-BE80-99E6694468A4} 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Bea Olivieri\Cookies\bea_olivieri@atwola[1].txt 00293079 Spyware/7r7t Spyware No 1 Yes No C:\Documents and Settings\Bea Olivieri\Local Settings\Temporary Internet Files\Content.IE5\SLIZSLAV\snapsnet[1].exe 00332832 Adware/DollarRevenue Adware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP295\A0054028.dll 00332832 Adware/DollarRevenue Adware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP294\A0054011.dll 00519333 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Bea Olivieri\Desktop\VirtumundoBeGone.exe 00520936 Application/ViewPoint HackTools Yes 0 Yes No C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\3.8.0\VIEWBARBHO.DLL 00520936 Application/ViewPoint HackTools No 0 No No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP278\A0047824.exe[ViewBarBHO.dll] 02688464 Adware/DnsInsider Adware No 0 Yes No C:\Documents and Settings\Bea Olivieri\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.77358 02883509 Application/ViewPoint HackTools No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP278\A0047824.exe 02896112 Adware/Yazzle Adware No 0 Yes No C:\Documents and Settings\Bea Olivieri\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.29629 02944473 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP295\A0054080.exe 03052672 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP293\A0049939.exe 03053286 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP295\A0054034.exe ;=================================================================================================================================================================================== SUSPECTS Sent Location †p ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description †p ;=================================================================================================================================================================================== ;===================================================================================================================================================================================