Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Problem with WinAntiVirus Pro 2006 (fake antivirus)

Started by acxigon , Sep 03 2006 10:00 AM

  • Please log in to reply

#1
acxigon
Posted 03 September 2006 - 10:00 AM

acxigon

    New Member

  • Member
  • Pip
  • 2 posts
Hi.
Having problems with WinAntiVirus Pro 2006.
Annoying popups about downloading the software because it tells me I'm vounerable to "Serwab".
I also see isnotify.exe and several more is*.exe-prosesses running when the computer starts up.
Also getting a lot of files in the windows temp-folder who refuses to be deleted, and a lot of win**.tmp (where ** is a random two digit number) in the same folder.
Wehen i'm using msie, i also get redirected to the downloadsite for the winantivirus pro 2006 several times every five or ten minutes or so, and sometimes I get redirected to a fake 404-site who tells me the page i'm trying to visit is dangerous, even when its a safe site like this forum.

This is my current HJT-log:

Logfile of HijackThis v1.99.1
Scan saved at 17:40:33, on 03.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Documents and Settings\-Admin-\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.p4.no/pla...r.asp?channel=1
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\Safety Bar.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - Startup: Registration Brothers In Arms.LNK = D:\Support\Register\RegistrationReminder.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe




Btw, just killed of the is*.exe-prosesses like isnotify, doesnt know if that affected the log, but anyway they are still here nxt time i restart.

Help appreciated, sorry for the bad english writing.
  • 0

Advertisements

#2
acxigon
Posted 03 September 2006 - 12:04 PM

acxigon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi again.
Not bumping, but updating with new info.

Downloaded SmitfraudFix (by S!Ri), and run option 2, cleaned the registry.
Then download the trial version of Ewido Security Suite, and run a complete system scan with Delete as the default option for infected files.
New HJT-log and ewido-log.

Appreciate all help


Logfile of HijackThis v1.99.1
Scan saved at 19:51:19, on 03.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\-Admin-\Desktop\HijackThis.exe

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe



---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:38:59 03.09.2006

+ Scan result:




C:\WINDOWS\system32\admparsek.dll -> Adware.EasyEr : Cleaned.
HKU\S-1-5-21-1177238915-616249376-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} -> Adware.Generic : Cleaned.
HKU\S-1-5-21-1177238915-616249376-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{873EB32D-AE1A-4183-89BD-45A77F761BE4} -> Adware.Generic : Cleaned.
C:\Documents and Settings\-Admin-\My Documents\old_40GB\My Documents\DH2004Setup-dm.exe -> Adware.Trymedia : Cleaned.
G:\mdpsite_pub\software\TrickshotSetup-dm.exe -> Adware.Trymedia : Cleaned.
C:\WINDOWS\system32\byxussq.dll -> Adware.Virtumonde : Cleaned.
C:\WINDOWS\system32\hggddec.dll -> Adware.Virtumonde : Cleaned.
C:\WINDOWS\compstuih.dll -> Downloader.Delf.aeo : Cleaned.
C:\WINDOWS\g10552390.dll -> Downloader.Delf.aeo : Cleaned.
C:\WINDOWS\g10968500.dll -> Downloader.Delf.aeo : Cleaned.
C:\WINDOWS\g11748687.dll -> Downloader.Delf.aeo : Cleaned.
C:\WINDOWS\g123397484.dll -> Downloader.Delf.aeo : Cleaned.
C:\WINDOWS\g13381125.dll -> Downloader.Delf.aeo : Cleaned.
C:\WINDOWS\g13924468.dll -> Downloader.Delf.aeo : Cleaned.
C:\WINDOWS\g14588390.dll -> Downloader.Delf.aeo : Cleaned.
C:\WINDOWS\g16990187.dll -> Downloader.Delf.aeo : Cleaned.
C:\WINDOWS\g22380656.dll -> Downloader.Delf.aeo : Cleaned.
C:\WINDOWS\g2560578.dll -> Downloader.Delf.aeo : Cleaned.
C:\WINDOWS\g2705171.dll -> Downloader.Delf.aeo : Cleaned.
C:\WINDOWS\g2735328.dll -> Downloader.Delf.aeo : Cleaned.
C:\WINDOWS\g289406.dll -> Downloader.Delf.aeo : Cleaned.
C:\WINDOWS\g3037312.dll -> Downloader.Delf.aeo : Cleaned.
C:\WINDOWS\g4021093.dll -> Downloader.Delf.aeo : Cleaned.
C:\WINDOWS\g4837359.dll -> Downloader.Delf.aeo : Cleaned.
C:\WINDOWS\g5114515.dll -> Downloader.Delf.aeo : Cleaned.
C:\WINDOWS\g5365187.dll -> Downloader.Delf.aeo : Cleaned.
C:\WINDOWS\g5392968.dll -> Downloader.Delf.aeo : Cleaned.
C:\WINDOWS\g7638109.dll -> Downloader.Delf.aeo : Cleaned.
C:\WINDOWS\g81752703.dll -> Downloader.Delf.aeo : Cleaned.
C:\WINDOWS\g85605718.dll -> Downloader.Delf.aeo : Cleaned.
C:\WINDOWS\g86040140.dll -> Downloader.Delf.aeo : Cleaned.
C:\WINDOWS\g868015.dll -> Downloader.Delf.aeo : Cleaned.
C:\WINDOWS\g89236687.dll -> Downloader.Delf.aeo : Cleaned.
C:\WINDOWS\system32\compstuih.dll -> Downloader.Delf.aeo : Cleaned.
C:\WINDOWS\g1111515.dll -> Downloader.Delf.amb : Cleaned.
C:\WINDOWS\g11374984.dll -> Downloader.Delf.amb : Cleaned.
C:\WINDOWS\g1357968.dll -> Downloader.Delf.amb : Cleaned.
C:\WINDOWS\g1374437.dll -> Downloader.Delf.amb : Cleaned.
C:\WINDOWS\g1399921.dll -> Downloader.Delf.amb : Cleaned.
C:\WINDOWS\g171906.dll -> Downloader.Delf.amb : Cleaned.
C:\WINDOWS\g1837390.dll -> Downloader.Delf.amb : Cleaned.
C:\WINDOWS\g18650828.dll -> Downloader.Delf.amb : Cleaned.
C:\WINDOWS\g21059390.dll -> Downloader.Delf.amb : Cleaned.
C:\WINDOWS\g2313828.dll -> Downloader.Delf.amb : Cleaned.
C:\WINDOWS\g24902687.dll -> Downloader.Delf.amb : Cleaned.
C:\WINDOWS\g26695531.dll -> Downloader.Delf.amb : Cleaned.
C:\WINDOWS\g30538734.dll -> Downloader.Delf.amb : Cleaned.
C:\WINDOWS\g3073953.dll -> Downloader.Delf.amb : Cleaned.
C:\WINDOWS\g5467375.dll -> Downloader.Delf.amb : Cleaned.
C:\WINDOWS\g6662640.dll -> Downloader.Delf.amb : Cleaned.
C:\WINDOWS\g7244296.dll -> Downloader.Delf.amb : Cleaned.
C:\WINDOWS\g8445781.dll -> Downloader.Delf.amb : Cleaned.
C:\WINDOWS\g88011203.dll -> Downloader.Delf.amb : Cleaned.
C:\WINDOWS\g8844984.dll -> Downloader.Delf.amb : Cleaned.
C:\WINDOWS\g968531.dll -> Downloader.Delf.amb : Cleaned.
[268] C:\WINDOWS\g968531.dll -> Downloader.Delf.amb : Error during cleaning.
[840] C:\WINDOWS\g968531.dll -> Downloader.Delf.amb : Error during cleaning.
G:\bt_dl\2.PocketPC.ARM.Games.Appz.By.EnEsBe\2.PocketPC.ARM.Games.Appz.By.EnEsBe.zip/www.pda365.com 2/Resco Explorer 5.14 PPC/HA_Explorer2003_514_ARMV4_QIAN.exe/DUDU_HH.exe -> Downloader.Small : Cleaned.
G:\bt_dl\2.PocketPC.ARM.Games.Appz.By.EnEsBe\www.pda365.com 2\Resco Explorer 5.14 PPC\HA_Explorer2003_514_ARMV4_QIAN.exe/DUDU_HH.exe -> Downloader.Small : Cleaned.
G:\Gamestuff-mix\Cheatprogs\nfsp2000edit.zip/nfsp2000edit/Nfs5 Trainer.exe -> Dropper.Small : Cleaned.
G:\bt_dl\2.PocketPC.ARM.Games.Appz.By.EnEsBe\2.PocketPC.ARM.Games.Appz.By.EnEsBe.zip/www.pda365.com 2/Resco Photo Viewer v5.20 PPC/r-000628-2005-04-13.rar/keygen.exe -> Logger.ProAgent.t : Cleaned.
G:\bt_dl\2.PocketPC.ARM.Games.Appz.By.EnEsBe\www.pda365.com 2\Resco Explorer v5.13 PPC\Resco Explorer v5.13 PPC.rar/Resco.Explorer.2003.v5.13.All.PPC.incl.Keygen-RCAPDA\r-000636.zip/keygen.rar/keygen.exe -> Logger.ProAgent.t : Cleaned.
G:\bt_dl\2.PocketPC.ARM.Games.Appz.By.EnEsBe\www.pda365.com 2\Resco Photo Viewer v5.20 PPC\r-000628-2005-04-13.rar/keygen.exe -> Logger.ProAgent.t : Cleaned.
C:\WINDOWS\system32\jfkygela.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned.
C:\WINDOWS\system32\juknvxlo.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned.
C:\WINDOWS\system32\xffpuhub.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned.
C:\WINDOWS\system32\avqtqxjp.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned.
C:\WINDOWS\system32\aysjcjsb.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned.
C:\WINDOWS\system32\nitbxeuu.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned.
C:\WINDOWS\system32\nrhukaew.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned.
C:\Documents and Settings\-Admin-\My Documents\old_40GB\My Documents\My Downloads\vnc71.zip/utils/xCmd.exe -> Not-A-Virus.RemoteAdmin.Win32.RemoteExec : Cleaned.
C:\Documents and Settings\-Admin-\My Documents\old_40GB\My Documents\My Downloads\vnc71.zip/vnc9/VNCHooks.dll -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.333 : Cleaned.
C:\Documents and Settings\-Admin-\My Documents\old_40GB\My Documents\My Downloads\vnc71.zip/vnc9/WinVNC.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.333 : Cleaned.
C:\Documents and Settings\-Admin-\My Documents\old_40GB\My Documents\My Downloads\vnc71.zip/vnc9/vncviewer.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.333 : Cleaned.
C:\Documents and Settings\-Admin-\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\-Admin-\Cookies\-admin-@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\WINDOWS\system32\drivers\DP.sys -> Trojan.Agent.ny : Cleaned.
C:\WINDOWS\system32\mheyjmin.exe -> Trojan.Agent.ny : Cleaned.
C:\Documents and Settings\-Admin-\Local Settings\Temporary Internet Files\Content.IE5\VKCY86SN\bgates[1].exe -> Trojan.Dialer.pz : Cleaned.
C:\WINDOWS\temp\idd119.tmp.exe -> Trojan.Dialer.qy : Cleaned.
C:\WINDOWS\temp\iddCB.tmp.exe -> Trojan.Dialer.qy : Cleaned.
C:\WINDOWS\temp\iddD9.tmp.exe -> Trojan.Dialer.qy : Cleaned.
C:\WINDOWS\system32\winrkp32.dll -> Trojan.Mezzia : Cleaned.
C:\Documents and Settings\-Admin-\Local Settings\Temporary Internet Files\Content.IE5\2FIN7ATQ\srvfyw[1].exe -> Trojan.Pakes : Cleaned.
C:\WINDOWS\temp\winCA.tmp.exe -> Trojan.Pakes : Cleaned.
C:\WINDOWS\temp\winD8.tmp.exe -> Trojan.Pakes : Cleaned.


::Report end


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP