Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Copy.exe Virus


  • Please log in to reply

#16
sari

sari

    GeekU Admin

  • Administrator
  • 21,803 posts
  • MVP
valcandy,

It should ask to install some files in order to run the Activescan, and then give you a choice of what you'd like to scan, such as your entire computer, your hard drive, etc. If you can't get it to work, let's try Kaspersky:

Please run an on-line virus scan at Kaspersky OnLine Scan.

Edited by sari, 04 January 2007 - 11:56 AM.

  • 0

Advertisements


#17
valcandy

valcandy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Goodness, it took me around 2 hours to download the scanning system.

Should I do a scan in critical areas + my computer? Anything else needed?

Thanks
  • 0

#18
sari

sari

    GeekU Admin

  • Administrator
  • 21,803 posts
  • MVP
That should be good. :whistling:
  • 0

#19
valcandy

valcandy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

That should be good. :whistling:


Okay, thanks Sari! Do you know if I have to be connected to the internet whilst the scan is bring done? Thank you!
  • 0

#20
sari

sari

    GeekU Admin

  • Administrator
  • 21,803 posts
  • MVP
Yep. It might take a while to run, depending on how much you have to scan. so be patient. :whistling:
  • 0

#21
valcandy

valcandy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Oops, I think the scan stopped half way through as my internet connection dropped!!! But here is what I got:

KASPERSKY ONLINE SCANNER REPORT
Friday, January 05, 2007 5:10:00 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 4/01/2007
Kaspersky Anti-Virus database records: 241745
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\HEJISH~1\LOCALS~1\Temp\
Scan Statistics
Total number of scanned objects 24377
Number of viruses found 4
Number of infected objects 5 / 0
Number of suspicious objects 0
Duration of the scan process 00:28:41

Infected Object Name Virus Name Last Action
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\itircl.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shdocvw.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\urlmon.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndis.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\netshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\MEMORY.DMP Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SVCHOST.EXE Infected: Trojan-Dropper.Win32.Small.apl skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fnbnko91.sys Object is locked skipped
C:\WINDOWS\system32\drivers\heludsis.sys Object is locked skipped
C:\WINDOWS\system32\drivers\mjeykb74.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sipheyhy.sys Object is locked skipped
C:\WINDOWS\system32\fnbnko91.dll Object is locked skipped
C:\WINDOWS\system32\gdktcrhr.dll Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\mjeykb74.dll Object is locked skipped
C:\WINDOWS\system32\moyusetup.exe/data0008 Infected: Trojan-Downloader.Win32.VB.aqt skipped
C:\WINDOWS\system32\moyusetup.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\rhogdxgx.dll Object is locked skipped
C:\WINDOWS\system32\temp2.exe Infected: Backdoor.Win32.Small.lo skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\xcopy.exe Infected: Virus.Win32.Perlovga.a skipped
C:\DOCUME~1\HEJISH~1\LOCALS~1\Temp\Perflib_Perfdata_304.dat Object is locked skipped
C:\DOCUME~1\HEJISH~1\LOCALS~1\Temp\~DFEC37.tmp Object is locked skipped
Scan process completed.
  • 0

#22
sari

sari

    GeekU Admin

  • Administrator
  • 21,803 posts
  • MVP
valcandy,

Alright - I have to run, and you have a lot of files that need to be deleted. I don't want to rush through that. I will be back on tomorrow and give you a complete fix to get you cleaned up.

sari
  • 0

#23
valcandy

valcandy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Okay, thank you. I will be posting another log of a scan of my computer using the Kaspersky online scanning.

Thank you once again Sari!
  • 0

#24
valcandy

valcandy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
KASPERSKY ONLINE SCANNER REPORT
Friday, January 05, 2007 7:28:02 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 4/01/2007
Kaspersky Anti-Virus database records: 241745
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
Scan Statistics
Total number of scanned objects 75990
Number of viruses found 6
Number of infected objects 55 / 0
Number of suspicious objects 0
Duration of the scan process 02:15:00

Infected Object Name Virus Name Last Action
C:\copy.exe Infected: Virus.Win32.Perlovga.a skipped
C:\Documents and Settings\All Users\Application Data\Prevx\Local.dat Object is locked skipped
C:\Documents and Settings\He Jishan\Application Data\Mozilla\Firefox\Profiles\ynwn0mcz.default\cert8.db Object is locked skipped
C:\Documents and Settings\He Jishan\Application Data\Mozilla\Firefox\Profiles\ynwn0mcz.default\history.dat Object is locked skipped
C:\Documents and Settings\He Jishan\Application Data\Mozilla\Firefox\Profiles\ynwn0mcz.default\key3.db Object is locked skipped
C:\Documents and Settings\He Jishan\Application Data\Mozilla\Firefox\Profiles\ynwn0mcz.default\parent.lock Object is locked skipped
C:\Documents and Settings\He Jishan\Application Data\Mozilla\Firefox\Profiles\ynwn0mcz.default\search.sqlite Object is locked skipped
C:\Documents and Settings\He Jishan\Application Data\Mozilla\Firefox\Profiles\ynwn0mcz.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\He Jishan\Application Data\Prevx\proc.cat Object is locked skipped
C:\Documents and Settings\He Jishan\Application Data\Skype\voodoodollval\call256.dbb Object is locked skipped
C:\Documents and Settings\He Jishan\Application Data\Skype\voodoodollval\callmember256.dbb Object is locked skipped
C:\Documents and Settings\He Jishan\Application Data\Skype\voodoodollval\chat512.dbb Object is locked skipped
C:\Documents and Settings\He Jishan\Application Data\Skype\voodoodollval\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\He Jishan\Application Data\Skype\voodoodollval\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\He Jishan\Application Data\Skype\voodoodollval\index2.dat Object is locked skipped
C:\Documents and Settings\He Jishan\Application Data\Skype\voodoodollval\profile4096.dbb Object is locked skipped
C:\Documents and Settings\He Jishan\Application Data\Skype\voodoodollval\transfer256.dbb Object is locked skipped
C:\Documents and Settings\He Jishan\Application Data\Skype\voodoodollval\user1024.dbb Object is locked skipped
C:\Documents and Settings\He Jishan\Application Data\Skype\voodoodollval\user256.dbb Object is locked skipped
C:\Documents and Settings\He Jishan\Application Data\Skype\voodoodollval\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\He Jishan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\He Jishan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\He Jishan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\He Jishan\Local Settings\Application Data\Mozilla\Firefox\Profiles\ynwn0mcz.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\He Jishan\Local Settings\Application Data\Mozilla\Firefox\Profiles\ynwn0mcz.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\He Jishan\Local Settings\Application Data\Mozilla\Firefox\Profiles\ynwn0mcz.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\He Jishan\Local Settings\Application Data\Mozilla\Firefox\Profiles\ynwn0mcz.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\He Jishan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\He Jishan\Local Settings\Temp\Perflib_Perfdata_304.dat Object is locked skipped
C:\Documents and Settings\He Jishan\Local Settings\Temp\~DFEC37.tmp Object is locked skipped
C:\Documents and Settings\He Jishan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\He Jishan\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\He Jishan\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\host.exe Infected: Trojan-Dropper.Win32.Small.apl skipped
C:\Program Files\Moyu\DownloadRingName.exe Infected: Trojan-Downloader.Win32.VB.aqt skipped
C:\Program Files\Prevx1\lclbrk.cache Object is locked skipped
C:\Program Files\Prevx1\log\px-log.txt Object is locked skipped
C:\Program Files\Prevx1\paws.cache Object is locked skipped
C:\Program Files\Prevx1\prevx.cache Object is locked skipped
C:\Program Files\yok\moyusetup.exe/data0008 Infected: Trojan-Downloader.Win32.VB.aqt skipped
C:\Program Files\yok\moyusetup.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP288\A0072296.exe Infected: Virus.Win32.Perlovga.b skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP288\A0072297.exe Infected: Backdoor.Win32.Small.lo skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP288\A0072323.exe Infected: Virus.Win32.Perlovga.b skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP288\A0072324.exe Infected: Backdoor.Win32.Small.lo skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP289\A0072378.exe Infected: Virus.Win32.Perlovga.b skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP289\A0072379.exe Infected: Backdoor.Win32.Small.lo skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP289\A0072422.exe Infected: Virus.Win32.Perlovga.b skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP289\A0072423.exe Infected: Backdoor.Win32.Small.lo skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP291\A0072482.exe Infected: Virus.Win32.Perlovga.b skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP291\A0072483.exe Infected: Backdoor.Win32.Small.lo skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP291\A0072519.exe Infected: Virus.Win32.Perlovga.b skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP291\A0072520.exe Infected: Backdoor.Win32.Small.lo skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP291\A0072532.exe Infected: Virus.Win32.Perlovga.b skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP291\A0072533.exe Infected: Backdoor.Win32.Small.lo skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP292\A0072549.exe Infected: Virus.Win32.Perlovga.b skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP292\A0072550.exe Infected: Backdoor.Win32.Small.lo skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP292\A0072565.exe Infected: Virus.Win32.Perlovga.b skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP292\A0072566.exe Infected: Backdoor.Win32.Small.lo skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP292\A0072583.exe Infected: Virus.Win32.Perlovga.b skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP292\A0072584.exe Infected: Backdoor.Win32.Small.lo skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP293\A0072630.exe Infected: Virus.Win32.Perlovga.b skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP293\A0072631.exe Infected: Backdoor.Win32.Small.lo skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP293\A0072647.exe Infected: Virus.Win32.Perlovga.b skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP293\A0072648.exe Infected: Backdoor.Win32.Small.lo skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP294\A0072748.exe Infected: Virus.Win32.Perlovga.b skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP294\A0072749.exe Infected: Backdoor.Win32.Small.lo skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP295\A0072773.exe Infected: Virus.Win32.Perlovga.b skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP295\A0072774.exe Infected: Backdoor.Win32.Small.lo skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP295\A0072792.exe Infected: Virus.Win32.Perlovga.b skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP295\A0072793.exe Infected: Backdoor.Win32.Small.lo skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP295\A0072820.exe Infected: Trojan-PSW.Win32.QQRob.le skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP295\A0072827.exe Infected: Virus.Win32.Perlovga.b skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP295\A0072828.exe Infected: Backdoor.Win32.Small.lo skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP296\A0072869.exe Infected: Virus.Win32.Perlovga.b skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP296\A0072870.exe Infected: Backdoor.Win32.Small.lo skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP296\A0072881.exe Infected: Virus.Win32.Perlovga.b skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP296\A0072886.exe Infected: Backdoor.Win32.Small.lo skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP296\A0072899.exe Infected: Virus.Win32.Perlovga.b skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP296\A0072900.exe Infected: Backdoor.Win32.Small.lo skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP296\A0072914.exe Infected: Trojan-Dropper.Win32.Small.apl skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP296\A0072918.exe Infected: Virus.Win32.Perlovga.b skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP296\A0072941.exe Infected: Backdoor.Win32.Small.lo skipped
C:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP296\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\itircl.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shdocvw.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\urlmon.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndis.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\netshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\MEMORY.DMP Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SVCHOST.EXE Infected: Trojan-Dropper.Win32.Small.apl skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fnbnko91.sys Object is locked skipped
C:\WINDOWS\system32\drivers\heludsis.sys Object is locked skipped
C:\WINDOWS\system32\drivers\mjeykb74.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sipheyhy.sys Object is locked skipped
C:\WINDOWS\system32\fnbnko91.dll Object is locked skipped
C:\WINDOWS\system32\gdktcrhr.dll Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\mjeykb74.dll Object is locked skipped
C:\WINDOWS\system32\moyusetup.exe/data0008 Infected: Trojan-Downloader.Win32.VB.aqt skipped
C:\WINDOWS\system32\moyusetup.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\rhogdxgx.dll Object is locked skipped
C:\WINDOWS\system32\temp1.exe Infected: Virus.Win32.Perlovga.b skipped
C:\WINDOWS\system32\temp2.exe Infected: Backdoor.Win32.Small.lo skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\ylofk12.cab Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\xcopy.exe Infected: Virus.Win32.Perlovga.a skipped
D:\copy.exe Infected: Virus.Win32.Perlovga.a skipped
D:\System Volume Information\_restore{9441DCE6-A6E3-4C8B-A10E-0F3C05F5EAC6}\RP296\A0072915.exe Infected: Trojan-Dropper.Win32.Small.apl skipped
Scan process completed.
  • 0

#25
sari

sari

    GeekU Admin

  • Administrator
  • 21,803 posts
  • MVP
valcandy,

I need some additional scans and information from you.

Download GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

Show Hidden Files
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Can you see if you can find this:

C:\Program Files\???????CS1.5?????

I'm not sure if it's a folder or a file. You might just need to look for the CS1.5 - I'm not sure if the question marks will be question marks or some other character. If you can find it, can you take a screen shot of it and post it here, like you've done with your prevx results?

Thanks,

sari
  • 0

Advertisements


#26
valcandy

valcandy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Hey sari will def perform this shortly
  • 0

#27
valcandy

valcandy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

valcandy,

I need some additional scans and information from you.

Download GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

Show Hidden Files
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Can you see if you can find this:

C:\Program Files\???????CS1.5?????

I'm not sure if it's a folder or a file. You might just need to look for the CS1.5 - I'm not sure if the question marks will be question marks or some other character. If you can find it, can you take a screen shot of it and post it here, like you've done with your prevx results?

Thanks,

sari


sari see that u are here! that GMER link isnt working!
  • 0

#28
sari

sari

    GeekU Admin

  • Administrator
  • 21,803 posts
  • MVP
valcandy,

I'm sorry - that site is temporarily down.

Click here to download AVG Anti Rootkit and save it to your desktop.
  • Double-click on the AVG_AntiRootkit_1.0.0.13.exe file to run it.
  • Click "I Agree" to agree to the EULA.
  • By default it will install to "G:\Program Files\GRISOFT\AVG Anti-Rootkit Beta".
  • Click "Next" to begin the installation then click "Install".
  • It will then ask you to reboot now to finish the installation.
  • Click "Finish" and your computer will reboot.
  • After it reboots, double-click on the AVG Anti-Rootkit Beta shortcut that is now on your desktop.
  • Click on the "Perform in-depth search" button to begin the scan.
  • The scan will take a while so be patient and let it complete.
  • When the scan is finished, click the "Save result to file" button.
  • Save the scan results to your desktop then come back here to copy and paste the results in your next reply to this thread.
sari
  • 0

#29
valcandy

valcandy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
just says no rootkit found, cannot save!
  • 0

#30
sari

sari

    GeekU Admin

  • Administrator
  • 21,803 posts
  • MVP
valcandy,

That's good that you don't have a rootkit. :whistling:

Were you able to do this from my previous post?

Show Hidden Files
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Can you see if you can find this:

C:\Program Files\???????CS1.5?????

I'm not sure if it's a folder or a file. You might just need to look for the CS1.5 - I'm not sure if the question marks will be question marks or some other character. If you can find it, can you take a screen shot of it and post it here, like you've done with your prevx results?

Thanks,

sari
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP