Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus attack


  • Please log in to reply

#1
kpykpy

kpykpy

    New Member

  • Member
  • Pip
  • 6 posts
Hi can someone please help me.

My anti-virus has scanned and picked up some viruses. The viruses have been quarantined but it came back today. The virus report is below:

AntiVir PersonalEdition Classic
Report file date: 28 February 2007 21:26
Scanning for 658863 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Owner
Computer name: YOUR-U2KZFIB7P8
Version information:
BUILD.DAT : 217 12749 Bytes 05/12/2006 17:00:00
AVSCAN.EXE : 7.0.3.5 208936 Bytes 15/01/2007 22:06:29
AVSCAN.DLL : 7.0.3.1 35880 Bytes 07/01/2007 10:10:34
LUKE.DLL : 7.0.3.2 143400 Bytes 07/01/2007 10:10:35
LUKERES.DLL : 7.0.2.0 9256 Bytes 07/01/2007 10:10:35
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 12:35:27
ANTIVIR1.VDF : 6.37.0.153 3131392 Bytes 12/01/2007 22:14:55
ANTIVIR2.VDF : 6.37.0.235 374784 Bytes 29/01/2007 22:07:03
ANTIVIR3.VDF : 6.37.1.8 56320 Bytes 31/01/2007 21:25:35
AVEWIN32.DLL : 7.3.1.33 2281984 Bytes 30/01/2007 20:29:41
AVPREF.DLL : 7.0.2.0 23592 Bytes 07/01/2007 10:10:34
AVREP.DLL : 6.37.1.1 1105960 Bytes 30/01/2007 20:29:41
AVRPBASE.DLL : 7.0.0.0 2162728 Bytes 30/03/2006 10:43:31
AVPACK32.DLL : 7.2.0.5 368680 Bytes 07/01/2007 10:10:37
AVREG.DLL : 7.0.1.2 30760 Bytes 15/01/2007 22:06:29
NETNT.DLL : 6.32.0.0 6696 Bytes 27/09/2005 09:56:49
RCIMAGE.DLL : 7.0.1.3 2097192 Bytes 07/01/2007 10:10:31
RCTEXT.DLL : 7.0.12.1 77864 Bytes 07/01/2007 10:10:31
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Expanded search settings.........: 0x00007000
Start of the scan: 28 February 2007 21:26
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Modules have been scanned
Scan process 'avcenter.exe' - '1' Modules have been scanned
Scan process 'avgnt.exe' - '1' Modules have been scanned
Scan process 'msnmsgr.exe' - '1' Modules have been scanned
Scan process 'alg.exe' - '1' Modules have been scanned
Scan process 'iPodService.exe' - '1' Modules have been scanned
Scan process 'MsPMSPSv.exe' - '1' Modules have been scanned
Scan process 'MPAPI3s.exe' - '1' Modules have been scanned
Scan process 'ServiceLayer.exe' - '1' Modules have been scanned
Scan process 'hpqtra08.exe' - '1' Modules have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Modules have been scanned
Scan process 'PcSync2.exe' - '1' Modules have been scanned
Scan process 'ctfmon.exe' - '1' Modules have been scanned
Scan process 'DataLayer.exe' - '1' Modules have been scanned
Scan process 'LaunchApplication.exe' - '1' Modules have been scanned
Scan process 'iTunesHelper.exe' - '1' Modules have been scanned
Scan process 'qttask.exe' - '1' Modules have been scanned
Scan process 'MSASCui.exe' - '1' Modules have been scanned
Scan process 'WkUFind.exe' - '1' Modules have been scanned
Scan process 'zlclient.exe' - '0' Modules have been scanned
Scan process 'jusched.exe' - '1' Modules have been scanned
Scan process 'point32.exe' - '1' Modules have been scanned
Scan process 'ALCXMNTR.EXE' - '1' Modules have been scanned
Scan process 'dragdiag.exe' - '1' Modules have been scanned
Scan process 'shwicon2k.exe' - '1' Modules have been scanned
Scan process 'atiptaxx.exe' - '1' Modules have been scanned
Scan process 'kbd.exe' - '1' Modules have been scanned
Scan process 'hphmon05.exe' - '1' Modules have been scanned
Scan process 'hpwuSchd.exe' - '1' Modules have been scanned
Scan process 'HpqCmon.exe' - '1' Modules have been scanned
Scan process 'hpsysdrv.exe' - '1' Modules have been scanned
Scan process 'vsmon.exe' - '0' Modules have been scanned
Scan process 'symlcsvc.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'ccEvtMgr.exe' - '1' Modules have been scanned
Scan process 'avguard.exe' - '1' Modules have been scanned
Scan process 'sched.exe' - '1' Modules have been scanned
Scan process 'spoolsv.exe' - '1' Modules have been scanned
Scan process 'explorer.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'MsMpEng.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'lsass.exe' - '1' Modules have been scanned
Scan process 'services.exe' - '1' Modules have been scanned
Scan process 'winlogon.exe' - '1' Modules have been scanned
Scan process 'csrss.exe' - '1' Modules have been scanned
Scan process 'smss.exe' - '1' Modules have been scanned
48 processes with 48 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!
Boot sector 'G:\'
[NOTE] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[NOTE] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[NOTE] In the drive 'I:\' no data medium is inserted!
Boot sector 'J:\'
[NOTE] In the drive 'J:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( 52 files ).

Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\hp\drivers\keyboard\PS2.bat
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
[INFO] The file was moved to '45f31e89.qua'!
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\es.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll
[WARNING] The file could not be opened!
C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\ps2.bat
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
[INFO] The file was moved to '45f32ecc.qua'!
C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\ps2.bat
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
[INFO] The file was moved to '45f32ed0.qua'!
C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ps2.bat
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
[INFO] The file was moved to '45f32ed3.qua'!
C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ps2.bat
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
[INFO] The file was moved to '45f32ed9.qua'!
C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\ps2.bat
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
[INFO] The file was moved to '45f32eda.qua'!
C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\ps2.bat
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
[INFO] The file was moved to '4451cb07.qua'!
Begin scan in 'D:\' <HP_RECOVERY>
D:\I386\drv\APP19718\App19718.exe
[0] Archive type: ZIP SFX (self extracting)
--> hp/tmp/pav_ps2/PS2.bat
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
--> hp/tmp/pre_ps2/PS2.bat
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
[INFO] The file was moved to '46313134.qua'!
D:\System Volume Information\_restore{D3B0980A-A7B3-456A-A4BD-8F74FA72BA53}\RP571\A0167369.exe
[0] Archive type: ZIP SFX (self extracting)
--> hp/tmp/pav_ps2/PS2.bat
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
--> hp/tmp/pre_ps2/PS2.bat
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
[INFO] The file was moved to '45f23164.qua'!
Begin scan in 'A:\'
The path A:\ could not be found!
The device is not ready.
Begin scan in 'G:\'
The path G:\ could not be found!
The device is not ready.
Begin scan in 'H:\'
The path H:\ could not be found!
The device is not ready.
Begin scan in 'I:\'
The path I:\ could not be found!
The device is not ready.
Begin scan in 'J:\'
The path J:\ could not be found!
The device is not ready.
Begin scan in 'E:\'
The path E:\ could not be found!
The device is not ready.
Begin scan in 'F:\'
The path F:\ could not be found!
The device is not ready.

End of the scan: 01 February 2007 00:15
Used time: 872784:00:28 min
The scan has been done completely.
12985 Scanning directories
841524 Files were scanned
11 viruses and/or unwanted programs were found
0 files were deleted
0 files were repaired
9 files were moved to quarantine
0 files were renamed
23 Files cannot be scanned
841513 Files not concerned
20165 Archives were scanned
23 Warnings
0 Notes
  • 0

Advertisements


#2
Noviciate

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
Please Click here!, and follow the recommendations in the guide.

If you're still having trouble, We'll need you to use a free diagnostic tool, Hijack This. Follow the instructions in step five of this guide, and reply here with your log.

Most of what Hijack This lists lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP