Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

kxvo.exe PLEASE HELP [RESOLVED]


  • This topic is locked This topic is locked

#76
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
After double-clicking fixthis.reg, Windows prompts that this is not a valid win32 application. Do we need to change the encoding language? By default, it is set to ANSI.

I think my computer is not yet clean yet. When I open my computer and click on one of my hard drives, Windows prompts me the Open With window asking me to: "Choose the program you want to use to open this file" This happens to both partitions C: & D:. I can only browse through these drives by typing their location at the address bar or by using Windows Explorer.

:) And lastly, I want to inform you that I still have a 3rd computer which got infected via network (I believe). Could you still help me on this? Same scenario with the other two...Please... :) Thanks a lot kahdah! I owe you really big for having helped me this far.

Edited by amm007, 26 March 2008 - 08:10 AM.

  • 0

Advertisements


#77
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Your computer is clean.
It's just that the malware has corrupted some files.

Let's first fix the registry problem.

Please Go to start > run and type: cmd
This should open the command prompt Window (A black Window)

In the command prompt Window type the following commands:

assoc .reg=regfile Hit enter

ftype regfile=regedit.exe "%1" Hit enter

there should be a space between assoc and .reg
there should be a space between regedit.exe and "%1"


Then close the command prompt by typing exit or just close it using the x in the corner.

Then try the reg fix again.
=====================
Using this tool does not mean that you are infected it merely replaces the missing .inf files required for windows to correctly open the drive.

For the other drives do the following:
  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

  • 0

#78
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
I have did everything including the step of resetting System Restore Points. Drive C & D now works well! Thanks a heap! Do we still need to do a scan to be sure that there's no trace of the malware? Also, can you still help me with the 3rd computer which got the same infection? Thanks again!
  • 0

#79
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
No that computer is clean.
You are welcome :)

I will go ahead and look at the 3rd computer now.
Please download Deckard's System Scanner (DSS) and save it to your Desktop of the third Computer.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#80
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
Hold on kadah...I'm still putting computer 3 back to the network....I'll post the logs as soon as I get it back connected...Thanks!
  • 0

#81
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
Hi kahdah..After we fixed computer 1, I did a full scan. Good thing I received kaspersky's verdict that it is clean. To make sure the same thing goes for computer 2, I also performed a full system scan. After it, kaspersky still found 4 viruses. Here's the log if you need it...

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, March 28, 2008 11:22:31 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/03/2008
Kaspersky Anti-Virus database records: 667874
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 44894
Number of viruses found: 4
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 00:58:59

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\AntiSpyware\Data\masdata.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\AntiSpyware\Data\masevents.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Logs\Filtering.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd000.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ruberc\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.96339 Infected: Trojan-PSW.Win32.OnLineGames.ubi skipped
C:\Documents and Settings\Ruberc\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Ruberc\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\cert8.db Object is locked skipped
C:\Documents and Settings\Ruberc\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\history.dat Object is locked skipped
C:\Documents and Settings\Ruberc\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\key3.db Object is locked skipped
C:\Documents and Settings\Ruberc\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\parent.lock Object is locked skipped
C:\Documents and Settings\Ruberc\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Ruberc\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Ruberc\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ruberc\Desktop\PRO-GUT_edited.doc Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\Cache\AF9BC14Fd01 Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\History\History.IE5\MSHist012008032820080329\index.dat Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Temp\flaA8.tmp Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Temp\Perflib_Perfdata_7ec.dat Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Temp\~DF9992.tmp Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Temp\~DFA15D.tmp Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ruberc\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Ruberc\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ChikkaV4\QueueManager.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000184.inf Infected: Trojan-Dropper.Win32.Agent.fuk skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\ieso1.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\sqlite_dKEuX4I6FbeYQPc Object is locked skipped
C:\WINDOWS\Temp\sqlite_IlO74Xz9n91hVSO Object is locked skipped
C:\WINDOWS\Temp\sqlite_vQse2vgbcbcqCh1 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\l2quk.exe Infected: Trojan-PSW.Win32.OnLineGames.szu skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000185.inf Infected: Trojan-Dropper.Win32.Agent.fuk skipped

Scan process completed.
  • 0

#82
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\Ruberc\Application Data\Malwarebytes
    C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000184.inf
    C:\WINDOWS\system32\ieso1.dll 
    D:\l2quk.exe 
    D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000185.inf
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • 0

#83
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
C:\Documents and Settings\Ruberc\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine moved successfully.
C:\Documents and Settings\Ruberc\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs moved successfully.
C:\Documents and Settings\Ruberc\Application Data\Malwarebytes\Malwarebytes' Anti-Malware moved successfully.
C:\Documents and Settings\Ruberc\Application Data\Malwarebytes moved successfully.
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000184.inf moved successfully.
C:\WINDOWS\system32\ieso1.dll unregistered successfully.
C:\WINDOWS\system32\ieso1.dll moved successfully.
D:\l2quk.exe moved successfully.
D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000185.inf moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03282008_230306
  • 0

#84
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Cleanup::
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
==================
After that then post the logs from your 3rd computer.
  • 0

#85
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
I've finished the cleanup. Are we now certain that this computer is not anymore infected? How can we check? Thanks kadah!
  • 0

Advertisements


#86
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
I am sure you can scan all you wish if you do not think so.

But if you are satisfied then let's proceed by posting the logs for your 3rd computer.
  • 0

#87
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
Hi kahdah! Sorry about being so persistent. :) Still, kaspersky found viruses. How come they won't stop after every cleanup we do? I wonder why. Any idea how strong this virus is? Is my internet connection plus a well-programmed malware possibly the culprit of my computer downloading more and more virus?

Here's the recent log:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, March 30, 2008 5:51:31 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/03/2008
Kaspersky Anti-Virus database records: 673066
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 47484
Number of viruses found: 4
Number of infected objects: 20
Number of suspicious objects: 0
Duration of the scan process: 01:01:38

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\AntiSpyware\Data\masdata.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\AntiSpyware\Data\masevents.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Logs\Filtering.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd001.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ruberc\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\cert8.db Object is locked skipped
C:\Documents and Settings\Ruberc\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Ruberc\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\history.dat Object is locked skipped
C:\Documents and Settings\Ruberc\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\key3.db Object is locked skipped
C:\Documents and Settings\Ruberc\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\parent.lock Object is locked skipped
C:\Documents and Settings\Ruberc\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Ruberc\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Ruberc\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Temp\wjlg44s8.dll Infected: Worm.Win32.AutoRun.ddj skipped
C:\Documents and Settings\Ruberc\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ruberc\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Ruberc\ntuser.dat.LOG Object is locked skipped
C:\es.exe Infected: Worm.Win32.AutoRun.ddj skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000326.dll Infected: Worm.Win32.AutoRun.ddj skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000327.dll Infected: Worm.Win32.AutoRun.ddj skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000333.exe Infected: Worm.Win32.AutoRun.ddj skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000341.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000342.inf Infected: Trojan-Dropper.Win32.Agent.fuk skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000343.inf Infected: Trojan-Dropper.Win32.Agent.fuk skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000344.exe Infected: Trojan-PSW.Win32.OnLineGames.szu skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000350.dll Infected: Worm.Win32.AutoRun.ddj skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000351.dll Infected: Worm.Win32.AutoRun.ddj skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000352.exe Infected: Worm.Win32.AutoRun.ddj skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000363.exe Infected: Worm.Win32.AutoRun.ddj skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000368.dll Infected: Worm.Win32.AutoRun.ddj skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4\change.log Object is locked skipped
C:\vuts0e.cmd Infected: Packed.Win32.PolyCrypt.h skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{59851AF5-DAFA-4DD4-9E45-DD593B34CA3A}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\sqlite_KA6LpNzlCjYwTdn Object is locked skipped
C:\WINDOWS\Temp\sqlite_Kxr0VxQ2yhNGRtf Object is locked skipped
C:\WINDOWS\Temp\sqlite_XSniZfWC5rvrWxJ Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\es.exe Infected: Worm.Win32.AutoRun.ddj skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000296.exe Infected: Trojan-PSW.Win32.OnLineGames.szu skipped
D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000335.exe Infected: Worm.Win32.AutoRun.ddj skipped
D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000354.exe Infected: Worm.Win32.AutoRun.ddj skipped
D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4\change.log Object is locked skipped
D:\vuts0e.cmd Infected: Packed.Win32.PolyCrypt.h skipped

Scan process completed.

Edited by amm007, 30 March 2008 - 03:59 AM.

  • 0

#88
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
DO you still have the 3rd computer connected to the network?
If so these types of infections travel through your network connection.

That possibly is the way these are coming about.
=================================
I would like to try something a bit different.
===========================
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Step 1: Download the eScan Antivirus Toolkit Here. Save it to the Desktop, it is roughly 10MB in size. Before running the program we need to update the signature files first in Step 2.

Step 2: Updating the eScan Antivirus Toolkit with the latest files:
1.) Double-click on the mwav.exe file saved to the Desktop; it will extract the program files to a new folder called Kaspersky at the root of the C:\drive. (C:\Kaspersky.)
2.) Double-click on My Computer, double-click on the Hard Drive (usually the C:\drive), find and double-click on the Kaspersky folder; inside the Kaspersky folder, find and double-click on the kavupd.exe file. Double-clicking on the kavupd.exe file opens the Windows command prompt (DOS screen) and updates the program with all the latest signature files.
3.) After the update is complete, the bottom of the command prompt will read "Press any key to continue", press any key to close the screen. Close eScan for now. You need to also close all Windows Explorer windows (or "My Computer" windows) to allow a refresh.
4.) *Important* : in order to complete the update process, you must now do the following: - Using Windows Explorer (or "My Computer"), go to C:\Downloads and "Copy" all files present in that folder - "Paste" the files in C:\Kaspersky - Allow the overwriting of existing files, when prompted - Close Windows Explorer Please do not run a scan with the eScan Antivirus Toolkit utility yet.

Step 3: Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Step 4: From Safe Mode, run the eScan Antivirus Toolkit. Please follow these instructions:1.) To run the eScan Antivirus Toolkit program, look for a file called mwavscan.com inside the C:\Kaspersky folder.
2.) Double-click on the mwavscan.com file; this will open the eScan program.
3.) With the eScan interface on your Desktop, make sure that these boxes under Scan Option are checked : Memory, Registry, Startup Folders, System Folders, Services.
4.) Check the Drive box, this will enable the All Local Drives radio button below it. Make sure it is activated.
5.) Below these boxes, make sure the box Scan All Files is checked, not Program Files.
6.) Click the Scan Clean button and let the utility run until it completes a thorough scan of your hard drive. When the scan has finished it will read Scan Completed. Do not Exit the tool just yet.
7.) Open a new NotePad file (click on "Start" >> "All Programs" >>"Accessories" >> "NotePad"), then Copy/Paste the content of the Virus Log Information window into that file, and save it. eScan also creates a full log inside the C:\Kaspersky folder (named mwav.log), but it is huge and cannot be posted on a forum. Please post the content of the log you have saved (into NotePad) in your next reply, once all steps are completed. Reboot your computer into normal Windows.

  • 0

#89
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
File C:\Documents and Settings\Ruberc\Local Settings\Temp\wjlg44s8.dll infected by "Worm.Win32.AutoRun.ddj" Virus. Action Taken: File Deleted.
File C:\es.exe infected by "Worm.Win32.AutoRun.ddj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000326.dll infected by "Worm.Win32.AutoRun.ddj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000327.dll infected by "Worm.Win32.AutoRun.ddj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000333.exe infected by "Worm.Win32.AutoRun.ddj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000341.dll infected by "Packed.Win32.PolyCrypt.h" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000342.inf infected by "Trojan-Dropper.Win32.Agent.fuk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000343.inf infected by "Trojan-Dropper.Win32.Agent.fuk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000344.exe infected by "Trojan-PSW.Win32.OnLineGames.szu" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000350.dll infected by "Worm.Win32.AutoRun.ddj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000351.dll infected by "Worm.Win32.AutoRun.ddj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000352.exe infected by "Worm.Win32.AutoRun.ddj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000363.exe infected by "Worm.Win32.AutoRun.ddj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000368.dll infected by "Worm.Win32.AutoRun.ddj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4\A0000698.exe infected by "Worm.Win32.AutoRun.ddj" Virus. Action Taken: File Deleted.
File C:\vuts0e.cmd infected by "Packed.Win32.PolyCrypt.h" Virus. Action Taken: File Renamed.
File D:\es.exe infected by "Worm.Win32.AutoRun.ddj" Virus. Action Taken: File Deleted.
File D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000296.exe infected by "Trojan-PSW.Win32.OnLineGames.szu" Virus. Action Taken: File Deleted.
File D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000335.exe infected by "Worm.Win32.AutoRun.ddj" Virus. Action Taken: File Deleted.
File D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0000354.exe infected by "Worm.Win32.AutoRun.ddj" Virus. Action Taken: File Deleted.
File D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4\A0000702.exe infected by "Worm.Win32.AutoRun.ddj" Virus. Action Taken: File Deleted.
File D:\vuts0e.cmd infected by "Packed.Win32.PolyCrypt.h" Virus. Action Taken: File Renamed.
  • 0

#90
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok let's try this again :)

Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP