Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

shinwow.bh buried in java cache files [RESOLVED]


  • This topic is locked This topic is locked

#16
micha

micha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
File/Folder not found.
File/Folder not found.
File/Folder CODE not found.
File/Folder c:\Documents and Settings\default user\application data\Sun\Java\deployment\cache\6.0\56\3c28cc78-369889c4 not found.
File/Folder c:\Documents and Settings\Default User\application data\Sun\Java\Deployment\cache\javapi \v1.0\jar\eRT.jar-27406485-620c90b7.zip not found.
File/Folder c:\documentsand settings\owner\application data\sun\java\deployment\cache\6.0\56\3c28cc78-36989c4 not found.
File/Folder c:\documents and settings\owner\application data\sun\java\deployment\cache\javapi\v1.0\jar\eRT.jar27406485-620c90b7.zip not found.
c:\windows\system32\config\systemprofile\application data\sun\java\deployment\cache\6.0\56\3c28cc78-369899c4 moved successfully.
File/Folder c:\windows\system32\config\systemprofile\application data\sun\java\deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c907b7.zip not found.
File/Folder not found.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04172008_213911
  • 0

Advertisements


#17
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Does CA still detect those entries?

Try the following:

Download ATF Cleaner at http://www.atribune..../click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoft.../activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply.

  • 0

#18
micha

micha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
ran a scan to see what CA was showing after using the OTMoveIt2.exe...
(thanx to your explanation of how to send a scan...well I at least learned to send u a scan...rofl)
HOPE THIS HELPS?
:)



Started scanning at 4/17/2008 11:34:25 PM. Engine Ver: 31.1.0. Sig Ver:5708. Sig Date: 4/18/2008. ArcLib Ver: 7.3.0.9.
C:\hiberfil.sys - Could not open the file.
C:\pagefile.sys - Could not open the file.
C:\57a16f205bb0730095b1551589ae83f7\%temp%dd_msxml_retMSI.txt - Could not open the file.
C:\Documents and Settings\All Users\Application Data\CA\Consumer\AV\ond30.tmp - Could not open the file.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Could not open the file.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Could not open the file.
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\Documents and Settings\LocalService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\LocalService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat - Could not open the file.
C:\Documents and Settings\NetworkService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\Owner\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\Documents and Settings\Owner\Cookies\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\bl.db - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\is2.db - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008041720080418\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_3c8.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF2792.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF33CF.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF47A7.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF6D80.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DFF04C.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\legitcheckcontrol.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\spmsg.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\spuninst.exe - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\wgalogon.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\wgatray.exe - Could not open the file.
C:\Program Files\Yahoo!\Messenger\logs\billing_Owner.log - Could not open the file.
C:\Program Files\Yahoo!\Messenger\logs\client_Owner.log - Could not open the file.
C:\Program Files\Yahoo!\Messenger\logs\network_Owner.log - Could not open the file.
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP5\change.log - Could not open the file.
C:\WINDOWS\SchedLgU.Txt - Could not open the file.
C:\WINDOWS\Sti_Trace.log - Could not open the file.
C:\WINDOWS\wiadebug.log - Could not open the file.
C:\WINDOWS\wiaservc.log - Could not open the file.
C:\WINDOWS\WindowsUpdate.log - Could not open the file.
C:\WINDOWS\Debug\PASSWD.LOG - Could not open the file.
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log - Could not open the file.
C:\WINDOWS\SYSTEM32\h323log.txt - Could not open the file.
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log - Could not open the file.
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb - Could not open the file.
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\default - Could not open the file.
C:\WINDOWS\SYSTEM32\config\default.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\Internet.evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SAM - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SAM.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SECURITY - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\software - Could not open the file.
C:\WINDOWS\SYSTEM32\config\software.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\system - Could not open the file.
C:\WINDOWS\SYSTEM32\config\system.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP - Could not open the file.
C:\_OTMoveIt\MovedFiles\04172008_213911\windows\system32\config\systemprofile\application data\sun\java\deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.

Files Scanned: 360759
Files Infected: 5
Files Cleaned \ Deleted: 0
Files Quarantined: 0
Memory Infections: 0
Memory Infections Cleaned: 0
Boot Infections: 0
Boot Infections Cleaned: 0

Top infections found during scan (Limited to 10).
Java/Shinwow.BH

Files not Cleaned\Deleted\Quarantined (Limit 100): 5

C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\_OTMoveIt\MovedFiles\04172008_213911\windows\system32\config\systemprofile\application data\sun\java\deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
Finished scanning at 4/18/2008 1:12:45 AM.
  • 0

#19
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Do the below again:
Go to http://www.java.com/.../5000020300.xml and see how to clear your Java cache or follow the instructions below:

Go into the Control Panel and double-click the Java icon (looks like a coffee cup).

- Under Temporary Internet Files, click the Delete Files button.
- There are three options in the window to clear the cache - Leave ALL 3 Checked
- Downloaded Applets
- Downloaded Applications
- Other Files
- Click OK on Delete Temporary Files window (Note: This deletes ALL the Downloaded Java Applications and Applets from the CACHE.)
- Click OK to leave the Java Control Panel.

Then uninstall all Java related programs in your Add/Remove Programs panel and restart your computer. Go back to those 5 locations and see if you can see their Java folders (no need to go in that deep, just stop after the ....Sun\Java if found). If found, delete all the folders found (I think 4 different ones since two of them share a folder there).

If something was found, restart your computer first and then install Java back. Otherwise if nothing is found, try installing Java back. Run CA and check for any updates. Then run a scan again to see if it still finds those 5 entries.
  • 0

#20
micha

micha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
question?
where do I go to get JAVA for reinstallation???
Is there a www. or something???
:)
  • 0

#21
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
See if you can download it here.
  • 0

#22
micha

micha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Well, if you remember that we went from 6 to 5 viruses, and lost another one to OTMoveIt2.exe, we now have 4...right?
were at least making headway, slow headway, but it's something...rofl
Thank you for your guidance and patience, it is greatly appreciated!!!
:) :)


Started scanning at 4/17/2008 11:34:25 PM. Engine Ver: 31.1.0. Sig Ver:5708. Sig Date: 4/18/2008. ArcLib Ver: 7.3.0.9.
C:\hiberfil.sys - Could not open the file.
C:\pagefile.sys - Could not open the file.
C:\57a16f205bb0730095b1551589ae83f7\%temp%dd_msxml_retMSI.txt - Could not open the file.
C:\Documents and Settings\All Users\Application Data\CA\Consumer\AV\ond30.tmp - Could not open the file.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Could not open the file.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Could not open the file.
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\Documents and Settings\LocalService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\LocalService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat - Could not open the file.
C:\Documents and Settings\NetworkService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\Owner\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\Documents and Settings\Owner\Cookies\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\bl.db - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\is2.db - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008041720080418\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_3c8.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF2792.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF33CF.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF47A7.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF6D80.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DFF04C.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\legitcheckcontrol.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\spmsg.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\spuninst.exe - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\wgalogon.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\wgatray.exe - Could not open the file.
C:\Program Files\Yahoo!\Messenger\logs\billing_Owner.log - Could not open the file.
C:\Program Files\Yahoo!\Messenger\logs\client_Owner.log - Could not open the file.
C:\Program Files\Yahoo!\Messenger\logs\network_Owner.log - Could not open the file.
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP5\change.log - Could not open the file.
C:\WINDOWS\SchedLgU.Txt - Could not open the file.
C:\WINDOWS\Sti_Trace.log - Could not open the file.
C:\WINDOWS\wiadebug.log - Could not open the file.
C:\WINDOWS\wiaservc.log - Could not open the file.
C:\WINDOWS\WindowsUpdate.log - Could not open the file.
C:\WINDOWS\Debug\PASSWD.LOG - Could not open the file.
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log - Could not open the file.
C:\WINDOWS\SYSTEM32\h323log.txt - Could not open the file.
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log - Could not open the file.
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb - Could not open the file.
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\default - Could not open the file.
C:\WINDOWS\SYSTEM32\config\default.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\Internet.evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SAM - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SAM.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SECURITY - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\software - Could not open the file.
C:\WINDOWS\SYSTEM32\config\software.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\system - Could not open the file.
C:\WINDOWS\SYSTEM32\config\system.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP - Could not open the file.
C:\_OTMoveIt\MovedFiles\04172008_213911\windows\system32\config\systemprofile\application data\sun\java\deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.

Files Scanned: 360759
Files Infected: 5
Files Cleaned \ Deleted: 0
Files Quarantined: 0
Memory Infections: 0
Memory Infections Cleaned: 0
Boot Infections: 0
Boot Infections Cleaned: 0

Top infections found during scan (Limited to 10).
Java/Shinwow.BH

Files not Cleaned\Deleted\Quarantined (Limit 100): 5

C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\_OTMoveIt\MovedFiles\04172008_213911\windows\system32\config\systemprofile\application data\sun\java\deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
Finished scanning at 4/18/2008 1:12:45 AM.

Started scanning at 4/18/2008 7:16:41 AM. Engine Ver: 31.1.0. Sig Ver:5709. Sig Date: 4/18/2008. ArcLib Ver: 7.3.0.9.

Files Scanned: 3205
Files Infected: 0
Files Cleaned \ Deleted: 0
Files Quarantined: 0
Memory Infections: 0
Memory Infections Cleaned: 0
Boot Infections: 0
Boot Infections Cleaned: 0


Files not Cleaned\Deleted\Quarantined (Limit 100): 0

Finished scanning at 4/18/2008 7:19:18 AM.

Started scanning at 4/18/2008 7:20:03 AM. Engine Ver: 31.1.0. Sig Ver:5709. Sig Date: 4/18/2008. ArcLib Ver: 7.3.0.9.
C:\hiberfil.sys - Could not open the file.
C:\pagefile.sys - Could not open the file.
C:\57a16f205bb0730095b1551589ae83f7\%temp%dd_msxml_retMSI.txt - Could not open the file.
C:\Documents and Settings\All Users\Application Data\CA\Consumer\AV\ond2F.tmp - Could not open the file.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Could not open the file.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Could not open the file.
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\Documents and Settings\LocalService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\LocalService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat - Could not open the file.
C:\Documents and Settings\NetworkService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\Owner\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\Documents and Settings\Owner\Cookies\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\bl.db - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\is2.db - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008041820080419\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_2ec.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF3305.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF3B8E.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DFC7A5.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DFE68A.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DFF4FB.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\legitcheckcontrol.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\spmsg.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\spuninst.exe - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\wgalogon.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\wgatray.exe - Could not open the file.

Files Scanned: 57586
Files Infected: 3
Files Cleaned \ Deleted: 0
Files Quarantined: 0
Memory Infections: 0
Memory Infections Cleaned: 0
Boot Infections: 0
Boot Infections Cleaned: 0

Top infections found during scan (Limited to 10).
Java/Shinwow.BH

Files not Cleaned\Deleted\Quarantined (Limit 100): 3

C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
Scanning aborted at 4/18/2008 7:39:12 AM.

Started scanning at 4/18/2008 10:18:50 PM. Engine Ver: 31.1.0. Sig Ver:5714. Sig Date: 4/19/2008. ArcLib Ver: 7.3.0.9.
C:\hiberfil.sys - Could not open the file.
C:\pagefile.sys - Could not open the file.
C:\57a16f205bb0730095b1551589ae83f7\%temp%dd_msxml_retMSI.txt - Could not open the file.
C:\Documents and Settings\All Users\Application Data\CA\Consumer\AV\ond61.tmp - Could not open the file.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Could not open the file.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Could not open the file.
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\Documents and Settings\LocalService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\LocalService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat - Could not open the file.
C:\Documents and Settings\NetworkService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\Owner\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\Documents and Settings\Owner\Cookies\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\bl.db - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\is2.db - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008041820080419\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_33c.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF43F7.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF6176.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF6368.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF9515.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\legitcheckcontrol.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\spmsg.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\spuninst.exe - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\wgalogon.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\wgatray.exe - Could not open the file.
C:\Program Files\Yahoo!\Messenger\logs\billing_Owner.log - Could not open the file.
C:\Program Files\Yahoo!\Messenger\logs\client_Owner.log - Could not open the file.
C:\Program Files\Yahoo!\Messenger\logs\network_Owner.log - Could not open the file.
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP8\change.log - Could not open the file.
C:\WINDOWS\SchedLgU.Txt - Could not open the file.
C:\WINDOWS\Sti_Trace.log - Could not open the file.
C:\WINDOWS\wiadebug.log - Could not open the file.
C:\WINDOWS\wiaservc.log - Could not open the file.
C:\WINDOWS\WindowsUpdate.log - Could not open the file.
C:\WINDOWS\Debug\PASSWD.LOG - Could not open the file.
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log - Could not open the file.
C:\WINDOWS\SYSTEM32\h323log.txt - Could not open the file.
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log - Could not open the file.
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb - Could not open the file.
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\default - Could not open the file.
C:\WINDOWS\SYSTEM32\config\default.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\Internet.evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SAM - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SAM.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SECURITY - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\software - Could not open the file.
C:\WINDOWS\SYSTEM32\config\software.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\system - Could not open the file.
C:\WINDOWS\SYSTEM32\config\system.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP - Could not open the file.
C:\_OTMoveIt\MovedFiles\04172008_213911\windows\system32\config\systemprofile\application data\sun\java\deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.

Files Scanned: 363367
Files Infected: 5
Files Cleaned \ Deleted: 0
Files Quarantined: 0
Memory Infections: 0
Memory Infections Cleaned: 0
Boot Infections: 0
Boot Infections Cleaned: 0

Top infections found during scan (Limited to 10).
Java/Shinwow.BH

Files not Cleaned\Deleted\Quarantined (Limit 100): 5

C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\_OTMoveIt\MovedFiles\04172008_213911\windows\system32\config\systemprofile\application data\sun\java\deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
Finished scanning at 4/19/2008 12:13:41 AM.
  • 0

#23
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
These have to exist since it's found by the scanner....let's try this again:

Download OTMoveIt2 at http://download.blee...r/OTMoveIt2.exe
* Save it to your desktop.
* Double-click OTMoveIt2.exe to run it. (Vista users, right click on OTMoveIt2.exe and select Run as an Administrator).
* Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-369899c4
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip

* Return to OTMoveIt2. Right click in the Paste List of Files/Folders to Move window (under the Yellow bar) and choose Paste.
* Click the red Moveit! button.
* A log of files and folders moved will be created in the C:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
* Close OTMoveIt2.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • 0

#24
micha

micha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Holy Sh**...omg, I'm almost beyond geeked to run an exam...
I'll do a scan thru CA and see if anything appears as infected...brb...I'll send anew reply with CA scan results... :)



C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-369899c4 moved successfully.
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip moved successfully.
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip moved successfully.
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04192008_200620
  • 0

#25
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Finally got rid of the beast....don't know why it didn't work the first time around. Hopefully, CA will now find it squeaky clean :)
  • 0

Advertisements


#26
micha

micha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Everything is in OTMoveIt.exe...so now hjow do I delete these 'moveit virus trapped files'???

I am so ecstatic, that these virus are missing from CA scans...I feel like that crazy lil woman in Poltergeist...Make's you want to say "this house/computer is CLEAN"...roflmao

(P.s. Just in case I slipped in revealing my gender, you have been showing a female, I am Mary, Micha's wife how to do this from the beginning...I contacted you, and trusted all of you to help me...and If I can do this, anyone can do this!
You are a most awesome teacher, and this grasshopper knows full well, she doesn't know everything yet, but she is in no way intimidated by this computer anymore!!!)
:) :) :)


Started scanning at 4/19/2008 8:28:05 PM. Engine Ver: 31.1.0. Sig Ver:5714. Sig Date: 4/19/2008. ArcLib Ver: 7.3.0.9.
C:\hiberfil.sys - Could not open the file.
C:\pagefile.sys - Could not open the file.
C:\57a16f205bb0730095b1551589ae83f7\%temp%dd_msxml_retMSI.txt - Could not open the file.
C:\Documents and Settings\All Users\Application Data\CA\Consumer\AV\ond30.tmp - Could not open the file.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Could not open the file.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Could not open the file.
C:\Documents and Settings\LocalService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\LocalService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat - Could not open the file.
C:\Documents and Settings\NetworkService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\Owner\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\Cookies\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\bl.db - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\is2.db - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008041920080420\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_270.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF2DB6.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF2DCA.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF745D.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DFA4D.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DFFB43.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\legitcheckcontrol.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\spmsg.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\spuninst.exe - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\wgalogon.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\wgatray.exe - Could not open the file.
C:\Program Files\Yahoo!\Messenger\logs\billing_Owner.log - Could not open the file.
C:\Program Files\Yahoo!\Messenger\logs\client_Owner.log - Could not open the file.
C:\Program Files\Yahoo!\Messenger\logs\network_Owner.log - Could not open the file.
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP9\change.log - Could not open the file.
C:\WINDOWS\SchedLgU.Txt - Could not open the file.
C:\WINDOWS\Sti_Trace.log - Could not open the file.
C:\WINDOWS\wiadebug.log - Could not open the file.
C:\WINDOWS\wiaservc.log - Could not open the file.
C:\WINDOWS\WindowsUpdate.log - Could not open the file.
C:\WINDOWS\Debug\PASSWD.LOG - Could not open the file.
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log - Could not open the file.
C:\WINDOWS\SYSTEM32\h323log.txt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\default - Could not open the file.
C:\WINDOWS\SYSTEM32\config\default.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\Internet.evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SAM - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SAM.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SECURITY - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\software - Could not open the file.
C:\WINDOWS\SYSTEM32\config\software.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\system - Could not open the file.
C:\WINDOWS\SYSTEM32\config\system.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP - Could not open the file.
C:\_OTMoveIt\MovedFiles\04172008_213911\windows\system32\config\systemprofile\application data\sun\java\deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\_OTMoveIt\MovedFiles\04192008_200620\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\_OTMoveIt\MovedFiles\04192008_200620\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\_OTMoveIt\MovedFiles\04192008_200620\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.
C:\_OTMoveIt\MovedFiles\04192008_200620\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> - Java/Shinwow.BH trojan. Infected.

Files Scanned: 363611
Files Infected: 5
Files Cleaned \ Deleted: 0
Files Quarantined: 0
Memory Infections: 0
Memory Infections Cleaned: 0
Boot Infections: 0
Boot Infections Cleaned: 0

Top infections found during scan (Limited to 10).
Java/Shinwow.BH

Files not Cleaned\Deleted\Quarantined (Limit 100): 5

C:\_OTMoveIt\MovedFiles\04172008_213911\windows\system32\config\systemprofile\application data\sun\java\deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\_OTMoveIt\MovedFiles\04192008_200620\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\_OTMoveIt\MovedFiles\04192008_200620\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\_OTMoveIt\MovedFiles\04192008_200620\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\_OTMoveIt\MovedFiles\04192008_200620\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
Finished scanning at 4/19/2008 10:31:44 PM.
  • 0

#27
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Female or male, I'm sure there are some that are not that computer savvy and while others are more knowledgeable. I'm glad to help out Mary and even more happy now that your issue is resolved :)

Feel free to delete the C:\_OTMoveIt\ folder to get rid of them once and for all.

Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Just want to confirm one more time. Are there any problems now? If none, post back one more time and I will mark this topic as solved.
  • 0

#28
micha

micha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Okay, went into 'my computer'...
brought up C drive, and looked into it for the 'moveit file folder'...
found it and DELETED it...
checked for any other moveit file and none were found...
I will run another scan with CA for C drive and see if anything appears, like the move it file with trapped viruses...
That will tell me it's completely gone...I will repost when it's complete.
:)
  • 0

#29
micha

micha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
(ALL VIRUSES PLACED IN RECYCLING, AS EXPECTED) :)

Files not Cleaned\Deleted\Quarantined (Limit 100): 5

C:\RECYCLER\S-1-5-21-955046455-3238835185-2771580065-1003\Dc93\MovedFiles\04172008_213911\windows\system32\config\systemprofile\application data\sun\java\deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\RECYCLER\S-1-5-21-955046455-3238835185-2771580065-1003\Dc93\MovedFiles\04192008_200620\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-369899c4 <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\RECYCLER\S-1-5-21-955046455-3238835185-2771580065-1003\Dc93\MovedFiles\04192008_200620\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\RECYCLER\S-1-5-21-955046455-3238835185-2771580065-1003\Dc93\MovedFiles\04192008_200620\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
C:\RECYCLER\S-1-5-21-955046455-3238835185-2771580065-1003\Dc93\MovedFiles\04192008_200620\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c90b7.zip <HiPointInstallShieldRT.class> (Java/Shinwow.BH)
Finished scanning at 4/20/2008 1:29:27 AM.

********EVERYTHING IS IN RECYCLING BIN AS IT SHOULD BE!!!*********


___________________________________________________________

:) :) :) (NOW WE SCAN THE WHOLE COMPUTER, ALL FILES)


Started scanning at 4/20/2008 5:50:25 AM. Engine Ver: 31.1.0. Sig Ver:5714. Sig Date: 4/19/2008. ArcLib Ver: 7.3.0.9.
C:\hiberfil.sys - Could not open the file.
C:\pagefile.sys - Could not open the file.
C:\57a16f205bb0730095b1551589ae83f7\%temp%dd_msxml_retMSI.txt - Could not open the file.
C:\Documents and Settings\All Users\Application Data\CA\Consumer\AV\ond7C.tmp - Could not open the file.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Could not open the file.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Could not open the file.
C:\Documents and Settings\LocalService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\LocalService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat - Could not open the file.
C:\Documents and Settings\NetworkService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\Owner\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eqm80q8j.default\cert8.db - Could not open the file.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eqm80q8j.default\formhistory.dat - Could not open the file.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eqm80q8j.default\history.dat - Could not open the file.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eqm80q8j.default\key3.db - Could not open the file.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eqm80q8j.default\parent.lock - Could not open the file.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eqm80q8j.default\search.sqlite - Could not open the file.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eqm80q8j.default\urlclassifier2.sqlite - Could not open the file.
C:\Documents and Settings\Owner\Cookies\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\bl.db - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\is2.db - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\eqm80q8j.default\Cache\_CACHE_001_ - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\eqm80q8j.default\Cache\_CACHE_002_ - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\eqm80q8j.default\Cache\_CACHE_003_ - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\eqm80q8j.default\Cache\_CACHE_MAP_ - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008041920080420\index.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_270.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF2DB6.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF2DCA.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF7ECA.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF876E.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DFA4D.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temp\~DFEE05.tmp - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat - Could not open the file.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\legitcheckcontrol.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\spmsg.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\spuninst.exe - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\wgalogon.dll - Could not open the file.
C:\e68665dedc2511ab6d714168d76d68\wgatray.exe - Could not open the file.
C:\Program Files\Yahoo!\Messenger\logs\billing_Owner.log - Could not open the file.
C:\Program Files\Yahoo!\Messenger\logs\client_Owner.log - Could not open the file.
C:\Program Files\Yahoo!\Messenger\logs\network_Owner.log - Could not open the file.
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP10\change.log - Could not open the file.
C:\WINDOWS\SchedLgU.Txt - Could not open the file.
C:\WINDOWS\Sti_Trace.log - Could not open the file.
C:\WINDOWS\wiadebug.log - Could not open the file.
C:\WINDOWS\wiaservc.log - Could not open the file.
C:\WINDOWS\WindowsUpdate.log - Could not open the file.
C:\WINDOWS\Debug\PASSWD.LOG - Could not open the file.
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log - Could not open the file.
C:\WINDOWS\SYSTEM32\h323log.txt - Could not open the file.
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log - Could not open the file.
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb - Could not open the file.
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\default - Could not open the file.
C:\WINDOWS\SYSTEM32\config\default.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\Internet.evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SAM - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SAM.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SECURITY - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\software - Could not open the file.
C:\WINDOWS\SYSTEM32\config\software.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt - Could not open the file.
C:\WINDOWS\SYSTEM32\config\system - Could not open the file.
C:\WINDOWS\SYSTEM32\config\system.LOG - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA - Could not open the file.
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP - Could not open the file.

Files Scanned: 364968
Files Infected: 0
Files Cleaned \ Deleted: 0
Files Quarantined: 0
Memory Infections: 0
Memory Infections Cleaned: 0
Boot Infections: 0
Boot Infections Cleaned: 0


Files not Cleaned\Deleted\Quarantined (Limit 100): 0 :)

Finished scanning at 4/20/2008 8:05:04 AM.

(HAPPY DANCE ENSUES..... :) THANK GOD NO ONES LOOKING!!!)
I WORSHIP THE GROUND YOU WALK ON...THIS COMPUTER IS CLEAN!!!!!!)
  • 0

#30
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Now is a good time to empty the recycle bin also :)

Mary, it's been a pleasure helping you clear this issue. Glad it's resolved now.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP