Panda ActiveScan
;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-05-22 17:09:03
PROTECTIONS: 0
MALWARE: 9
SUSPECTS: 1
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00034347 dialer.su Dialers No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\switch
00293079 Spyware/7r7t Spyware No 1 No No D:\Others\Books\Magic Tricks Collection VOL2.rar[Magic Tricks Collection VOL1 - AutoUNZIP.exe]
01048397 Generic Malware Virus/Trojan No 0 Yes No F:\Educational\Style XP v3.19 - Female + Male (full)+1000 Themes +1000 Boot Screens +1000 Walls\prog\- crk\StyleXP_Keygen.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No E:\Sources\L2MFIX.EXE[l2mfix/Reboot.exe]
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No E:\Sources\Spyware\L2MFIX\Reboot.exe
02871031 W32/Mabezat.B.worm Virus/Worm No 0 Yes No F:\VIDEO_TS\WinrRarSerialInstall.exe
02871031 W32/Mabezat.B.worm Virus/Worm No 0 Yes No E:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP4\A0000312.EXE
02871031 W32/Mabezat.B.worm Virus/Worm No 0 Yes No F:\Books\WinrRarSerialInstall.exe
02871031 W32/Mabezat.B.worm Virus/Worm No 0 Yes No F:\Educational\Hussam\Engineers Library F-Z\FEA & CFD\The Finite Element Method Using Matlab 2nd Ed\WinrRarSerialInstall.exe
02889246 W32/Mabezat.C.worm Virus/Worm No 0 Yes No C:\Documents and Settings\tazebama.dll
02889246 W32/Mabezat.C.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP4\A0000222.dll
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\Local Settings\Temp\SAINST\VideoAcceleratorEngine.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\Local Settings\Temp\SAINST\VideoAcceleratorService.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\My Documents\Downloads\Compressed\anycapturescreen\anycapturescreen.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\My Documents\Downloads\Programs\93.71_forceware_winxp2k_english_whql.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\My Documents\Downloads\Programs\ATF_Cleaner.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\My Documents\Downloads\Programs\BWLBBYPSetup.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\My Documents\Downloads\Programs\CheatEngine54.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\My Documents\Downloads\Programs\Combined-Community-Codec-Pack-2008-01-24.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\My Documents\Downloads\Programs\dotnetfx.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\My Documents\Downloads\Programs\download-ipodmgr.exe.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\My Documents\Downloads\Programs\download-speeder.zip.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\My Documents\Downloads\Programs\Download_mbam-setup.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\My Documents\Downloads\Programs\install_flash_player.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\My Documents\Downloads\Programs\install_flash_player_2.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\My Documents\Downloads\Programs\install_flash_player_3.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\My Documents\Downloads\Programs\LimeWireWin.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\My Documents\Downloads\Programs\MaestroLiveSetup1.61.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\My Documents\Downloads\Programs\mailer_setup.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\My Documents\Downloads\Programs\MatroskaDiag.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\My Documents\Downloads\Programs\MsgPlusLive-450.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\My Documents\Downloads\Programs\msgr8us.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\My Documents\Downloads\Programs\pci_us_smartrecovery.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\My Documents\Downloads\Programs\qpassgen.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\My Documents\Downloads\Programs\Rct.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\My Documents\Downloads\Programs\RealPlayer11GOLD_2.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\My Documents\Downloads\Programs\setup_magicdisc.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\My Documents\Downloads\Programs\SUPERAntiSpyware.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\My Documents\Downloads\Programs\SUPERsetup.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\Local Settings\Temp\SAINST\VideoAccelerator.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\My Documents\Downloads\Programs\videoraipodconverter_Installer.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\EES_AV\ees.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\GMouse20\Gmouse.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Program Files\Common Files\Real\Update_OB\rnxproc.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Program Files\HP\hpqSSupply.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Program Files\HP\Digital Imaging\{58535A90-1788-44f5-80BB-CFF62D9CE6D5}\setup\hpzscr01.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Program Files\iTunes\iTunes.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Program Files\Java\jre1.6.0_03\bin\javaws.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Program Files\Messenger\msmsgs.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Program Files\Microsoft Office\Office12\INFOPATH.EXE
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Program Files\Microsoft Office\Office12\MSPUB.EXE
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Program Files\Microsoft Office\Office12\OIS.EXE
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Program Files\NCH Swift Sound\Switch\switch.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Program Files\QuickTime\PictureViewer.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Program Files\QuickTime\QuickTimePlayer.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Program Files\Real\RealPlayer\realplay.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Program Files\SpeederXP\Register.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Program Files\SpeederXP\unins000.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Program Files\VideoLAN\VLC\vlc.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Program Files\WinRAR\WinRAR.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP3\A0000197.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\My Documents\Downloads\Programs\TryWoW.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\WINDOWS\system32\notepad.exe.tmp
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\Local Settings\Temp\DRDld\mbam-setup.exe
02889720 W32/Mabezat.C Virus No 0 Yes No F:\Educational\Hussam\Mechanical Engineering\SteamTab\SteamTab.exe
02889720 W32/Mabezat.C Virus No 0 Yes No F:\Educational\Hussam\Mechanical Engineering\LaunchU3.exe
02889720 W32/Mabezat.C Virus No 0 Yes No F:\Educational\Hussam\Mechanical Engineering\AdbeRdr70_enu_full.exe
02889720 W32/Mabezat.C Virus No 0 Yes No F:\Educational\Hussam\Lynda.com - Word 2007 Essential Training\WindowMode.exe
02889720 W32/Mabezat.C Virus No 0 Yes No F:\Educational\Hussam\Lynda.com - Word 2007 Essential Training\FullScreenMode.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\Local Settings\Temp\ose00000.exe
02889720 W32/Mabezat.C Virus No 0 Yes No F:\Educational\Hussam\Lynda.com - Excel 2007 Essential Training\WindowMode.exe
02889720 W32/Mabezat.C Virus No 0 Yes No F:\Educational\Hussam\Lynda.com - Excel 2007 Essential Training\FullScreenMode.exe
02889720 W32/Mabezat.C Virus No 0 Yes No F:\Educational\Hussam\Handbook Of Chemistry & Physics\software\psi.exe
02889720 W32/Mabezat.C Virus No 0 Yes No F:\Educational\Hussam\Handbook Of Chemistry & Physics\software\crchpc.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.3.1\iTunesSetupAdmin.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP4\A0000221.EXE
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\Local Settings\Temp\n1setup.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Kaspersky.Anti-Virus.v7.0.0.125.WinAll-DEC0DE\DEKAV70B\DECKAV70\KAVSETUP.EXE
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\DRTCP021.EXE
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\Desktop\setup_ees.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\MsgPlusLive-423.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\flashplayer6axinstaller.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\jre-6u3-windows-i586-p.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\WinZip 8.1.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\daemon4111-lite-x86.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\Local Settings\Application Data\Adobe\Updater5\Install\acrobat8pro-EFG\Setup.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Windows Live Installer.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\MP10Setup.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\169.21_forceware_winxp_32bit_english_whql.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\ATF-Cleaner.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\VLC media player.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\avgas-setup-7[1].5.0.50.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\L2MFIX.EXE
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\Desktop\WHTBBBot13\WHTBBBot.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\winamp532_full_emusic-7plus.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Azureus_2.4.0.0_Win32.setup.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Azureus_2.4.0.2_Win32.setup.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\nouf-R.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\SDSETUP.EXE
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\wmp11-windowsxp-x86-enu.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\cixX3.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\avgas-setup-7.5.1.43.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\avg75free_476a1048.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Azureus_2.5.0.4a_Win32.setup.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\karafun_116a.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\AVSVideotoArchos.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\SkypeSetup.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\WinRAR.v3.70.Incl.Keymaker.And.Patch-CORE\CR-WR370\WRAR370.EXE
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Itunes\iTunesSetup.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\wmp11-windowsxp-x86-enu\WMP11.EXE
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\YouTube FLV to AVI Converter PRO 2.0.5\SETUP.EXE
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\YouTube FLV to AVI Converter PRO 2.0.5\MKDEV TEAM CRACK\MKDEV TEAM CRACK\YouTubeFLVtoAVIconverterPro.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Internet.Download.Manager.5.12.With.All.Patches.MiYAN\idman512f.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Internet.Download.Manager.5.12.With.All.Patches.MiYAN\IDM PATCH's AND KEYGEN's\IDM.5.12.Patch.ASTALAVISTA\IDMan.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Internet.Download.Manager.5.12.With.All.Patches.MiYAN\IDM PATCH's AND KEYGEN's\IDM.5.12.Keygen.By.TCK\Keygen.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Power DVD\Keygen.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Power DVD\Setup.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\wmp11-windowsxp-x86-enu\wmfdist11.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\WinAVI VideoConverter 6.3 PL\myWinAVI 6.3.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\WinAVI VideoConverter 6.3 PL\WinAVI VideoConverter 6.3 PL.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\DirectX9\DXSETUP.EXE
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\wmp11-windowsxp-x86-enu\UMDF.EXE
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\DirectX9\DirectX 9.0 C\DXSETUP.EXE
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\DirectX9\DirectX 9.0 C\directx_9c_redist.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\MSN Messenger\Install_MSN_Messenger.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Codecs\SLDcodecpack1.5.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Codecs\SLDCODECPACKV13.EXE
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Codecs\sld.codec.pack.2.2.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Codecs\sld.codec.pack.basic.2.1.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\LimeWire PRO Version 4.12.6\LimeWire4.12.6Win\LimeWire4.12.6Win.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Important files\vbrun60sp5.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\TempClean\TCini.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\TempClean\TempClean.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\FamilyGuy_XtremeDesktop_Setup\FamilyGuy_XtremeDesktop_Setup\FamilyGuy_XtremeDesktop_Setup.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Bittorrent clients\BITCOMET.EXE
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Bittorrent clients\BitComet_0.58[www.click-now.net].exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Bittorrent clients\BitTornado-0.3.8-w32install.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Bittorrent clients\Azureus_2.3.0.2_Win32.setup.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Bittorrent clients\bitcomet_setup.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Bittorrent clients\Azureus_2.5.0.0_Win32.setup.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Sharing clients\pioletsetup105.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Sharing clients\KMD.EXE
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Sharing clients\Lime Wire LimeWire Pro 4.9.23\LimeWire Pro 4.9.23\LimeWireWin.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Spyware\CleanUp40.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\ImTOO iPod Movie Converter 2.1\ipod-movie-converter.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Spyware\Anti-Spyware\IE-SPYAD.EXE
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Spyware\L2MFIX\Ntrights.exe
02889720 W32/Mabezat.C Virus No 0 Yes No C:\Documents and Settings\Hussamofe\Desktop\WHTBBBot12\WHTBBBot.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Spyware\L2MFIX\RegDACL.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Spyware\L2MFIX\STRINGS.EXE
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Spyware\L2MFIX\ZIP.EXE
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Spyware\CWShredder\CWShredder\cwshredder.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\BLACK.AND.WHITE.2.KEYGEN-DEViANCE\DEV-BW2K\KEYGEN.EXE
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Spy\avg71free_371a669.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Spy\ewido-setup.exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\Spy\Microsoft AntiSpyware 2006 Upgrade\MicrosoftAntiSpyware Newest Upgrade (2006).exe
02889720 W32/Mabezat.C Virus No 0 Yes No E:\Sources\WLinstaller.exe
02900740 W32/Mabezat.C.worm Virus/Worm No 0 Yes No E:\Sources\Spyware\Spyware .exe
02900740 W32/Mabezat.C.worm Virus/Worm No 0 Yes No E:\Sources\TempClean\TempClean .exe
02900740 W32/Mabezat.C.worm Virus/Worm No 0 Yes No E:\Sources\Codecs\Codecs .exe
02900740 W32/Mabezat.C.worm Virus/Worm No 0 Yes No E:\Sources\DirectX9\DirectX9 .exe
02900740 W32/Mabezat.C.worm Virus/Worm No 0 Yes No E:\Sources\Power DVD\Power DVD .exe
02900740 W32/Mabezat.C.worm Virus/Worm No 0 Yes No E:\Sources\Itunes\Itunes .exe
02900740 W32/Mabezat.C.worm Virus/Worm No 0 Yes No E:\Sources\Karaoke\Karaoke .exe
02900740 W32/Mabezat.C.worm Virus/Worm No 0 Yes No E:\Sources\Sources .exe
02900740 W32/Mabezat.C.worm Virus/Worm No 0 Yes No D:\$RECYCLE.BIN\$R09PV1Q\ShowDesktop.exe
02900740 W32/Mabezat.C.worm Virus/Worm No 0 Yes No E:\$RECYCLE.BIN\$RECYCLE.BIN .exe
02900740 W32/Mabezat.C.worm Virus/Worm No 0 Yes No E:\Nickelback\Nickelback .exe
02900740 W32/Mabezat.C.worm Virus/Worm No 0 Yes No D:\$RECYCLE.BIN\$R09PV1Q\Wav32000\HP_LaserJetAllInOneConfig.exe
02900740 W32/Mabezat.C.worm Virus/Worm No 0 Yes No E:\How it's Made\How it's Made .exe
02900740 W32/Mabezat.C.worm Virus/Worm No 0 Yes No D:\Songs\Songs .exe
02900740 W32/Mabezat.C.worm Virus/Worm No 0 Yes No D:\Others\Others .exe
02900740 W32/Mabezat.C.worm Virus/Worm No 0 Yes No D:\Videos\Videos .exe
02900740 W32/Mabezat.C.worm Virus/Worm No 0 Yes No D:\Recycled\Recycled .exe
02900740 W32/Mabezat.C.worm Virus/Worm No 0 Yes No E:\Sources\Spy\Spy .exe
02966298 W32/Mabezat.B.worm Virus/Worm No 0 Yes No F:\Educational\Educational .exe
02966298 W32/Mabezat.B.worm Virus/Worm No 0 Yes No E:\The.Oxford.Murders.2008.LiMiTED.DVDRiP.XViD-iKA\The.Oxford.Murders.2008.LiMiTED.DVDRiP.XViD-iKA .exe
02966298 W32/Mabezat.B.worm Virus/Worm No 0 Yes No D:\Recycled\Recycled .exe
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location \
;===============================================================================
================================================================================
=
===================
No C:\PROGRAM FILES\SPEEDERXP\SPEEDERXP.EXE \
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description \
;===============================================================================
================================================================================
=
===================
157262 HIGH MS07-022 \
150249 HIGH MS07-013 \
150243 HIGH MS07-008 \
126087 HIGH MS06-046 \
120823 MEDIUM MS06-030 \
93454 MEDIUM MS05-049 \
;===============================================================================
================================================================================
=
===================
Malwarebytes log :
Malwarebytes' Anti-Malware 1.12
Database version: 775
Scan type: Quick Scan
Objects scanned: 39851
Time elapsed: 12 minute(s), 17 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
C:\Documents and Settings\tazebama.dl_ (Worm.Mabezat) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\tazebama.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\Documents and Settings\tazebama.dl_ (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\Documents and Settings\hook.dl_ (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\zPharaoh.exe (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hussamofe\Application Data\tazebama\zPharaoh.dat (Worm.Mabezat) -> Quarantined and deleted successfully.
Hijack this LOG :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:22:25 AM, on 5/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\tazebama.dl_
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....ink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 9320 bytes
If anyody could help me , I'd be very thankful ... my computer is falling apart literally
UPDATE: My windows live messenger no longer works , realplayer no longer works , microsoft word no longer works , and PANDA antivirus doesnt open too ... I get a microsoft error and option to send report to microsoft or not ... I cant UNINSTALL panda antivirus , I get another error ...
Update2 : Unfortunately , Hijackthis doesnt open anymore I get the same error , Hijack This has encountered a Problem and needs to close , We are sorry for the inconvenience ... I think this is getting more and more serious
Edited by Hussam Magdy, 25 May 2008 - 05:02 AM.