I recently ran an AVG 8.5 Scan and discovered that my dad has 3 different types of Trojans on his computer. I moved them to the virus vault but highly doubt that this did anything.
AVG shows there are th e following types of trojans:
Trojan horse Generic13.BLHF
Trojan horse Generic5.IUI
Trojan horse Generic10.WMK
--------------------------------------------------------
Here is the AVG scan result after I tried to heal the trojans with AVG.
"Scan ""Scan whole computer"" was finished."
"Warnings";"56"
"Information";"2"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"Friday, August 21, 2009, 4:21:48 AM"
"Scan finished:";"Friday, August 21, 2009, 4:48:10 AM (26 minute(s) 22 second(s))"
"Total object scanned:";"215214"
"User who launched the scan:";"shamal"
"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\247realmedia.com.855b46d";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\ad.yieldmanager.com.539b0606";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\ad.yieldmanager.com.557bf2b0";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\ad.yieldmanager.com.830b6f08";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\ad.yieldmanager.com.87a9ab5d";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\ad.yieldmanager.com.b4be891c";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\ad.yieldmanager.com.b68f2b7b";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\ad.yieldmanager.com.e626e6be";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\ad.yieldmanager.com.ff92306";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\advertising.com.1820df7a";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\advertising.com.203aa218";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\advertising.com.b624fa46";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\advertising.com.f62113d5";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\advertising.com.525a5fb9";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\atdmt.com.7247c262";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\atdmt.com.b3e33b5f";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\bluestreak.com.bf396750";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\bs.serving-sys.com.5bf1f00f";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\burstnet.com.a3218a37";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\burstnet.com.c4fe2ebb";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\casalemedia.com.1773afc";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\casalemedia.com.80ad4799";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\casalemedia.com.650648e8";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\casalemedia.com.8c65eddd";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\casalemedia.com.987e6b46";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\casalemedia.com.fb62dd4b";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\clickbank.net.82079eb1";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\doubleclick.net.bf396750";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\fastclick.net.57e8da10";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\fastclick.net.6fd479aa";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\fastclick.net.8a6435e9";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\fastclick.net.94ca190b";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\mediaplex.com.f652b123";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\m.webtrends.com.b4ca7df0";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\mediaplex.com.dc30fb3c";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\overture.com.52ca467a";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\overture.com.d727de6f";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\questionmarket.com.3eb5a9f1";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\questionmarket.com.4dd5e426";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\revsci.net.2df99d79";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\revsci.net.44927ec";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\revsci.net.55564293";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\revsci.net.e9dbeb91";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\serving-sys.com.255d6f2f";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\serving-sys.com.400f83f";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\serving-sys.com.4b416ef8";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\serving-sys.com.606c3d3b";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\serving-sys.com.6a1cf9e8";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\serving-sys.com.c9034af6";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\statse.webtrendslive.com.b4ca7df0";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\tribalfusion.com.dcc03271";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\zedo.com.27f1639b";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\zedo.com.a5b6a132";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\zedo.com.c1dd09f2";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\zedo.com.f462b69f";"Found ";"Potentially dangerous object"
"Information"
"File";"Infection";"Result"
"C:\Program Files\WinRAR\SysTools\Plugins\Alcohol 1.x.dll";"Runtime packed upack";""
"C:\Program Files\WinRAR\SysTools\Plugins\Empty Key.dll";"Runtime packed upack";""
After running this AVG gave me a pop-up saying that it found Trojan Horse10.WMK on open.
-------------------------------------
Here is the Hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:12:55 AM, on 8/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CAP3RSK.EXE
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Brownie\brpjp04a.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00
,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00
,
64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)
--
End of file - 6892 bytes
Edit :
Here is Malwarebytes scan
--------------------
Malwarebytes' Anti-Malware 1.40
Database version: 2667
Windows 5.1.2600 Service Pack 3
8/21/2009 6:02:30 AM
mbam-log-2009-08-21 (06-02-27).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 135722
Time elapsed: 27 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{18aaa5c0-4fcb-11cf-aax5-81cx1c605612} (Generic.Bot.H) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> No action taken.
Files Infected:
C:\Program Files\WinRAR\SysTools\Plugins\Alcohol 1.x.dll (Malware.Packer) -> No action taken.
C:\Program Files\WinRAR\SysTools\Plugins\Empty Key.dll (Malware.Packer) -> No action taken.
C:\System Volume Information\_restore{CFC9ADC4-7A19-4576-92F1-81067BAD8C76}\RP48\A0020565.exe (Malware.Packer) -> No action taken.
C:\System Volume Information\_restore{CFC9ADC4-7A19-4576-92F1-81067BAD8C76}\RP55\A0023268.dll (Malware.Packer) -> No action taken.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> No action taken.
I would appreciate any help.
Thanks
Edited by prophecyrj, 20 August 2009 - 05:29 PM.