AURORA SPYWARE [RESOLVED]
Started by
Mattoman_501
, Jun 17 2005 05:14 PM
#16
Posted 23 June 2005 - 01:55 AM
#17
Posted 23 June 2005 - 02:06 AM
No problem.
Let me know what it finds. Then we can have another go at your log.
Regards,
Let me know what it finds. Then we can have another go at your log.
Regards,
#18
Posted 23 June 2005 - 02:53 AM
Results:
We have detected 10 infected file(s) with 16 virus(es) on your computer. Only 0 out of 0 infected files are displayed: - 0 virus(es) passed, 16 virus(es) no action available
- 0 virus(es) cleaned, 0 virus(es) uncleanable
- 0 virus(es) deleted, 0 virus(es) undeletable
- 0 virus(es) not found, 0 virus(es) unaccessible
Detected File Associated Virus Name Action Taken
F:\Documents and Settings\Matt\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fa9f21f-51083672.zip
- GetAccess.class JAVA_BYTEVER.A No action available
- InsecureClassLoader.class JAVA_BYTEVER.A No action available
- Dummy.class JAVA_BYTEVER.A No action available
- Installer.class JAVA_BYTEVER.A No action available
F:\Documents and Settings\Matt\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-652b4e66-2d4cd636.zip
- Beyond.class JAVA_BYTEVER.A No action available
F:\Documents and Settings\Matt\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6699b1e6-283b97bd.zip
- Beyond.class JAVA_BYTEVER.A No action available
F:\Documents and Settings\Matt\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-6604b080-3cc7cae3.zip
- GetAccess.class JAVA_BYTEVER.A No action available
- InsecureClassLoader.class JAVA_BYTEVER.A No action available
- Dummy.class JAVA_BYTEVER.A No action available
- Installer.class JAVA_BYTEVER.A No action available
F:\Documents and Settings\Matt\Desktop\Matts Stuff\RollerCoaster Tycoon - Added Attractions + 01 Trainer\RollerCoaster Tycoon - Added Attractions + 01 Trainer.exe TROJ_MULDROP.420 No action available
F:\Documents and Settings\Matt\Local Settings\Temp\THI6900.tmp\twaintec.cab
- polall1m.exe TROJ_AGENT.EG No action available
F:\Documents and Settings\Matt\Local Settings\Temp\alchem.cab
- alchem.exe TROJ_ALCHEMIC.A No action available
F:\Documents and Settings\Matt\Local Settings\Temp\satmat.cab
- satmat.exe TROJ_STUBBY.D No action available
F:\Documents and Settings\Matt\Local Settings\Temp\twaintec.cab
- polall1m.exe TROJ_AGENT.EG No action available
F:\Documents and Settings\Matt\My Documents\My Received Files\^KooL^piK^.exe JOKE_GHOST.A No action available
\
\
\
What we checked:
Malicious activity by a Trojan horse program. Although a Trojan seems like a harmless program, it contains malicious code and once installed can cause damage to your computer.
Results:
We have detected 7 Trojan horse program(s) and worm(s) on your computer. Only 0 out of 0 Trojan horse programs and worms are displayed: - 0 worm(s)/Trojan(s) passed, 7 worm(s)/Trojan(s) no action available
- 0 Worm(s)/Trojan(s) deleted, 0 worm(s)/Trojan(s) undeletable
Trojan/Worm Name Trojan/Worm Type Action Taken
WORM_RBOT.AZ Worm No action available
WORM_SDBOT.QV Worm No action available
WORM_RBOT.LV Worm No action available
WORM_WOOTBOT.S Worm No action available
WORM_WOOTBOT.DF Worm No action available
WORM_WOOTBOT.DU Worm No action available
WORM_SDBOT-5 Worm No action available
Spyware Check
What we checked:
Whether personal information was tracked and reported by spyware. Spyware is often installed secretly with legitimate programs downloaded from the Internet.
Results:
We have detected 0 spyware(s) on your computer. Only 0 out of 0 spywares are displayed: - 0 spyware(s) passed, 0 spyware(s) no action available
- 0 spyware(s) removed, 0 spyware(s) unremovable
Spyware Name Spyware Type Action Taken
Microsoft Vulnerability Check
What we checked:
Microsoft known security vulnerabilities. These are issues Microsoft has identified and released Critical Updates to fix.
Results:
We have detected 0 vulnerability/vulnerabilities on your computer. Only 0 out of 0 vulnerabilities are displayed.
Risk Level Issue How to Fix
I think it didnt clean them
We have detected 10 infected file(s) with 16 virus(es) on your computer. Only 0 out of 0 infected files are displayed: - 0 virus(es) passed, 16 virus(es) no action available
- 0 virus(es) cleaned, 0 virus(es) uncleanable
- 0 virus(es) deleted, 0 virus(es) undeletable
- 0 virus(es) not found, 0 virus(es) unaccessible
Detected File Associated Virus Name Action Taken
F:\Documents and Settings\Matt\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fa9f21f-51083672.zip
- GetAccess.class JAVA_BYTEVER.A No action available
- InsecureClassLoader.class JAVA_BYTEVER.A No action available
- Dummy.class JAVA_BYTEVER.A No action available
- Installer.class JAVA_BYTEVER.A No action available
F:\Documents and Settings\Matt\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-652b4e66-2d4cd636.zip
- Beyond.class JAVA_BYTEVER.A No action available
F:\Documents and Settings\Matt\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6699b1e6-283b97bd.zip
- Beyond.class JAVA_BYTEVER.A No action available
F:\Documents and Settings\Matt\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-6604b080-3cc7cae3.zip
- GetAccess.class JAVA_BYTEVER.A No action available
- InsecureClassLoader.class JAVA_BYTEVER.A No action available
- Dummy.class JAVA_BYTEVER.A No action available
- Installer.class JAVA_BYTEVER.A No action available
F:\Documents and Settings\Matt\Desktop\Matts Stuff\RollerCoaster Tycoon - Added Attractions + 01 Trainer\RollerCoaster Tycoon - Added Attractions + 01 Trainer.exe TROJ_MULDROP.420 No action available
F:\Documents and Settings\Matt\Local Settings\Temp\THI6900.tmp\twaintec.cab
- polall1m.exe TROJ_AGENT.EG No action available
F:\Documents and Settings\Matt\Local Settings\Temp\alchem.cab
- alchem.exe TROJ_ALCHEMIC.A No action available
F:\Documents and Settings\Matt\Local Settings\Temp\satmat.cab
- satmat.exe TROJ_STUBBY.D No action available
F:\Documents and Settings\Matt\Local Settings\Temp\twaintec.cab
- polall1m.exe TROJ_AGENT.EG No action available
F:\Documents and Settings\Matt\My Documents\My Received Files\^KooL^piK^.exe JOKE_GHOST.A No action available
\
\
\
What we checked:
Malicious activity by a Trojan horse program. Although a Trojan seems like a harmless program, it contains malicious code and once installed can cause damage to your computer.
Results:
We have detected 7 Trojan horse program(s) and worm(s) on your computer. Only 0 out of 0 Trojan horse programs and worms are displayed: - 0 worm(s)/Trojan(s) passed, 7 worm(s)/Trojan(s) no action available
- 0 Worm(s)/Trojan(s) deleted, 0 worm(s)/Trojan(s) undeletable
Trojan/Worm Name Trojan/Worm Type Action Taken
WORM_RBOT.AZ Worm No action available
WORM_SDBOT.QV Worm No action available
WORM_RBOT.LV Worm No action available
WORM_WOOTBOT.S Worm No action available
WORM_WOOTBOT.DF Worm No action available
WORM_WOOTBOT.DU Worm No action available
WORM_SDBOT-5 Worm No action available
Spyware Check
What we checked:
Whether personal information was tracked and reported by spyware. Spyware is often installed secretly with legitimate programs downloaded from the Internet.
Results:
We have detected 0 spyware(s) on your computer. Only 0 out of 0 spywares are displayed: - 0 spyware(s) passed, 0 spyware(s) no action available
- 0 spyware(s) removed, 0 spyware(s) unremovable
Spyware Name Spyware Type Action Taken
Microsoft Vulnerability Check
What we checked:
Microsoft known security vulnerabilities. These are issues Microsoft has identified and released Critical Updates to fix.
Results:
We have detected 0 vulnerability/vulnerabilities on your computer. Only 0 out of 0 vulnerabilities are displayed.
Risk Level Issue How to Fix
I think it didnt clean them
#19
Posted 23 June 2005 - 03:15 AM
Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - F:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O4 - HKCU\..\Run: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKCU\..\Run: [Task manager] TikTo.exe
O4 - Global Startup: KODAK Software Updater.lnk = F:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolba...006_regular.cab
Reboot and update Windows and IE to SP1.
Post back with a new log.
Will you be renewing the KAV updates?
Regards,
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - F:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O4 - HKCU\..\Run: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKCU\..\Run: [Task manager] TikTo.exe
O4 - Global Startup: KODAK Software Updater.lnk = F:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolba...006_regular.cab
Reboot and update Windows and IE to SP1.
Post back with a new log.
Will you be renewing the KAV updates?
Regards,
#20
Posted 23 June 2005 - 04:47 AM
Unfortunatly i cant update IE to SP1 sue to invalid CD KEY, everything is all good now exept the viruses that online scanner picked up. I might go out and buy norton or somthing for future defense
Thanks again for all your help, I would be pulling my hair out otherwise
Thanks again for all your help, I would be pulling my hair out otherwise
#21
Posted 23 June 2005 - 05:00 AM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users