Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Alcan.A Worm [RESOLVED]


  • This topic is locked This topic is locked

#1
eLeNi

eLeNi

    New Member

  • Member
  • Pip
  • 2 posts
Can't seem to get the alcan worm off my comp. tried following other users instructions but can't find the keys in the registry. Also cannot even get into registry unless i use lavasoft to remove the infected files. Unfortunately the worm is still there and it always tries to open limewire even though i deleted it, really annoying.
need help! :tazz:

here's my ad-aware scan

Ad-Aware SE Build 1.06r1
Logfile Created on:Thursday, 30 June 2005 1:02:41 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R51 21.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):1 total references
Win32.P2P-Worm.Alcan.a(TAC index:8):13 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


30-06-2005 1:02:41 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 544
ThreadCreationTime : 29-06-2005 2:42:27 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 600
ThreadCreationTime : 29-06-2005 2:42:31 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 624
ThreadCreationTime : 29-06-2005 2:42:32 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 668
ThreadCreationTime : 29-06-2005 2:42:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 680
ThreadCreationTime : 29-06-2005 2:42:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 844
ThreadCreationTime : 29-06-2005 2:42:33 PM
BasePriority : Normal
FileVersion : 6.14.10.4110
ProductVersion : 6.14.10.4110.03
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 860
ThreadCreationTime : 29-06-2005 2:42:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 916
ThreadCreationTime : 29-06-2005 2:42:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1008
ThreadCreationTime : 29-06-2005 2:42:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1068
ThreadCreationTime : 29-06-2005 2:42:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1156
ThreadCreationTime : 29-06-2005 2:42:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1236
ThreadCreationTime : 29-06-2005 2:42:34 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:13 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1316
ThreadCreationTime : 29-06-2005 2:42:34 PM
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:14 [spbbcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\
ProcessID : 1364
ThreadCreationTime : 29-06-2005 2:42:34 PM
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:15 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1500
ThreadCreationTime : 29-06-2005 2:42:35 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:16 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1556
ThreadCreationTime : 29-06-2005 2:42:35 PM
BasePriority : Normal
FileVersion : 6.14.10.4110
ProductVersion : 6.14.10.4110.03
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:17 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1636
ThreadCreationTime : 29-06-2005 2:42:35 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:18 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1760
ThreadCreationTime : 29-06-2005 2:42:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:19 [gcasserv.exe]
FilePath : C:\Program Files\Microsoft AntiSpyware\
ProcessID : 1920
ThreadCreationTime : 29-06-2005 2:42:37 PM
BasePriority : Idle
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:20 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 1940
ThreadCreationTime : 29-06-2005 2:42:37 PM
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:21 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 1948
ThreadCreationTime : 29-06-2005 2:42:37 PM
BasePriority : Normal
FileVersion : 6.14.10.5134
ProductVersion : 6.14.10.5134
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2004 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:22 [pdvdserv.exe]
FilePath : C:\Program Files\CyberLink\PowerDVD\
ProcessID : 2016
ThreadCreationTime : 29-06-2005 2:42:37 PM
BasePriority : Normal
FileVersion : 5.00.0000
ProductVersion : 5.00.0000
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright © CyberLink Corp. 1997-2002
OriginalFilename : PDVDSERV.EXE

#:23 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_02\bin\
ProcessID : 2040
ThreadCreationTime : 29-06-2005 2:42:37 PM
BasePriority : Normal


#:24 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 160
ThreadCreationTime : 29-06-2005 2:42:37 PM
BasePriority : Normal
FileVersion : 5.1.0.29
ProductVersion : 5.1.0.29
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001-2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager

#:25 [bpcable.exe]
FilePath : C:\Program Files\Telstra\Cable Login\
ProcessID : 168
ThreadCreationTime : 29-06-2005 2:42:37 PM
BasePriority : Normal
FileVersion : Version 1.1
ProductVersion : Version 1.1
ProductName : BigPond Broadband Cable Login
CompanyName : Telstra
FileDescription : BigPond Broadband Cable Login
InternalName : bpcable
LegalCopyright : Copyright © Telstra Corporation Limited 2003, 2004.
OriginalFilename : bpcable.exe

#:26 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 180
ThreadCreationTime : 29-06-2005 2:42:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:27 [winupdates.exe]
FilePath : C:\Program Files\winupdates\
ProcessID : 188
ThreadCreationTime : 29-06-2005 2:42:38 PM
BasePriority : Normal
FileVersion : 3.06
ProductVersion : 3.06
ProductName : inno setup
CompanyName : inno setup
FileDescription : inno setup
InternalName : Setup
LegalCopyright : inno setup
LegalTrademarks : inno setup
OriginalFilename : Setup.exe
Comments : inno setup

#:28 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 200
ThreadCreationTime : 29-06-2005 2:42:38 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:29 [wwdisp.exe]
FilePath : C:\Program Files\Webroot\Washer\
ProcessID : 240
ThreadCreationTime : 29-06-2005 2:42:38 PM
BasePriority : Normal
FileVersion : 5.0.0.7
ProductVersion : 5.0
ProductName : Window Washer 5.0
CompanyName : Webroot Software
FileDescription : Window Washer hard disk cleaning utility
InternalName : wwDisp.exe
LegalCopyright : Copyright © 1999, 2003 All Rights Reserved
LegalTrademarks : Window Washer 5.0
OriginalFilename : wwDisp.exe
Comments : Window Washer hard disk cleaning utility

#:30 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 260
ThreadCreationTime : 29-06-2005 2:42:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:31 [gcasdtserv.exe]
FilePath : C:\Program Files\Microsoft AntiSpyware\
ProcessID : 336
ThreadCreationTime : 29-06-2005 2:42:38 PM
BasePriority : Normal
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:32 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1172
ThreadCreationTime : 29-06-2005 2:42:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:33 [btwdins.exe]
FilePath : C:\Program Files\WIDCOMM\Bluetooth Software\bin\
ProcessID : 1312
ThreadCreationTime : 29-06-2005 2:42:44 PM
BasePriority : Normal
FileVersion : 1.4.2 Build 10
ProductVersion : 1.4.2 Build 10
ProductName : Bluetooth Software 1.4.2 Build 10
CompanyName : WIDCOMM, Inc.
FileDescription : Bluetooth Support Server
InternalName : BTWDIns
LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003.
OriginalFilename : BTWDIns.EXE

#:34 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 1448
ThreadCreationTime : 29-06-2005 2:42:45 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:35 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1532
ThreadCreationTime : 29-06-2005 2:42:45 PM
BasePriority : Normal
FileVersion : 11.0.9.16
ProductVersion : 11.0.9
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:36 [bttray.exe]
FilePath : C:\Program Files\WIDCOMM\Bluetooth Software\
ProcessID : 1400
ThreadCreationTime : 29-06-2005 2:42:46 PM
BasePriority : Normal
FileVersion : 1.4.2 Build 10
ProductVersion : 1.4.2 Build 10
ProductName : Bluetooth Software 1.4.2 Build 10
CompanyName : WIDCOMM, Inc.
FileDescription : Bluetooth Tray Application
InternalName : BTTray
LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003.
OriginalFilename : BTTray.exe

#:37 [npfmntor.exe]
FilePath : C:\Program Files\Norton AntiVirus\IWP\
ProcessID : 1132
ThreadCreationTime : 29-06-2005 2:42:48 PM
BasePriority : Normal
FileVersion : 11.0.9.16
ProductVersion : 11.0.9
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NPFMonitor.EXE

#:38 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2160
ThreadCreationTime : 29-06-2005 2:42:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:39 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 2216
ThreadCreationTime : 29-06-2005 2:42:48 PM
BasePriority : Normal
FileVersion : 1, 8, 54, 419
ProductVersion : 1, 8, 54, 419
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:40 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2252
ThreadCreationTime : 29-06-2005 2:42:48 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:41 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 2276
ThreadCreationTime : 29-06-2005 2:42:49 PM
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:42 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2956
ThreadCreationTime : 29-06-2005 2:42:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:43 [limewire.exe]
FilePath : C:\Program Files\LimeWire\
ProcessID : 3828
ThreadCreationTime : 29-06-2005 2:43:38 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : LimeWire
CompanyName : Lime Wire, LLC
FileDescription : LimeWire
InternalName : LimeWire
LegalCopyright : Copyright © 2004
OriginalFilename : LimeWire.exe
Comments : The most advanced file sharing program on the planet.

#:44 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3904
ThreadCreationTime : 29-06-2005 2:43:52 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:45 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3976
ThreadCreationTime : 29-06-2005 2:44:11 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:46 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2408
ThreadCreationTime : 29-06-2005 2:54:06 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\ELENI-PC\Cookies\[email protected][2].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : A0017209.dll
TAC Rating : 8
Category : Worm
Comment :
Object : C:\System Volume Information\_restore{077A9AB0-3620-459A-9944-6DDA1D6C9719}\RP74\
FileVersion : 3.0.2.0
ProductVersion : 3.02
ProductName : BigSpeed Zip DLL
CompanyName : BigSpeedSoft
InternalName : bszip.dll
LegalCopyright : © BigSpeedSoft
LegalTrademarks : BigSpeed is a trademark of BigSpeedSoft
OriginalFilename : bszip.dll


Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : A0017672.dll
TAC Rating : 8
Category : Worm
Comment :
Object : C:\System Volume Information\_restore{077A9AB0-3620-459A-9944-6DDA1D6C9719}\RP75\
FileVersion : 3.0.2.0
ProductVersion : 3.02
ProductName : BigSpeed Zip DLL
CompanyName : BigSpeedSoft
InternalName : bszip.dll
LegalCopyright : © BigSpeedSoft
LegalTrademarks : BigSpeed is a trademark of BigSpeedSoft
OriginalFilename : bszip.dll


Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : A0017729.dll
TAC Rating : 8
Category : Worm
Comment :
Object : C:\System Volume Information\_restore{077A9AB0-3620-459A-9944-6DDA1D6C9719}\RP75\
FileVersion : 3.0.2.0
ProductVersion : 3.02
ProductName : BigSpeed Zip DLL
CompanyName : BigSpeedSoft
InternalName : bszip.dll
LegalCopyright : © BigSpeedSoft
LegalTrademarks : BigSpeed is a trademark of BigSpeedSoft
OriginalFilename : bszip.dll


Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : A0017815.dll
TAC Rating : 8
Category : Worm
Comment :
Object : C:\System Volume Information\_restore{077A9AB0-3620-459A-9944-6DDA1D6C9719}\RP75\
FileVersion : 3.0.2.0
ProductVersion : 3.02
ProductName : BigSpeed Zip DLL
CompanyName : BigSpeedSoft
InternalName : bszip.dll
LegalCopyright : © BigSpeedSoft
LegalTrademarks : BigSpeed is a trademark of BigSpeedSoft
OriginalFilename : bszip.dll


Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : bszip.dll
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 3.0.2.0
ProductVersion : 3.02
ProductName : BigSpeed Zip DLL
CompanyName : BigSpeedSoft
InternalName : bszip.dll
LegalCopyright : © BigSpeedSoft
LegalTrademarks : BigSpeed is a trademark of BigSpeedSoft
OriginalFilename : bszip.dll


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 6




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.P2P-Worm.Alcan.a Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Worm
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : cmd.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\



Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : netstat.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\



Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : ping.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\



Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : regedit.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\



Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : taskkill.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\



Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : tasklist.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\



Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : tracert.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 14

1:12:04 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:09:22.203
Objects scanned:107760
Objects identified:14
Objects ignored:0
New critical objects:14
  • 0

Advertisements


#2
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Please could you try to download Ewido

Hopefully this will remove the worm fully.

Please keep us updated
  • 0

#3
eLeNi

eLeNi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thanx a lot for the tip! The Ewido scan found infected files that i didn't even know i had. I had to run the scan a couple of times as a windows error msg appeared and would not let me delete some of the files. I ran the ad-aware scan afterwards to make sure the worm was gone. It still detected 2 files but once I deleted them with ad-aware, they didn't re-appear on future scans. Thanx again. Hopefully all the anti-virus and anti-spyware programs on my comp will prevent future infections.

eLeNi :tazz:
  • 0

#4
Guest_numbnuts_*

Guest_numbnuts_*
  • Guest
Hello,eLeNi are you sure you have a clean Machine..??
The reason I ask is..

The files found are in your restore folder that no program can clean
without you disabling it first..

Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : A0017815.dll
TAC Rating : 8
Category : Worm
Comment :
Object : C:\System Volume Information\_restore{077A9AB0-3620-459A-9944-6DDA1D6C9719}\RP75\
FileVersion : 3.0.2.0
ProductVersion : 3.02
ProductName : BigSpeed Zip DLL
CompanyName : BigSpeedSoft
InternalName : bszip.dll
LegalCopyright : © BigSpeedSoft
LegalTrademarks : BigSpeed is a trademark of BigSpeedSoft
OriginalFilename : bszip.dll



Scan again with, Ad-aware delete what is found..

Reboot/Restart your computer …..

Scan again with Ad-aware…Post the new log here..

So it can be checked to see if it’s still in you restore folder

Regards..

numbnuts .. :tazz:
  • 0

#5
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP