Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ABI Direct [CLOSED] [RESOLVED]

Started by Alan M Lynch , Jul 12 2005 09:21 AM

  • This topic is locked This topic is locked

#1
Alan M Lynch
Posted 12 July 2005 - 09:21 AM

Alan M Lynch

    New Member

  • Member
  • Pip
  • 5 posts
Good afternoon, a friend has asked me to look at her computer as she seems to think I know more than her :tazz:
It has been infected by the malware ABI popups. I have followed the steps in other similar queries and have finished by running HJT and the following is the logfile received. Is there anything I should delete.

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 15:56:10, on 12/07/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\PROMon.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINNT\system32\internat.exe
C:\Program Files\System Soap Pro\soap.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
C:\wspan\swgw\FilterAgent.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINNT\system32\DllHost.exe
C:\PROGRA~1\HEWLET~1\HPOFFI~1\bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\HPOSTS07.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\HPOFXM07.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe
C:\WINNT\system32\HPBPRO.EXE

O2 - BHO: (no name) - {4FFB4258-B213-59E1-8750-105508A02E3C} - C:\WINNT\system32\uwovqc.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [farmmext] C:\WINNT\farmmext.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [hzemdl] c:\winnt\system32\hzemdl.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [System Soap Pro] C:\Program Files\System Soap Pro\soap.exe min
O4 - HKCU\..\Run: [Awoa] C:\Documents and Settings\Administrator\Application Data\smmo.exe
O4 - HKCU\..\Run: [Zvg] C:\WINNT\system32\tylino.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
O4 - Global Startup: Worldspan Filter Agent.lnk = C:\wspan\swgw\FilterAgent.exe
O4 - Global Startup: iflow Tray App.lnk = C:\Program Files\iflow technologies\iflow Message Centre\iftray.exe
O15 - Trusted Zone: *.worldspan.com
O15 - Trusted Zone: http://*.worldspan.com
O15 - Trusted Zone: http://*.wspan.com
O15 - Trusted Zone: *.wspan.net
O16 - DPF: vtterm - http://www.gforgo.co...java/vtterm.cab
O16 - DPF: {03DF0933-6E10-4D32-9835-B9A815622831} (WSSystemInfo Class) - https://gopublic.wsp...Information.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://swslln01.worl....com/iNotes.cab
O16 - DPF: {43064A9D-7FED-11D3-A079-400011500081} (WSSPSInstVer Class) - http://gopublic.wspa...SSPSInstall.CAB
O16 - DPF: {7B72C3FC-34B5-4504-B4BE-EB38971A0888} (WSFileIO Class 3) - http://go.worldspan....s/WSFileIO3.cab
O16 - DPF: {91413D86-9F27-402C-B5E3-DEBDD122C339} - http://content2.netv.../ie/games18.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda....iep/games18.cab
O16 - DPF: {9145A52A-9B22-4858-AEE7-74D6C7D3F366} (BrowserConfig Class) - http://gopublic.wspa...owserConfig.cab
O16 - DPF: {D4233B6D-88A0-11D3-BC29-400011500032} (WspGoCal Class) - http://gopublic.wspa...s/bin/WSCAL.CAB
O16 - DPF: {E99BF99C-5D95-11D4-A0EC-00500489A32D} (WSFileIO Class) - http://gopublic.wspa...Ls/WSFileIO.cab
O16 - DPF: {F2C74EB6-1E7C-44A1-8EBA-CEDB52D47108} - http://gopublic.wspa...ls/WSClient.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 5.0 (SP2)) - http://gopublic.wspa...Ls/Comdlg32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{959804D7-C84C-4159-A847-80120FCAD762}: NameServer = 10.136.109.64
O18 - Filter: text/html - {4F88C671-AE56-41AD-BA42-8AA79BFD5799} - C:\Documents and Settings\Administrator\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINNT\SYSTEM32\PLSRemote.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  • 0

Advertisements

#2
tampabelle
Posted 12 July 2005 - 03:12 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP, or Service Pack 4 if you are running Win2k. Without this update, you're wide open to re-infection, and we're both just wasting our time.

Click here

Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#3
Alan M Lynch
Posted 14 July 2005 - 06:22 AM

Alan M Lynch

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Applied updates as you suggested the system is W2k

Ran HJT and the log file follows.

Logfile of HijackThis v1.99.1
Scan saved at 13:10:15, on 14/07/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\PROMon.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINNT\system32\internat.exe
C:\Program Files\System Soap Pro\soap.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
C:\wspan\swgw\FilterAgent.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\iflow technologies\iflow Message Centre\iftray.exe
C:\WINNT\system32\DllHost.exe
C:\PROGRA~1\HEWLET~1\HPOFFI~1\bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\HPOSTS07.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\HPOFXM07.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alanlynch.com/
O2 - BHO: (no name) - {4FFB4258-B213-59E1-8750-105508A02E3C} - C:\WINNT\system32\uwovqc.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [farmmext] C:\WINNT\farmmext.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [hzemdl] c:\winnt\system32\hzemdl.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [System Soap Pro] C:\Program Files\System Soap Pro\soap.exe min
O4 - HKCU\..\Run: [Awoa] C:\Documents and Settings\Administrator\Application Data\smmo.exe
O4 - HKCU\..\Run: [Zvg] C:\WINNT\system32\tylino.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
O4 - Global Startup: Worldspan Filter Agent.lnk = C:\wspan\swgw\FilterAgent.exe
O4 - Global Startup: iflow Tray App.lnk = C:\Program Files\iflow technologies\iflow Message Centre\iftray.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O15 - Trusted Zone: *.worldspan.com
O15 - Trusted Zone: http://*.worldspan.com
O15 - Trusted Zone: http://*.wspan.com
O15 - Trusted Zone: *.wspan.net
O16 - DPF: vtterm - http://www.gforgo.co...java/vtterm.cab
O16 - DPF: {03DF0933-6E10-4D32-9835-B9A815622831} (WSSystemInfo Class) - https://gopublic.wsp...Information.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://swslln01.worl....com/iNotes.cab
O16 - DPF: {43064A9D-7FED-11D3-A079-400011500081} (WSSPSInstVer Class) - http://gopublic.wspa...SSPSInstall.CAB
O16 - DPF: {7B72C3FC-34B5-4504-B4BE-EB38971A0888} (WSFileIO Class 3) - http://go.worldspan....s/WSFileIO3.cab
O16 - DPF: {91413D86-9F27-402C-B5E3-DEBDD122C339} - http://content2.netv.../ie/games18.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda....iep/games18.cab
O16 - DPF: {9145A52A-9B22-4858-AEE7-74D6C7D3F366} (BrowserConfig Class) - http://gopublic.wspa...owserConfig.cab
O16 - DPF: {D4233B6D-88A0-11D3-BC29-400011500032} (WspGoCal Class) - http://gopublic.wspa...s/bin/WSCAL.CAB
O16 - DPF: {E99BF99C-5D95-11D4-A0EC-00500489A32D} (WSFileIO Class) - http://gopublic.wspa...Ls/WSFileIO.cab
O16 - DPF: {F2C74EB6-1E7C-44A1-8EBA-CEDB52D47108} - http://gopublic.wspa...ls/WSClient.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 5.0 (SP2)) - http://gopublic.wspa...Ls/Comdlg32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{959804D7-C84C-4159-A847-80120FCAD762}: NameServer = 10.136.109.64
O18 - Filter: text/html - {4F88C671-AE56-41AD-BA42-8AA79BFD5799} - C:\Documents and Settings\Administrator\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINNT\SYSTEM32\PLSRemote.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  • 0

#4
tampabelle
Posted 14 July 2005 - 08:33 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please print out these instructions or copy them into a text file on your Desktop for easy access.

During the fix, u will be asked to fix some entries, delete some files or uninstall sosme programs. If in case, you do not see those entries / files / programs, please make a note of it. Continue with the fix and in your next post please inform me of all deviations from the fix prescribed.

1. Download Programs

Please download these programs and save them in a new folder on your desktop -

CleanUp

Nailfix

Unzip it to the desktop but please do NOT run it yet.

Restart the PC in Safe Mode (repeatedly tap the F8 key when the PC is starting up).

2. Remove Infections

please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Run CleanUp and delete all temp files including temporary internet files

3. Run Hijack This

Run Hijack This and click on scan. The following items need to be fixed -

O2 - BHO: (no name) - {4FFB4258-B213-59E1-8750-105508A02E3C} - C:\WINNT\system32\uwovqc.dll (file missing)
O4 - HKLM\..\Run: [farmmext] C:\WINNT\farmmext.exe
O4 - HKLM\..\Run: [hzemdl] c:\winnt\system32\hzemdl.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [System Soap Pro] C:\Program Files\System Soap Pro\soap.exe min
O4 - HKCU\..\Run: [Awoa] C:\Documents and Settings\Administrator\Application Data\smmo.exe
O4 - HKCU\..\Run: [Zvg] C:\WINNT\system32\tylino.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab
O16 - DPF: {91413D86-9F27-402C-B5E3-DEBDD122C339} - http://content2.netv.../ie/games18.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda....iep/games18.cab


Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

4. Delete Rogue files

Open Windows Explorer (right click on Start and then click on explore). Locate and delete the following folders and files -

C:\WINNT\farmmext.exe
c:\winnt\system32\hzemdl.exe
C:\Program Files\System Soap Pro
C:\Documents and Settings\Administrator\Application Data\smmo.exe
C:\WINNT\system32\tylino.exe
C:\WINNT\web\related.htm
internat.exe

Reboot the PC in Normal Mode.


Please visit Panda and do an online scan. Save the scan report.

Run Hijack This and post a fresh HJT log along with Panda scan report.
  • 0

#5
tampabelle
Posted 24 July 2005 - 02:49 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#6
tampabelle
Posted 26 July 2005 - 06:15 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Topic reopened at the request of the user.


Please post the Panda scan report as well as a fresh HJT log here
  • 0

#7
Alan M Lynch
Posted 26 July 2005 - 08:53 AM

Alan M Lynch

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Panda Scan

Incident Status Location

Spyware:spyware/bridge No disinfected C:\WINNT\DOWNLOADED PROGRAM FILES\bridge.inf
Adware:adware/mediatickets No disinfected C:\WINNT\DOWNLOADED PROGRAM FILES\MediaTicketsInstaller.INF
Adware:adware/savenow No disinfected C:\WINNT\DOWNLOADED PROGRAM FILES\WUInst.inf
Adware:adware/funweb No disinfected C:\WINNT\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.8-2.inf
Adware:adware/wupd No disinfected C:\WINNT\SYSTEM32\ide21201.vxd
Adware:adware/purityscan No disinfected C:\WINNT\SYSTEM32\wnscpcc.exe
Spyware:spyware/bargainbuddy No disinfected C:\WINNT\launcher.exe
Spyware:spyware/betterinet No disinfected C:\WINNT\ceres.dll
Adware:adware/ipinsight No disinfected C:\WINNT\farmmext.ini
Adware:adware/gator No disinfected C:\WINNT\GatorHDPlugin.log-old.log
Adware:adware/transponder No disinfected C:\WINNT\abiuninst.htm
Adware:adware/mywebsearch No disinfected C:\PROGRAM FILES\MyWebSearch
Spyware:spyware/dyfuca No disinfected C:\PROGRAM FILES\Internet Optimizer
Spyware:spyware/iehelp No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEHLPROBJ.IEHLPROBJ.1
Adware:adware/whenusearch No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WUSE.1
Adware:adware/cws.aboutblank No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTOCOLS\FILTER\TEXT/HTML\CLSID
Adware:adware/virtualbouncer No disinfected HKEY_CLASSES_ROOT\Interface\{4B795337-D704-49C7-8CA1-D65722B28EBD}
Adware:adware/myway No disinfected HKEY_LOCAL_MACHINE\software\classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
Spyware:Spyware/BetterInet No disinfected C:\WINNT\inf\banner.inf
Adware:Adware/Transponder No disinfected C:\WINNT\inf\Pynix.inf
Adware:Adware/IPInsight No disinfected C:\WINNT\inf\farmmext.inf
Adware:Adware/Transponder No disinfected C:\WINNT\inf\ceres.inf
Adware:Adware/MediaTickets No disinfected C:\WINNT\Downloaded Program Files\MediaTicketsInstaller.INF
Adware:Adware/FunWeb No disinfected C:\WINNT\Downloaded Program Files\f3initialsetup1.0.0.8-2.inf
Spyware:Spyware/BetterInet No disinfected C:\WINNT\ceres.dll
Spyware:Spyware/BetterInet No disinfected C:\WINNT\Buddy.exe
Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[Details.zip]
Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[Updates.zip]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~003144.@x@]
Virus:W32/Netsky.W.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~003174.txt][bill.zip][document.htm .scr]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~003175.txt][details.zip][document.txt .exe]
Virus:W32/Netsky.W.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~003176.txt][website.zip][your_details.scr]
Virus:W32/Netsky.W.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~003177.txt][text.zip][doc.txt .exe]
Virus:W32/Netsky.W.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~003178.txt][document_citi-travelalliance.zip][doc.txt .exe]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~003297.txt][~000003.@x@]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~003297.txt][message.scr]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~003487.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~003571.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~003577.@x@]
Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[text_document.zip]
Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[Message.zip]
Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[Info.zip]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~004148.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~004206.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~004292.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~004320.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~004379.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~004451.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~004725.@x@]
Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[Details.zip]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~004930.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~004984.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~005248.@x@]
Virus:W32/Netsky.C.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~005410.txt][number_phone.com]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~006013.@x@]
Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[Message.zip]
Virus:W32/Netsky.D.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~006667.txt][yours.pif]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~006684.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~006703.@x@]
Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~007031.txt][doc.scr]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~007352.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~007471.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~007911.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~007917.@x@]
Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[Document.zip]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~008497.@x@]
Virus:W32/Netsky.W.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~008637.txt][document_all.zip][document.htm .scr]
Virus:W32/Netsky.W.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~008638.txt][bill_sun-regional.pif]
Virus:W32/Netsky.W.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~008657.txt][screensaver.scr]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~009019.@x@]
Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[Details.zip]
Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[Document.zip]
Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[Updates.zip]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~009367.@x@]
Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[Document.zip]
Virus:W32/Netsky.W.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~009482.txt][product.zip][document.exe]
Virus:W32/Netsky.W.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~009483.txt][details_sun-regional.scr]
Virus:W32/Netsky.W.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~009583.txt][file.scr]
Virus:W32/Netsky.W.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~009584.txt][product.zip][doc.pif]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~009984.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~010281.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~010650.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~010845.@x@]
Virus:W32/Netsky.Q.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~010931.txt][mail13451.zip][mail.eml .sc
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~010932.txt][~000003.@x@]
Virus:W32/Netsky.Q.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~010932.txt][message.pif]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~010947.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~010957.txt][~000003.@x@]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~010957.txt][message.pif]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~011146.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~011179.@x@]
Virus:W32/Netsky.W.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~011286.txt][data.pif]
Virus:W32/Netsky.W.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~011287.txt][screensaver.zip][document.exe]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~011654.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~011873.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~012574.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~012611.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~012833.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~012982.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~012988.txt][~000003.@x@]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~012988.txt][message.scr]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~013544.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~013618.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~013765.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~014202.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~014227.@x@]
Virus:W32/Netsky.W.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~014229.txt][excel document_sun-regional.zip][doc.pif]
Virus:W32/Netsky.W.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~014230.txt][bill.exe]
Virus:W32/Netsky.W.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~014300.txt][letter_407680.pif]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~015080.@x@]
Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[Readme.zip]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~015748.@x@]
Virus:W32/Netsky.B.dam.worm Renamed C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~016067.txt][misc.pif]
Virus:W32/Mytob.AL.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~016374.txt][message.pif]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~016481.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~016573.@x@]
Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[Info.zip]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~017871.@x@]
Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[Details.zip]
Virus:W32/Sober.V.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~019333.txt][our_secret.zip][Winzipped-Text_Data.txt .pif]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~019504.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~019674.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~019680.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~020206.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~020343.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~020349.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~020440.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~020468.@x@]
Virus:W32/Netsky.C.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~020825.txt][me_music.zip][me_music.pif]
Virus:W32/Mydoom.N.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~020837.txt][[email protected]][[email protected]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~020958.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~020964.@x@]
Virus:W32/Netsky.C.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~021015.txt][old_photos.com]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~021026.@x@]
Virus:W32/Sober.V.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~021345.txt][error-mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~021364.txt][account_info-text.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~021385.txt][error-mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~021396.txt][account_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~021411.txt][account_info-text.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~021420.txt][account_info-text.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~021438.txt][mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~021480.txt][mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~021518.txt][our_secret.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~021526.txt][mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~021540.txt][error-mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~021544.txt][our_secret.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~021564.txt][our_secret.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~021594.txt][error-mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~021614.txt][mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~021630.txt][mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~021948.txt][mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~021957.@x@]
Virus:W32/Sober.V.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~022016.txt][error-mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~022066.txt][account_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~022143.txt][mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~022150.txt][account_info-text.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~022209.txt][mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~022248.@x@]
Virus:W32/Sober.V.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~022354.txt][account_info-text.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~022446.txt][account_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~022456.txt][mail_info.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Sober.V.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~022483.txt][account_info-text.zip][Winzipped-Text_Data.txt .pif]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~022567.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~022987.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Inbox[~023545.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Junk[~000109.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Junk[~000217.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Junk[~000234.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Junk[~000249.@x@]
Virus:W32/Bagle.AF.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Junk[~000281.txt][Updates.com]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Junk[~000293.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Junk[~000337.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Junk[~000359.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Junk[~000413.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Junk[~000529.@x@]
Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Junk[Doll.zip]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Junk[~000765.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Junk[~000838.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Junk[~000858.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\paga0s28.default\Mail\Local Folders\Junk[~001002.@x@]
  • 0

#8
tampabelle
Posted 26 July 2005 - 09:22 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Alan,


Please run CleanUp and let it delete all temp files including temporary internet files.

Post a fresh Hijack This log here
  • 0

#9
Alan M Lynch
Posted 26 July 2005 - 10:10 AM

Alan M Lynch

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Logfile of HijackThis v1.99.1
Scan saved at 17:02:17, on 26/07/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\PROMon.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
C:\wspan\swgw\FilterAgent.exe
C:\Program Files\iflow technologies\iflow Message Centre\iftray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINNT\system32\DllHost.exe
C:\PROGRA~1\HEWLET~1\HPOFFI~1\bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\HPOSTS07.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\HPOFXM07.exe
C:\WINNT\system32\HPBPRO.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\CleanUp!\Cleanup.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alanlynch.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
O4 - Global Startup: Worldspan Filter Agent.lnk = C:\wspan\swgw\FilterAgent.exe
O4 - Global Startup: iflow Tray App.lnk = C:\Program Files\iflow technologies\iflow Message Centre\iftray.exe
O15 - Trusted Zone: *.worldspan.com
O15 - Trusted Zone: http://*.worldspan.com
O15 - Trusted Zone: http://*.wspan.com
O15 - Trusted Zone: *.wspan.net
O16 - DPF: vtterm - http://www.gforgo.co...java/vtterm.cab
O16 - DPF: {03DF0933-6E10-4D32-9835-B9A815622831} (WSSystemInfo Class) - https://gopublic.wsp...Information.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://swslln01.worl....com/iNotes.cab
O16 - DPF: {43064A9D-7FED-11D3-A079-400011500081} (WSSPSInstVer Class) - http://gopublic.wspa...SSPSInstall.CAB
O16 - DPF: {7B72C3FC-34B5-4504-B4BE-EB38971A0888} (WSFileIO Class 3) - http://go.worldspan....s/WSFileIO3.cab
O16 - DPF: {9145A52A-9B22-4858-AEE7-74D6C7D3F366} (BrowserConfig Class) - http://gopublic.wspa...owserConfig.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D4233B6D-88A0-11D3-BC29-400011500032} (WspGoCal Class) - http://gopublic.wspa...s/bin/WSCAL.CAB
O16 - DPF: {E99BF99C-5D95-11D4-A0EC-00500489A32D} (WSFileIO Class) - http://gopublic.wspa...Ls/WSFileIO.cab
O16 - DPF: {F2C74EB6-1E7C-44A1-8EBA-CEDB52D47108} - http://gopublic.wspa...ls/WSClient.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 5.0 (SP2)) - http://gopublic.wspa...Ls/Comdlg32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{959804D7-C84C-4159-A847-80120FCAD762}: NameServer = 10.136.109.64
O18 - Filter: text/html - {4F88C671-AE56-41AD-BA42-8AA79BFD5799} - C:\Documents and Settings\Administrator\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINNT\SYSTEM32\PLSRemote.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  • 0

#10
tampabelle
Posted 26 July 2005 - 10:23 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Alan,

Your HJT log looks quite good !!!

Do you have any issues with your PC ????
  • 0

#11
Alan M Lynch
Posted 26 July 2005 - 10:47 AM

Alan M Lynch

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I am away from my friends PC at the moment . It appeared to be working OK. No Pop ups that I could see . Is there anything I should be looking out for ?

I probably won't be at her computer for a day or so

Regards

Alan
  • 0

#12
tampabelle
Posted 26 July 2005 - 10:51 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Post back after checking, whenever feasible.

Tell me about any pop-ups or slow working of PC or any other signs that you see
  • 0

#13
tampabelle
Posted 09 August 2005 - 02:30 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP