Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

SPY SHERIFF! HELP I AM SWIMMING IN VIRUSES.

Started by rogerbaby , Jul 19 2005 04:04 AM

  • Please log in to reply

#1
rogerbaby
Posted 19 July 2005 - 04:04 AM

rogerbaby

    New Member

  • Member
  • Pip
  • 1 posts
i PICKED UP A BUG CALLED SPYSHERIFF for the third time and this time i refuse to reformat tpo get rid of this plague ...has anyone ever gone to their offices and threatened to do them major bopdily harm>?? they need to these guys are very bad and the viruses they use to sell their product extrortion i followed the four steps recommeneded in an earlier thread and here are the results of the virus scans and the hijack this after it was supposedly cleaned by the three virus scans prior to running it. I used a freshly downloaded version of hijack this and freshly updated and dpownloaded versions of EWIDO, KASPERSKY and TREND MICRO
here goes :
first is the EWIDO

wido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:01:17 AM, 7/19/2005
+ Report-Checksum: D25A87C8

+ Scan result:

HKLM\SOFTWARE\AZESearchCo -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\AZESearchCo\AZESearch -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\AZESearchCo\AZESearch\popup -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B75F75B8-93F3-429D-FF34-660B206D897A} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FF8DA190-3574-11D4-8068-0060082AE372} -> Spyware.BingoFun : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FFF5092F-7172-4018-827B-FA5868FB0478} -> Spyware.ZToolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501} -> Spyware.SimpleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77} -> Spyware.SimpleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.activator -> Spyware.Azsearch : Error during cleaning
HKLM\SOFTWARE\Classes\ZToolbar.activator\CLSID -> Spyware.Azsearch : Error during cleaning
HKLM\SOFTWARE\Classes\ZToolbar.activator\CurVer -> Spyware.Azsearch : Error during cleaning
HKLM\SOFTWARE\Classes\ZToolbar.ParamWr -> Spyware.Azsearch : Error during cleaning
HKLM\SOFTWARE\Classes\ZToolbar.ParamWr\CLSID -> Spyware.Azsearch : Error during cleaning
HKLM\SOFTWARE\Classes\ZToolbar.ParamWr\CurVer -> Spyware.Azsearch : Error during cleaning
HKLM\SOFTWARE\Classes\ZToolbar.StockBar -> Spyware.Azsearch : Error during cleaning
HKLM\SOFTWARE\Classes\ZToolbar.StockBar\CLSID -> Spyware.Azsearch : Error during cleaning
HKLM\SOFTWARE\Classes\ZToolbar.StockBar\CurVer -> Spyware.Azsearch : Error during cleaning
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B75F75B8-93F3-429D-FF34-660B206D897A} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFF5092F-7172-4018-827B-FA5868FB0478} -> Spyware.ZToolbar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Best Search Engine!!! -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1220945662-926492609-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{0656A137-B161-CADD-9777-E37A75727E78} -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-1220945662-926492609-725345543-1003\Software\Classes\CLSID\{0656A137-B161-CADD-9777-E37A75727E78} -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-1220945662-926492609-725345543-1003_Classes\CLSID\{0656A137-B161-CADD-9777-E37A75727E78} -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Jami\Cookies\jami@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Jami\Cookies\jami@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Jami\Cookies\jami@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Jami\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Jami\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Jami\Local Settings\Temp\vx1.game -> TrojanDropper.Small.acg : Cleaned with backup
C:\Documents and Settings\Jami\Local Settings\Temp\vx4.game -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Jami\Local Settings\Temp\vxt1.game -> Backdoor.Agent.iw : Cleaned with backup
C:\Documents and Settings\Jami\Local Settings\Temporary Internet Files\Content.IE5\EGWKHLQP\loadadv645[1].exe -> TrojanDownloader.Small.bct : Cleaned with backup
C:\Documents and Settings\Jami\Local Settings\Temporary Internet Files\Content.IE5\KHQJSTIN\latest[1].exe -> Trojan.Crypt.c : Cleaned with backup
C:\Documents and Settings\Jami\Local Settings\Temporary Internet Files\Content.IE5\KHQJSTIN\load[1].exe -> TrojanDownloader.Small.bct : Cleaned with backup
C:\Documents and Settings\Jami\Local Settings\Temporary Internet Files\Content.IE5\OXQJG1AN\gdnUS2070[1].exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\Jami\Local Settings\Temporary Internet Files\Content.IE5\OXQJG1AN\latest[1].exe -> Trojan.Crypt.c : Cleaned with backup
C:\Documents and Settings\Justin\Local Settings\Temp\vx1.game -> TrojanDropper.Small.acg : Cleaned with backup
C:\Documents and Settings\Justin\Local Settings\Temp\vx4.game -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Justin\Local Settings\Temp\vxt1.game -> Backdoor.Agent.iw : Cleaned with backup
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\85ENCDQB\latest[1].exe -> Trojan.Crypt.c : Cleaned with backup
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\OXQJG1AN\latest[1].exe -> Trojan.Crypt.c : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GN0RQRSN\load02[1].exe -> Heuristic.Win32.AVKiller : Cleaned with backup
C:\Documents and Settings\Mooly\Cookies\mooly@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mooly\Cookies\mooly@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Mooly\Local Settings\Temp\vx1.game -> TrojanDropper.Small.acg : Cleaned with backup
C:\Documents and Settings\Mooly\Local Settings\Temp\vx4.game -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Mooly\Local Settings\Temp\vxt1.game -> Backdoor.Agent.iw : Cleaned with backup
C:\Documents and Settings\Roger\Cookies\[email protected][1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Roger\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Roger\Cookies\roger@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Roger\Copy of Cookies\roger@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Roger\Copy of Cookies\roger@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Roger\Copy of Cookies\roger@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Roger\Copy of Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Roger\Copy of Cookies\roger@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Roger\Copy of Cookies\roger@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Roger\Copy of Cookies\roger@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Roger\Copy of Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Roger\Copy of Cookies\roger@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Roger\Copy of Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Roger\Copy of Cookies\roger@spylog[1].txt -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Documents and Settings\Roger\Copy of Cookies\roger@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Roger\Copy of Cookies\roger@xxxtoolbar[1].txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\Documents and Settings\Roger\Copy of Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Roger\Desktop\crack.exe -> TrojanDownloader.IstBar.kc : Cleaned with backup
C:\Documents and Settings\Roger\Desktop\john-16w.zip/john-16/run/john.exe -> Not-A-Virus.HackTool.John : Error during cleaning
C:\Documents and Settings\Roger\Desktop\john-16w.zip/john-16/run/john-k6.zip/john.exe -> Not-A-Virus.HackTool.John : Error during cleaning
C:\Documents and Settings\Roger\Desktop\john-16w.zip/john-16/run/john-mmx.zip/john.exe -> Not-A-Virus.HackTool.John : Error during cleaning
C:\Documents and Settings\Roger\Local Settings\Temp\6.qtdfmp -> TrojanDownloader.Small.aux : Cleaned with backup
C:\Documents and Settings\Roger\Local Settings\Temp\7.qtdfmp -> TrojanDownloader.Small.atl : Cleaned with backup
C:\Documents and Settings\Roger\Local Settings\Temp\vx1.game -> TrojanDropper.Small.acg : Cleaned with backup
C:\Documents and Settings\Roger\Local Settings\Temp\vx4.game -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Roger\Local Settings\Temp\vxt1.game -> Backdoor.Agent.iw : Cleaned with backup
C:\Documents and Settings\Roger\Local Settings\Temporary Internet Files\Content.IE5\8DE918RY\latest[1].exe -> Trojan.Crypt.c : Cleaned with backup
C:\Documents and Settings\Roger\Local Settings\Temporary Internet Files\Content.IE5\FA0PTGW6\latest[1].exe -> Trojan.Crypt.c : Cleaned with backup
C:\Documents and Settings\Tatiana\Cookies\tatiana@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Tatiana\Cookies\[email protected][1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Tatiana\Cookies\[email protected][1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Tatiana\Local Settings\Temp\vx1.game -> TrojanDropper.Small.acg : Cleaned with backup
C:\Documents and Settings\Tatiana\Local Settings\Temp\vx4.game -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Tatiana\Local Settings\Temp\vxt1.game -> Backdoor.Agent.iw : Cleaned with backup
C:\Documents and Settings\Tatiana\Local Settings\Temporary Internet Files\Content.IE5\85ENCDQB\gdnUS2070[1].exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\Tatiana\Local Settings\Temporary Internet Files\Content.IE5\85ENCDQB\gdnUS2070[2].exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\Tatiana\Local Settings\Temporary Internet Files\Content.IE5\85ENCDQB\latest[2].exe -> Trojan.Crypt.c : Cleaned with backup
C:\Documents and Settings\Tatiana\Local Settings\Temporary Internet Files\Content.IE5\EGWKHLQP\gdnUS2070[1].exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\Tatiana\Local Settings\Temporary Internet Files\Content.IE5\KHQJSTIN\latest[1].exe -> Trojan.Crypt.c : Cleaned with backup
C:\Documents and Settings\Tatiana\Local Settings\Temporary Internet Files\Content.IE5\OXQJG1AN\gdnUS2070[1].exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\Tatiana\Local Settings\Temporary Internet Files\Content.IE5\OXQJG1AN\gdnUS2070[2].exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\Tatiana\Local Settings\Temporary Internet Files\Content.IE5\OXQJG1AN\gdnUS2070[4].exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\Tatiana\Local Settings\Temporary Internet Files\Content.IE5\OXQJG1AN\loadadv645[1].exe -> TrojanDownloader.Small.bct : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\131B25EF-7170-4419-AEB0-296877\7C12A9D0-2851-4C7B-9D98-AB1347 -> Spyware.AzSearch : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3B1215C0-7655-48EA-8C48-01CC24\C068B6C4-4237-4B8C-A863-AD5FBA -> TrojanDownloader.IstBar.jm : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\5004FF42-5FD8-40BC-A3DD-4720B8\8A510E36-C050-4262-B9DF-B53B68 -> TrojanProxy.Small.cn : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\55FB21B7-87F1-4C8D-9211-EB8CA0\E8811FE3-0289-4457-9F5B-F488F4 -> TrojanDownloader.IstBar : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\649B1397-27FE-427F-BCC4-C56FDC\9675565D-0849-4041-99CC-AE0E65 -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\70E24428-782B-487F-AFA3-809E11\EBEF472B-688F-4DAA-8DE4-D7226B -> TrojanProxy.Small.cn : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\81313872-0FD3-43CC-821F-55A220\A813DED2-7A9C-4E88-8996-99F8CA -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\81313872-0FD3-43CC-821F-55A220\EECE401B-5DF9-4EDA-B8F0-822B1D -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B616C42E-2BF6-4209-832D-9000C7\A99180E1-ABB2-4DAB-A920-D12072 -> Spyware.AzSearch : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B616C42E-2BF6-4209-832D-9000C7\E638D4CF-CF32-4123-83CC-CE33B3 -> Spyware.AzSearch : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\CBD03272-E9DE-4F72-BA05-0B4E17\801F16D6-ED89-45C3-A996-DEE6FB -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\D860AB9B-9432-4767-A57B-4B5376\1477E62F-51C4-43C8-9BE8-9D248D -> TrojanProxy.Small.cn : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F01821F9-846E-4184-8C79-47B717\102D3C9B-908F-4FFB-A158-A01ADE -> Spyware.NewDotNet : Cleaned with backup
C:\RECYCLER\svchost.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\RECYCLER\svchost.exe -> Backdoor.Agent.iw : Cleaned with backup
C:\WINDOWS\180.exe -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\system\svchost.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\WINDOWS\system\svchost.exe -> Backdoor.Agent.iw : Cleaned with backup
C:\WINDOWS\system\__delete_on_reboot__svchosthook.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\WINDOWS\system32\Ilclmi32.exe -> Backdoor.Padodor.az : Cleaned with backup
C:\WINDOWS\system32\latest.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\system32\maxd1.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\vxgame1.exe -> TrojanDropper.Small.acg : Cleaned with backup
C:\WINDOWS\system32\vxgamet1.exe -> Backdoor.Agent.iw : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq6.exe -> TrojanDownloader.Small.aux : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq7.exe -> TrojanDownloader.Small.atl : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq8.exe -> TrojanDownloader.Agent.qx : Cleaned with backup
C:\WINDOWS\system32\web.exe -> TrojanDownloader.Small.agq : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__abirvalg32.dll -> TrojanProxy.Small.cn : Cleaned with backup
C:\WINDOWS\system32\~update.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\ys.exe -> TrojanDownloader.IstBar.kc : Cleaned with backup
D:\Program Files\Microsoft AntiSpyware\Quarantine\D3484946-4243-4417-9FA7-CFD1A3\05244DED-BB4A-4C14-AECC-3057E6 -> Spyware.MediaTickets : Cleaned with backup
D:\Program Files\satu\cnup.exe -> Spyware.PurityScan : Cleaned with backup
D:\System Volume Information\_restore{E1BDE70E-A581-4584-8E6E-E99A18044A96}\RP2\A0000295.exe -> Spyware.Hijacker.Generic : Cleaned with backup
D:\System Volume Information\_restore{E1BDE70E-A581-4584-8E6E-E99A18044A96}\RP2\A0000297.exe -> TrojanDownloader.Small.aux : Cleaned with backup
D:\System Volume Information\_restore{E1BDE70E-A581-4584-8E6E-E99A18044A96}\RP2\A0000298.exe -> TrojanDownloader.Small.atl : Cleaned with backup
D:\System Volume Information\_restore{E1BDE70E-A581-4584-8E6E-E99A18044A96}\RP6\A0001181.exe -> TrojanDownloader.Small.agq : Cleaned with backup
D:\vwycp32.dll -> TrojanDownloader.Murlo.ar : Cleaned with backup
D:\WINDOWS\system32\latest.exe -> Trojan.Crypt.c : Cleaned with backup
D:\WINDOWS\system32\maxd1.exe -> Dialer.Generic : Cleaned with backup
D:\WINDOWS\system32\vxgame2.exe -> Trojan.Crypt.c : Cleaned with backup
D:\WINDOWS\system32\vxgamet1.exe -> Backdoor.Padodor.az : Cleaned with backup
D:\WINDOWS\system32\vxh8jkdq2.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
D:\WINDOWS\system32\vxh8jkdq5.exe -> TrojanDownloader.Small.awa : Cleaned with backup
D:\WINDOWS\system32\win32.exe -> Trojan.Crypt.c : Cleaned with backup


::Report End

now the KASPERSKY

KASPERSKY ANTI-VIRUS WEB SCANNER REPORT
Tuesday, July 19, 2005 02:57:55
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Anti-Virus Web Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 19/07/2005
Kaspersky Anti-Virus database records: 130968
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
J:\

Scan Statistics:
Total number of scanned objects: 61870
Number of viruses found: 28
Number of infected objects: 165
Number of suspicious objects: 3
Duration of the scan process: 5265 sec

Infected Object Name - Virus Name
C:\data Infected: Trojan-Downloader.Win32.IstBar.kc
C:\Documents and Settings\Jami\Local Settings\Temp\vx1.game Infected: Trojan-Dropper.Win32.Small.acg
C:\Documents and Settings\Jami\Local Settings\Temp\vx4.game Infected: Trojan-Clicker.Win32.Tiny.c
C:\Documents and Settings\Jami\Local Settings\Temp\vxt1.game Infected: Backdoor.Win32.Agent.iw
C:\Documents and Settings\Jami\Local Settings\Temporary Internet Files\Content.IE5\85ENCDQB\sploit[1].anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Documents and Settings\Jami\Local Settings\Temporary Internet Files\Content.IE5\85ENCDQB\x[1].chm/load.exe Infected: Trojan-Downloader.Win32.Small.bct
C:\Documents and Settings\Jami\Local Settings\Temporary Internet Files\Content.IE5\85ENCDQB\x[1].chm/x.htm Suspicious: Exploit.HTML.CodeBaseExec
C:\Documents and Settings\Jami\Local Settings\Temporary Internet Files\Content.IE5\85ENCDQB\x[1].chm Infected: Exploit.HTML.CodeBaseExec
C:\Documents and Settings\Jami\Local Settings\Temporary Internet Files\Content.IE5\EGWKHLQP\loadadv645[1].exe Infected: Trojan-Downloader.Win32.Small.bct
C:\Documents and Settings\Jami\Local Settings\Temporary Internet Files\Content.IE5\EGWKHLQP\newexpl[1].php/[From <x>]/html Infected: Exploit.VBS.Phel.i
C:\Documents and Settings\Jami\Local Settings\Temporary Internet Files\Content.IE5\EGWKHLQP\newexpl[1].php Infected: Exploit.VBS.Phel.i
C:\Documents and Settings\Jami\Local Settings\Temporary Internet Files\Content.IE5\KHQJSTIN\load[1].exe Infected: Trojan-Downloader.Win32.Small.bct
C:\Documents and Settings\Jami\Local Settings\Temporary Internet Files\Content.IE5\OXQJG1AN\gdnUS2070[1].exe Infected: Trojan-Downloader.Win32.Small.ayl
C:\Documents and Settings\Justin\Local Settings\Temp\vx1.game Infected: Trojan-Dropper.Win32.Small.acg
C:\Documents and Settings\Justin\Local Settings\Temp\vx4.game Infected: Trojan-Clicker.Win32.Tiny.c
C:\Documents and Settings\Justin\Local Settings\Temp\vxt1.game Infected: Backdoor.Win32.Agent.iw
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6DQX4T0P\installer2[1].exe Infected: Trojan-Spy.Win32.Agent.dq
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GN0RQRSN\load02[1].exe Infected: Trojan-Downloader.Win32.Wirefall.gen
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O1ELMN6D\loadppc[1].exe Infected: Trojan-Dropper.Win32.Small.abx
C:\Documents and Settings\Mooly\Local Settings\Temp\vx1.game Infected: Trojan-Dropper.Win32.Small.acg
C:\Documents and Settings\Mooly\Local Settings\Temp\vx4.game Infected: Trojan-Clicker.Win32.Tiny.c
C:\Documents and Settings\Mooly\Local Settings\Temp\vxt1.game Infected: Backdoor.Win32.Agent.iw
C:\Documents and Settings\Roger\Desktop\crack.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.kc
C:\Documents and Settings\Roger\Desktop\crack.exe/data0005 Infected: Trojan-Downloader.Win32.IstBar.kc
C:\Documents and Settings\Roger\Desktop\crack.exe Infected: Trojan-Downloader.Win32.IstBar.kc
C:\Documents and Settings\Roger\Desktop\john-16w.zip/john-16/run/john.exe Infected: HackTool.Win32.John
C:\Documents and Settings\Roger\Desktop\john-16w.zip/john-16/run/john-k6.zip/john.exe Infected: HackTool.Win32.John
C:\Documents and Settings\Roger\Desktop\john-16w.zip/john-16/run/john-k6.zip Infected: HackTool.Win32.John
C:\Documents and Settings\Roger\Desktop\john-16w.zip/john-16/run/john-mmx.zip/john.exe Infected: HackTool.Win32.John
C:\Documents and Settings\Roger\Desktop\john-16w.zip/john-16/run/john-mmx.zip Infected: HackTool.Win32.John
C:\Documents and Settings\Roger\Desktop\john-16w.zip Infected: HackTool.Win32.John
C:\Documents and Settings\Roger\Local Settings\Temp\6.qtdfmp Infected: Trojan-Downloader.Win32.Small.aux
C:\Documents and Settings\Roger\Local Settings\Temp\7.qtdfmp Infected: Trojan-Downloader.Win32.Small.atl
C:\Documents and Settings\Roger\Local Settings\Temp\vx1.game Infected: Trojan-Dropper.Win32.Small.acg
C:\Documents and Settings\Roger\Local Settings\Temp\vx4.game Infected: Trojan-Clicker.Win32.Tiny.c
C:\Documents and Settings\Roger\Local Settings\Temp\vxt1.game Infected: Backdoor.Win32.Agent.iw
C:\Documents and Settings\Tatiana\Local Settings\Temp\vx1.game Infected: Trojan-Dropper.Win32.Small.acg
C:\Documents and Settings\Tatiana\Local Settings\Temp\vx4.game Infected: Trojan-Clicker.Win32.Tiny.c
C:\Documents and Settings\Tatiana\Local Settings\Temp\vxt1.game Infected: Backdoor.Win32.Agent.iw
C:\Documents and Settings\Tatiana\Local Settings\Temporary Internet Files\Content.IE5\85ENCDQB\gdnUS2070[1].exe Infected: Trojan-Downloader.Win32.Small.ayl
C:\Documents and Settings\Tatiana\Local Settings\Temporary Internet Files\Content.IE5\85ENCDQB\gdnUS2070[2].exe Infected: Trojan-Downloader.Win32.Small.ayl
C:\Documents and Settings\Tatiana\Local Settings\Temporary Internet Files\Content.IE5\EGWKHLQP\gdnUS2070[1].exe Infected: Trojan-Downloader.Win32.Small.ayl
C:\Documents and Settings\Tatiana\Local Settings\Temporary Internet Files\Content.IE5\KHQJSTIN\sploit[1].anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Documents and Settings\Tatiana\Local Settings\Temporary Internet Files\Content.IE5\KHQJSTIN\sploit[2].anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Documents and Settings\Tatiana\Local Settings\Temporary Internet Files\Content.IE5\KHQJSTIN\x[1].chm/load.exe Infected: Trojan-Downloader.Win32.Small.bct
C:\Documents and Settings\Tatiana\Local Settings\Temporary Internet Files\Content.IE5\KHQJSTIN\x[1].chm/x.htm Suspicious: Exploit.HTML.CodeBaseExec
C:\Documents and Settings\Tatiana\Local Settings\Temporary Internet Files\Content.IE5\KHQJSTIN\x[1].chm Infected: Exploit.HTML.CodeBaseExec
C:\Documents and Settings\Tatiana\Local Settings\Temporary Internet Files\Content.IE5\KHQJSTIN\x[2].chm/load.exe Infected: Trojan-Downloader.Win32.Small.bct
C:\Documents and Settings\Tatiana\Local Settings\Temporary Internet Files\Content.IE5\KHQJSTIN\x[2].chm/x.htm Suspicious: Exploit.HTML.CodeBaseExec
C:\Documents and Settings\Tatiana\Local Settings\Temporary Internet Files\Content.IE5\KHQJSTIN\x[2].chm Infected: Exploit.HTML.CodeBaseExec
C:\Documents and Settings\Tatiana\Local Settings\Temporary Internet Files\Content.IE5\OXQJG1AN\gdnUS2070[1].exe Infected: Trojan-Downloader.Win32.Small.ayl
C:\Documents and Settings\Tatiana\Local Settings\Temporary Internet Files\Content.IE5\OXQJG1AN\gdnUS2070[2].exe Infected: Trojan-Downloader.Win32.Small.ayl
C:\Documents and Settings\Tatiana\Local Settings\Temporary Internet Files\Content.IE5\OXQJG1AN\gdnUS2070[4].exe Infected: Trojan-Downloader.Win32.Small.ayl
C:\Documents and Settings\Tatiana\Local Settings\Temporary Internet Files\Content.IE5\OXQJG1AN\loadadv645[1].exe Infected: Trojan-Downloader.Win32.Small.bct
C:\loader.exe Infected: Trojan-Downloader.Win32.Small.bct
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\15C.tmp Infected: Trojan.Win32.LowZones.y
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\15D.tmp Infected: Trojan.Win32.LowZones.y
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\15E.tmp Infected: Trojan-Downloader.Win32.Agent.ho
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\15F.tmp Infected: Trojan-Downloader.Win32.Agent.ho
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\163.tmp Infected: Trojan.Win32.LowZones.y
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\164.tmp Infected: Trojan.Win32.LowZones.y
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\165.tmp Infected: Trojan-Downloader.Win32.Agent.ho
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\166.tmp Infected: Trojan-Downloader.Win32.Agent.ho
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\167.tmp Infected: Trojan-PSW.Win32.LdPinch.os
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1A4.tmp Infected: Trojan.Win32.LowZones.y
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1A5.tmp Infected: Trojan.Win32.LowZones.y
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1A6.tmp Infected: Trojan-Downloader.Win32.Agent.ho
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1A7.tmp Infected: Trojan-Downloader.Win32.Agent.ho
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1A8.tmp Infected: Trojan-PSW.Win32.LdPinch.os
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1C.tmp Infected: Trojan-PSW.Win32.LdPinch.os
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1E.tmp Infected: Trojan-PSW.Win32.LdPinch.os
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2.tmp Infected: Trojan.Win32.LowZones.y
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\20.tmp Infected: Trojan-PSW.Win32.LdPinch.os
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\22.tmp Infected: Trojan-PSW.Win32.LdPinch.os
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2E.tmp Infected: Trojan-Downloader.Win32.Agent.ho
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2F.tmp Infected: Trojan-Downloader.Win32.Agent.ho
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\3.tmp Infected: Trojan.Win32.LowZones.y
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\30.tmp Infected: Trojan-Downloader.Win32.Agent.ho
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\31.tmp Infected: Trojan-Downloader.Win32.Agent.ho
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\32.tmp Infected: Trojan.Win32.LowZones.y
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\33.tmp Infected: Trojan.Win32.LowZones.y
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\34.tmp Infected: Trojan-PSW.Win32.LdPinch.os
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\3D.tmp Infected: Trojan.Win32.LowZones.y
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\3E.tmp Infected: Trojan.Win32.LowZones.y
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\3F.tmp Infected: Trojan-Downloader.Win32.Agent.ho
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4.tmp Infected: Trojan-Downloader.Win32.Agent.ho
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\40.tmp Infected: Trojan-Downloader.Win32.Agent.ho
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\41.tmp Infected: Trojan-PSW.Win32.LdPinch.os
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\8.tmp Infected: Trojan-Downloader.Win32.Agent.ho
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\B.tmp Infected: Trojan-PSW.Win32.LdPinch.os
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\DE.tmp/index.htm Infected: Trojan-Downloader.VBS.Psyme.ac
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\DE.tmp Infected: Trojan-Downloader.VBS.Psyme.ac
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\E0.tmp/exploit.htm Infected: Trojan-Downloader.VBS.Psyme.ac
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\E0.tmp Infected: Trojan-Downloader.VBS.Psyme.ac
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\E2.tmp/exploit.htm Infected: Trojan-Downloader.VBS.Psyme.ac
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\E2.tmp Infected: Trojan-Downloader.VBS.Psyme.ac
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\E4.tmp/file.exe Infected: Trojan-Downloader.Win32.Small.xk
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\E4.tmp/launch.html Infected: Exploit.HTML.CodeBaseExec
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\E4.tmp Infected: Exploit.HTML.CodeBaseExec
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP64\A0020900.exe Infected: Trojan-Downloader.Win32.Small.bcd
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP64\A0020902.exe Infected: Trojan-Dropper.Win32.Small.acg
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP64\A0020905.exe Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP64\A0020907.dll Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP64\A0020908.dll Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP64\A0021855.exe Infected: Trojan-Downloader.Win32.Agent.qx
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP64\A0021856.exe Infected: Trojan-Downloader.Win32.Small.bcd
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP64\A0021857.exe Infected: Trojan-Dropper.Win32.Small.acg
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP64\A0021859.exe Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP64\A0021861.exe Infected: Trojan-Clicker.Win32.Tiny.c
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP64\A0021862.dll Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP64\A0021864.dll Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP64\A0021889.exe Infected: Trojan-Downloader.Win32.Small.awa
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP64\A0021890.exe Infected: Trojan-Downloader.Win32.Small.aux
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP64\A0021891.exe Infected: Trojan-Downloader.Win32.Small.atl
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP64\A0021897.dll Infected: Trojan-Proxy.Win32.Small.cn
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP65\A0022856.dll Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP65\A0022857.dll Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP65\A0022858.exe Infected: Trojan-Dropper.Win32.Small.acg
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP65\A0022870.exe Infected: Trojan-Downloader.Win32.Small.bct
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP66\A0023057.exe Infected: Trojan-Downloader.Win32.Small.bct
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0025318.exe Infected: Trojan-Downloader.Win32.Small.bcd
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0025320.exe Infected: Trojan-Dropper.Win32.Small.acg
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0025323.exe Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0025324.exe Infected: Trojan-Clicker.Win32.Tiny.c
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0025326.exe Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0025328.dll Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0025329.dll Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0026273.exe Infected: Trojan-Downloader.Win32.Agent.qx
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0026274.exe Infected: Trojan-Downloader.Win32.Small.bcd
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0026275.dll Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0026276.dll Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0026277.exe Infected: Trojan-Dropper.Win32.Small.acg
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0026280.exe Infected: Trojan-Clicker.Win32.Tiny.c
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0026282.dll Infected: Trojan-Proxy.Win32.Small.cn
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0026288.exe Infected: Trojan-Downloader.Win32.Small.bct
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0026311.exe Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027251.dll Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027252.exe Infected: Trojan-Downloader.Win32.Agent.qx
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027253.dll Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027254.exe Infected: Trojan-Downloader.Win32.Small.bcd
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027255.exe Infected: Trojan-Dropper.Win32.Small.acg
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027258.exe Infected: Trojan-Clicker.Win32.Tiny.c
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027269.exe Infected: Trojan-Downloader.Win32.Small.agq
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027270.exe Infected: Trojan-Downloader.Win32.Small.awa
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027287.exe Infected: Trojan-Downloader.Win32.Small.bct
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027289.exe Infected: Trojan-Downloader.Win32.Small.bct
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027290.exe Infected: Trojan-Downloader.Win32.Small.ayl
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027294.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.kc
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027294.exe/data0005 Infected: Trojan-Downloader.Win32.IstBar.kc
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027294.exe Infected: Trojan-Downloader.Win32.IstBar.kc
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027295.exe Infected: Trojan-Downloader.Win32.Small.bct
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027296.dll Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027297.exe Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027299.exe Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027300.dll Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027301.exe Infected: Backdoor.Win32.Padodor.az
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027302.exe Infected: Trojan.Win32.Dialer.ay
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027303.exe Infected: Trojan-Downloader.Win32.Small.aux
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027304.exe Infected: Trojan-Downloader.Win32.Small.atl
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027305.exe Infected: Trojan-Downloader.Win32.Agent.qx
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027306.exe Infected: Trojan-Downloader.Win32.Small.agq
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027307.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.kc
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027307.exe/data0005 Infected: Trojan-Downloader.Win32.IstBar.kc
C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027307.exe Infected: Trojan-Downloader.Win32.IstBar.kc
C:\WINDOWS\installer2.exe Infected: Trojan-Spy.Win32.Agent.dq
C:\WINDOWS\system32\appwiz.dll Infected: Trojan-Spy.Win32.Agent.dq
C:\WINDOWS\system32\hookdump.exe Infected: not-virus:Hoax.Win32.Avgold.e
C:\WINDOWS\system32\__delete_on_reboot____delete_on_reboot____delete_on_reboot__abirvalg32.dll Infected: Trojan-Proxy.Win32.Small.cn

Scan was interrupted by user!


and now trend micro ....

Virus Log","2005/07/19","USCSPBR-8I2CTR6"
"Time","Event","Source Type","Virus Name","File Name","First Action","Second Action"
"00:15","Real-time Scan","File","TROJ_LOWZONES.BZ","C:\DOCUME~1\Roger\LOCALS~1\Temp\vxt2.game","Quarantine Success",""
"00:15","Real-time Scan","File","TROJ_LOWZONES.BZ","C:\Documents and Settings\Roger\Local Settings\Temporary Internet Files\Content.IE5\WLQ3KXMR\tool2[1].exe","Quarantine Success",""
"00:15","Real-time Scan","File","TROJ_DLOADER.JQ","C:\DOCUME~1\Roger\LOCALS~1\Temp\vx3.game","Quarantine Success",""
"00:15","Real-time Scan","File","TROJ_DLOADER.JQ","C:\Documents and Settings\Roger\Local Settings\Temporary Internet Files\Content.IE5\WLQ3KXMR\game3[1].exe","Quarantine Success",""
"00:15","Real-time Scan","File","TROJ_PSWPINCH.A","C:\Documents and Settings\Roger\Local Settings\Temporary Internet Files\Content.IE5\KXYN8XE3\abc[1].exe","Quarantine Fail",""
"00:15","Real-time Scan","File","TROJ_PSWPINCH.A","C:\WINDOWS\system32\abc.exe","Quarantine Success",""
"00:39","Real-time Scan","File","TROJ_PSWPINCH.A","C:\Documents and Settings\Jami\Local Settings\Temporary Internet Files\Content.IE5\85ENCDQB\abc[1].exe","Quarantine Success",""
"00:40","Real-time Scan","File","TROJ_PSWPINCH.A","C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\EGWKHLQP\abc[1].exe","Quarantine Success",""
"00:40","Real-time Scan","File","TROJ_PSWPINCH.A","C:\Documents and Settings\Roger\Local Settings\Temporary Internet Files\Content.IE5\KXYN8XE3\abc[1].exe","Quarantine Success",""
"00:44","Real-time Scan","File","TROJ_PSWPINCH.A","C:\Documents and Settings\Tatiana\Local Settings\Temporary Internet Files\Content.IE5\85ENCDQB\abc[1].exe","Quarantine Success",""
"02:17","Real-time Scan","File","TROJ_PSWPINCH.A","C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027271.exe","Quarantine Success",""
"02:17","Real-time Scan","File","TROJ_PSWPINCH.A","C:\System Volume Information\_restore{890F0A9B-FE17-4008-B95F-274CD873A701}\RP69\A0027272.exe","Quarantine Success",""
"02:47","Real-time Scan","File","TROJ_SMALL.SJ","D:\Documents and Settings\Rico\Local Settings\Temp\1.qtdfmp","Quarantine Success",""
"02:48","Real-time Scan","File","TROJ_SMALL.AFF","D:\Documents and Settings\Rico\Local Settings\Temp\vx1.game","Quarantine Success",""
"02:48","Real-time Scan","File","TROJ_DLOADER.JQ","D:\Documents and Settings\Rico\Local Settings\Temp\vx3.game","Quarantine Success",""
"02:48","Real-time Scan","File","TROJ_LOWZONES.BZ","D:\Documents and Settings\Rico\Local Settings\Temp\vxt2.game","Quarantine Success",""
"02:50","Real-time Scan","File","JAVA_BYTEVER.A","GetAccess.class (D:\Documents and Settings\Rico\Local Settings\Temporary Internet Files\Content.IE5\0PUJ01YB\classload[1].jar)","Quarantine Fail",""
"02:50","Real-time Scan","File","JAVA_BYTEVER.A","InsecureClassLoader.class (D:\Documents and Settings\Rico\Local Settings\Temporary Internet Files\Content.IE5\0PUJ01YB\classload[1].jar)","Quarantine Fail",""
"02:50","Real-time Scan","File","JAVA_BYTEVER.A","Dummy.class (D:\Documents and Settings\Rico\Local Settings\Temporary Internet Files\Content.IE5\0PUJ01YB\classload[1].jar)","Quarantine Fail",""
"02:50","Real-time Scan","File","JAVA_BYTEVER.A","Installer.class (D:\Documents and Settings\Rico\Local Settings\Temporary Internet Files\Content.IE5\0PUJ01YB\classload[1].jar)","Quarantine Fail",""
"02:50","Real-time Scan","File","---","D:\Documents and Settings\Rico\Local Settings\Temporary Internet Files\Content.IE5\0PUJ01YB\classload[1].jar","Quarantine Success",""
"02:50","Real-time Scan","File","TROJ_DLOADER.FA","D:\Documents and Settings\Rico\Local Settings\Temporary Internet Files\Content.IE5\0PYB8T6J\open[1].exe","Quarantine Success",""
"02:50","Real-time Scan","File","JAVA_BYTEVER.A","Beyond.class (D:\Documents and Settings\Rico\Local Settings\Temporary Internet Files\Content.IE5\41QVG1YV\count[1].jar)","Quarantine Fail",""
"02:50","Real-time Scan","File","---","D:\Documents and Settings\Rico\Local Settings\Temporary Internet Files\Content.IE5\41QVG1YV\count[1].jar","Quarantine Success",""
"02:50","Real-time Scan","File","JS_PSYME.AF","D:\Documents and Settings\Rico\Local Settings\Temporary Internet Files\Content.IE5\41QVG1YV\page1[1].htm","Quarantine Success",""
"02:50","Real-time Scan","File","TROJ_CRYPT.E","D:\Documents and Settings\Rico\Local Settings\Temporary Internet Files\Content.IE5\CH2741EJ\latest[1].exe","Quarantine Success",""
"02:50","Real-time Scan","File","TROJ_DROPPER.EY","D:\Documents and Settings\Rico\Local Settings\Temporary Internet Files\Content.IE5\GAYPTCK3\z[1].exe","Quarantine Success",""
"02:51","Real-time Scan","File","TROJ_PSWPINCH.A","D:\Documents and Settings\Rico\Local Settings\Temporary Internet Files\Content.IE5\KP6Z0PEN\abc[1].exe","Quarantine Success",""


AND FINALLY HIJACK THIS!!!


Logfile of HijackThis v1.99.1
Scan saved at 2:44:29 AM, on 7/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\nvraidservice.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Evidence Eliminator\ee.exe
C:\WINDOWS\System32\vxh8jkdq2.exe
C:\winstall.exe
C:\WINDOWS\System32\vxh8jkdq2.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\System32\vxgame6.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wpabaln.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccmain.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\msiexec.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Roger\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\WINDOWS\blank.mht
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 213.219.251.78 google.com
O1 - Hosts: 213.219.251.78 google.com.au
O1 - Hosts: 213.219.251.79 yahoo.com
O1 - Hosts: 213.219.251.80 www.msn.com
O1 - Hosts: 213.219.251.80 msn.com
O1 - Hosts: 213.219.251.80 search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: (no name) - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - (no file)
O3 - Toolbar: (no name) - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - (no file)
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - Startup: Paraben's Daily Journal.lnk = C:\Program Files\Paraben\Daily Journal\pdj.exe
O4 - Startup: Paraben's Password Manager.lnk = C:\Program Files\Paraben's Password Manager\Paraben.exe
O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Smart Reminder.lnk = C:\Program Files\Surado\Smart Contact Manager 2001\rem_dsk.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-roger.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {3C200107-2959-4C6E-91B8-F6D911B398A8} - http://www.drivershq.com/cab/p
  • 0

Advertisements

#2
g2i2r4
Posted 24 July 2005 - 04:00 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Welcome rogerbaby to Geeks to Go!

We are having a look at your log and will post as soon as possible.
  • 0

#3
Perculator
Posted 24 July 2005 - 04:17 PM

Perculator

    Visiting Staff

  • Member
  • PipPipPip
  • 183 posts
Welcome to Geeks to Go!

Sorry for the delay, the forums are very busy.

I'm taking over this log from g2i2r4.

If you still need help, please post back here in this topic with a fresh log using HijackThis.

Also do this please:
Open HijackThis
Go to Open the Misc tools Session
Press the button ‘open uninstall manager’
Press the button 'save list'. It will open a Notepad file. Place the content of that file here in your answer please.

You don't need to post the other logs scanlogs again.

If you solved the problem, please let me know.

Edited by Perculator, 24 July 2005 - 04:17 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP