Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Winfixer wont leave me alone [RESOLVED]

Started by fonzy , Aug 12 2005 05:29 AM

  • This topic is locked This topic is locked

#16
fonzy
Posted 16 August 2005 - 09:58 AM

fonzy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Hi,

I have done the best I can with what you suggested. I couldn't find a file called "r?gsvr32.exe" only one named "regsvr32.exe". Also when I right clicked on DelDomains.inf and clicked install it kept saying that it was unsuccessful.

Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 16:55:10, on 16/08/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CA\eTrust\InoculateIT\realmon.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\explorer.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://PP3:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrust\InoculateIT\realmon.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122910406445
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt01.com/d...onale_ver11.CAB
O16 - DPF: {E9472078-EBA7-4885-8768-80ACF6F94553} (ClientSetup.RunSetup) - http://www.screenpag...ClientSetup.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PARTYPIECES.CO.UK
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PARTYPIECES.CO.UK
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = PARTYPIECES.CO.UK
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: eTrust InoculateIT RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
O23 - Service: eTrust InoculateIT Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
O23 - Service: eTrust InoculateIT Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINNT\LogWatNT.exe

and the EWIDO scan repot:

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 16:33:28, 16/08/2005
+ Report-Checksum: B359D4DE

+ Scan result:

No infected objects found.


::Report End
  • 0

Advertisements

#17
tampabelle
Posted 16 August 2005 - 10:03 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi fonzy

looks like all issues here have been take care of !!!


Did you check all other user login profiles as to whether you have similar or any problems ??
  • 0

#18
fonzy
Posted 16 August 2005 - 10:13 AM

fonzy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Hi Tampabelle,

Unfortunately Winfixer2005 is still coming up under this login profile. This is the only other user profile.

Thanks

Fonzy
  • 0

#19
tampabelle
Posted 16 August 2005 - 10:28 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please visit Panda and do an online scan. Save the scan report.

Run Hijack This and post a fresh HJT log along with Panda scan report.
  • 0

#20
fonzy
Posted 17 August 2005 - 04:47 AM

fonzy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
It doesn't seem to work when I try and run an online scan. Is there a different one I can try at all?

Thanks

Fonzy
  • 0

#21
tampabelle
Posted 17 August 2005 - 06:36 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Fonzy,


There are three other online scans give in my signature at the bottom of this message. Please do a scan with any one of them.

In case none of them work, then download Firefox Mozilla Browser and install it.

Do an online scan at http://uk.trendmicro...call_launch.php
  • 0

#22
fonzy
Posted 17 August 2005 - 08:20 AM

fonzy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Hi Tampabelle,

I did a scan with Kapersky. Hope thats ok :tazz:

Here is the new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 15:18:59, on 17/08/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CA\eTrust\InoculateIT\realmon.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINNT\Downloaded Program Files\UWFX5LP_0001_0803NetInstaller.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://PP3:8080
O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrust\InoculateIT\realmon.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKCU\..\Run: [NI.UWFX5LP_0001_0803] "C:\WINNT\Downloaded Program Files\UWFX5LP_0001_0803NetInstaller.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122910406445
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt01.com/d...onale_ver11.CAB
O16 - DPF: {E9472078-EBA7-4885-8768-80ACF6F94553} (ClientSetup.RunSetup) - http://www.screenpag...ClientSetup.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PARTYPIECES.CO.UK
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PARTYPIECES.CO.UK
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = PARTYPIECES.CO.UK
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: eTrust InoculateIT RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
O23 - Service: eTrust InoculateIT Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
O23 - Service: eTrust InoculateIT Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINNT\LogWatNT.exe



and the kapersky log:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, August 17, 2005 15:15:57
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 17/08/2005
Kaspersky Anti-Virus database records: 135620
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 40364
Number of viruses found: 11
Number of infected objects: 113
Number of suspicious objects: 17
Duration of the scan process: 1315 sec

Infected Object Name - Virus Name
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/30 Dec 2004 16:23 from [email protected]:Protected Mail /msg_sales.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/30 Dec 2004 16:23 from [email protected]:Protected Mail /msg_sales.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/15 Dec 2004 10:06 from [email protected]:R/your_product.pif Infected: Email-Worm.Win32.NetSky.d
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Dec 2004 20:26 from [email protected]:Re: Confirmation/aol_1237.scr Infected: Email-Worm.Win32.Sober.i
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/10 Dec 2004 10:11 from [email protected]:Re: Your /your_website.pif Infected: Email-Worm.Win32.NetSky.d
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/08 Dec 2004 09:59 from [email protected]:R/document.pif Infected: Email-Worm.Win32.NetSky.d
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/08 Dec 2004 07:16 from [email protected]:Re: Secure deli/message.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/08 Dec 2004 07:16 from [email protected]:Re: Secure deli/message.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/07 Dec 2004 15:57 from [email protected]:Mail Delivery .rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/07 Dec 2004 15:57 from [email protected]:Mail Delivery /message.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/06 Dec 2004 16:56 from [email protected]:Ma/auto__mail.chauffeured-parking6419.word.bat Infected: Email-Worm.Win32.Sober.i
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/01 Dec 2004 20:51 from [email protected]:Re: Virus Sample/datfiles_sales.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/01 Dec 2004 20:51 from [email protected]:Re: Virus Sample/datfiles_sales.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/30 Nov 2004 21:24 from [email protected]:sales@partyp/instruction.zip/instruction.html .com Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/30 Nov 2004 21:24 from [email protected]:sales@partyp/instruction.zip Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/26 Nov 2004 12:49 from [email protected]:Thank you!/details.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/26 Nov 2004 12:49 from [email protected]:Thank you!/details.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/25 Nov 2004 19:47 from [email protected]:Hi/Bill.zip/Bill.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/25 Nov 2004 19:47 from [email protected]:Hi/Bill.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/25 Nov 2004 04:28 from [email protected]:Mail Delivery.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/25 Nov 2004 04:28 from [email protected]:Mail Delivery/message.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/23 Nov 2004 21:22 from [email protected]:Mail Del.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/23 Nov 2004 21:22 from [email protected]:Mail Del/message.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Nov 2004 20:55 from [email protected]:Re: Bad Request/msg_sales.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Nov 2004 20:55 from [email protected]:Re: Bad Request/msg_sales.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/15 Nov 2004 15:49 from The Post Office:Returned mail: Data forma/document.zip/document.doc .pif Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/15 Nov 2004 15:49 from The Post Office:Returned mail: Data forma/document.zip Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 22:38 from System Administrator:Undeliverable: Mail /14 Nov 2004 22:30 from PP Sales:Mail Delivery (failure gqjzqsnjk.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 22:38 from System Administrator:Undeliverable: Mail /14 Nov 2004 22:30 from PP Sales:Mail Delivery (failure gqjzqsnjk/message.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/15 Nov 2004 06:50 from [email protected]:News/report01.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/15 Nov 2004 06:50 from [email protected]:News/report01.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 22:43 from [email protected]:Mail De.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 22:43 from [email protected]:Mail De/message.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 22:25 from [email protected]:Re: Free [bleep]/www.freeporn4all.doc.pif Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 21:56 from [email protected]:Mail Delivery (failu.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 21:56 from [email protected]:Mail Delivery (failu/message.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 21:46 from [email protected]:Illegal Website/list.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 21:46 from [email protected]:Illegal Website/list.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 21:46 from [email protected]:Mail Delivery (f.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 21:46 from [email protected]:Mail Delivery (f/message.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 21:35 from Debbie Wood:Important/document.zip/document.txt .scr Infected: Email-Worm.Win32.Mabutu.a
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 21:35 from Debbie Wood:Important/document.zip Infected: Email-Worm.Win32.Mabutu.a
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 21:32 from [email protected]:Re: file/file.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 21:32 from [email protected]:Re: file/file.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 20:18 from [email protected]:Mail Delivery (.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 20:18 from [email protected]:Mail Delivery (/message.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 20:11 from [email protected]:here/bill.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 20:11 from [email protected]:here/bill.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 19:48 from [email protected]:Private document/about_you.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 19:48 from [email protected]:Private document/about_you.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 19:45 from [email protected]:Re: Proof of concept/part_01.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 19:45 from [email protected]:Re: Proof of concept/part_01.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/13 Nov 2004 09:08 from Halifax:Important bank mail from Halifax .rtf Infected: Trojan-Spy.HTML.Bankfraud.hs
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/09 Nov 2004 22:51 from [email protected]:Mail Delivery (failure s.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/09 Nov 2004 22:51 from [email protected]:Mail Delivery (failure s/message.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/06 Nov 2004 09:58 from [email protected]:message/message.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/06 Nov 2004 09:58 from [email protected]:message/message.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/04 Nov 2004 19:44 from Mail Administrator:hi/attachment.zip/attachment.zip/attachment.html .pif Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/04 Nov 2004 19:44 from Mail Administrator:hi/attachment.zip/attachment.zip Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/04 Nov 2004 19:44 from Mail Administrator:hi/attachment.zip Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/03 Nov 2004 12:02 from [email protected]:Mail System /instruction.com Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/02 Nov 2004 23:53 from noreply@sales:Mail Account/account.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/02 Nov 2004 23:53 from noreply@sales:Mail Account/account.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/02 Nov 2004 22:21 from [email protected]:F.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/02 Nov 2004 22:21 from [email protected]:F/message.pif Infected: Email-Worm.Win32.NetSky.r
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/02 Nov 2004 10:42 from Mail Delivery Subsystem:Status/Attachment.pif Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/28 Oct 2004 16:05 from [email protected]:Do/details.exe Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/27 Oct 2004 19:39 from System Administrator:Undeliverable: Mail /27 Oct 2004 19:29 to [email protected]:Mail Delivery (failure .rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/27 Oct 2004 19:39 from System Administrator:Undeliverable: Mail /27 Oct 2004 19:29 to [email protected]:Mail Delivery (failure /message.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/27 Oct 2004 21:29 from Administrator:Delivery failed/mail.zip/mail.htm .scr Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/27 Oct 2004 21:29 from Administrator:Delivery failed/mail.zip Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/27 Oct 2004 20:32 from [email protected]:Mail Delivery (failure .rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/27 Oct 2004 20:32 from [email protected]:Mail Delivery (failure /message.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/27 Oct 2004 19:33 from [email protected]:Mail Delivery System.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/27 Oct 2004 19:33 from [email protected]:Mail Delivery System/message.pif Infected: Email-Worm.Win32.NetSky.r
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/27 Oct 2004 19:33 from [email protected]:Delivery (sales@partyp/msg19275.pif Infected: Email-Worm.Win32.NetSky.r
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/27 Oct 2004 16:50 from System Administrator:Undeliverable: Re: O/27 Oct 2004 16:42 to [email protected]:Re: Order/data02.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/27 Oct 2004 08:59 from System Administrator:Undeliverable: Funny/27 Oct 2004 08:54 from PP Sales:Funny/your_text.pif Infected: Email-Worm.Win32.NetSky.ac
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/26 Oct 2004 20:24 from CFML / Greg Shepherd: [CFML] L1: v MK Don.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/24 Oct 2004 22:12 from [email protected]:Delivery Bot (sale/message15784.pif Infected: Email-Worm.Win32.NetSky.r
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/24 Oct 2004 20:38 from [email protected]:Mail Delivery failu/mail25980.pif Infected: Email-Worm.Win32.NetSky.r
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/21 Oct 2004 17:42 from [email protected]:Re: thanks!/bill_sales.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/21 Oct 2004 17:42 from [email protected]:Re: thanks!/bill_sales.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/21 Oct 2004 17:13 from [email protected]:Mail .rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/21 Oct 2004 17:13 from [email protected]:Mail /message.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/21 Oct 2004 16:16 from System Administrator:Undeliverable: Funny/21 Oct 2004 16:02 to [email protected]:Funny/your_text.pif Infected: Email-Worm.Win32.NetSky.ac
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/21 Oct 2004 16:14 from [email protected]:Document/Bill.zip/Bill.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/21 Oct 2004 16:14 from [email protected]:Document/Bill.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/21 Oct 2004 16:05 from [email protected]:Document/Details.zip/Details.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/21 Oct 2004 16:05 from [email protected]:Document/Details.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/21 Oct 2004 15:54 from [email protected]:Re: Hello/summary2004.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/21 Oct 2004 15:54 from [email protected]:Re: Hello/summary2004.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/20 Oct 2004 16:26 from [email protected]:Important/Informations.zip/Informations.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/20 Oct 2004 16:26 from [email protected]:Important/Informations.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/20 Oct 2004 16:04 from [email protected]:Do you?/d4334938_sales.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/20 Oct 2004 13:44 from [email protected]:Re: Delivery /message_sales.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/20 Oct 2004 12:52 from [email protected]:Re: Here i/document_full.pif Infected: Email-Worm.Win32.NetSky.d
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/20 Oct 2004 09:22 from [email protected]:Hi/Important.zip/Important.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/20 Oct 2004 09:22 from [email protected]:Hi/Important.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 21:25 from [email protected]:Re: approved/document.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 21:25 from [email protected]:Re: approved/document.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 20:28 from [email protected]:Re: Re: /message_details.pif Infected: Email-Worm.Win32.NetSky.d
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 20:03 from [email protected]:Unknown Exception (sales.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 20:03 from [email protected]:Unknown Exception (sales/message.pif Infected: Email-Worm.Win32.NetSky.r
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 19:28 from [email protected]:Re: /document09.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 18:50 from [email protected]:Illegal Website/details.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 18:50 from [email protected]:Illegal Website/details.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 18:48 from [email protected]:Hi/Part-2.zip/Part-2.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 18:48 from [email protected]:Hi/Part-2.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 18:27 from [email protected]:Hi/Bill.zip/Bill.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 18:27 from [email protected]:Hi/Bill.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 17:54 from [email protected]:Re: Re: improved/information.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 17:54 from [email protected]:Re: Re: improved/information.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 17:26 from [email protected]:Delivery (sal/message6671.zip Infected: Email-Worm.Win32.NetSky.r
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 15:59 from [email protected]:Mail Delivery (fail.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 15:59 from [email protected]:Mail Delivery (fail/message.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 15:49 from [email protected]:delivery failed/letter.zip/letter.zip/letter.txt .exe Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 15:49 from [email protected]:delivery failed/letter.zip/letter.zip Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 15:49 from [email protected]:delivery failed/letter.zip Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 12:34 from [email protected]:Re: Your document/your_document.pif Infected: Email-Worm.Win32.NetSky.d
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst Infected: Email-Worm.Win32.NetSky.d
C:\WINNT\system32\drivers\etc\hosts Infected: Trojan.Win32.Qhost
F:\QADATA\RPM\BACKUP.PST/Personal Folders/Inbox/12 Mar 2004 14:56 from [email protected]:Re: Your letter/your_letter.pif Infected: Email-Worm.Win32.NetSky.d
F:\QADATA\RPM\BACKUP.PST/Personal Folders/Inbox/01 Mar 2004 14:06 from [email protected]:Re: Your pi/your_picture.pif Infected: Email-Worm.Win32.NetSky.d
F:\QADATA\RPM\BACKUP.PST/Personal Folders/Inbox/01 Mar 2004 13:47 from [email protected]:Re: My detail/my_details.pif Infected: Email-Worm.Win32.NetSky.d
F:\QADATA\RPM\BACKUP.PST/Personal Folders/Inbox/01 Mar 2004 12:30 from [email protected]:Re: Hello/your_picture.pif Infected: Email-Worm.Win32.NetSky.d
F:\QADATA\RPM\BACKUP.PST/Personal Folders/Inbox/01 Mar 2004 11:24 from [email protected]:Re: Your tex/your_text.pif Infected: Email-Worm.Win32.NetSky.d
F:\QADATA\RPM\BACKUP.PST Infected: Email-Worm.Win32.NetSky.d
F:\QADATA\CRDATA\MESSAGE.SCR Infected: Email-Worm.Win32.NetSky.q
F:\QADATA\CRDATA\MESSAGE.PIF Infected: Email-Worm.Win32.NetSky.r

Scan process completed.
  • 0

#23
tampabelle
Posted 17 August 2005 - 11:32 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi fonzy,

Run Hijack This and click on scan. The following items need to be fixed -

O4 - HKCU\..\Run: [NI.UWFX5LP_0001_0803] "C:\WINNT\Downloaded Program Files\UWFX5LP_0001_0803NetInstaller.exe"

Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

Reboot the PC in Safe Mode.

Locate and delete the file - C:\WINNT\Downloaded Program Files\UWFX5LP_0001_0803NetInstaller.exe


Reboot the PC in Normal Mode. Let me know how your PC is behaving !!!!


Also please note that Kaspersky has picked infections in the mails received by you and lying in your inbox. Most of the infections are in the attachments of the mails. You may seriously consider deleting the infected mails.
  • 0

#24
fonzy
Posted 18 August 2005 - 06:11 AM

fonzy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Hi Tampabelle,

Here is the latest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 13:10:09, on 18/08/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CA\eTrust\InoculateIT\realmon.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://PP3:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrust\InoculateIT\realmon.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122910406445
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt01.com/d...onale_ver11.CAB
O16 - DPF: {E9472078-EBA7-4885-8768-80ACF6F94553} (ClientSetup.RunSetup) - http://www.screenpag...ClientSetup.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PARTYPIECES.CO.UK
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PARTYPIECES.CO.UK
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = PARTYPIECES.CO.UK
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: eTrust InoculateIT RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
O23 - Service: eTrust InoculateIT Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
O23 - Service: eTrust InoculateIT Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINNT\LogWatNT.exe

I couldn't find the file:

C:\WINNT\Downloaded Program Files\UWFX5LP_0001_0803NetInstaller.exe

However, it looks like Winfixer has gone.

Thanks

Fonzy
  • 0

#25
tampabelle
Posted 18 August 2005 - 10:46 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Fonzy,

So you are not having any issues (Winfoxer or any other) in any of your login profiles ???
  • 0

Advertisements

#26
fonzy
Posted 19 August 2005 - 04:46 AM

fonzy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Hi Tampabelle,

Winfixer has definately gone and everything seems to be fine. Does it look ok to you?

Thanks

Fonzy
  • 0

#27
tampabelle
Posted 19 August 2005 - 07:24 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Fonzy,

CONGRATULATIONS !!!!!!!!!!! Your PC is clean now :tazz:



I would recommend the following steps to keep your PC clean –

PREVENTIVE MEASURES FOR FUTURE

Operating System
1. Keep the Windows and Internet Explorer updated with the latest fixes. These fixes are available free from Microsoft. Click on Tools in the IE menu bar and then on Windows update. You can also use the following links

Windows security and critical updates
Internet Explorer security and critical updates

Also ensure that automatic updates are enabled for faster updation of the system.
(Right click on My Computer on your desktop, properties and Automatic Updates tab.


Anti-Virus Software
2. Keep your Anti-virus program updated with the latest definitions. Some of the common anti-virus programs in use are :

Norton Anti-Virus
McAfee Anti-Virus
AVG Anti-Virus --- freeware
Avast Home Edition --- freeware

Use only one anti-virus program as multiple such programs can create conflicts between themselves and severely hamper the performance of your PC.


Firewall
3. You should also have a good firewall. Here are 3 free ones available for personal use:
Sygate Personal Firewall, Kerio Personal Firewall, ZoneAlarm


Internet Browsers
4. Have robust explorer settings. It is preferable to use an internet browser other that IE as most of the malware is targetted at IE. In case you prefer to use IE, then download a list of innocent looking but harmful websites from IE-Spyad and install it on ur PC. IE-SPYAD puts over 5000 sites in your internet explorer's restricted zone, so you'll be protected when you visit innocent-looking sites that aren't really innocent at all.

Some alternate browsers I suggest are Firefox Mozilla Browser and Opera

Ensure that Security level, irrespective of whichever browser you use, is set at Medium or higher, restrict the usage of cookies and activeX components.


Spyware Protection
5. Have a wall of protection against spyware / adware by installing SpywareBlaster and SpywareGuard.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs.
SpywareBlaster will prevent spyware from being installed and consumes no system resources.
SpywareGuard offers realtime protection from spyware installation and browser hijack attempts. Both have free ongoing updates.


Spyware Removers
6. Install programs for scanning for malware and uninstalling them. Two of the best programs, both are freeware, are :

Spybot Search & Destroy - A powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

AdAware SE Personal Edition - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.


Regular Maintenance of PC
7. Finally, invest some time for regular maintenance of your PC. Delete the temporary Internet files, temporary files, cookies etc. Click on Start button, Programs, Accessories, System Tools and run the program Disk Cleanup. Follow the instructions.

An alternate freeware software which can be used is CleanUp.

Keep your Registry clean. My favourite software is Registry First Aid. This is not a freeware but a trial version can be downloaded.


Go ahead and enjoy a clean PC !!!!!!!!!!!!!
  • 0

#28
tampabelle
Posted 19 August 2005 - 07:24 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP