Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Mozilla won't run? [RESOLVED]


  • This topic is locked This topic is locked

#1
chaosRL

chaosRL

    New Member

  • Member
  • Pip
  • 8 posts
hi. i'm new here, and i hope you guys can help me.

lately, i don't know why, but i can't use mozilla firefox or thunderbird. when i click them, they just don't open. i found that if i reinstall it, they will run for the first couple times i try to use them, but after that, it doesn't work. i've already completely reinstalled them several times. also, i get a message saying that windows is missing some files and it asks me to insert my XP cd. i do so, and nothing happens, the autorun just goes. it'll ask me for it later, usually after i reboot. i don't know if this helps at all, but thanks for reading!

hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 6:59:22 PM, on 8/30/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\SK9910DM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\regsrv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Hijack This\HijackThis.exe
C:\Hijack This\HijackThis.exe

F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\system32\Kernel32.win
O4 - HKLM\..\Run: [Israfel] C:\WINDOWS\system32\Israfel.vbs
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1110919144632
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

i don't know if this matters, but i've used CCleaner to clean my registry. i don't think that it did anything, as i have used the computer since.
  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...&DisplayLang=en
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#3
chaosRL

chaosRL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:35:39 AM, on 9/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\SK9910DM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\Explorer.EXE
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\system32\Kernel32.win
O4 - HKLM\..\Run: [Israfel] C:\WINDOWS\system32\Israfel.vbs
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1110919144632
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125869197900
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe



here's my new log, since the last one, i've installed windows XP sp2 and a bunch of other updates, uninstalled firefox/thunderbird and am using opera right now, but opera seems to be having some problems since i've installed sp2, as in some web pages will just lock it up. Thanks again~!
  • 0

#4
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please download and install AVG antivirus. Follow the prompts to download and install all updates and then run a complete scan.

http://free.grisoft....E/lng/us/tpl/v5

Let me know what AVG finds.


Once the scan is done reboot and post a new hijackthis log.
  • 0

#5
chaosRL

chaosRL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Logfile of HijackThis v1.99.1
Scan saved at 7:27:07 PM, on 9/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\SK9910DM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\WScript.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\regsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\system32\Kernel32.win
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Israfel] C:\WINDOWS\system32\Israfel.vbs
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1110919144632
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125869197900
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

The AVG antivirus found a TON of stuff. I don't exactly remember what the virus was called, but it has something to do with israfel.vbs and a bunch of vbs files. If I get another warning I'll post up what it tells me the virus is. Thanks a bunch!
  • 0

#6
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
I had a feeling it would find a few things. :tazz:

It's always a good idea to get a second opinion in cases like this. And we should get a log that will give us some more info than what AVG provided.

Please run Panda Online Virus Scan
  • Make sure it is set to clean automatically.
  • There may be files that this scan will not remove.
  • Please include that information in your next post.

Reboot and post a new hijackthis log and the info from your virus scan.
  • 0

#7
chaosRL

chaosRL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Logfile of HijackThis v1.99.1
Scan saved at 4:02:17 PM, on 9/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\SK9910DM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\WScript.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\regsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\Explorer.EXE
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\system32\Kernel32.win
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Israfel] C:\WINDOWS\system32\Israfel.vbs
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1110919144632
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125869197900
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe



Hi. I can't seem to run Panda Online Virus Scan. Everytime I open the website, after a few seconds, it will close my browser, whether its in Opera or IE. I did get the name of the virus that AVG found: VBS/Gedza.A. I hope this helps! thanks!
  • 0

#8
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Ok, let's clean up a little and then we'll try one more.

Please make sure that you can View Hidden Files
  • Click Start -> My Computer
  • Select Tools -> Folder options
  • Select the View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled.
  • Also make sure that 'Display the contents of system folders' is checked.
For more info on how to show hidden files click here.



Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\system32\Kernel32.win
O4 - HKLM\..\Run: [Israfel] C:\WINDOWS\system32\Israfel.vbs
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1



Please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
* if you have trouble getting into Safe mode go here for more info.




Once in Safe mode, delete these files or directories (Do not be concerned if they do not exist):

C:\WINDOWS\system32\winmgd.win
C:\WINDOWS\system32\mouse_configurator.win
C:\WINDOWS\system32\Kernel32.win
C:\WINDOWS\system32\Israfel.vbs



Reboot back into normal mode.


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#9
chaosRL

chaosRL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
thanks for your prompt response. just want to let you know i probably won't get around to doing this until tomorrow afternoon, as i have to finish up some school work tonight. thanks again!
  • 0

#10
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
No problem. Just post when you can. I'll be around. :tazz:
  • 0

Advertisements


#11
chaosRL

chaosRL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, September 08, 2005 18:20:00
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 9/09/2005
Kaspersky Anti-Virus database records: 139490
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 73876
Number of viruses found: 5
Number of infected objects: 5475
Number of suspicious objects: 0
Duration of the scan process: 9722 sec

Infected Object Name - Virus Name
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc.zip Infected: Email-Worm.VBS.Gedza
C:\Documents and Settings\Jeff Yeh\Local Settings\Application Data\toaster\packages\da868842-39c1-400c-91ae-1d912b62068b\ActiveUpdate.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Documents and Settings\Jeff Yeh\Local Settings\Application Data\toaster\packages\da868842-39c1-400c-91ae-1d912b62068b\ActiveUpdate.zip Infected: Email-Worm.VBS.Gedza
C:\Documents and Settings\Jeff Yeh\Local Settings\Temp\328248_3772_784_1544_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Documents and Settings\Jeff Yeh\Local Settings\Temp\852144_3772_784_4056_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Documents and Settings\Jeff Yeh\Shared\Day.Of.The.Tentacle.(Maniac.Mansion.2).ShareReactor.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Documents and Settings\Jeff Yeh\Shared\Day.Of.The.Tentacle.(Maniac.Mansion.2).ShareReactor.zip Infected: Email-Worm.VBS.Gedza
C:\Documents and Settings\Jeff Yeh\Shared\Dead Aim 4.5 + AIM 5.5 + Crack With Instructions.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Documents and Settings\Jeff Yeh\Shared\Dead Aim 4.5 + AIM 5.5 + Crack With Instructions.zip Infected: Email-Worm.VBS.Gedza
C:\Documents and Settings\Jeff Yeh\Shared\WindowBlinds\RSWB4501.ZIP/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Documents and Settings\Jeff Yeh\Shared\WindowBlinds\RSWB4501.ZIP Infected: Email-Worm.VBS.Gedza
C:\Documents and Settings\Jeff Yeh\Shared\WindowBlinds\RSWB4502.ZIP/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Documents and Settings\Jeff Yeh\Shared\WindowBlinds\RSWB4502.ZIP Infected: Email-Worm.VBS.Gedza
C:\Documents and Settings\Jeff Yeh\Shared\WindowBlinds\RSWB4503.ZIP/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Documents and Settings\Jeff Yeh\Shared\WindowBlinds\RSWB4503.ZIP Infected: Email-Worm.VBS.Gedza
C:\Documents and Settings\Jeff Yeh\Shared\[PC Games] GTA5 - Grand Tefth Auto san andreas PC RIP (work PERFECTLY).zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Documents and Settings\Jeff Yeh\Shared\[PC Games] GTA5 - Grand Tefth Auto san andreas PC RIP (work PERFECTLY).zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\CORE1.ZIP/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\CORE1.ZIP Infected: Email-Worm.VBS.Gedza
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\CORE2.ZIP/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\CORE2.ZIP Infected: Email-Worm.VBS.Gedza
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\CORE3.ZIP/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\CORE3.ZIP Infected: Email-Worm.VBS.Gedza
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\OTHER.ZIP/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\OTHER.ZIP Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\ AceBackup 2004 v2.1.3.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\ AceBackup 2004 v2.1.3.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\ AceBackup 2004 v2.1.3.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\ Bingo DVD Audio Ripper v3.4.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\ Bingo DVD Audio Ripper v3.4.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\ Bingo DVD Audio Ripper v3.4.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\ DVDInfoPro v4.15.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\ DVDInfoPro v4.15.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\ DVDInfoPro v4.15.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\ Handy Backup v4.7.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\ Handy Backup v4.7.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\ Handy Backup v4.7.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\#1 Video Converter 3.8.5.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\#1 Video Converter 3.8.5.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\#1 Video Converter 3.8.5.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\007 Spy Software 3.32.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\007 Spy Software 3.32.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\007 Spy Software 3.32.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\123 CD Ripper 2.10.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\123 CD Ripper 2.10.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\123 CD Ripper 2.10.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\2 Beautiful Lesbians.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\2 Beautiful Lesbians.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\2 Beautiful Lesbians.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\2 Blonde Teens [bleep] a Huge [bleep].zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\2 Blonde Teens [bleep] a Huge [bleep].zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\2 Blonde Teens [bleep] a Huge [bleep].zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\3D Ultra Pinball Thrillride.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\3D Ultra Pinball Thrillride.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\3D Ultra Pinball Thrillride.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\50 Cent - In Da Club-Music Vid.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\50 Cent - In Da Club-Music Vid.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\50 Cent - In Da Club-Music Vid.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\8 in 1 Complete System Maintenance.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\8 in 1 Complete System Maintenance.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\8 in 1 Complete System Maintenance.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\9 Albums MP3 Downloads.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\9 Albums MP3 Downloads.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\9 Albums MP3 Downloads.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Access To MSSQL v2.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Access To MSSQL v2.1.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Access To MSSQL v2.1.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Access2MySQL Pro v4.3.6.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Access2MySQL Pro v4.3.6.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Access2MySQL Pro v4.3.6.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\ACD Systems Canvas X Build 885.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\ACD Systems Canvas X Build 885.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\ACD Systems Canvas X Build 885.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\ACDSee 7.0.102 PowerPack.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\ACDSee 7.0.102 PowerPack.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\ACDSee 7.0.102 PowerPack.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\AceFTP 3.01 Pro.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\AceFTP 3.01 Pro.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\AceFTP 3.01 Pro.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\AcqURL v7.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\AcqURL v7.2.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\AcqURL v7.2.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Acronis Disk Director Suite 9.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Acronis Disk Director Suite 9.0.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Acronis Disk Director Suite 9.0.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Acronis Disk Director Suite v9.0.537.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Acronis Disk Director Suite v9.0.537.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Acronis Disk Director Suite v9.0.537.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Acronis DriveCleanser 6.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Acronis DriveCleanser 6.0.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Acronis DriveCleanser 6.0.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Acronis OS Selector 8.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Acronis OS Selector 8.0.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Acronis OS Selector 8.0.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Acronis PartitionExpert 2003.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Acronis PartitionExpert 2003.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Acronis PartitionExpert 2003.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Acronis Power Utilities 2004 Build 502 Retail.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Acronis Power Utilities 2004 Build 502 Retail.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Acronis Power Utilities 2004 Build 502 Retail.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Acronis Privacy Expert Suite 7.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Acronis Privacy Expert Suite 7.0.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Acronis Privacy Expert Suite 7.0.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Acronis True Image 8.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Acronis True Image 8.0.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Acronis True Image 8.0.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Acronis True Image v7.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Acronis True Image v7.0.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Acronis True Image v7.0.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Active Port Pro v1.30.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Active Port Pro v1.30.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Active Port Pro v1.30.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Ad-aware 6.0 build 181.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Ad-aware 6.0 build 181.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Ad-aware 6.0 build 181.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Ad-Aware SE Professional.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Ad-Aware SE Professional.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Ad-Aware SE Professional.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\AddWeb Web Page Promoter Pro v7.2.8.5.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\AddWeb Web Page Promoter Pro v7.2.8.5.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\AddWeb Web Page Promoter Pro v7.2.8.5.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Adobe Encore DVD 1.5 Pro.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Adobe Encore DVD 1.5 Pro.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Adobe Encore DVD 1.5 Pro.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Adobe GoLive CS2 8.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Adobe GoLive CS2 8.0.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Adobe GoLive CS2 8.0.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Adobe Illustrator 10.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Adobe Illustrator 10.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Adobe Illustrator 10.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Adobe Illustrator CS2 v12.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Adobe Illustrator CS2 v12.0.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Adobe Illustrator CS2 v12.0.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Adobe Photoshop 8.0 CS.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Adobe Photoshop 8.0 CS.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Adobe Photoshop 8.0 CS.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Adobe Photoshop CS 8.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Adobe Photoshop CS 8.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Adobe Photoshop CS 8.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Adobe Photoshop CS Classroom In A Book.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Adobe Photoshop CS Classroom In A Book.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Adobe Photoshop CS Classroom In A Book.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Adobe Photoshop CS2 v9.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Adobe Photoshop CS2 v9.0.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Adobe Photoshop CS2 v9.0.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Advanced MP3WMA Recorder 5.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Advanced MP3WMA Recorder 5.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Advanced MP3WMA Recorder 5.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Agnitum Outpost Firewall Pro 2.1.309.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Agnitum Outpost Firewall Pro 2.1.309.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Agnitum Outpost Firewall Pro 2.1.309.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Ahead NeroVision Express v3.1.0.11.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Ahead NeroVision Express v3.1.0.11.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Ahead NeroVision Express v3.1.0.11.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Ai RoboForm v6.3.96.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Ai RoboForm v6.3.96.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Ai RoboForm v6.3.96.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Alcohol 120% 1.9.5.2722.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Alcohol 120% 1.9.5.2722.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Alcohol 120% 1.9.5.2722.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Alexander.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Alexander.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Alexander.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Alicia Rhodes & Her Big Perfect Tits.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Alicia Rhodes & Her Big Perfect Tits.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Alicia Rhodes & Her Big Perfect Tits.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\All Cleaner 6.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\All Cleaner 6.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\All Cleaner 6.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\American Civil War Gettysburg.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\American Civil War Gettysburg.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\American Civil War Gettysburg.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Antenna Web Design Studio v1.5.55.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Antenna Web Design Studio v1.5.55.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Antenna Web Design Studio v1.5.55.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\AnyDVD 5.2.4.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\AnyDVD 5.2.4.2.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\AnyDVD 5.2.4.2.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\AnyDVD v3.8.2.3 Multilanguage.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\AnyDVD v3.8.2.3 Multilanguage.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\AnyDVD v3.8.2.3 Multilanguage.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\AOL Instant Messenger 5.9.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\AOL Instant Messenger 5.9.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\AOL Instant Messenger 5.9.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Arigola HTML To PHP Converter 4.2.1.9.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Arigola HTML To PHP Converter 4.2.1.9.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Arigola HTML To PHP Converter 4.2.1.9.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Arturia CS-80V v1.5 -H20.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Arturia CS-80V v1.5 -H20.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Arturia CS-80V v1.5 -H20.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Ashampoo Movie Shrink And Burn 2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Ashampoo Movie Shrink And Burn 2.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Ashampoo Movie Shrink And Burn 2.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Ashampoo UnInstaller Platinum 1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Ashampoo UnInstaller Platinum 1.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Ashampoo UnInstaller Platinum 1.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Asmw PC Optimizer Pro v6.31.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Asmw PC Optimizer Pro v6.31.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Asmw PC Optimizer Pro v6.31.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\ATI Catalyst 5.6.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\ATI Catalyst 5.6.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\ATI Catalyst 5.6.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\AutoCAD 2005.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\AutoCAD 2005.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\AutoCAD 2005.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\AutoCAD 2006.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\AutoCAD 2006.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\AutoCAD 2006.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Autodesk AutoCAD 2005.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Autodesk AutoCAD 2005.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Autodesk AutoCAD 2005.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Autodesk AutoCAD Electrical v2006.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Autodesk AutoCAD Electrical v2006.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Autodesk AutoCAD Electrical v2006.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Avant Browser 10.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Avant Browser 10.1.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Avant Browser 10.1.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Avast Professional Edition 4.1.418.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Avast Professional Edition 4.1.418.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Avast Professional Edition 4.1.418.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Backup Magic v1.6.7.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Backup Magic v1.6.7.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Backup Magic v1.6.7.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Battlefield 1942.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Battlefield 1942.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Battlefield 1942.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Battleship Surface Thunder.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Battleship Surface Thunder.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Battleship Surface Thunder.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\BearShare 5.1.0 beta 13.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\BearShare 5.1.0 beta 13.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\BearShare 5.1.0 beta 13.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\BeFaster v3.54.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\BeFaster v3.54.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\BeFaster v3.54.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\BlackICE Protection.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\BlackICE Protection.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\BlackICE Protection.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Blade Trinity WS DVDSCR XviD.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Blade Trinity WS DVDSCR XviD.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Blade Trinity WS DVDSCR XviD.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Blood IIthe Choosen.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Blood IIthe Choosen.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Blood IIthe Choosen.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\BootXP 2.50.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\BootXP 2.50.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\BootXP 2.50.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\BulletProof FTP Server v2.4.0.31.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\BulletProof FTP Server v2.4.0.31.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\BulletProof FTP Server v2.4.0.31.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\BySoft FreeRAM 4.0.4.167.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\BySoft FreeRAM 4.0.4.167.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\BySoft FreeRAM 4.0.4.167.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\BySoft InternetPal 3.1.2.168.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\BySoft InternetPal 3.1.2.168.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\BySoft InternetPal 3.1.2.168.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\CA eTrust EZ Antivirus 2005 7.0.6.7.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\CA eTrust EZ Antivirus 2005 7.0.6.7.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\CA eTrust EZ Antivirus 2005 7.0.6.7.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Cakewalk Pro Audio v9.03.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Cakewalk Pro Audio v9.03.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Cakewalk Pro Audio v9.03.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Carmen Electra- Playboy DVD.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Carmen Electra- Playboy DVD.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Carmen Electra- Playboy DVD.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Championship Manager 4.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Championship Manager 4.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Championship Manager 4.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\CleanCenter 1.35.02 Full Setup.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\CleanCenter 1.35.02 Full Setup.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\CleanCenter 1.35.02 Full Setup.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Clipboard Express Pro v3.1.13.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Clipboard Express Pro v3.1.13.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Clipboard Express Pro v3.1.13.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\CloneCD 5.0.4.5.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\CloneCD 5.0.4.5.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\CloneCD 5.0.4.5.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\CloneCD 5.2.4.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\CloneCD 5.2.4.1.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\CloneCD 5.2.4.1.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\CloneDVD 2.8.0.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\CloneDVD 2.8.0.2.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\CloneDVD 2.8.0.2.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\CloneDVD v3.0.2.5 Final.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\CloneDVD v3.0.2.5 Final.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\CloneDVD v3.0.2.5 Final.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\CoffeeCup Free DHTML Menu Builder 1.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\CoffeeCup Free DHTML Menu Builder 1.0.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\CoffeeCup Free DHTML Menu Builder 1.0.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Cold.Fear-MYTH.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Cold.Fear-MYTH.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Cold.Fear-MYTH.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Colin McRae Rally 2005.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Colin McRae Rally 2005.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Colin McRae Rally 2005.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\College Brunette [bleep]ed In Dorm.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\College Brunette [bleep]ed In Dorm.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\College Brunette [bleep]ed In Dorm.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\ColorImpact 2.7.1.366.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\ColorImpact 2.7.1.366.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\ColorImpact 2.7.1.366.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Commandos 3 Destination Berlin.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Commandos 3 Destination Berlin.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Commandos 3 Destination Berlin.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\CorelDraw Graphics Suite 12.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\CorelDraw Graphics Suite 12.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\CorelDraw Graphics Suite 12.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\CryptoNote v2.4.0.3.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\CryptoNote v2.4.0.3.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\CryptoNote v2.4.0.3.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\CSI Crime Scene Investigation.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\CSI Crime Scene Investigation.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\CSI Crime Scene Investigation.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\D-DAY.ZIP/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\D-DAY.ZIP/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\D-DAY.ZIP Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Daemon Tools v3.47.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Daemon Tools v3.47.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Daemon Tools v3.47.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Dangerous Waters - HOODLUM.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Dangerous Waters - HOODLUM.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Dangerous Waters - HOODLUM.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\danish teen babysitter.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\danish teen babysitter.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\danish teen babysitter.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Dead Man's Hand.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Dead Man's Hand.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Dead Man's Hand.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DeadLine 2.18.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\DeadLine 2.18.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DeadLine 2.18.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Digisoft DiskShop 2.52.1574.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Digisoft DiskShop 2.52.1574.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Digisoft DiskShop 2.52.1574.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DirectX 9.0 SDK Update - April 2005.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\DirectX 9.0 SDK Update - April 2005.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DirectX 9.0 SDK Update - April 2005.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DirectX 9.0b.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\DirectX 9.0b.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DirectX 9.0b.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Discreet Combustion 4.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Discreet Combustion 4.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Discreet Combustion 4.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Disk Cleaner.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Disk Cleaner.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Disk Cleaner.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Disk Explorer Professional v3.40.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Disk Explorer Professional v3.40.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Disk Explorer Professional v3.40.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Diskeeper 9 Professional v9.0.524.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Diskeeper 9 Professional v9.0.524.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Diskeeper 9 Professional v9.0.524.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Diskeeper v9.0.524 ProServer.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Diskeeper v9.0.524 ProServer.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Diskeeper v9.0.524 ProServer.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DiskExplorer for FAT 2.31.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\DiskExplorer for FAT 2.31.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DiskExplorer for FAT 2.31.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Doom 3 FiNAL iSO.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Doom 3 FiNAL iSO.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Doom 3 FiNAL iSO.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Download Accelerator Plus 7.4.0.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Download Accelerator Plus 7.4.0.2.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Download Accelerator Plus 7.4.0.2.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Dream-Soft Flash Screen Saver Builder v1.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Dream-Soft Flash Screen Saver Builder v1.1.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Dream-Soft Flash Screen Saver Builder v1.1.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DSL Speed 2.10.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\DSL Speed 2.10.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DSL Speed 2.10.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Dungeon Lords.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Dungeon Lords.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Dungeon Lords.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DVD Audio Extractor 3.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\DVD Audio Extractor 3.1.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DVD Audio Extractor 3.1.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DVD Encoder.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\DVD Encoder.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DVD Encoder.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DVD Identifier 4.0.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\DVD Identifier 4.0.1.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DVD Identifier 4.0.1.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DVD Mate Professional 2.7.5.25.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\DVD Mate Professional 2.7.5.25.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DVD Mate Professional 2.7.5.25.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DVD To DVD Copy v2.3.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\DVD To DVD Copy v2.3.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DVD To DVD Copy v2.3.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DVD X Copy Platinum.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\DVD X Copy Platinum.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DVD X Copy Platinum.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DVD X-Copy Xpress.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\DVD X-Copy Xpress.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DVD X-Copy Xpress.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DVDBuilder 2.1 build 4.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\DVDBuilder 2.1 build 4.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DVDBuilder 2.1 build 4.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DvdComposer v1.01.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\DvdComposer v1.01.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DvdComposer v1.01.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DVDX Platinum 2.0.0.32.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\DVDX Platinum 2.0.0.32.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\DVDX Platinum 2.0.0.32.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Dynamic Graphics Magazine June July 2005.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Dynamic Graphics Magazine June July 2005.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Dynamic Graphics Magazine June July 2005.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Easy Media Creator 7.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Easy Media Creator 7.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Easy Media Creator 7.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Easy MP3 Sound Recorder v3.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Easy MP3 Sound Recorder v3.0.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Easy MP3 Sound Recorder v3.0.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Easy Real Converter v1.50.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Easy Real Converter v1.50.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Easy Real Converter v1.50.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\EasyImage Batch v1.0.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\EasyImage Batch v1.0.2.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\EasyImage Batch v1.0.2.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Eminem - The Eminem Show [Full CD].zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Eminem - The Eminem Show [Full CD].zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Eminem - The Eminem Show [Full CD].zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Eminem-White America-Music Vid.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Eminem-White America-Music Vid.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Eminem-White America-Music Vid.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Eminem_feat_Dido - Stan(snl).zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Eminem_feat_Dido - Stan(snl).zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Eminem_feat_Dido - Stan(snl).zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\EMS PostgreSQL Manager 3.0.0.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\EMS PostgreSQL Manager 3.0.0.2.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\EMS PostgreSQL Manager 3.0.0.2.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Everest Home Edition.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Everest Home Edition.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Everest Home Edition.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\EverNote 1.0 1.00.4.119.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\EverNote 1.0 1.00.4.119.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\EverNote 1.0 1.00.4.119.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\ExplorerXP 1.06-(Nice File Manager).zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\ExplorerXP 1.06-(Nice File Manager).zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\ExplorerXP 1.06-(Nice File Manager).zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Exsate VideoExpress 1.0.2.121.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Exsate VideoExpress 1.0.2.121.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Exsate VideoExpress 1.0.2.121.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Extra Drive Creator Professional 4.7.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Extra Drive Creator Professional 4.7.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Extra Drive Creator Professional 4.7.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Eye Candy 5.0 Nature.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Eye Candy 5.0 Nature.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Eye Candy 5.0 Nature.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\FairStars Recorder.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\FairStars Recorder.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\FairStars Recorder.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\FASTCAD V7.13.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\FASTCAD V7.13.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\FASTCAD V7.13.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\FIFA 2005.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\FIFA 2005.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\FIFA 2005.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\File Scavenger v3.0.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\File Scavenger v3.0.1.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\File Scavenger v3.0.1.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\File Securer 3.80.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\File Securer 3.80.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\File Securer 3.80.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\File Securer v3.75.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\File Securer v3.75.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\File Securer v3.75.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\File Securer v3.76.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\File Securer v3.76.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\File Securer v3.76.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\FireGraphic 7.0.705.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\FireGraphic 7.0.705.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\FireGraphic 7.0.705.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Flash Web Design The Art Of Motion Graphics.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Flash Web Design The Art Of Motion Graphics.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Flash Web Design The Art Of Motion Graphics.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\FlashFXP 3.1.14.1078.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\FlashFXP 3.1.14.1078.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\FlashFXP 3.1.14.1078.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\FlashFXP v3.2.0.1080.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\FlashFXP v3.2.0.1080.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\FlashFXP v3.2.0.1080.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\FlashGet v1.65.1 Full.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\FlashGet v1.65.1 Full.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\FlashGet v1.65.1 Full.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\FlatOut.Multi-TECHNiC.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\FlatOut.Multi-TECHNiC.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\FlatOut.Multi-TECHNiC.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Floppy Zip Disk Rescue v1.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Floppy Zip Disk Rescue v1.0.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Floppy Zip Disk Rescue v1.0.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Focus Photoeditor 4.1.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Focus Photoeditor 4.1.2.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Focus Photoeditor 4.1.2.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Forward Software ShowMe v1.6.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Forward Software ShowMe v1.6.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Forward Software ShowMe v1.6.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Freddy Vs. Jason (Divx).zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Freddy Vs. Jason (Divx).zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Freddy Vs. Jason (Divx).zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\G-Unit - Beg For Mercy.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\G-Unit - Beg For Mercy.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\G-Unit - Beg For Mercy.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\GFI LANguard Network Security Scanner v6.0.20050531.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\GFI LANguard Network Security Scanner v6.0.20050531.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\GFI LANguard Network Security Scanner v6.0.20050531.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Girls Gone Wild - Dorm Room 3.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\Girls Gone Wild - Dorm Room 3.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\Girls Gone Wild - Dorm Room 3.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\GTA Vice City (PC).zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\GTA Vice City (PC).zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\GTA Vice City (PC).zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\GTA.San.Andreas.CloneDVD-MDeth.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\Shared\GTA.San.Andreas.CloneDVD-MDeth.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\GTA.San.Andreas.CloneDVD-MDeth.zip Infected: Email-Worm.VBS.Gedza
C:\Program Files\LimeWire\Shared\GTA.San.Andreas.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\LimeWire\
  • 0

#12
chaosRL

chaosRL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
hmmm. it didn't post the entire log. if you need to see the rest of it, i can post it up.

just a disclaimer: i was glancing through the log, and noticed some innappropriate files. these are not mine, and i'll have to have a talk with my brother soon. also, he installed limewire. does this have anything to do with the viruses?
  • 0

#13
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Limewire is a file sharing program that does increase the risk of getting infected by viruses and spyware. This is likely where your problem stems from.

I don't need to see the rest of that log, but I would like to see a new hijackthis log.

How is your computer running now?
  • 0

#14
chaosRL

chaosRL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Logfile of HijackThis v1.99.1
Scan saved at 6:20:30 PM, on 9/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\SK9910DM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\Explorer.EXE
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1110919144632
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125869197900
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe


there still seems to be a lot more entries than before, but my computer seems ok. it might be a little slower than i remember, but i'll have to play around a little bit more. also, last night during the kaspersky scan, i kept getting avg antivirus popups saying that it found a virus, asking me to "continue" "help" "heal" "delete file" "move to vault" and there would be TONS at a time, and each one i'd have to click heal->yes->ok. i ended up shutting down avg, but i'll start it up again and see if its done. thanks again!
  • 0

#15
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Your log looks clean to me. AVG was probably just reacting to the same files that Kaspersky was. I wouldn't worry about that unless you start to notice more problems.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:tazz: :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP