Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Comet Systems Adware


  • Please log in to reply

#16
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hiya

Open MSAS, then click on Tools>Spyware scan> manage quarantine. Then select the new.net item and select UNQuarantine Item
  • 0

Advertisements


#17
wwisconsin

wwisconsin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I just looked at the MSAS qurantine list and it's not there. Probably beacuse when I found it after the scan, it gives you a choice of "remove" or "quarantine", and I selected "remove".
  • 0

#18
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi There

sorry about that, i had to reboot.

Ok , have you rebooted your system since you ran the scan and removed the files found?
  • 0

#19
wwisconsin

wwisconsin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Yes.
The scan actually ran automatically when I left my computer running all night for a disk defrag. I forgot I had the scan scheduled to run at 2 AM, so I lucked out.
Anyway, I found that it had run when I looked this morning and did the remove option. Since that point, I have turned my computer off and rebooted on a couple of occasions. Sounds like I was lucky!
  • 0

#20
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hiya

That is strange, there are no other signs of newdotnet on your logs at all, yet if you had it, there should be. Well following the Jotti analysis you had done, your log looks clean to me, however, I would like you to run an online scan for me please, just to see if anything else is in there.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#21
wwisconsin

wwisconsin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
The scan with the extended library is in process (27%) complete. Your instructions didn't say anything about delteing the bad files that are found (so far 10 found). You just said to post the text file of the report. If it gives me the option to remove the files, should I?
  • 0

#22
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi there

It would be best to not remove the files found just in case they are false positives. I am always wary of deleting automatically, personally I like to have some control over what is going on.
  • 0

#23
wwisconsin

wwisconsin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Okay. It's finally done.
I'll post the results below, then I'm going to turn-in for the night. Thanks again for all your help. I'll check back tomorrow.

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, October 12, 2005 21:45:43
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 13/10/2005
Kaspersky Anti-Virus database records: 153722
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 112577
Number of viruses found: 17
Number of infected objects: 216
Number of suspicious objects: 0
Duration of the scan process: 4845 sec

Infected Object Name - Virus Name
C:\a.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\a.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Dad\My Documents\Temporary\Webroot Spy Sweeper 4.5.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Dad\My Documents\Temporary\Webroot Spy Sweeper 4.5.1.zip Infected: Worm.Win32.VB.an
C:\Our Files\Computer Related\Dads Toolbox\Communications\iMeshV3.exe/WISE0020.BIN/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor
C:\Our Files\Computer Related\Dads Toolbox\Communications\iMeshV3.exe/WISE0020.BIN/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor
C:\Our Files\Computer Related\Dads Toolbox\Communications\iMeshV3.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.Cydoor
C:\Our Files\Computer Related\Dads Toolbox\Communications\iMeshV3.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.EZula.d
C:\Our Files\Computer Related\Dads Toolbox\Communications\iMeshV3.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\Our Files\Computer Related\Dads Toolbox\Communications\iMeshV3.exe/WISE0025.BIN Infected: not-a-virus:AdWare.Win32.Gator.1050
C:\Our Files\Computer Related\Dads Toolbox\Communications\iMeshV3.exe/WISE0027.BIN/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ar
C:\Our Files\Computer Related\Dads Toolbox\Communications\iMeshV3.exe/WISE0027.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.ar
C:\Our Files\Computer Related\Dads Toolbox\Communications\iMeshV3.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ar
C:\Our Files\Computer Related\Dads Toolbox\Communications\kazaaFDL.exe/data0003 Infected: Trojan-Downloader.Win32.Dreamad
C:\Our Files\Computer Related\Dads Toolbox\Communications\kazaaFDL.exe Infected: Trojan-Downloader.Win32.Dreamad
C:\Our Files\Computer Related\Dads Toolbox\Communications\vnc-3.3.3r9_x86_win32.zip/vnc_x86_win32/vncviewer/vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333
C:\Our Files\Computer Related\Dads Toolbox\Communications\vnc-3.3.3r9_x86_win32.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333
C:\Our Files\Computer Related\Dads Toolbox\Games\fake delete\fakedel.zip/fake_del.exe Infected: not-virus:BadJoke.Win32.FakeDel.c
C:\Our Files\Computer Related\Dads Toolbox\Games\fake delete\fakedel.zip Infected: not-virus:BadJoke.Win32.FakeDel.c
C:\Our Files\Computer Related\Dads Toolbox\Games\fake delete\fake_del.exe Infected: not-virus:BadJoke.Win32.FakeDel.c
C:\Our Files\Computer Related\Dads Toolbox\Utilities\keyfinder.exe/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a
C:\Our Files\Computer Related\Dads Toolbox\Utilities\keyfinder.exe/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a
C:\Our Files\Computer Related\Dads Toolbox\Utilities\keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a
C:\Program Files\iMesh\Client\imesh_336.exe Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\7666EEA0-C62C-4377-B9EA-5866FF.asq Infected: Trojan-Downloader.Win32.Dreamad
C:\Program Files\Norton AntiVirus\Quarantine\06DC023F.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\06E60034.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\06E60034.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\06E60034.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\06E60034.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\06E60034.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\0C071F73 Infected: not-a-virus:PSWTool.Win32.Brutus
C:\Program Files\Norton AntiVirus\Quarantine\0D783E66 Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\172D79A6.scr Infected: Email-Worm.Win32.Bagle.ai
C:\Program Files\Norton AntiVirus\Quarantine\1B317140 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\3B4A4B2F Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\4EE53F89 Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\5E0F0716.class Infected: Trojan.Java.ClassLoader.c
C:\System Volume Information\_restore{DC0297A4-55F1-40A7-AFF7-ED594FA28D1B}\RP340\A0064234.exe Infected: Worm.Win32.VB.an
C:\System Volume Information\_restore{DC0297A4-55F1-40A7-AFF7-ED594FA28D1B}\RP340\A0064235.exe Infected: Worm.Win32.VB.an
C:\Uploads\ File And Folder Protector v2.3.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\ File And Folder Protector v2.3.zip Infected: Worm.Win32.VB.an
C:\Uploads\2 Beautiful Lesbians.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\2 Beautiful Lesbians.zip Infected: Worm.Win32.VB.an
C:\Uploads\AbleFtp v6.23.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\AbleFtp v6.23.zip Infected: Worm.Win32.VB.an
C:\Uploads\Actual Title Buttons v3.7.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Actual Title Buttons v3.7.zip Infected: Worm.Win32.VB.an
C:\Uploads\Actual Transparent Window v3.7.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Actual Transparent Window v3.7.zip Infected: Worm.Win32.VB.an
C:\Uploads\Actual Window Guard v3.7.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Actual Window Guard v3.7.zip Infected: Worm.Win32.VB.an
C:\Uploads\Actual Window Manager v3.7.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Actual Window Manager v3.7.zip Infected: Worm.Win32.VB.an
C:\Uploads\Actual Window Menu v3.7.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Actual Window Menu v3.7.zip Infected: Worm.Win32.VB.an
C:\Uploads\Actual Window Minimizer v3.7.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Actual Window Minimizer v3.7.zip Infected: Worm.Win32.VB.an
C:\Uploads\Actual Window Rollup v3.7.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Actual Window Rollup v3.7.zip Infected: Worm.Win32.VB.an
C:\Uploads\AlgoLab Photo Vector v1.98.49.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\AlgoLab Photo Vector v1.98.49.zip Infected: Worm.Win32.VB.an
C:\Uploads\Alicia Rhodes & Her Big Perfect Tits.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Alicia Rhodes & Her Big Perfect Tits.zip Infected: Worm.Win32.VB.an
C:\Uploads\All In One CoffeeCup Retail.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\All In One CoffeeCup Retail.zip Infected: Worm.Win32.VB.an
C:\Uploads\All-In-One Learn To Speak Foreign Langua.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\All-In-One Learn To Speak Foreign Langua.zip Infected: Worm.Win32.VB.an
C:\Uploads\American Pie 1-2-3.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\American Pie 1-2-3.zip Infected: Worm.Win32.VB.an
C:\Uploads\Apollo DVD Copy v4.5.1..zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Apollo DVD Copy v4.5.1..zip Infected: Worm.Win32.VB.an
C:\Uploads\Auto Email PDF v1.03.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Auto Email PDF v1.03.zip Infected: Worm.Win32.VB.an
C:\Uploads\Automize v6.23.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Automize v6.23.zip Infected: Worm.Win32.VB.an
C:\Uploads\BatchImage v1.3.0.758.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\BatchImage v1.3.0.758.zip Infected: Worm.Win32.VB.an
C:\Uploads\Big Tit [bleep].zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Big Tit [bleep].zip Infected: Worm.Win32.VB.an
C:\Uploads\Brothers in Arms Road to Hill 30.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Brothers in Arms Road to Hill 30.zip Infected: Worm.Win32.VB.an
C:\Uploads\Carmen Electra- Playboy DVD.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Carmen Electra- Playboy DVD.zip Infected: Worm.Win32.VB.an
C:\Uploads\Cpukiller 3 v1.0.5.4.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Cpukiller 3 v1.0.5.4.zip Infected: Worm.Win32.VB.an
C:\Uploads\Dark Water.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Dark Water.zip Infected: Worm.Win32.VB.an
C:\Uploads\DFX 7.3 Audio Enhancer.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\DFX 7.3 Audio Enhancer.zip Infected: Worm.Win32.VB.an
C:\Uploads\DVD-lab PRO version 1.53.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\DVD-lab PRO version 1.53.zip Infected: Worm.Win32.VB.an
C:\Uploads\Easy DVD to DVD Copy v3.0.19.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Easy DVD to DVD Copy v3.0.19.zip Infected: Worm.Win32.VB.an
C:\Uploads\Encore Hoyle Slots And Video Poker v1.0.0.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Encore Hoyle Slots And Video Poker v1.0.0.2.zip Infected: Worm.Win32.VB.an
C:\Uploads\File Scavenger v3.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\File Scavenger v3.zip Infected: Worm.Win32.VB.an
C:\Uploads\FinePrint pdfFactory Pro v2.43.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\FinePrint pdfFactory Pro v2.43.zip Infected: Worm.Win32.VB.an
C:\Uploads\First Alert Service Monitor v9.80.01.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\First Alert Service Monitor v9.80.01.zip Infected: Worm.Win32.VB.an
C:\Uploads\Foreign Characters v5.50.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Foreign Characters v5.50.zip Infected: Worm.Win32.VB.an
C:\Uploads\Forensic Replicator v4.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Forensic Replicator v4.0.zip Infected: Worm.Win32.VB.an
C:\Uploads\HexDataEdit v1.11.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\HexDataEdit v1.11.zip Infected: Worm.Win32.VB.an
C:\Uploads\High Style Virtual Desktop v1.02.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\High Style Virtual Desktop v1.02.zip Infected: Worm.Win32.VB.an
C:\Uploads\Hope Mailer Standard Edition v1.23.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Hope Mailer Standard Edition v1.23.zip Infected: Worm.Win32.VB.an
C:\Uploads\Internet Kiosk Pro v2.3.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Internet Kiosk Pro v2.3.zip Infected: Worm.Win32.VB.an
C:\Uploads\ISO Commander v1.6.031 RC2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\ISO Commander v1.6.031 RC2.zip Infected: Worm.Win32.VB.an
C:\Uploads\JaBack 6.23.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\JaBack 6.23.zip Infected: Worm.Win32.VB.an
C:\Uploads\JasFTP v6.23.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\JasFTP v6.23.zip Infected: Worm.Win32.VB.an
C:\Uploads\Kaspersky Anti-Hacker v1.8.180.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Kaspersky Anti-Hacker v1.8.180.zip Infected: Worm.Win32.VB.an
C:\Uploads\Kaylynn POV Blowjob.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Kaylynn POV Blowjob.zip Infected: Worm.Win32.VB.an
C:\Uploads\Kingdia DVD Ripper Pro v2.4.3.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Kingdia DVD Ripper Pro v2.4.3.zip Infected: Worm.Win32.VB.an
C:\Uploads\Krystal First Time [bleep].zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Krystal First Time [bleep].zip Infected: Worm.Win32.VB.an
C:\Uploads\Less-Mess Calculator v4.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Less-Mess Calculator v4.0.zip Infected: Worm.Win32.VB.an
C:\Uploads\Microsoft Plus! Digital Media Edition.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Microsoft Plus! Digital Media Edition.zip Infected: Worm.Win32.VB.an
C:\Uploads\NetAnalysis v1.35.0054 Law Enforcement Edition.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\NetAnalysis v1.35.0054 Law Enforcement Edition.zip Infected: Worm.Win32.VB.an
C:\Uploads\NetSpeeder 3.52.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\NetSpeeder 3.52.zip Infected: Worm.Win32.VB.an
C:\Uploads\Nicky Reed [bleep] and Suck.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Nicky Reed [bleep] and Suck.zip Infected: Worm.Win32.VB.an
C:\Uploads\Paris Hilton Sex Tape.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Paris Hilton Sex Tape.zip Infected: Worm.Win32.VB.an
C:\Uploads\PcBoost 3.8.15.2005.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\PcBoost 3.8.15.2005.zip Infected: Worm.Win32.VB.an
C:\Uploads\PCPrivacySoftware Spam Sweeper v2.75.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\PCPrivacySoftware Spam Sweeper v2.75.zip Infected: Worm.Win32.VB.an
C:\Uploads\PCPrivacySoftware Wiper Wizard v2.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\PCPrivacySoftware Wiper Wizard v2.2.zip Infected: Worm.Win32.VB.an
C:\Uploads\PDF Image Stamp v1.06 Acrobat Plug-in.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\PDF Image Stamp v1.06 Acrobat Plug-in.zip Infected: Worm.Win32.VB.an
C:\Uploads\pinnacle studio 9.4.3.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\pinnacle studio 9.4.3.zip Infected: Worm.Win32.VB.an
C:\Uploads\PoolMagic CARE Plus v8.82.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\PoolMagic CARE Plus v8.82.zip Infected: Worm.Win32.VB.an
C:\Uploads\Private Disk v2.05.17.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Private Disk v2.05.17.zip Infected: Worm.Win32.VB.an
C:\Uploads\Registry Repair 2006.v4.0.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Registry Repair 2006.v4.0.1.zip Infected: Worm.Win32.VB.an
C:\Uploads\Service Record v5.4.8.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Service Record v5.4.8.zip Infected: Worm.Win32.VB.an
C:\Uploads\Sex 13 min Japanese girl.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Sex 13 min Japanese girl.zip Infected: Worm.Win32.VB.an
C:\Uploads\Shutdown Lock v1.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Shutdown Lock v1.2.zip Infected: Worm.Win32.VB.an
C:\Uploads\SlySoft CloneCD v5.2.1.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\SlySoft CloneCD v5.2.1.1.zip Infected: Worm.Win32.VB.an
C:\Uploads\SlySoft CloneDVD v2.8.2.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\SlySoft CloneDVD v2.8.2.1.zip Infected: Worm.Win32.VB.an
C:\Uploads\SmartFTP v1.5.988.50.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\SmartFTP v1.5.988.50.zip Infected: Worm.Win32.VB.an
C:\Uploads\SmartSoft Video Converter v2.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\SmartSoft Video Converter v2.1.zip Infected: Worm.Win32.VB.an
C:\Uploads\SoundForge 8.0b Build 110.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\SoundForge 8.0b Build 110.zip Infected: Worm.Win32.VB.an
C:\Uploads\Speed Video Splitter v2.2.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Speed Video Splitter v2.2.0.zip Infected: Worm.Win32.VB.an
C:\Uploads\Startup Organizer v2.8.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Startup Organizer v2.8.zip Infected: Worm.Win32.VB.an
C:\Uploads\Sweet MIDI Player v2.16.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Sweet MIDI Player v2.16.zip Infected: Worm.Win32.VB.an
C:\Uploads\The Hitchhiker's Guide to the Galaxy (20.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\The Hitchhiker's Guide to the Galaxy (20.zip Infected: Worm.Win32.VB.an
C:\Uploads\The Last Dragon.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\The Last Dragon.zip Infected: Worm.Win32.VB.an
C:\Uploads\The Prince and Me.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\The Prince and Me.zip Infected: Worm.Win32.VB.an
C:\Uploads\The Sixth Sense.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\The Sixth Sense.zip Infected: Worm.Win32.VB.an
C:\Uploads\Ulead DVD MovieFactory 4.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Ulead DVD MovieFactory 4.0.zip Infected: Worm.Win32.VB.an
C:\Uploads\Ultralingua Dictionaries Software All-In.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Ultralingua Dictionaries Software All-In.zip Infected: Worm.Win32.VB.an
C:\Uploads\Virtual Encrypted Disk v1.0.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Virtual Encrypted Disk v1.0.2.zip Infected: Worm.Win32.VB.an
C:\Uploads\Warez P2P 2.85 .zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Warez P2P 2.85 .zip Infected: Worm.Win32.VB.an
C:\Uploads\WavePad Audio Editing Software.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\WavePad Audio Editing Software.zip Infected: Worm.Win32.VB.an
C:\Uploads\Windows XP Media Center 2005 2CD ISO.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Windows XP Media Center 2005 2CD ISO.zip Infected: Worm.Win32.VB.an
C:\Uploads\Xilisoft Audio Converter v2.0.36.809.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Uploads\Xilisoft Audio Converter v2.0.36.809.zip Infected: Worm.Win32.VB.an
D:\file back up from C\Computer Related\Dads Toolbox\Communications\iMeshV3.exe/WISE0020.BIN/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor
D:\file back up from C\Computer Related\Dads Toolbox\Communications\iMeshV3.exe/WISE0020.BIN/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor
D:\file back up from C\Computer Related\Dads Toolbox\Communications\iMeshV3.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.Cydoor
D:\file back up from C\Computer Related\Dads Toolbox\Communications\iMeshV3.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.EZula.d
D:\file back up from C\Computer Related\Dads Toolbox\Communications\iMeshV3.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet
D:\file back up from C\Computer Related\Dads Toolbox\Communications\iMeshV3.exe/WISE0025.BIN Infected: not-a-virus:AdWare.Win32.Gator.1050
D:\file back up from C\Computer Related\Dads Toolbox\Communications\iMeshV3.exe/WISE0027.BIN/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ar
D:\file back up from C\Computer Related\Dads Toolbox\Communications\iMeshV3.exe/WISE0027.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.ar
D:\file back up from C\Computer Related\Dads Toolbox\Communications\iMeshV3.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ar
D:\file back up from C\Computer Related\Dads Toolbox\Communications\kazaaFDL.exe/data0003 Infected: Trojan-Downloader.Win32.Dreamad
D:\file back up from C\Computer Related\Dads Toolbox\Communications\kazaaFDL.exe Infected: Trojan-Downloader.Win32.Dreamad
D:\file back up from C\Computer Related\Dads Toolbox\Communications\vnc-3.3.3r9_x86_win32.zip/vnc_x86_win32/vncviewer/vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333
D:\file back up from C\Computer Related\Dads Toolbox\Communications\vnc-3.3.3r9_x86_win32.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333
D:\file back up from C\Computer Related\Dads Toolbox\Games\fake delete\fakedel.zip/fake_del.exe Infected: not-virus:BadJoke.Win32.FakeDel.c
D:\file back up from C\Computer Related\Dads Toolbox\Games\fake delete\fakedel.zip Infected: not-virus:BadJoke.Win32.FakeDel.c
D:\file back up from C\Computer Related\Dads Toolbox\Games\fake delete\fake_del.exe Infected: not-virus:BadJoke.Win32.FakeDel.c

Scan process completed.
  • 0

#24
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi There

Well now. You have managed to get infected with one of the "P2P Worms" that are out there. These get onto your system via infected downloads from P2P sites. getting this off will be a bit of a battle because it gets into absolutely everything, in your case, even the data backups you have made are corrupt.

The first thing to do is this

Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Boot into Safe Mode
  • Disable any folder protection/password file locks you have active.
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Reboot and post the Ewido Scanlog here for me please.
  • 0

#25
wwisconsin

wwisconsin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Here it is. This is getting scary!


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:35:40 PM, 10/14/2005
+ Report-Checksum: 91EF8641

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}\TypeLib\\ -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKU\S-1-5-21-1645522239-1757981266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
C:\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Dad\Cookies\dad@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Dad\Cookies\dad@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Dad\My Documents\Temporary\Webroot Spy Sweeper 4.5.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Eric\Cookies\eric@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@counter2.hitslink[2].txt -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@e-2dj6wfkyqgd5ibp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@e-2dj6wfliqkc5wao.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@e-2dj6wgkiqgczmdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@e-2dj6wjk4khczgap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@e-2dj6wjk4qic5mgq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@e-2dj6wjkoejdjidp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@e-2dj6wjkysnazobp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@e-2dj6wjkyupdjcfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@e-2dj6wjliqpdjkap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@e-2dj6wjlisjcpsbo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@e-2dj6wjlyggcjckq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@e-2dj6wjmichcjidq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@e-2dj6wjmickazsbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@e-2dj6wjnygnajmkp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@e-2dj6wjnyqmdzmbp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@ehg-autozone.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@ehg-bbc.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@ehg-bcstore.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@ehg-bestbuy.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@ehg-dig.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@ehg-fifa.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@ehg-primedia.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@ehg-salomon.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@ehg-sonycomputer.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@ehg-tmgolf.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@sales.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Sam\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Documents and Settings\z Guest of Radles\Cookies\z guest of radles@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\z Guest of Radles\Cookies\z guest of radles@ehg-nokiafin.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\z Guest of Radles\Cookies\z guest of radles@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Our Files\Computer Related\Dads Toolbox\Games\fake delete\fakedel.zip/fake_del.exe -> Not-A-Virus.Joke.FakeDel.c : Error during cleaning
C:\Our Files\Computer Related\Dads Toolbox\Games\fake delete\fake_del.exe -> Not-A-Virus.Joke.FakeDel.c : Cleaned with backup
C:\Program Files\iMesh\Client\imesh_336.exe -> Spyware.NewDotNet : Cleaned with backup
C:\RECYCLER\NPROTECT\00060485 -> Worm.VB.an : Cleaned with backup
C:\RECYCLER\NPROTECT\00060494 -> Spyware.NewDotNet : Cleaned with backup
C:\RECYCLER\NPROTECT\00060872.TXT -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\RECYCLER\NPROTECT\00060874.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060877.TXT -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\RECYCLER\NPROTECT\00060878.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060886.TXT -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\RECYCLER\NPROTECT\00060887.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060895.TXT -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\RECYCLER\NPROTECT\00060896.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060904.TXT -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\RECYCLER\NPROTECT\00060905.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060913.TXT -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\RECYCLER\NPROTECT\00060914.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060922.TXT -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\RECYCLER\NPROTECT\00060923.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060930.TXT -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\RECYCLER\NPROTECT\00060931.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060932.TXT -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\RECYCLER\NPROTECT\00060933.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060940.TXT -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\RECYCLER\NPROTECT\00060941.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060949.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060950.TXT -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\RECYCLER\NPROTECT\00060952.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060953.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060954.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060955.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060956.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060957.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060958.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060959.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060960.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060961.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060962.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060963.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060964.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060965.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060966.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060967.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060968.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060969.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060970.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060971.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060972.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060973.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060974.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060975.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060976.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060977.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060978.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060979.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060980.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060981.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060982.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060983.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060984.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060985.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060986.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060987.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060988.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060989.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060990.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060991.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060992.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060994.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060995.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060996.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060997.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060998.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00060999.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061000.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061001.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061003.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061004.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061005.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061006.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061007.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061008.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061009.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061010.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061011.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061012.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061061.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061062.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061063.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061064.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061065.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061074.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061075.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061076.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061077.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061078.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061079.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061080.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061081.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061082.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061083.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061084.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061085.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061086.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061087.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061088.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061089.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061096.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061097.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061098.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061100.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061105.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061106.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061108.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061109.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061110.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061112.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061113.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061114.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061115.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061117.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061118.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061119.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061120.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061121.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061126.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061127.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061128.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061167.TXT -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\NPROTECT\00061300.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061301.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061302.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061303.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061304.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061320.TXT -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\RECYCLER\NPROTECT\00061321.TXT -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\RECYCLER\NPROTECT\00061322.TXT -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\RECYCLER\NPROTECT\00061333.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00061334.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00061335.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00061336.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00061337.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00061338.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00061340.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00061344.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00061345.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00061346.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00061347.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00061348.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00061349.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00061350.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00061352.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00061353.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00061354.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00061356.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00061360.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00061366.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00061367.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00061382.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061383.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061386.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061391.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061393.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061394.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061395.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061396.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061397.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061398.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061399.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061400.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061401.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061402.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061403.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061404.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061405.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061406.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061407.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061408.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061409.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061410.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00061411.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Uploads\ File And Folder Protector v2.3.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Uploads\2 Beautiful Lesbians.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\AbleFtp v6.23.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Actual Title Buttons v3.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Actual Transparent Window v3.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Actual Window Guard v3.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Actual Window Manager v3.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Actual Window Menu v3.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Actual Window Minimizer v3.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Actual Window Rollup v3.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\AlgoLab Photo Vector v1.98.49.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Alicia Rhodes & Her Big Perfect Tits.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\All In One CoffeeCup Retail.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\All-In-One Learn To Speak Foreign Langua.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\American Pie 1-2-3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Apollo DVD Copy v4.5.1..zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Auto Email PDF v1.03.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Automize v6.23.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\BatchImage v1.3.0.758.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Big Tit [bleep].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Brothers in Arms Road to Hill 30.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Carmen Electra- Playboy DVD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Cpukiller 3 v1.0.5.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Dark Water.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\DFX 7.3 Audio Enhancer.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\DVD-lab PRO version 1.53.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Easy DVD to DVD Copy v3.0.19.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Encore Hoyle Slots And Video Poker v1.0.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\File Scavenger v3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\FinePrint pdfFactory Pro v2.43.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\First Alert Service Monitor v9.80.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Foreign Characters v5.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Forensic Replicator v4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\HexDataEdit v1.11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\High Style Virtual Desktop v1.02.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Hope Mailer Standard Edition v1.23.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Internet Kiosk Pro v2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\ISO Commander v1.6.031 RC2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\JaBack 6.23.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\JasFTP v6.23.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Kaspersky Anti-Hacker v1.8.180.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Kaylynn POV Blowjob.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Kingdia DVD Ripper Pro v2.4.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Krystal First Time [bleep].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Less-Mess Calculator v4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Microsoft Plus! Digital Media Edition.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\NetAnalysis v1.35.0054 Law Enforcement Edition.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\NetSpeeder 3.52.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Nicky Reed [bleep] and Suck.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Paris Hilton Sex Tape.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\PcBoost 3.8.15.2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\PCPrivacySoftware Spam Sweeper v2.75.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\PCPrivacySoftware Wiper Wizard v2.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\PDF Image Stamp v1.06 Acrobat Plug-in.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\pinnacle studio 9.4.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\PoolMagic CARE Plus v8.82.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Private Disk v2.05.17.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Registry Repair 2006.v4.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Service Record v5.4.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Sex 13 min Japanese girl.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Shutdown Lock v1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\SlySoft CloneCD v5.2.1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\SlySoft CloneDVD v2.8.2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\SmartFTP v1.5.988.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\SmartSoft Video Converter v2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\SoundForge 8.0b Build 110.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Speed Video Splitter v2.2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Startup Organizer v2.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Sweet MIDI Player v2.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\The Hitchhiker's Guide to the Galaxy (20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\The Last Dragon.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\The Prince and Me.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\The Sixth Sense.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Ulead DVD MovieFactory 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Ultralingua Dictionaries Software All-In.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Virtual Encrypted Disk v1.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Warez P2P 2.85 .zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\WavePad Audio Editing Software.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Windows XP Media Center 2005 2CD ISO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Xilisoft Audio Converter v2.0.36.809.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
D:\file back up from C\Computer Related\Dads Toolbox\Games\fake delete\fakedel.zip/fake_del.exe -> Not-A-Virus.Joke.FakeDel.c : Error during cleaning
D:\file back up from C\Computer Related\Dads Toolbox\Games\fake delete\fake_del.exe -> Not-A-Virus.Joke.FakeDel.c : Cleaned with backup


::Report End
  • 0

Advertisements


#26
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi There

Please print these instructions out for reference

Step #1

Ensure that your system is set to show all hidden files and folders

Step#2

Boot into safe mode

Step #3

using widows explorer, delete these folders

C:\Documents and Settings\Dad\My Documents\Temporary\Webroot Spy Sweeper 4.5.1.zip
C:\Our Files\Computer Related\Dads Toolbox\Games\fake delete
C:\Uploads
D:\file back up from C\Computer Related\Dads Toolbox\Games\fake delete

Step #4

Rerun Ewido as before and save the report

Step #5

Reboot into normal mode and get an uninstall list from HJT as follows

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Post the Uninstall list and the Ewido scan results here.
  • 0

#27
wwisconsin

wwisconsin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hello:
I completed all instructions as requested.

Here is the new Ewido Scan

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:29:44 AM, 10/15/2005
+ Report-Checksum: 87D9B49A

+ Scan result:

C:\Documents and Settings\Dad\Cookies\dad@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@ehg-dig.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\RECYCLER\NPROTECT\00061596.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061597.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061598.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061599.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00061603.TXT -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\RECYCLER\NPROTECT\00061604.TXT -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\RECYCLER\NPROTECT\00061605.TXT -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\RECYCLER\NPROTECT\00061620.TXT -> Spyware.Cookie.Adserver : Cleaned with backup
C:\RECYCLER\NPROTECT\00061621.TXT -> Spyware.Cookie.Adserver : Cleaned with backup
C:\RECYCLER\NPROTECT\00061623.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-1645522239-1757981266-725345543-1004\Dc17\ File And Folder Protector v2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\RECYCLER\S-1-5-21-1645522239-1757981266-725345543-1004\Dc19.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\RECYCLER\S-1-5-21-1645522239-1757981266-725345543-1004\Dc20\fakedel.zip/fake_del.exe -> Not-A-Virus.Joke.FakeDel.c : Cleaned with backup
D:\RECYCLER\S-1-5-21-1645522239-1757981266-725345543-1004\Dd1\fakedel.zip/fake_del.exe -> Not-A-Virus.Joke.FakeDel.c : Cleaned with backup


::Report End



Here is the HJT Uninstall List


3D World Map 2.1
A-10Cuba
ABC (remove only)
AC3Filter (remove only)
ACDSee 4.0.2 Standard
ACE-HIGH MP3 WAV WMA OGG Converter
Ad-aware 6 Professional
Adobe Download Manager 1.2 (Remove Only)
Adobe PhotoDeluxe 1.1
Adobe Photoshop 7.0
Adobe Reader 6.0.1
AOL Instant Messenger
AP Guitar Tuner 1.02
AtomTime Pro 3.1a
Checkers 1.3
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Dell Digital Jukebox Driver
DivX Codec
DrumBox1.0
Easy CD Creator 5 Basic
Electronic Arts Game Updater
ewido security suite
ExtractNow
Family Lawyer 2004
Greetings Workshop
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
hp deskjet 940c series
hp deskjet 940c series (Remove only)
iMesh
InterVideo MP3 XPack
iPod for Windows 2005-03-23
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
Jetfighter V Homeland Protector
Kaspersky On-line Scanner
LimeWire 4.8.1
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
LoanBlaster Lite
Logitech Gaming Software
Microsoft AntiSpyware
Microsoft Automap Streets Plus (Requires CD-ROM)
Microsoft Data Access Components KB870669
Microsoft Encarta 97 World Atlas
Microsoft Flight Simulator 2002
Microsoft Links 2001
Microsoft Links 2003
Microsoft Office XP Professional with FrontPage
MSXML 4.0 SP2 Parser and SDK
MUSICMATCH® Jukebox
Need For Speed - Porsche Unleashed
Need For Speed III
Norton AntiVirus 2003 Professional Edition
Norton WMI Update
NVIDIA Display Driver
NVIDIA Drivers
PartyPoker
Pdf995
Photo Explosion SE
PowerDVD
QuickTime
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
SoulSeek Client 156c
Sound Blaster Live! Value
Spy Sweeper
SpywareBlaster v3.4
TurboTax Deluxe 2004
Ultimate ZIP Cracker
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900930)
Window Washer 5
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinZip
XviD MPEG-4 Codec
Yahoo! Toolbar

Standing by for further instructions.
Thanks
  • 0

#28
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi There

here is the next part of the fix

Boot into Safe Mode as follows. Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

ExtractNow
iMesh
LimeWire 4.8.1
PartyPoker
SoulSeek Client 156c
Ultimate ZIP Cracker

Please note any other programs that you dont recognize in that list in your next response

Please delete these folders using Windows Explorer(if present):

C:\Program Files\ExtractNow
C:\Program Files\iMesh
C:\Program Files\LimeWire 4.8.1
C:\Program Files\PartyPoker
C:\Program Files\SoulSeek Client 156c
C:\Program Files\Ultimate ZIP Cracker

After that, Reboot. Empty both the Recycle Bin and the Norton protected recycle bin, then Rescan with The Kaspersky online scanner and post the results here for me please.
  • 0

#29
wwisconsin

wwisconsin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hi:

I don't mind deleting Extractnow, but that's the only way I can read *.rar compressed files. I'll get rid of it.

Imesh we no longer use, so I'll get rid of it.

Limewire I'll get rid of.

I'd like to keep PartyPoker, becasue my son plays poker on line once in a while. he would also like to keep Soulseek (P2P)

Ultimate zip cracker I payed $45 for. I hate to throw that away.
What do you think?
  • 0

#30
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi There

The reason that you got infected here was P2P. Someone used one of the P2P apps on your system to download something which was infected. When that download was extracted, Bang, you were hit and now we are on post number 29 as a result. P2P downloads are a major source of malware, every time you use P2P, you run the risk of infection, and sooner or later you will get hit again. Part of our role as malware staff at G2G is to advise you on your security in the future, that is why I suggest the deletion of these apps, to keep you clean in the future. If you want to keep on using P2P thats your choice, If you have a legitimate non P2P related use for the zip cracker that you paid for, fine - it is your property. I cant force you to uninstall these apps, but if my advice is ignored, I cannot continue to help you. Your son might wish to use P2P again but now that your system looks to be clean, do you really want to run the risk, no its more than a risk, of getting infected again?

As your system is probably clean now, I have done most of my job here in that you are fixed for the moment. My advice stands. The choice is yours.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP