1) Hijack this is as follows:
Logfile of HijackThis v1.99.1
Scan saved at 11:10:09 PM, on 10/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\VISION~2\ONETOU~2.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~2\ONETOU~2.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1129321207760
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
2.) Ewido scan
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 2:54:53 PM, 10/14/2005
+ Report-Checksum: 15DC850E
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{3646C2BD-3554-49CA-8125-44DEEFB881DE} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{258A3625-183B-4477-AEE2-EA54DF6D878D} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{258A3625-183B-4477-AEE2-EA54DF6D878D}\TypeLib\\ -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1015.dll\\.Owner -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1015.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\PerfectNav -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-21-1757981266-746137067-1957994488-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-1757981266-746137067-1957994488-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-1757981266-746137067-1957994488-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-90F0-F66AB581A933} -> Spyware.MyWebSearch : Cleaned with backup
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-7c728-3cf8ea00.class -> TrojanDownloader.Small.wv : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\INSTAFINK -> Spyware.404Search : Cleaned with backup
C:\Program Files\INSTAFINK\Cache -> Spyware.404Search : Cleaned with backup
C:\Program Files\INSTAFINK\Cache\ErrorLog.txt -> Spyware.404Search : Cleaned with backup
C:\Program Files\INSTAFINK\Cache\instafinktb0302.cfg -> Spyware.404Search : Cleaned with backup
C:\Program Files\INSTAFINK\Cache\NewCfg -> Spyware.404Search : Cleaned with backup
C:\Program Files\INSTAFINK\instafink.dll -> Spyware.404Search : Cleaned with backup
C:\WINDOWS\hosts -> Trojan.Qhost.m : Cleaned with backup
C:\WINDOWS\system32\drivers\etc\hosts -> Trojan.Qhost.m : Cleaned with backup
::Report End
3.) EZ Trust Antivirus scan:
eTrust EZ Antivirus Version 6.4.0.4
Started scanning: 10:25:21 PM, 12/27/2004
Dat file v8827
Scanning boot sectors...
Scanning file(s)...
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Beyond.class - Java.Shinwow.AK trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Dummy.class - Java.ByteVerify.exploit trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>NudeBox.class - Java.ByteVerify.exploit trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Worker.class - Java.Shinwow.AK trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>VerifierBug.class - Java.ByteVerify.exploit trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip contains infected files.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\log\plugin142_05.trace - unable to open file - not scanned.
C:\Documents and Settings\Administrater\Cookies\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Administrater\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\Administrater\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\Administrater\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNSD.XML - unable to open file - not scanned.
C:\Documents and Settings\Administrater\Local Settings\History\History.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Administrater\Local Settings\History\History.IE5\MSHist012004122720041228\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Administrater\Local Settings\Temp\hsperfdata_Administrater\4012 - unable to open file - not scanned.
C:\Documents and Settings\Administrater\Local Settings\Temp\jar_cache28585.tmp - unable to open file - not scanned.
C:\Documents and Settings\Administrater\Local Settings\Temporary Internet Files\Content.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Administrater\NTUSER.DAT - unable to open file - not scanned.
C:\Documents and Settings\Administrater\NTUSER.DAT.LOG - unable to open file - not scanned.
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp - error in scanning - scan abandoned.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>GetAccess.class - Java.ByteVerify.exploit trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>InsecureClassLoader.class - Java.ByteVerify.exploit trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>Dummy.class - Java.ByteVerify.exploit trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>Installer.class - Java.Shinwow.Q trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip contains infected files.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-2738e991-14d1b35f.zip>Counter.class - Java.ByteVerify.exploit trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-2738e991-14d1b35f.zip>Dummy.class - Java.ByteVerify.exploit trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-2738e991-14d1b35f.zip>Matrix.class - Java.Shinwow.W trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-2738e991-14d1b35f.zip>Parser.class - Java.ByteVerify.exploit trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-2738e991-14d1b35f.zip contains infected files.
C:\Documents and Settings\LocalService\Cookies\index.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\ntuser.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\ntuser.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\ntuser.dat - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - unable to open file - not scanned.
C:\hiberfil.sys - unable to open file - not scanned.
C:\pagefile.sys - unable to open file - not scanned.
C:\Program Files\Avid\Avid Free DV\Avid FatalErrorReports\Exception_2004.04.15_22.38.14 - error in scanning - scan abandoned.
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VIRUSLOG.TXT - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\cache.dat - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\FileRep.log - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000003.FCS - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx - unable to open file - not scanned.
C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll - error in scanning - scan abandoned.
C:\WINDOWS\$NtUninstallKB826939$\itss.dll - error in scanning - scan abandoned.
C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb - error in scanning - scan abandoned.
C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll - error in scanning - scan abandoned.
C:\WINDOWS\2PortalMon_Debug.txt - unable to open file - not scanned.
C:\WINDOWS\Debug\PASSWD.LOG - unable to open file - not scanned.
C:\WINDOWS\SchedLgU.Txt - unable to open file - not scanned.
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log - unable to open file - not scanned.
C:\WINDOWS\Sti_Trace.log - unable to open file - not scanned.
C:\WINDOWS\system32\config\AppEvent.Evt - unable to open file - not scanned.
C:\WINDOWS\system32\config\default - unable to open file - not scanned.
C:\WINDOWS\system32\config\default.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\config\SAM - unable to open file - not scanned.
C:\WINDOWS\system32\config\SAM.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\config\SecEvent.Evt - unable to open file - not scanned.
C:\WINDOWS\system32\config\SECURITY - unable to open file - not scanned.
C:\WINDOWS\system32\config\SECURITY.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\config\software - unable to open file - not scanned.
C:\WINDOWS\system32\config\software.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\config\SysEvent.Evt - unable to open file - not scanned.
C:\WINDOWS\system32\config\system - unable to open file - not scanned.
C:\WINDOWS\system32\config\system.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\h323log.txt - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP - unable to open file - not scanned.
C:\WINDOWS\wiadebug.log - unable to open file - not scanned.
C:\WINDOWS\wiaservc.log - unable to open file - not scanned.
C:\WINDOWS\WindowsUpdate.log - unable to open file - not scanned.
C:\WINDOWS\{00000000-00000000-0000000E-00001102-00000002-80661102}.CDF - unable to open file - not scanned.
Finished scanning: 10:59:44 PM, 12/27/2004
Number of files scanned: 62517.
Number of files that could not be scanned: 85
Number of archives containing infected files: 3
Number of infections: 13
Number of infected files not cleaned/deleted/renamed: 13
First 10 files:
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Beyond.class (Java.Shinwow.AK trojan)
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Dummy.class (Java.ByteVerify.exploit trojan)
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>NudeBox.class (Java.ByteVerify.exploit trojan)
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Worker.class (Java.Shinwow.AK trojan)
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>VerifierBug.class (Java.ByteVerify.exploit trojan)
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>GetAccess.class (Java.ByteVerify.exploit trojan)
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>InsecureClassLoader.class (Java.ByteVerify.exploit trojan)
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>Dummy.class (Java.ByteVerify.exploit trojan)
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>Installer.class (Java.Shinwow.Q trojan)
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-2738e991-14d1b35f.zip>Counter.class (Java.ByteVerify.exploit trojan)
eTrust EZ Antivirus Version 6.4.0.4
Started scanning: 4:29:51 AM, 12/28/2004
Dat file v8827
Scanning boot sectors...
C:\ Master Boot Record is OK: standard Win2000 (1).
C:\ Partition Boot Record is OK: standard Win2000 (2).
Scanning file(s)...
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Beyond.class - Java.Shinwow.AK trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Dummy.class - Java.ByteVerify.exploit trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>NudeBox.class - Java.ByteVerify.exploit trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Worker.class - Java.Shinwow.AK trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>VerifierBug.class - Java.ByteVerify.exploit trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip contains infected files.
C:\Documents and Settings\Administrater\Cookies\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Administrater\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\Administrater\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\Administrater\Local Settings\History\History.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Administrater\Local Settings\Temp\~DF31A4.tmp - unable to open file - not scanned.
C:\Documents and Settings\Administrater\Local Settings\Temporary Internet Files\Content.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Administrater\NTUSER.DAT - unable to open file - not scanned.
C:\Documents and Settings\Administrater\NTUSER.DAT.LOG - unable to open file - not scanned.
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp - error in scanning - scan abandoned.
eTrust EZ Antivirus Version 6.4.0.4
Started scanning: 3:44:34 PM, 10/14/2005
Dat file v9453
Scanning boot sectors...
Scanning file(s)...
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Beyond.class - Java.Shinwow.AK trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Dummy.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>NudeBox.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Worker.class - Java.Shinwow.AK trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>VerifierBug.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip contains infected files.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator4.zip - scan incomplete.
eTrust EZ Antivirus Version 6.4.0.4
Started scanning: 3:47:16 PM, 10/14/2005
Dat file v9453
Scanning boot sectors...
C:\ Master Boot Record is OK: standard Win2000 (1).
C:\ Partition Boot Record is OK: standard Win2000 (2).
Scanning file(s)...
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Beyond.class - Java.Shinwow.AK trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Dummy.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>NudeBox.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Worker.class - Java.Shinwow.AK trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>VerifierBug.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip contains infected files.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>GetAccess.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>InsecureClassLoader.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>Dummy.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>Installer.class - Java.Shinwow.Q trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip contains infected files.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-2738e991-14d1b35f.zip>Counter.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-2738e991-14d1b35f.zip>Dummy.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-2738e991-14d1b35f.zip>Matrix.class - Java.Shinwow.W trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-2738e991-14d1b35f.zip>Parser.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-2738e991-14d1b35f.zip contains infected files.
C:\Documents and Settings\Kevin\Cookies\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\Kevin\Local Settings\History\History.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Kevin\Local Settings\Temp\~DF686E.tmp - unable to open file - not scanned.
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Kevin\ntuser.dat - unable to open file - not scanned.
C:\Documents and Settings\Kevin\NTUSER.DAT.LOG - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Cookies\index.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\ntuser.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\ntuser.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\ntuser.dat - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - unable to open file - not scanned.
C:\hiberfil.sys - unable to open file - not scanned.
C:\pagefile.sys - unable to open file - not scanned.
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VIRUSLOG.TXT - unable to open file - not scanned.
C:\WINDOWS\2PortalMon_Debug.txt - unable to open file - not scanned.
C:\WINDOWS\Debug\PASSWD.LOG - unable to open file - not scanned.
C:\WINDOWS\Internet Logs\fwdbglog.txt - unable to open file - not scanned.
C:\WINDOWS\Internet Logs\fwpktlog.txt - unable to open file - not scanned.
C:\WINDOWS\Internet Logs\GATEWAYCOMPUTER.ldb - unable to open file - not scanned.
C:\WINDOWS\Internet Logs\IAMDB.RDB - unable to open file - not scanned.
C:\WINDOWS\Internet Logs\tvDebug.log - unable to open file - not scanned.
C:\WINDOWS\SchedLgU.Txt - unable to open file - not scanned.
C:\WINDOWS\SoftwareDistribution\EventCache\{4AD54D1F-788C-4642-990E-45853E60F726}.bin - unable to open file - not scanned.
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log - unable to open file - not scanned.
C:\WINDOWS\Sti_Trace.log - unable to open file - not scanned.
C:\WINDOWS\system32\CatRoot2\edb.log - unable to open file - not scanned.
C:\WINDOWS\system32\CatRoot2\tmp.edb - unable to open file - not scanned.
C:\WINDOWS\system32\config\AppEvent.Evt - unable to open file - not scanned.
C:\WINDOWS\system32\config\default - unable to open file - not scanned.
C:\WINDOWS\system32\config\default.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\config\SAM - unable to open file - not scanned.
C:\WINDOWS\system32\config\SAM.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\config\SecEvent.Evt - unable to open file - not scanned.
C:\WINDOWS\system32\config\SECURITY - unable to open file - not scanned.
C:\WINDOWS\system32\config\SECURITY.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\config\software - unable to open file - not scanned.
C:\WINDOWS\system32\config\software.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\config\SysEvent.Evt - unable to open file - not scanned.
C:\WINDOWS\system32\config\system - unable to open file - not scanned.
C:\WINDOWS\system32\config\system.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\h323log.txt - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP - unable to open file - not scanned.
C:\WINDOWS\Temp\ZLT01a10.TMP - unable to open file - not scanned.
C:\WINDOWS\wiadebug.log - unable to open file - not scanned.
C:\WINDOWS\wiaservc.log - unable to open file - not scanned.
C:\WINDOWS\WindowsUpdate.log - unable to open file - not scanned.
C:\WINDOWS\{00000000-00000000-0000000E-00001102-00000002-80661102}.CDF - unable to open file - not scanned.
Finished scanning: 4:11:30 PM, 10/14/2005
Number of files scanned: 51736.
Number of files that could not be scanned: 61
Number of archives containing infected files: 3
Number of infections: 13
Number of infected files not cleaned/deleted/renamed: 13
First 10 files:
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Beyond.class (Java.Shinwow.AK trojan)
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Dummy.class (Java.ByteVerify!exploit trojan)
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>NudeBox.class (Java.ByteVerify!exploit trojan)
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Worker.class (Java.Shinwow.AK trojan)
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>VerifierBug.class (Java.ByteVerify!exploit trojan)
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>GetAccess.class (Java.ByteVerify!exploit trojan)
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>InsecureClassLoader.class (Java.ByteVerify!exploit trojan)
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>Dummy.class (Java.ByteVerify!exploit trojan)
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>Installer.class (Java.Shinwow.Q trojan)
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-2738e991-14d1b35f.zip>Counter.class (Java.ByteVerify!exploit trojan)
Thanks for your help!
Kevin