Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Java.Shinwow.AK/ByteVerify.exploit trojan.

Started by elliekev26 , Oct 14 2005 09:28 PM

  • Please log in to reply

#1
elliekev26
Posted 14 October 2005 - 09:28 PM

elliekev26

    Member

  • Member
  • PipPip
  • 29 posts
I have followed the "read this before posting" steps and am stuck with several viruses. They aren't causing huge problems but my computer is running slowly.

1) Hijack this is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 11:10:09 PM, on 10/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\VISION~2\ONETOU~2.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~2\ONETOU~2.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1129321207760
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE



2.) Ewido scan

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:54:53 PM, 10/14/2005
+ Report-Checksum: 15DC850E

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{3646C2BD-3554-49CA-8125-44DEEFB881DE} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{258A3625-183B-4477-AEE2-EA54DF6D878D} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{258A3625-183B-4477-AEE2-EA54DF6D878D}\TypeLib\\ -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1015.dll\\.Owner -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1015.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\PerfectNav -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-21-1757981266-746137067-1957994488-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-1757981266-746137067-1957994488-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-1757981266-746137067-1957994488-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-90F0-F66AB581A933} -> Spyware.MyWebSearch : Cleaned with backup
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-7c728-3cf8ea00.class -> TrojanDownloader.Small.wv : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\INSTAFINK -> Spyware.404Search : Cleaned with backup
C:\Program Files\INSTAFINK\Cache -> Spyware.404Search : Cleaned with backup
C:\Program Files\INSTAFINK\Cache\ErrorLog.txt -> Spyware.404Search : Cleaned with backup
C:\Program Files\INSTAFINK\Cache\instafinktb0302.cfg -> Spyware.404Search : Cleaned with backup
C:\Program Files\INSTAFINK\Cache\NewCfg -> Spyware.404Search : Cleaned with backup
C:\Program Files\INSTAFINK\instafink.dll -> Spyware.404Search : Cleaned with backup
C:\WINDOWS\hosts -> Trojan.Qhost.m : Cleaned with backup
C:\WINDOWS\system32\drivers\etc\hosts -> Trojan.Qhost.m : Cleaned with backup


::Report End




3.) EZ Trust Antivirus scan:

eTrust EZ Antivirus Version 6.4.0.4
Started scanning: 10:25:21 PM, 12/27/2004
Dat file v8827

Scanning boot sectors...

Scanning file(s)...
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Beyond.class - Java.Shinwow.AK trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Dummy.class - Java.ByteVerify.exploit trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>NudeBox.class - Java.ByteVerify.exploit trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Worker.class - Java.Shinwow.AK trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>VerifierBug.class - Java.ByteVerify.exploit trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip contains infected files.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\log\plugin142_05.trace - unable to open file - not scanned.
C:\Documents and Settings\Administrater\Cookies\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Administrater\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\Administrater\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\Administrater\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNSD.XML - unable to open file - not scanned.
C:\Documents and Settings\Administrater\Local Settings\History\History.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Administrater\Local Settings\History\History.IE5\MSHist012004122720041228\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Administrater\Local Settings\Temp\hsperfdata_Administrater\4012 - unable to open file - not scanned.
C:\Documents and Settings\Administrater\Local Settings\Temp\jar_cache28585.tmp - unable to open file - not scanned.
C:\Documents and Settings\Administrater\Local Settings\Temporary Internet Files\Content.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Administrater\NTUSER.DAT - unable to open file - not scanned.
C:\Documents and Settings\Administrater\NTUSER.DAT.LOG - unable to open file - not scanned.
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp - error in scanning - scan abandoned.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>GetAccess.class - Java.ByteVerify.exploit trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>InsecureClassLoader.class - Java.ByteVerify.exploit trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>Dummy.class - Java.ByteVerify.exploit trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>Installer.class - Java.Shinwow.Q trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip contains infected files.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-2738e991-14d1b35f.zip>Counter.class - Java.ByteVerify.exploit trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-2738e991-14d1b35f.zip>Dummy.class - Java.ByteVerify.exploit trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-2738e991-14d1b35f.zip>Matrix.class - Java.Shinwow.W trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-2738e991-14d1b35f.zip>Parser.class - Java.ByteVerify.exploit trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-2738e991-14d1b35f.zip contains infected files.
C:\Documents and Settings\LocalService\Cookies\index.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\ntuser.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\ntuser.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\ntuser.dat - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - unable to open file - not scanned.
C:\hiberfil.sys - unable to open file - not scanned.
C:\pagefile.sys - unable to open file - not scanned.
C:\Program Files\Avid\Avid Free DV\Avid FatalErrorReports\Exception_2004.04.15_22.38.14 - error in scanning - scan abandoned.
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VIRUSLOG.TXT - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\cache.dat - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\FileRep.log - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000003.FCS - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat - unable to open file - not scanned.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx - unable to open file - not scanned.
C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll - error in scanning - scan abandoned.
C:\WINDOWS\$NtUninstallKB826939$\itss.dll - error in scanning - scan abandoned.
C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb - error in scanning - scan abandoned.
C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll - error in scanning - scan abandoned.
C:\WINDOWS\2PortalMon_Debug.txt - unable to open file - not scanned.
C:\WINDOWS\Debug\PASSWD.LOG - unable to open file - not scanned.
C:\WINDOWS\SchedLgU.Txt - unable to open file - not scanned.
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log - unable to open file - not scanned.
C:\WINDOWS\Sti_Trace.log - unable to open file - not scanned.
C:\WINDOWS\system32\config\AppEvent.Evt - unable to open file - not scanned.
C:\WINDOWS\system32\config\default - unable to open file - not scanned.
C:\WINDOWS\system32\config\default.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\config\SAM - unable to open file - not scanned.
C:\WINDOWS\system32\config\SAM.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\config\SecEvent.Evt - unable to open file - not scanned.
C:\WINDOWS\system32\config\SECURITY - unable to open file - not scanned.
C:\WINDOWS\system32\config\SECURITY.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\config\software - unable to open file - not scanned.
C:\WINDOWS\system32\config\software.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\config\SysEvent.Evt - unable to open file - not scanned.
C:\WINDOWS\system32\config\system - unable to open file - not scanned.
C:\WINDOWS\system32\config\system.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\h323log.txt - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP - unable to open file - not scanned.
C:\WINDOWS\wiadebug.log - unable to open file - not scanned.
C:\WINDOWS\wiaservc.log - unable to open file - not scanned.
C:\WINDOWS\WindowsUpdate.log - unable to open file - not scanned.
C:\WINDOWS\{00000000-00000000-0000000E-00001102-00000002-80661102}.CDF - unable to open file - not scanned.

Finished scanning: 10:59:44 PM, 12/27/2004
Number of files scanned: 62517.
Number of files that could not be scanned: 85
Number of archives containing infected files: 3
Number of infections: 13
Number of infected files not cleaned/deleted/renamed: 13
First 10 files:
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Beyond.class (Java.Shinwow.AK trojan)
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Dummy.class (Java.ByteVerify.exploit trojan)
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>NudeBox.class (Java.ByteVerify.exploit trojan)
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Worker.class (Java.Shinwow.AK trojan)
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>VerifierBug.class (Java.ByteVerify.exploit trojan)
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>GetAccess.class (Java.ByteVerify.exploit trojan)
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>InsecureClassLoader.class (Java.ByteVerify.exploit trojan)
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>Dummy.class (Java.ByteVerify.exploit trojan)
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>Installer.class (Java.Shinwow.Q trojan)
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-2738e991-14d1b35f.zip>Counter.class (Java.ByteVerify.exploit trojan)

eTrust EZ Antivirus Version 6.4.0.4
Started scanning: 4:29:51 AM, 12/28/2004
Dat file v8827

Scanning boot sectors...
C:\ Master Boot Record is OK: standard Win2000 (1).
C:\ Partition Boot Record is OK: standard Win2000 (2).

Scanning file(s)...
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Beyond.class - Java.Shinwow.AK trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Dummy.class - Java.ByteVerify.exploit trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>NudeBox.class - Java.ByteVerify.exploit trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Worker.class - Java.Shinwow.AK trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>VerifierBug.class - Java.ByteVerify.exploit trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip contains infected files.
C:\Documents and Settings\Administrater\Cookies\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Administrater\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\Administrater\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\Administrater\Local Settings\History\History.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Administrater\Local Settings\Temp\~DF31A4.tmp - unable to open file - not scanned.
C:\Documents and Settings\Administrater\Local Settings\Temporary Internet Files\Content.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Administrater\NTUSER.DAT - unable to open file - not scanned.
C:\Documents and Settings\Administrater\NTUSER.DAT.LOG - unable to open file - not scanned.
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp - error in scanning - scan abandoned.
eTrust EZ Antivirus Version 6.4.0.4
Started scanning: 3:44:34 PM, 10/14/2005
Dat file v9453

Scanning boot sectors...

Scanning file(s)...
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Beyond.class - Java.Shinwow.AK trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Dummy.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>NudeBox.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Worker.class - Java.Shinwow.AK trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>VerifierBug.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip contains infected files.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator4.zip - scan incomplete.
eTrust EZ Antivirus Version 6.4.0.4
Started scanning: 3:47:16 PM, 10/14/2005
Dat file v9453

Scanning boot sectors...
C:\ Master Boot Record is OK: standard Win2000 (1).
C:\ Partition Boot Record is OK: standard Win2000 (2).

Scanning file(s)...
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Beyond.class - Java.Shinwow.AK trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Dummy.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>NudeBox.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Worker.class - Java.Shinwow.AK trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>VerifierBug.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip contains infected files.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>GetAccess.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>InsecureClassLoader.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>Dummy.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>Installer.class - Java.Shinwow.Q trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip contains infected files.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-2738e991-14d1b35f.zip>Counter.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-2738e991-14d1b35f.zip>Dummy.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-2738e991-14d1b35f.zip>Matrix.class - Java.Shinwow.W trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-2738e991-14d1b35f.zip>Parser.class - Java.ByteVerify!exploit trojan.
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-2738e991-14d1b35f.zip contains infected files.
C:\Documents and Settings\Kevin\Cookies\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\Kevin\Local Settings\History\History.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Kevin\Local Settings\Temp\~DF686E.tmp - unable to open file - not scanned.
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\Kevin\ntuser.dat - unable to open file - not scanned.
C:\Documents and Settings\Kevin\NTUSER.DAT.LOG - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Cookies\index.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\ntuser.dat - unable to open file - not scanned.
C:\Documents and Settings\LocalService\ntuser.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\ntuser.dat - unable to open file - not scanned.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - unable to open file - not scanned.
C:\hiberfil.sys - unable to open file - not scanned.
C:\pagefile.sys - unable to open file - not scanned.
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VIRUSLOG.TXT - unable to open file - not scanned.
C:\WINDOWS\2PortalMon_Debug.txt - unable to open file - not scanned.
C:\WINDOWS\Debug\PASSWD.LOG - unable to open file - not scanned.
C:\WINDOWS\Internet Logs\fwdbglog.txt - unable to open file - not scanned.
C:\WINDOWS\Internet Logs\fwpktlog.txt - unable to open file - not scanned.
C:\WINDOWS\Internet Logs\GATEWAYCOMPUTER.ldb - unable to open file - not scanned.
C:\WINDOWS\Internet Logs\IAMDB.RDB - unable to open file - not scanned.
C:\WINDOWS\Internet Logs\tvDebug.log - unable to open file - not scanned.
C:\WINDOWS\SchedLgU.Txt - unable to open file - not scanned.
C:\WINDOWS\SoftwareDistribution\EventCache\{4AD54D1F-788C-4642-990E-45853E60F726}.bin - unable to open file - not scanned.
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log - unable to open file - not scanned.
C:\WINDOWS\Sti_Trace.log - unable to open file - not scanned.
C:\WINDOWS\system32\CatRoot2\edb.log - unable to open file - not scanned.
C:\WINDOWS\system32\CatRoot2\tmp.edb - unable to open file - not scanned.
C:\WINDOWS\system32\config\AppEvent.Evt - unable to open file - not scanned.
C:\WINDOWS\system32\config\default - unable to open file - not scanned.
C:\WINDOWS\system32\config\default.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\config\SAM - unable to open file - not scanned.
C:\WINDOWS\system32\config\SAM.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\config\SecEvent.Evt - unable to open file - not scanned.
C:\WINDOWS\system32\config\SECURITY - unable to open file - not scanned.
C:\WINDOWS\system32\config\SECURITY.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\config\software - unable to open file - not scanned.
C:\WINDOWS\system32\config\software.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\config\SysEvent.Evt - unable to open file - not scanned.
C:\WINDOWS\system32\config\system - unable to open file - not scanned.
C:\WINDOWS\system32\config\system.LOG - unable to open file - not scanned.
C:\WINDOWS\system32\h323log.txt - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA - unable to open file - not scanned.
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP - unable to open file - not scanned.
C:\WINDOWS\Temp\ZLT01a10.TMP - unable to open file - not scanned.
C:\WINDOWS\wiadebug.log - unable to open file - not scanned.
C:\WINDOWS\wiaservc.log - unable to open file - not scanned.
C:\WINDOWS\WindowsUpdate.log - unable to open file - not scanned.
C:\WINDOWS\{00000000-00000000-0000000E-00001102-00000002-80661102}.CDF - unable to open file - not scanned.

Finished scanning: 4:11:30 PM, 10/14/2005
Number of files scanned: 51736.
Number of files that could not be scanned: 61
Number of archives containing infected files: 3
Number of infections: 13
Number of infected files not cleaned/deleted/renamed: 13
First 10 files:
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Beyond.class (Java.Shinwow.AK trojan)
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Dummy.class (Java.ByteVerify!exploit trojan)
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>NudeBox.class (Java.ByteVerify!exploit trojan)
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>Worker.class (Java.Shinwow.AK trojan)
C:\Documents and Settings\Administrater\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-7d853cff.zip>VerifierBug.class (Java.ByteVerify!exploit trojan)
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>GetAccess.class (Java.ByteVerify!exploit trojan)
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>InsecureClassLoader.class (Java.ByteVerify!exploit trojan)
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>Dummy.class (Java.ByteVerify!exploit trojan)
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-283f2f9b.zip>Installer.class (Java.Shinwow.Q trojan)
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-2738e991-14d1b35f.zip>Counter.class (Java.ByteVerify!exploit trojan)


Thanks for your help!

Kevin
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP