Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

win32.p2p-worm.alcan.a issue [RESOLVED]


  • This topic is locked This topic is locked

#1
deetz

deetz

    Member

  • Member
  • PipPip
  • 11 posts
can someone please help me remove win32.p2p-worm.alcan.a from my pc? what information should i provide you with?
  • 0

Advertisements


#2
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Please Click here!, and follow the recommendations in the guide.

If you're still having trouble, We'll need you to use a free diagnostic tool, Hijack This. Follow the instructions in step five of this guide, and reply here with your log.

Most of what Hijack This lists lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#3
deetz

deetz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Logfile of HijackThis v1.99.1
Scan saved at 6:38:21 PM, on 11/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Documents and Settings\User\Desktop\hix\mirc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hjt\HijackThis.exe

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Ubisoft register.lnk = C:\Program Files\UBISOFT\Register\schedule.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  • 0

#4
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi deetz,

Download Brute Force Uninstaller.
Unzip it to itís own folder (c:\BFU)

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcan Remover. Save it in the folder you made earlier (c:\BFU)

Start the Brute Force Uninstaller by doubleclicking BFU.exe

In the scriptline to execute copy and paste c:\bfu\p2pnetwork.bfu
Press execute and let it do itís job.

Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

Open HijackThis and click Scan. Put a check next to this:

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab

Close all other windows except HijackThis and click Fix Checked. Reboot when done.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Post back to this topic using the add reply button with a fresh HijackThis log and Kaspersky results.
  • 0

#5
deetz

deetz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:25:23 PM, on 11/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hjt\HijackThis.exe

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Ubisoft register.lnk = C:\Program Files\UBISOFT\Register\schedule.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, November 11, 2005 12:24:47
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 11/11/2005
Kaspersky Anti-Virus database records: 159269
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 44322
Number of viruses found: 12
Number of infected objects: 274
Number of suspicious objects: 0
Duration of the scan process: 2643 sec

Infected Object Name - Virus Name
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-228d5c98-1025c9c3.zip/a.class Infected: Trojan.Java.ClassLoader.b
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-228d5c98-1025c9c3.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-228d5c98-1025c9c3.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.u
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-228d5c98-1025c9c3.zip Infected: Trojan.Java.ClassLoader.u
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-414e4909-5e60636f.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-414e4909-5e60636f.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-414e4909-5e60636f.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-414e4909-5e60636f.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-414e4909-5e60636f.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-590ad624-295b6ccc.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-590ad624-295b6ccc.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-590ad624-295b6ccc.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-590ad624-295b6ccc.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-590ad624-295b6ccc.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-70d7f4b6-4b56c916.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-70d7f4b6-4b56c916.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-70d7f4b6-4b56c916.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-70d7f4b6-4b56c916.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-70d7f4b6-4b56c916.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-68ae190-12b5277f.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-68ae190-12b5277f.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-68ae190-12b5277f.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-68ae190-12b5277f.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\User\Complete\10 Secrets To Great Sex - Secret 2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\10 Secrets To Great Sex - Secret 2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Absynth 3.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Absynth 3.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\ACDSee 8.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\ACDSee 8.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Acronis Disk Director Suite 9.0.534.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Acronis Disk Director Suite 9.0.534.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Acronis Disk Director Suite 9.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Acronis Disk Director Suite 9.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Acronis Privacy Expert Suite 8.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Acronis Privacy Expert Suite 8.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Ad Muncher 4.7.18335.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Ad Muncher 4.7.18335.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Adobe Audition 1.5.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Adobe Audition 1.5.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Adobe InDesign 3.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Adobe InDesign 3.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Adobe Pagemaker 7.01.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Adobe Pagemaker 7.01.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Ahead Nero Burning ROM 6.6.0.8a.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Ahead Nero Burning ROM 6.6.0.8a.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\AI RoboForm 6.5.3.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\AI RoboForm 6.5.3.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Alcohol 120% 1.9.2.1705.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Alcohol 120% 1.9.2.1705.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Alcohol 120% 1.9.5.3105.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Alcohol 120% 1.9.5.3105.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Alexander (PC Game).zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Alexander (PC Game).zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Amazing Slow Downer 2.79.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Amazing Slow Downer 2.79.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\AnyDVD 4.6.1.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\AnyDVD 4.6.1.2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Ashampoo UnInstaller Suite Plus 1.32.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Ashampoo UnInstaller Suite Plus 1.32.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Aurora DVD Copy 3.1.3.9.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Aurora DVD Copy 3.1.3.9.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\AutoRun Professional 3.0.3.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\AutoRun Professional 3.0.3.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\AVG Anti-Virus 7.0.344.618.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\AVG Anti-Virus 7.0.344.618.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\BlazeDVD 3.5 Pro.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\BlazeDVD 3.5 Pro.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\BSplayer Pro 1.30.818.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\BSplayer Pro 1.30.818.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Business Translator 6.00.5510.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Business Translator 6.00.5510.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\CA eTrust EZ Antivirus 2005 7.0.7.7.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\CA eTrust EZ Antivirus 2005 7.0.7.7.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Call of Duty 2 (New Links).zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Call of Duty 2 (New Links).zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Car Tycoon.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Car Tycoon.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Chessmaster 9000.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Chessmaster 9000.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Color7 Music Editor 3.5.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Color7 Music Editor 3.5.2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Commercial Photoshop Retouching.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Commercial Photoshop Retouching.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Crazy Frog - Crazy Hits.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Crazy Frog - Crazy Hits.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Cyberlink PowerDVD Deluxe 6.0.0.2023.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Cyberlink PowerDVD Deluxe 6.0.0.2023.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Digital Audio Editor 4.3.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Digital Audio Editor 4.3.2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\DiskMonitor 2.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\DiskMonitor 2.1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Duke Nukem 3D.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Duke Nukem 3D.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\DVD Cloner 2.30.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\DVD Cloner 2.30.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\East-Tec Eraser 2004 5.6.0.288 Pro.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\East-Tec Eraser 2004 5.6.0.288 Pro.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\eShopper Deluxe 2.5.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\eShopper Deluxe 2.5.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\eSignal MetaStock Professional 9.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\eSignal MetaStock Professional 9.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Fahrenheit - Indigo Prophecy.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Fahrenheit - Indigo Prophecy.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\FairStars Audio Converter 1.402.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\FairStars Audio Converter 1.402.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\FantasyDVD Player Pro 8.40.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\FantasyDVD Player Pro 8.40.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Fast Plans 10.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Fast Plans 10.1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\FIFA.06.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\FIFA.06.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Firefox 1.0.5.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Firefox 1.0.5.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Flash Templates Box.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Flash Templates Box.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Focus All CD DVD Burner 2.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Focus All CD DVD Burner 2.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Fontlab Studio 5.0.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Fontlab Studio 5.0.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Genie Soft Backup Manager Pro 5.0.25.1288.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Genie Soft Backup Manager Pro 5.0.25.1288.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Glacier.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Glacier.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\GUN Activision.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\GUN Activision.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\HyperSnap-DX 5.63.01.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\HyperSnap-DX 5.63.01.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Icon Pack Hally.icl.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Icon Pack Hally.icl.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Icon Pack Layered System.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Icon Pack Layered System.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Icon Pack Photoreal Icons (Mac OS Icons.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Icon Pack Photoreal Icons (Mac OS Icons.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Icons Canon and Konica icons.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Icons Canon and Konica icons.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Internet Download Manager 4.07.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Internet Download Manager 4.07.2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Invision Power Board 2.1.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Invision Power Board 2.1.2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\J.River Media Center 11.1.53.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\J.River Media Center 11.1.53.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Kerio Personal Firewall 4.13.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Kerio Personal Firewall 4.13.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Korn - Twisted Transistor (CDS) - 2005.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Korn - Twisted Transistor (CDS) - 2005.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\lansurveyor 9.5.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\lansurveyor 9.5.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Madonna - Confessions On A Dance Floor.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Madonna - Confessions On A Dance Floor.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\McAfee 2006.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\McAfee 2006.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\McAfee Anti-Spyware Enterprise 8.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\McAfee Anti-Spyware Enterprise 8.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Microsoft AntiSpyware 1.0.615.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Microsoft AntiSpyware 1.0.615.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Microsoft Windows Internals, 4th Edt.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Microsoft Windows Internals, 4th Edt.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Microsoft Windows Server 2003 8 in 1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Microsoft Windows Server 2003 8 in 1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\MixMeister Pro 6.0.7.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\MixMeister Pro 6.0.7.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Mootools 3D Photo Browser 8.31.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Mootools 3D Photo Browser 8.31.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Music Editing Master 4.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Music Editing Master 4.1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\My Password Manager 1.4.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\My Password Manager 1.4.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Nero Burning Rom 7.0.1.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Nero Burning Rom 7.0.1.2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Netscream 1.11.7.2005a 2005 Swiftdo.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Netscream 1.11.7.2005a 2005 Swiftdo.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\New Comic eBook The Avengers ('65-'66).zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\New Comic eBook The Avengers ('65-'66).zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\New Icons for ObjectDock.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\New Icons for ObjectDock.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\No One Lives Forever 2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\No One Lives Forever 2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Outpost Firewall Pro 3.0.543.431.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Outpost Firewall Pro 3.0.543.431.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Partition Magic 8.05.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Partition Magic 8.05.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Photo2DVD Studio 3.8.3.2.7.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Photo2DVD Studio 3.8.3.2.7.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Plato DVD Ripper 1.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Plato DVD Ripper 1.2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Playboy The Mansion.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Playboy The Mansion.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Pro Cycling Manager.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Pro Cycling Manager.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Recover My Files 3.26.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Recover My Files 3.26.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Recover My Files 3.84.3300.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Recover My Files 3.84.3300.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Registry Rescue 3.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Registry Rescue 3.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Repair and Block 2.11.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Repair and Block 2.11.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Resource Tuner 1.96.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Resource Tuner 1.96.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Roxio Easy Media Creator 8 Suite.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Roxio Easy Media Creator 8 Suite.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Saint Paint Studio 10.12.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Saint Paint Studio 10.12.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Selteco Flash Designer 5.0.22.6.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Selteco Flash Designer 5.0.22.6.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Sim Tower.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Sim Tower.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Sony CD Architect 5.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Sony CD Architect 5.2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Sony Sound Forge 8.0.53.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Sony Sound Forge 8.0.53.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\StarDock ObjectDock 1.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\StarDock ObjectDock 1.2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Starship Troopers.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Starship Troopers.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Stronghold.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Stronghold.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Style XP 3.02.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Style XP 3.02.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\StyleXP 3.10.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\StyleXP 3.10.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Tarkan -Bounce 2005.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Tarkan -Bounce 2005.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\The Sun 3D Screensaver 1.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\The Sun 3D Screensaver 1.1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Treasure Vault 3D Screensaver.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Treasure Vault 3D Screensaver.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Trillian Pro 3.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Trillian Pro 3.1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\TuneUp Utilites 2006 5.0.2331.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\TuneUp Utilites 2006 5.0.2331.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\VSO Blindwrite 5.2.21.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\VSO Blindwrite 5.2.21.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Webroot Desktop Firewall 1.3.0.52.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Webroot Desktop Firewall 1.3.0.52.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Webshots Premium Wallpapers 1600x1200.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Webshots Premium Wallpapers 1600x1200.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Willing Webcam 2.7.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Willing Webcam 2.7.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\WinAVI DVD Copy 4.5.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\WinAVI DVD Copy 4.5.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\WindowBlinds Enhanced 4.5.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\WindowBlinds Enhanced 4.5.1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Windows Vista Official Icons.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Windows Vista Official Icons.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\WinDVD Platinum 6.0.B06.128C00.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\WinDVD Platinum 6.0.B06.128C00.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\WinDVD Recorder 5 Platinum.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\WinDVD Recorder 5 Platinum.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\WinGuard Pro 2006 6.0.3.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\WinGuard Pro 2006 6.0.3.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\WinRAR 3.50 Beta 1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\WinRAR 3.50 Beta 1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\WoltLab Burning Board 2.3.3 + Rus.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\WoltLab Burning Board 2.3.3 + Rus.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\World Racing 2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\World Racing 2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\WWW File Share Pro 3.20.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\WWW File Share Pro 3.20.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Your Uninstaller 2004 Pro 3.9.517.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Your Uninstaller 2004 Pro 3.9.517.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Zend Studio Client 4.0.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Complete\Zend Studio Client 4.0.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\User\Desktop\hix\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603
C:\Documents and Settings\User\Desktop\hix\scripts\IPLookup\portscan.exe Infected: not-a-virus:NetTool.Win32.Scan.12
C:\hixscriptv22.exe/hix/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603
C:\hixscriptv22.exe/hix/scripts/IPLookup/portscan.exe Infected: not-a-virus:NetTool.Win32.Scan.12
C:\hixscriptv22.exe Infected: not-a-virus:NetTool.Win32.Scan.12
C:\Program Files\winupdates\a.tmp Infected: Worm.Win32.VB.an
C:\Program Files\winupdates\a.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\winupdates\a.zip Infected: Worm.Win32.VB.an
C:\Program Files\winupdates\winupdates.exe Infected: Worm.Win32.VB.an
C:\System Volume Information\_restore{34FD258B-B0DC-4599-A474-92258E1EAA60}\RP101\A0021551.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616
C:\System Volume Information\_restore{34FD258B-B0DC-4599-A474-92258E1EAA60}\RP101\A0021551.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616

Scan process completed.
  • 0

#6
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Please print these instructions for use in safe mode.

Boot into safe mode by tapping the F8 key just before Windows starts to load. Use the arrow keys to select safe mode.

Once in safe mode:

Open HijackThis and click Scan. Put a check next to this:

O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto

Close all other windows except HijackThis and click Fix Checked.

Reconfigure Windows XP to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Then delete these two folders in bold:

C:\Documents and Settings\User\Complete
C:\Program Files\winupdates

Delete the complete contents of this folder in bold, not the folder itself:

C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar

Change the file view settings back to original when done.

Boot back into normal mode. Check if you can access your Task Manager and command prompt.

Please post a new HijackThis log for review.
  • 0

#7
deetz

deetz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Logfile of HijackThis v1.99.1
Scan saved at 4:53:55 PM, on 11/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\hjt\HijackThis.exe

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Ubisoft register.lnk = C:\Program Files\UBISOFT\Register\schedule.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  • 0

#8
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Looks clean.. :tazz:

Your log looks clean now.

Now let's reset your restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Please take the following into consideration to maintain a clean computer.

You are not running an antivirus and that pretty dangerous. Here are some free ones, take your pick.
Antivir
AVG

Now you should go get a firewall. Don't rely on the Windows firewall as it monitors only incoming traffic. Pick one of these, they are all free.
Kerio
Zonealarm
Sygate

I'll also recommend you to install a monitoring software which will monitor certain areas on your computer and will place alerts when those are being modified. One such software I'll recommend is Prevx, but it's for advanced users as the messages it displays can be hard to decipher. One other similar but more user friendly software is Winpatrol. Both are free programs.
Winpatrol
Prevx

Visit Windows Update regularly to get the latest security updates.You can also enable automatic updates.Your antivirus software and antispyware programs should also be updated regularly. Make a habit of running scans on a timely basis. Be careful about what you download, scan every file before clicking on it.

Additional programs to consider:

Spywareblaster Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.Restricts the actions of potentially unwanted sites in Internet Explorer.
Spywareguard An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware!
IE/Spyad
Adds a list of malicious sites to your Restricted Sites Zone.
Firefox An alternate browser safer than IE

A good article to read:
So how did I get infected in the first place?

Regards,

Armodeluxe
  • 0

#9
deetz

deetz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
thanks for your help but when I rund adaware im still seeing it on my pc.
  • 0

#10
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Did you empty your recycle bin?

Where exactly is Adaware seeing it? Can you tell the location?
  • 0

#11
deetz

deetz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ok i just ran adaware again and it found nothing this time. when i ran it earlier it came up with only 1 object for it and before it was 8. and now i guess that it is finally removed. thanks alot for all your help
  • 0

#12
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP