Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

help getting rid of


  • This topic is locked This topic is locked

#1
Bacobits

Bacobits

    Member

  • Member
  • PipPip
  • 13 posts
I have no idea what to do to get rid of this problem it is some worm called Win32.P2P-Worm-Alcan.a?? :tazz:

Here is what i got when i did a scan with adaware





Ad-Aware SE Build 1.06r1
Logfile Created on:Monday, November 21, 2005 9:51:55 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R75 15.11.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
AdRotator(TAC index:6):2 total references
MRU List(TAC index:0):4 total references
Win32.P2P-Worm.Alcan.a(TAC index:8):8 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


11-21-2005 9:51:55 PM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 600
ThreadCreationTime : 11-22-2005 5:51:19 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 664
ThreadCreationTime : 11-22-2005 5:51:21 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 692
ThreadCreationTime : 11-22-2005 5:51:22 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 736
ThreadCreationTime : 11-22-2005 5:51:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 748
ThreadCreationTime : 11-22-2005 5:51:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 904
ThreadCreationTime : 11-22-2005 5:51:22 AM
BasePriority : Normal


#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 916
ThreadCreationTime : 11-22-2005 5:51:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1004
ThreadCreationTime : 11-22-2005 5:51:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1096
ThreadCreationTime : 11-22-2005 5:51:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1144
ThreadCreationTime : 11-22-2005 5:51:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1268
ThreadCreationTime : 11-22-2005 5:51:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1468
ThreadCreationTime : 11-22-2005 5:51:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1820
ThreadCreationTime : 11-22-2005 5:51:27 AM
BasePriority : Normal


#:14 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1872
ThreadCreationTime : 11-22-2005 5:51:27 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:15 [smtray.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 1956
ThreadCreationTime : 11-22-2005 5:51:28 AM
BasePriority : Normal
FileVersion : 3, 2, 17, 0
ProductVersion : 3, 2, 0, 0
ProductName : SoundMAX Integrated Digital Audio
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX System Tray
InternalName : SMTray
LegalCopyright : Copyright © 2003 Analog Devices
OriginalFilename : SMTray.exe

#:16 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 1980
ThreadCreationTime : 11-22-2005 5:51:28 AM
BasePriority : Normal
FileVersion : 6.14.10.5120
ProductVersion : 6.14.10.5120
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2004 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:17 [swtrayv4.exe]
FilePath : C:\PROGRA~1\MICROS~4\GAMECO~1\Common\
ProcessID : 1996
ThreadCreationTime : 11-22-2005 5:51:28 AM
BasePriority : Normal
FileVersion : 4.03.253
ProductVersion : 4.03.253
ProductName : Microsoft Game Controller Software
CompanyName : Microsoft Corporation
FileDescription : MS SideWinder Tray Application
InternalName : MS SideWinder Tray Application
LegalCopyright : Copyright © 1995-1999 Microsoft Corporation
OriginalFilename : SWTRAYV4.EXE

#:18 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 2008
ThreadCreationTime : 11-22-2005 5:51:28 AM
BasePriority : Normal
FileVersion : 6.0.1.3
ProductVersion : 6.0.1.3
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:19 [winupdates.exe]
FilePath : C:\Program Files\winupdates\
ProcessID : 2016
ThreadCreationTime : 11-22-2005 5:51:28 AM
BasePriority : Normal
FileVersion : 3.06
ProductVersion : 3.06
ProductName : inno setup
CompanyName : inno setup
FileDescription : inno setup
InternalName : Setup
LegalCopyright : inno setup
LegalTrademarks : inno setup
OriginalFilename : Setup.exe
Comments : inno setup

#:20 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 2028
ThreadCreationTime : 11-22-2005 5:51:28 AM
BasePriority : Normal
FileVersion : 7.0.3
ProductVersion : QuickTime 7.0.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2005
OriginalFilename : QTTask.exe

#:21 [raid_tool.exe]
FilePath : C:\Program Files\VIA\RAID\
ProcessID : 180
ThreadCreationTime : 11-22-2005 5:51:28 AM
BasePriority : Normal
FileVersion : 2, 0, 1, 0
ProductVersion : 2, 0, 1, 0
ProductName : VIA RAID Tool
CompanyName : VIA
FileDescription : VIA RAID Tool
InternalName : raid_tool
LegalCopyright : Copyright © 2002
OriginalFilename : raid_tool.EXE

#:22 [smagent.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 864
ThreadCreationTime : 11-22-2005 5:51:37 AM
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe

#:23 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 784
ThreadCreationTime : 11-22-2005 5:51:37 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:24 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 1324
ThreadCreationTime : 11-22-2005 5:51:38 AM
BasePriority : Normal
FileVersion : 6.0.1.3
ProductVersion : 6.0.1.3
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:25 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1952
ThreadCreationTime : 11-22-2005 5:51:38 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:26 [wscntfy.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1360
ThreadCreationTime : 11-22-2005 5:51:39 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe

#:27 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2056
ThreadCreationTime : 11-22-2005 5:51:44 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

AdRotator Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adrotator.application

AdRotator Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{3e7145b1-ea07-42ce-9299-11df39ff54bd}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : bszip.dll
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 3.0.2.0
ProductVersion : 3.02
ProductName : BigSpeed Zip DLL
CompanyName : BigSpeedSoft
InternalName : bszip.dll
LegalCopyright : © BigSpeedSoft
LegalTrademarks : BigSpeed is a trademark of BigSpeedSoft
OriginalFilename : bszip.dll


Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3

Disk Scan Result for C:\DOCUME~1\linda\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
112 entries scanned.
New critical objects:0
Objects found so far: 3



MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : S-1-5-21-2000478354-343818398-839522115-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-2000478354-343818398-839522115-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : cmd.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\



Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : netstat.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\



Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : ping.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\



Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : regedit.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\



Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : taskkill.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\



Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : tasklist.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\



Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : tracert.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 14

9:52:23 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:00:27.985
Objects scanned:66949
Objects identified:10
Objects ignored:0
New critical objects:10
  • 0

Advertisements


#2
Cookiegal

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
I have replied in your other thread:

http://www.geekstogo...showtopic=80351
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP