Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HELP [CLOSED]

Started by rosegregg , Nov 29 2005 10:44 AM

  • This topic is locked This topic is locked

#1
rosegregg
Posted 29 November 2005 - 10:44 AM

rosegregg

    New Member

  • Member
  • Pip
  • 4 posts
how do i remove this, is it spyware, because if not I have that problem too! I get popups, and slow internet connection. I am on a cable modem. I ran adaware se and it said I have alcan but won't successfully remove it. Any help would be greatly appreciated! :tazz:
  • 0

Advertisements

#2
rosegregg
Posted 29 November 2005 - 12:42 PM

rosegregg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here is the report of a scan i ran after follow some advice from another post:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, November 29, 2005 13:39:57
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 29/11/2005
Kaspersky Anti-Virus database records: 162154
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 74747
Number of viruses found: 15
Number of infected objects: 207
Number of suspicious objects: 0
Duration of the scan process: 5206 sec

Infected Object Name - Virus Name
C:\Documents and Settings\power\Complete\14 Autodesk AutoCAD 2006 Products.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\14 Autodesk AutoCAD 2006 Products.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\20 hot pics of Shakira.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\20 hot pics of Shakira.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\2100 Ringtones.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\2100 Ringtones.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\400 mb Hack programs.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\400 mb Hack programs.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\A Smooth Jazz Christmas.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\A Smooth Jazz Christmas.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\A Thanksgiving Day present to the peop.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\A Thanksgiving Day present to the peop.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Ahead Nero 7.0 Ultra.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Ahead Nero 7.0 Ultra.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Amor Video Joiner 1.9.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Amor Video Joiner 1.9.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\AutoPlay Media Studio 6.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\AutoPlay Media Studio 6.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\BitDefender Professional Plus 9.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\BitDefender Professional Plus 9.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Calendar Builder 3.41.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Calendar Builder 3.41.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\CD MP3 Terminator 2.04.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\CD MP3 Terminator 2.04.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Commercial Fonts.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Commercial Fonts.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\DesktopX3.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\DesktopX3.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\DJ Envy - Def Jam R&B(2005).zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\DJ Envy - Def Jam R&B(2005).zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Drawing Hand Screensaver 7.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Drawing Hand Screensaver 7.1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Duplicate MP3 File Finder 6.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Duplicate MP3 File Finder 6.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Easy GIF Animator 3.21.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Easy GIF Animator 3.21.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\EMC RepliStor 6.0.3.422.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\EMC RepliStor 6.0.3.422.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Emergency 3.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Emergency 3.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Fantastic 4.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Fantastic 4.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\FANTASY VII.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\FANTASY VII.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\File Security Manager 1.2.6.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\File Security Manager 1.2.6.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Free Internet TV 4.6.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Free Internet TV 4.6.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Great Metal Covers 25.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Great Metal Covers 25.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Green Day - Bullet In A Bible.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Green Day - Bullet In A Bible.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Hacker 2005 - The Broken Link.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Hacker 2005 - The Broken Link.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\How to Feed Friends and Influence Peop.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\How to Feed Friends and Influence Peop.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Icash 3.01.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Icash 3.01.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Icon Pack Puft.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Icon Pack Puft.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\IERescuer 1.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\IERescuer 1.2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\ImTOO 3GP Video Converter 2.1.55.1117b.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\ImTOO 3GP Video Converter 2.1.55.1117b.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\IsoBuster Pro 1.6.0.19.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\IsoBuster Pro 1.6.0.19.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Java games for mobile phones.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Java games for mobile phones.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Korn - See You On The Other Side (2005).zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Korn - See You On The Other Side (2005).zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Live Billiards Deluxe 1.5.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Live Billiards Deluxe 1.5.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Logo Creators AIO.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Logo Creators AIO.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\London Racer Police Madness (RiTUEL Ri.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\London Racer Police Madness (RiTUEL Ri.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\London Racer Police Madness.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\London Racer Police Madness.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MahJong Suite 2005 2.10.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MahJong Suite 2005 2.10.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MakeInst 7.3.0.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MakeInst 7.3.0.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Matrix of Power.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Matrix of Power.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\McAfee 2005.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\McAfee 2005.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MediaMixer 4.04.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MediaMixer 4.04.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MonitorIT 7.0.24.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MonitorIT 7.0.24.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Mornings Wrath (DVN RiP).zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Mornings Wrath (DVN RiP).zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Mornings Wrath.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Mornings Wrath.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Morpheus Acceleration Patch 3.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Morpheus Acceleration Patch 3.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MP3 Filter 4.2.1.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MP3 Filter 4.2.1.2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MP3 Karaoke Collection - Part 1 (2Gb).zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MP3 Karaoke Collection - Part 1 (2Gb).zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MP3 Karaoke Collection - Part 1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MP3 Karaoke Collection - Part 1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MP3 Karaoke Collection - Part 2 (2Gb).zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MP3 Karaoke Collection - Part 2 (2Gb).zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MSN Messenger 8.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MSN Messenger 8.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Need For Speed Most Wanted.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Need For Speed Most Wanted.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Network Security Tools.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Network Security Tools.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Norton AntiVirus 2006.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Norton AntiVirus 2006.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Norton Application Removal Tool.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Norton Application Removal Tool.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Norton Ghost 10.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Norton Ghost 10.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Norton System Works 2006.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Norton System Works 2006.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Norton SystemWorks 2006.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Norton SystemWorks 2006.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Office 12 (2006).zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Office 12 (2006).zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Operation Flashpoint Platinum.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Operation Flashpoint Platinum.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\PC Magazine December 6 2005.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\PC Magazine December 6 2005.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\PC Magazine Home Networking Solutions.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\PC Magazine Home Networking Solutions.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\PDF Creators All In one.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\PDF Creators All In one.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Piotr Banach - Wu-Wei.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Piotr Banach - Wu-Wei.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Postal 2 Apocalypse Weekend.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Postal 2 Apocalypse Weekend.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\RapidShare Checker.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\RapidShare Checker.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Real Jigsaw Puzzle 1.0.6.927.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Real Jigsaw Puzzle 1.0.6.927.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\RegDoctor 1.42.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\RegDoctor 1.42.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Registry Repair 2006 4.0.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Registry Repair 2006 4.0.1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Remote Password Stealer 2.7.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Remote Password Stealer 2.7.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Resident Evil 2 The Apocalypse.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Resident Evil 2 The Apocalypse.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Roswell Pinball.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Roswell Pinball.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\SAS Anti-Terror Force.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\SAS Anti-Terror Force.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Search Engine Builder Professional 2.17.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Search Engine Builder Professional 2.17.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Serials DataBase.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Serials DataBase.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Symantec Antivirus Corporate.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Symantec Antivirus Corporate.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\The PC Detective 2.89.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\The PC Detective 2.89.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Ulead GIF Animator 5.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Ulead GIF Animator 5.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\UltraISO Media Edition 7.6.1.1125.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\UltraISO Media Edition 7.6.1.1125.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\VA - Massive Xmas Hits.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\VA - Massive Xmas Hits.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Virtual Reality Cat.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Virtual Reality Cat.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\WebEditor 2006 Suite.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\WebEditor 2006 Suite.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\WinAPRS 2.8.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\WinAPRS 2.8.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Wma to mp3 converter 2.8.5.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Wma to mp3 converter 2.8.5.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Local Settings\Temp\INV1.tmp/data0006 Infected: Backdoor.Win32.HacDef.bo
C:\Documents and Settings\power\Local Settings\Temp\INV1.tmp Infected: Backdoor.Win32.HacDef.bo
C:\Documents and Settings\power\Local Settings\Temporary Internet Files\Content.IE5\S5OJKFAN\SSInstaller[1].exe/data0006 Infected: Backdoor.Win32.HacDef.bo
C:\Documents and Settings\power\Local Settings\Temporary Internet Files\Content.IE5\S5OJKFAN\SSInstaller[1].exe Infected: Backdoor.Win32.HacDef.bo
C:\Program Files\CMSystem\cmappupdate.exe/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.a
C:\Program Files\CMSystem\cmappupdate.exe Infected: not-a-virus:AdWare.Win32.CASClient.a
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0DE311AB Infected: not-a-virus:AdWare.Win32.Virtumonde.p
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0DFA3792.htm Infected: Exploit.HTML.Mht
C:\Program Files\winupdates\a.tmp Infected: Worm.Win32.VB.an
C:\Program Files\winupdates\a.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\winupdates\a.zip Infected: Worm.Win32.VB.an
C:\Program Files\winupdates\winupdates.exe Infected: Worm.Win32.VB.an
C:\System Volume Information\_restore{188C820D-F98E-467A-999F-F073662DF5A1}\RP31\A0002067.exe Infected: Trojan-Dropper.Win32.Agent.abb
C:\System Volume Information\_restore{188C820D-F98E-467A-999F-F073662DF5A1}\RP31\A0002068.exe/data0006 Infected: Backdoor.Win32.HacDef.bo
C:\System Volume Information\_restore{188C820D-F98E-467A-999F-F073662DF5A1}\RP31\A0002068.exe Infected: Backdoor.Win32.HacDef.bo
C:\WINDOWS\Downloaded Program Files\MediaAccX.dll Infected: not-a-virus:AdWare.Win32.WinAD.af
C:\WINDOWS\lzoihga.exe Infected: Trojan-Dropper.Win32.Agent.mu
C:\WINDOWS\obioags.exe Infected: Trojan-Downloader.Win32.VB.hj
C:\WINDOWS\offun.exe Infected: Trojan-Downloader.Win32.VB.hw
C:\WINDOWS\pf78.exe/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.a
C:\WINDOWS\pf78.exe/data0003 Infected: not-a-virus:AdWare.Win32.CASClient.a
C:\WINDOWS\pf78.exe Infected: not-a-virus:AdWare.Win32.CASClient.a
C:\WINDOWS\system32\awvvw.dll Infected: Trojan-Spy.Win32.Agent.hn
C:\WINDOWS\system32\bho.dll Infected: not-a-virus:AdWare.Win32.HideOne.b
C:\WINDOWS\system32\InstallerV5a.exe/data0006 Infected: Backdoor.Win32.HacDef.bo
C:\WINDOWS\system32\InstallerV5a.exe Infected: Backdoor.Win32.HacDef.bo
C:\WINDOWS\system32\irasybyh.dll Infected: not-a-virus:AdWare.Win32.SafeSurfing.r
C:\WINDOWS\system32\irasyncd.exe Infected: not-a-virus:AdWare.Win32.SafeSurfing.x
C:\WINDOWS\system32\nse54.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.i
C:\WINDOWS\system32\nsq5A.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.i
C:\WINDOWS\system32\trafficsector_b2search.exe Infected: Trojan-Dropper.Win32.Agent.abb
D:\Media\Boris RED 3GL incl Plugins.zip/Setup.exe Infected: Worm.Win32.VB.an
D:\Media\Boris RED 3GL incl Plugins.zip Infected: Worm.Win32.VB.an
D:\Media\Boris Red Crack.exe/data0003 Infected: not-a-virus:AdWare.Win32.HotSearchBar.i
D:\Media\Boris Red Crack.exe Infected: not-a-virus:AdWare.Win32.HotSearchBar.i

Scan process completed.
  • 0

#3
Excal
Posted 29 November 2005 - 12:52 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi rosegregg and welcome to GeeksToGo! My name is Excal and I will be helping you.

Download HijackThis and post a logfile:
  • Download HijackThis.
  • Create a folder named "HijackThis". To create a folder:
    • Go to My Documents.
    • Right-click and select New> Folder.
    • Name the folder as "HijackThis".
  • Extract the contents of hijackthis.zip into the folder you've just created.
  • Open HijackThis.exe
  • Click on "Do a system scan and save a logfile".
  • After the scan is complete a Notepad window will popup.
  • In the Notepad window, go to Edit> Select all and then Edit> Copy.
  • Paste the log into your next reply.
Do NOT fix anything until we check your log. You can cause serious damage to your operating system if you fix a valid entry.
  • 0

#4
rosegregg
Posted 29 November 2005 - 09:51 PM

rosegregg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, November 29, 2005 13:39:57
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 29/11/2005
Kaspersky Anti-Virus database records: 162154
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 74747
Number of viruses found: 15
Number of infected objects: 207
Number of suspicious objects: 0
Duration of the scan process: 5206 sec

Infected Object Name - Virus Name
C:\Documents and Settings\power\Complete\14 Autodesk AutoCAD 2006 Products.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\14 Autodesk AutoCAD 2006 Products.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\20 hot pics of Shakira.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\20 hot pics of Shakira.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\2100 Ringtones.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\2100 Ringtones.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\400 mb Hack programs.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\400 mb Hack programs.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\A Smooth Jazz Christmas.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\A Smooth Jazz Christmas.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\A Thanksgiving Day present to the peop.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\A Thanksgiving Day present to the peop.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Ahead Nero 7.0 Ultra.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Ahead Nero 7.0 Ultra.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Amor Video Joiner 1.9.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Amor Video Joiner 1.9.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\AutoPlay Media Studio 6.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\AutoPlay Media Studio 6.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\BitDefender Professional Plus 9.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\BitDefender Professional Plus 9.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Calendar Builder 3.41.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Calendar Builder 3.41.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\CD MP3 Terminator 2.04.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\CD MP3 Terminator 2.04.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Commercial Fonts.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Commercial Fonts.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\DesktopX3.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\DesktopX3.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\DJ Envy - Def Jam R&B(2005).zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\DJ Envy - Def Jam R&B(2005).zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Drawing Hand Screensaver 7.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Drawing Hand Screensaver 7.1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Duplicate MP3 File Finder 6.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Duplicate MP3 File Finder 6.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Easy GIF Animator 3.21.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Easy GIF Animator 3.21.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\EMC RepliStor 6.0.3.422.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\EMC RepliStor 6.0.3.422.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Emergency 3.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Emergency 3.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Fantastic 4.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Fantastic 4.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\FANTASY VII.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\FANTASY VII.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\File Security Manager 1.2.6.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\File Security Manager 1.2.6.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Free Internet TV 4.6.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Free Internet TV 4.6.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Great Metal Covers 25.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Great Metal Covers 25.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Green Day - Bullet In A Bible.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Green Day - Bullet In A Bible.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Hacker 2005 - The Broken Link.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Hacker 2005 - The Broken Link.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\How to Feed Friends and Influence Peop.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\How to Feed Friends and Influence Peop.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Icash 3.01.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Icash 3.01.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Icon Pack Puft.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Icon Pack Puft.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\IERescuer 1.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\IERescuer 1.2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\ImTOO 3GP Video Converter 2.1.55.1117b.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\ImTOO 3GP Video Converter 2.1.55.1117b.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\IsoBuster Pro 1.6.0.19.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\IsoBuster Pro 1.6.0.19.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Java games for mobile phones.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Java games for mobile phones.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Korn - See You On The Other Side (2005).zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Korn - See You On The Other Side (2005).zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Live Billiards Deluxe 1.5.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Live Billiards Deluxe 1.5.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Logo Creators AIO.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Logo Creators AIO.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\London Racer Police Madness (RiTUEL Ri.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\London Racer Police Madness (RiTUEL Ri.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\London Racer Police Madness.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\London Racer Police Madness.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MahJong Suite 2005 2.10.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MahJong Suite 2005 2.10.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MakeInst 7.3.0.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MakeInst 7.3.0.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Matrix of Power.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Matrix of Power.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\McAfee 2005.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\McAfee 2005.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MediaMixer 4.04.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MediaMixer 4.04.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MonitorIT 7.0.24.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MonitorIT 7.0.24.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Mornings Wrath (DVN RiP).zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Mornings Wrath (DVN RiP).zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Mornings Wrath.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Mornings Wrath.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Morpheus Acceleration Patch 3.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Morpheus Acceleration Patch 3.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MP3 Filter 4.2.1.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MP3 Filter 4.2.1.2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MP3 Karaoke Collection - Part 1 (2Gb).zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MP3 Karaoke Collection - Part 1 (2Gb).zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MP3 Karaoke Collection - Part 1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MP3 Karaoke Collection - Part 1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MP3 Karaoke Collection - Part 2 (2Gb).zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MP3 Karaoke Collection - Part 2 (2Gb).zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MSN Messenger 8.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\MSN Messenger 8.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Need For Speed Most Wanted.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Need For Speed Most Wanted.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Network Security Tools.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Network Security Tools.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Norton AntiVirus 2006.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Norton AntiVirus 2006.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Norton Application Removal Tool.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Norton Application Removal Tool.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Norton Ghost 10.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Norton Ghost 10.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Norton System Works 2006.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Norton System Works 2006.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Norton SystemWorks 2006.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Norton SystemWorks 2006.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Office 12 (2006).zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Office 12 (2006).zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Operation Flashpoint Platinum.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Operation Flashpoint Platinum.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\PC Magazine December 6 2005.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\PC Magazine December 6 2005.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\PC Magazine Home Networking Solutions.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\PC Magazine Home Networking Solutions.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\PDF Creators All In one.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\PDF Creators All In one.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Piotr Banach - Wu-Wei.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Piotr Banach - Wu-Wei.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Postal 2 Apocalypse Weekend.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Postal 2 Apocalypse Weekend.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\RapidShare Checker.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\RapidShare Checker.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Real Jigsaw Puzzle 1.0.6.927.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Real Jigsaw Puzzle 1.0.6.927.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\RegDoctor 1.42.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\RegDoctor 1.42.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Registry Repair 2006 4.0.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Registry Repair 2006 4.0.1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Remote Password Stealer 2.7.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Remote Password Stealer 2.7.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Resident Evil 2 The Apocalypse.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Resident Evil 2 The Apocalypse.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Roswell Pinball.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Roswell Pinball.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\SAS Anti-Terror Force.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\SAS Anti-Terror Force.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Search Engine Builder Professional 2.17.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Search Engine Builder Professional 2.17.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Serials DataBase.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Serials DataBase.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Symantec Antivirus Corporate.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Symantec Antivirus Corporate.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\The PC Detective 2.89.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\The PC Detective 2.89.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Ulead GIF Animator 5.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Ulead GIF Animator 5.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\UltraISO Media Edition 7.6.1.1125.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\UltraISO Media Edition 7.6.1.1125.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\VA - Massive Xmas Hits.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\VA - Massive Xmas Hits.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Virtual Reality Cat.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Virtual Reality Cat.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\WebEditor 2006 Suite.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\WebEditor 2006 Suite.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\WinAPRS 2.8.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\WinAPRS 2.8.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Wma to mp3 converter 2.8.5.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Complete\Wma to mp3 converter 2.8.5.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\power\Local Settings\Temp\INV1.tmp/data0006 Infected: Backdoor.Win32.HacDef.bo
C:\Documents and Settings\power\Local Settings\Temp\INV1.tmp Infected: Backdoor.Win32.HacDef.bo
C:\Documents and Settings\power\Local Settings\Temporary Internet Files\Content.IE5\S5OJKFAN\SSInstaller[1].exe/data0006 Infected: Backdoor.Win32.HacDef.bo
C:\Documents and Settings\power\Local Settings\Temporary Internet Files\Content.IE5\S5OJKFAN\SSInstaller[1].exe Infected: Backdoor.Win32.HacDef.bo
C:\Program Files\CMSystem\cmappupdate.exe/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.a
C:\Program Files\CMSystem\cmappupdate.exe Infected: not-a-virus:AdWare.Win32.CASClient.a
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0DE311AB Infected: not-a-virus:AdWare.Win32.Virtumonde.p
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0DFA3792.htm Infected: Exploit.HTML.Mht
C:\Program Files\winupdates\a.tmp Infected: Worm.Win32.VB.an
C:\Program Files\winupdates\a.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Program Files\winupdates\a.zip Infected: Worm.Win32.VB.an
C:\Program Files\winupdates\winupdates.exe Infected: Worm.Win32.VB.an
C:\System Volume Information\_restore{188C820D-F98E-467A-999F-F073662DF5A1}\RP31\A0002067.exe Infected: Trojan-Dropper.Win32.Agent.abb
C:\System Volume Information\_restore{188C820D-F98E-467A-999F-F073662DF5A1}\RP31\A0002068.exe/data0006 Infected: Backdoor.Win32.HacDef.bo
C:\System Volume Information\_restore{188C820D-F98E-467A-999F-F073662DF5A1}\RP31\A0002068.exe Infected: Backdoor.Win32.HacDef.bo
C:\WINDOWS\Downloaded Program Files\MediaAccX.dll Infected: not-a-virus:AdWare.Win32.WinAD.af
C:\WINDOWS\lzoihga.exe Infected: Trojan-Dropper.Win32.Agent.mu
C:\WINDOWS\obioags.exe Infected: Trojan-Downloader.Win32.VB.hj
C:\WINDOWS\offun.exe Infected: Trojan-Downloader.Win32.VB.hw
C:\WINDOWS\pf78.exe/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.a
C:\WINDOWS\pf78.exe/data0003 Infected: not-a-virus:AdWare.Win32.CASClient.a
C:\WINDOWS\pf78.exe Infected: not-a-virus:AdWare.Win32.CASClient.a
C:\WINDOWS\system32\awvvw.dll Infected: Trojan-Spy.Win32.Agent.hn
C:\WINDOWS\system32\bho.dll Infected: not-a-virus:AdWare.Win32.HideOne.b
C:\WINDOWS\system32\InstallerV5a.exe/data0006 Infected: Backdoor.Win32.HacDef.bo
C:\WINDOWS\system32\InstallerV5a.exe Infected: Backdoor.Win32.HacDef.bo
C:\WINDOWS\system32\irasybyh.dll Infected: not-a-virus:AdWare.Win32.SafeSurfing.r
C:\WINDOWS\system32\irasyncd.exe Infected: not-a-virus:AdWare.Win32.SafeSurfing.x
C:\WINDOWS\system32\nse54.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.i
C:\WINDOWS\system32\nsq5A.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.i
C:\WINDOWS\system32\trafficsector_b2search.exe Infected: Trojan-Dropper.Win32.Agent.abb
D:\Media\Boris RED 3GL incl Plugins.zip/Setup.exe Infected: Worm.Win32.VB.an
D:\Media\Boris RED 3GL incl Plugins.zip Infected: Worm.Win32.VB.an
D:\Media\Boris Red Crack.exe/data0003 Infected: not-a-virus:AdWare.Win32.HotSearchBar.i
D:\Media\Boris Red Crack.exe Infected: not-a-virus:AdWare.Win32.HotSearchBar.i

Scan process completed.
  • 0

#5
Excal
Posted 30 November 2005 - 06:18 AM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Please post a HiJackthis log please.


thank,

:tazz:

Excal
  • 0

#6
rosegregg
Posted 30 November 2005 - 10:00 PM

rosegregg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Oops sorry I copy and pasted the wrong thing. Here is the hijack this log.... i hope :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 10:58:57 PM, on 11/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\Program Files\winupdates\winupdates.exe
C:\WINDOWS\obioags.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\CMMan\CMMan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\lzoihga.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\power\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://outdoorsbest....zeroforum?id=11
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS\system32\irasybyh.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [obioags] C:\WINDOWS\obioags.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [irassync] C:\WINDOWS\system32\irasyncd.exe
O4 - HKCU\..\Run: [CMMan] "C:\Program Files\CMMan\CMMan.exe"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c9.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1097904260497
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.salisb...sCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab31267.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {6793D547-38DD-4325-B35A-F1817EDFA567} - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\lzoihga.exe
  • 0

#7
Excal
Posted 01 December 2005 - 06:26 AM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted


DOWNLOAD PROGRAMS

Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Download and install CleanUp! Here
*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
We will use this program later.


THE FIX

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Open up and run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan when it ask if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop
Close Ewido

5. Close all browsers, windows and unneeded programs.

6. Open HiJack and do a scan.

7. Put a Check next to the following items:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS\system32\irasybyh.dll
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [obioags] C:\WINDOWS\obioags.exe
O4 - HKCU\..\Run: [irassync] C:\WINDOWS\system32\irasyncd.exe
O4 - HKCU\..\Run: [CMMan] "C:\Program Files\CMMan\CMMan.exe"
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c9.cab
O18 - Filter: text/html - {6793D547-38DD-4325-B35A-F1817EDFA567} - (no file)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\lzoihga.exe

8. click the Fix Checked box

9. Please remove these entries from Add/Remove Programs in the Control Panel(if present):

WinTools
Windows Overlay Components
winupdates

10. Please remove the following folders using Windows Explorer (if present):

C:\Program Files\Common Files\WinTools
C:\Program Files\winupdates
C:\Program Files\CMMan

11. Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\obioags.exe
C:\WINDOWS\system32\irasyncd.exe
C:\WINDOWS\lzoihga.exe

12. Run the program CleanUp!

13. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

14. Please post the Active scan log, Ewido Log and a fresh HiJackThis log. Let me know how your computer is running.
  • 0

#8
Excal
Posted 14 December 2005 - 04:19 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP