Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

win32.p2p-alcan worm

Started by p_macc415 , Dec 23 2005 05:53 AM

  • Please log in to reply

#1
p_macc415
Posted 23 December 2005 - 05:53 AM

p_macc415

    New Member

  • Member
  • Pip
  • 3 posts
Whats up guys and girls. I got the alcan worm and its F*&%&^ my pc up. I scaned it already so I will post the scan results and if yall can help it would be tight.Thanx.Ps I also got the winfixer pop up all the time


Incident Status Location

Virus:W32/Alcan.A.worm Not disinfected Operating system
Adware:adware/wupd Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\MediaGatewayX.dll
Spyware:spyware/new.net Not disinfected C:\WINDOWS\NDNuninstall6_38-1.exe
Adware:adware/surfaccuracy Not disinfected C:\PROGRAM FILES\SurfAccuracy
Adware:adware/navhelper Not disinfected Windows Registry
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\Agnitum Outpost Firewall Pro 3.0.557.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\Ahead DVD Ripper Standard 1.3.9.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\Allok Audio Converter 1.0.2.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\Dracula III - Legacy.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\Dragon Warrior VII CD1 (PSX).zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\Dragon Warrior VII CD2 (PSX).zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\EasyPDF 2.2.1.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\Evidence Eraser Pro 3.0.0.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\Flash2Video 3.06.490.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\ImTOO PSP Video Converter 2.1.55.1205.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\Magicbit DVD Ripper Deluxe 1.3.20.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\Mcirosoft Frontpage 2003.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\Microsoft Exchange Server 2003.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\Microsoft Office Proofing Tools 2003.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\Microsoft Visio 2003 Professional.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\Microsoft Visual Studio 2005 Professio.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\MicrosoftOneNote 2003.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\Nero 7.0.1.4 Premium.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\Password Door 8.2.11.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\PCBoost 3.12.5.2005.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\PDF Stamp 2.0.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\Quality Outlook Express Backup 2.0.48.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\Rayman 2 The Great Escape.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\RioDVD Region Free Player 1.1.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\RM to AVI MPEG WMV VCD DVD Converter 2.6.0.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\SkyMark PathMaker 6.0.21.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\SuperAVConverter 6.2.10.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\Swellog Inventory 2.50.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\The 40 Years Old Virgin.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\The JukeBoxer 3.7.0.0.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\The Village.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\Ultra DVD Creator 1.4.0.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\Unearthed Catacombs (RPG).zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\UnityPro Thumbs Up 2.1.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\Utility Ping 1.2.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\VIDEOzilla 2.1.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\War of the Worlds.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\WinTools.net Professional 6.71.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\WMA To MP3 Encoder 5.07.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\Complete\WMV to AVI MPEG WMV VCD DVD Converter 2.6.0.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\My Documents\Program Files\winupdates\a.tmp
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\My Documents\Program Files\winupdates\a.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Documents and Settings\pmac\My Documents\Program Files\winupdates\winupdates.exe
Adware:Adware/Gator Not disinfected C:\Program Files\Common Files\prtdhfrn\bpfpnlbl\cbdlflfr.exe
Adware:Adware/Gator Not disinfected C:\Program Files\Common Files\prtdhfrn\plappdnhft\pddafppet.exe
Virus:W32/Alcan.A.worm Not disinfected C:\Program Files\winupdates\a.tmp
Virus:W32/Alcan.A.worm Not disinfected C:\Program Files\winupdates\a.zip[Setup.exe]
Virus:W32/Alcan.A.worm Not disinfected C:\Program Files\winupdates\winupdates.exe
Adware:Adware/WUpd Not disinfected C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll
Adware:Adware/Gator Not disinfected C:\WINDOWS\iGator\Trickler3103_PIC_fs_DMPT.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall6_38-1.exe
Adware:Adware/PortalScan Not disinfected C:\WINDOWS\system32\HyperLinker1.exe
Virus:W32/Alcan.A.worm Not disinfected D:\Program Files\Norton Anti Virus 2005\Setup.exe
Virus:W32/Alcan.A.worm Not disinfected D:\Program Files\Norton Anti Virus 2005.zip[Setup.exe]
  • 0

Advertisements

#2
p_macc415
Posted 23 December 2005 - 07:50 AM

p_macc415

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
If this helps I scaned it again. Thank you again.

Scans (basic information only):

Scan Results:
scan start: 12/23/2005 5:28:35 AM
scan stop: 12/23/2005 5:42:11 AM
scanned items: 47729
found items: 106
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner



Infection Name Location Risk
InternetOptimizer HKLM\Software\Microsoft\Internet Explorer\Main##BandRest High
InternetOptimizer HKU\S-1-5-21-842925246-1677128483-1957994488-1007\Software\Microsoft\Internet Explorer\Main##BandRest High
MediaGateway HKCR\MediaGatewayX.Installer Elevated
MediaGateway HKCR\MediaGatewayX.Installer## Elevated
MediaGateway HKCR\MediaGatewayX.Installer\CLSID Elevated
MediaGateway HKCR\MediaGatewayX.Installer\CLSID## Elevated
MediaGateway HKCR\MediaGatewayX.Installer\CurVer Elevated
MediaGateway HKCR\MediaGatewayX.Installer\CurVer## Elevated
MediaGateway HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll Elevated
MediaGateway HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll## Elevated
MediaGateway HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll##.Owner Elevated
NavHelper HKCR\AppID\NHelper.DLL Info & PUAs
NavHelper HKCR\AppID\NHelper.DLL## Info & PUAs
NavHelper HKCR\AppID\NHelper.DLL##AppID Info & PUAs
Trojan.Clicker.EP HKCR\KWPopper.Application High
Trojan.Clicker.EP HKCR\KWPopper.Application## High
Trojan.Clicker.EP HKCR\KWPopper.Application\CLSID High
Trojan.Clicker.EP HKCR\KWPopper.Application\CLSID## High
Trojan.Crypt.E HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run##winupdates High
WinFixer 2005 HKCR\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316} Elevated
WinFixer 2005 HKCR\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}## Elevated
WinFixer 2005 HKCR\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}\ProxyStubClsid Elevated
WinFixer 2005 HKCR\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}\ProxyStubClsid## Elevated
WinFixer 2005 HKCR\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}\ProxyStubClsid32 Elevated
WinFixer 2005 HKCR\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}\ProxyStubClsid32## Elevated
WinFixer 2005 HKCR\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}\TypeLib Elevated
WinFixer 2005 HKCR\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}\TypeLib## Elevated
WinFixer 2005 HKCR\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}\TypeLib##Version Elevated
Affiliated with Browser Hijackers : winantiviruspro.com Elevated
Anti-Phishing : winantivirus.com High
WinFixer 2005 : winfixer.com Elevated
180search Assistant HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{93CECBB2-6B1B-448D-91B9-72604EF70105} Elevated
180search Assistant HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{93CECBB2-6B1B-448D-91B9-72604EF70105}\iexplore Elevated
Common Components Unrelated HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping##{10E42047-DEB9-4535-A118-B3F6EC39B807} Medium
Common Components Unrelated HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} Medium
Common Components Unrelated HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807}\iexplore Medium
InternetOptimizer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} High
InternetOptimizer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\iexplore High
MediaGateway HKCR\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} Elevated
MediaGateway HKCR\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\Implemented Categories Elevated
MediaGateway HKCR\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Elevated
MediaGateway HKCR\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Elevated
MediaGateway HKCR\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\InfFile Elevated
MediaGateway HKCR\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\InprocServer32 Elevated
MediaGateway HKCR\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\ProgID Elevated
MediaGateway HKCR\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\Programmable Elevated
MediaGateway HKCR\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\TypeLib Elevated
MediaGateway HKCR\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\VersionIndependentProgID Elevated
MediaGateway HKLM\Software\Classes\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} Elevated
MediaGateway HKLM\Software\Classes\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\Implemented Categories Elevated
MediaGateway HKLM\Software\Classes\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Elevated
MediaGateway HKLM\Software\Classes\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Elevated
MediaGateway HKLM\Software\Classes\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\InfFile Elevated
MediaGateway HKLM\Software\Classes\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\InprocServer32 Elevated
MediaGateway HKLM\Software\Classes\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\ProgID Elevated
MediaGateway HKLM\Software\Classes\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\Programmable Elevated
MediaGateway HKLM\Software\Classes\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\TypeLib Elevated
MediaGateway HKLM\Software\Classes\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\VersionIndependentProgID Elevated
MediaGateway HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} Elevated
MediaGateway HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\iexplore Elevated
MediaGateway HKCR\CLSID\{D676F999-4608-4DC5-A135-4F51F4212739} Elevated
MediaGateway HKLM\Software\Classes\CLSID\{D676F999-4608-4DC5-A135-4F51F4212739} Elevated
SideFind HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} Elevated
SideFind HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\iexplore Elevated
Trojan.Clicker.EP HKCR\CLSID\{9D0505FD-6E32-497C-A2F1-8B9D5241E2C9} High
Trojan.Clicker.EP HKCR\CLSID\{9D0505FD-6E32-497C-A2F1-8B9D5241E2C9}\InprocHandler32 High
Trojan.Clicker.EP HKCR\CLSID\{9D0505FD-6E32-497C-A2F1-8B9D5241E2C9}\LocalServer32 High
Trojan.Clicker.EP HKCR\CLSID\{9D0505FD-6E32-497C-A2F1-8B9D5241E2C9}\ProgID High
Trojan.Clicker.EP HKLM\Software\Classes\CLSID\{9D0505FD-6E32-497C-A2F1-8B9D5241E2C9} High
Trojan.Clicker.EP HKLM\Software\Classes\CLSID\{9D0505FD-6E32-497C-A2F1-8B9D5241E2C9}\InprocHandler32 High
Trojan.Clicker.EP HKLM\Software\Classes\CLSID\{9D0505FD-6E32-497C-A2F1-8B9D5241E2C9}\LocalServer32 High
Trojan.Clicker.EP HKLM\Software\Classes\CLSID\{9D0505FD-6E32-497C-A2F1-8B9D5241E2C9}\ProgID High
YourSiteBar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} High
YourSiteBar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\iexplore High
Rogue Anti-Spyware Products C:\Documents and Settings\pmac\Local Settings\Temporary Internet Files\Content.IE5\Y9SD8Z0J\ButtonDownload[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\pmac\Local Settings\Temporary Internet Files\Content.IE5\Y9SD8Z0J\bullet_2[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\pmac\Local Settings\Temporary Internet Files\Content.IE5\SLAJWXIB\exitcon[1].js High
Rogue Anti-Spyware Products C:\Documents and Settings\pmac\Local Settings\Temporary Internet Files\Content.IE5\Y9SD8Z0J\Bg[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\pmac\Local Settings\Temporary Internet Files\Content.IE5\YHCDWRMH\addware[1].css High
Rogue Anti-Spyware Products C:\Documents and Settings\pmac\Local Settings\Temporary Internet Files\Content.IE5\YHCDWRMH\ButtonScan2[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\pmac\Local Settings\Temporary Internet Files\Content.IE5\W1URKPMR\NavHome_0[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\pmac\Local Settings\Temporary Internet Files\Content.IE5\W1URKPMR\Bullet[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\pmac\Local Settings\Temporary Internet Files\Content.IE5\W1URKPMR\awards[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\pmac\Local Settings\Temporary Internet Files\Content.IE5\YHCDWRMH\Logo[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\pmac\Local Settings\Temporary Internet Files\Content.IE5\YHCDWRMH\index[2].html High
Rogue Anti-Spyware Products C:\Documents and Settings\pmac\Local Settings\Temporary Internet Files\Content.IE5\Y9SD8Z0J\NavDownload[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\pmac\Local Settings\Temporary Internet Files\Content.IE5\SLAJWXIB\ButtonFeatures[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\pmac\Local Settings\Temporary Internet Files\Content.IE5\W1URKPMR\addware[1].js High
Rogue Anti-Spyware Products C:\Documents and Settings\pmac\Local Settings\Temporary Internet Files\Content.IE5\SLAJWXIB\NavFeatures[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\pmac\Local Settings\Temporary Internet Files\Content.IE5\SLAJWXIB\NavSupport[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\pmac\Cookies\[email protected][1].txt High
Tracking Cookie(s) C:\Documents and Settings\pmac\Cookies\[email protected][1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\pmac\Cookies\pmac@S139190[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\pmac\Cookies\pmac@geekstogo[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\pmac\Cookies\[email protected][2].txt Medium
Advertising C:\Documents and Settings\pmac\Cookies\pmac@doubleclick[1].txt Low
Surf Accuracy C:\Program Files\SurfAccuracy Elevated
MediaGateway C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll Elevated
Common Components for Claria C:\WINDOWS\iGator Elevated
Common Components for Claria C:\WINDOWS\iGator\Trickler3103_PIC_fs_DMPT.exe Elevated
LinkMaker Hijacker C:\WINDOWS\system32\HyperLinker1.exe Elevated
Trojan.Crypt.E C:\Documents and Settings\pmac\My Documents\Program Files\winupdates\a.tmp High
Trojan.Crypt.E C:\Documents and Settings\pmac\My Documents\Program Files\winupdates\winupdates.exe High
Trojan.Crypt.E C:\Program Files\winupdates\a.tmp High
Trojan.Crypt.E C:\Program Files\winupdates\winupdates.exe High
Trojan.Crypt.E D:\Program Files\Norton Anti Virus 2005\Setup.exe High


Other Sections:








Copyright ? 2003 PC Tools Research Pty Ltd. All rights reserved. Legal Notice
  • 0

#3
p_macc415
Posted 23 December 2005 - 10:08 AM

p_macc415

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Heres another one. Take your time if you guys are extremly busy,im patient.Thanks.


Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, December 23, 2005 7:40:47 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R82 19.12.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):3 total references
Win32.P2P-Worm.Alcan.a(TAC index:8):8 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


12-23-2005 7:40:47 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\pmac\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1677128483-1957994488-1007\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1677128483-1957994488-1007\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 464
ThreadCreationTime : 12-23-2005 3:05:58 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 512
ThreadCreationTime : 12-23-2005 3:06:06 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 536
ThreadCreationTime : 12-23-2005 3:06:06 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 580
ThreadCreationTime : 12-23-2005 3:06:07 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 592
ThreadCreationTime : 12-23-2005 3:06:07 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 740
ThreadCreationTime : 12-23-2005 3:06:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 840
ThreadCreationTime : 12-23-2005 3:06:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 880
ThreadCreationTime : 12-23-2005 3:06:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1008
ThreadCreationTime : 12-23-2005 3:06:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1052
ThreadCreationTime : 12-23-2005 3:06:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1140
ThreadCreationTime : 12-23-2005 3:06:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [atievxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1248
ThreadCreationTime : 12-23-2005 3:06:16 PM
BasePriority : Normal
FileVersion : 5.1.2482.0 (Lab01_N(ericks).010524-2202)
ProductVersion : 5.1.2482.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : ATI Hotkey polling utility
InternalName : atievxx.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : atievxx.exe

#:13 [wlservice.exe]
FilePath : C:\Program Files\Belkin\Belkin Wireless Network Utility\
ProcessID : 1260
ThreadCreationTime : 12-23-2005 3:06:16 PM
BasePriority : Normal


#:14 [wlancfgg.exe]
FilePath : C:\Program Files\Belkin\Belkin Wireless Network Utility\
ProcessID : 1276
ThreadCreationTime : 12-23-2005 3:06:16 PM
BasePriority : Normal
FileVersion : 1, 0, 3, 5
ProductVersion : 1, 0, 3, 5
ProductName : Wireless Monitor Application
FileDescription : Wireless Monitor Application
InternalName : WLanCfg
LegalCopyright : Copyright © 2002.08
OriginalFilename : WLanCfg.EXE

#:15 [locator.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1392
ThreadCreationTime : 12-23-2005 3:06:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Rpc Locator
InternalName : locator.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : locator.exe

#:16 [sdhelp.exe]
FilePath : D:\Spyware Doctor\
ProcessID : 1452
ThreadCreationTime : 12-23-2005 3:06:17 PM
BasePriority : Normal
FileVersion : 3.2.0.12
ProductVersion : 1.0.0.0
ProductName : Spyware Doctor
CompanyName : PC Tools

#:17 [tcpsvcs.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1488
ThreadCreationTime : 12-23-2005 3:06:21 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : TCP/IP Services Application
InternalName : TCPSVCS.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : TCPSVCS.EXE

#:18 [tlntsvr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1524
ThreadCreationTime : 12-23-2005 3:06:21 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Telnet
InternalName : tlntsvr.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : tlntsvr.exe

#:19 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1568
ThreadCreationTime : 12-23-2005 3:06:22 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:20 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1788
ThreadCreationTime : 12-23-2005 3:06:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:21 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 936
ThreadCreationTime : 12-23-2005 3:27:35 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:22 [wsrv32.exe]
FilePath : C:\WINDOWS\
ProcessID : 1228
ThreadCreationTime : 12-23-2005 3:27:44 PM
BasePriority : Normal
FileVersion : 7, 0, 0, 6
ProductVersion : 7, 0, 0, 6
LegalCopyright : Copyright © 2003

#:23 [mediagateway.exe]
FilePath : C:\Program Files\MediaGateway\
ProcessID : 1176
ThreadCreationTime : 12-23-2005 3:27:45 PM
BasePriority : Normal
FileVersion : 26, 0, 0, 148
ProductVersion : 26, 0, 0, 148
ProductName : MediaGateway
CompanyName : 180solutions
FileDescription : Give you access to free content.
InternalName : MediaGateway.exe
LegalCopyright : © 180solutions. All rights reserved.
OriginalFilename : MediaGateway.exe

#:24 [iissrv.exe]
FilePath : C:\WINDOWS\
ProcessID : 1356
ThreadCreationTime : 12-23-2005 3:27:45 PM
BasePriority : Normal
FileVersion : 7, 0, 0, 6
ProductVersion : 7, 0, 0, 6
LegalCopyright : Copyright © 2003

#:25 [jusched.exe]
FilePath : D:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 1656
ThreadCreationTime : 12-23-2005 3:27:46 PM
BasePriority : Normal


#:26 [swdoctor.exe]
FilePath : D:\Spyware Doctor\
ProcessID : 1648
ThreadCreationTime : 12-23-2005 3:27:48 PM
BasePriority : Normal
FileVersion : 3.2.2.453
ProductVersion : 3.2.2
ProductName : Spyware Doctor
CompanyName : PCTools
FileDescription : Spyware Doctor
InternalName : Spyware Doctor
LegalCopyright : Copyright © 2005. Distributed by PC Tools Pty Ltd
OriginalFilename : swdoctor.exe

#:27 [utility.exe]
FilePath : C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\
ProcessID : 1708
ThreadCreationTime : 12-23-2005 3:27:53 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 12
ProductVersion : 1, 0, 0, 12
ProductName : Utility Application
CompanyName : Belkin
FileDescription : WLANSTAT CONFIGURATION UTILITY
InternalName : Utility
LegalCopyright : Copyright © 2003-2004
OriginalFilename : Utility.EXE

#:28 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1088
ThreadCreationTime : 12-23-2005 3:40:31 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Trusted zone presumably compromised : winfixer.com

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : bszip.dll
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 3.0.2.0
ProductVersion : 3.02
ProductName : BigSpeed Zip DLL
CompanyName : BigSpeedSoft
InternalName : bszip.dll
LegalCopyright : © BigSpeedSoft
LegalTrademarks : BigSpeed is a trademark of BigSpeedSoft
OriginalFilename : bszip.dll


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 4




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : cmd.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\



Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : netstat.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\



Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : ping.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\



Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : regedit.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\



Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : taskkill.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\



Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : tasklist.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\



Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : tracert.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 11

7:47:06 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:06:18.294
Objects scanned:80104
Objects identified:8
Objects ignored:0
New critical objects:8
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP