Two Plus Two Newer Archives  

Go Back   Two Plus Two Newer Archives > Other Topics > Computer Technical Help
Reload this Page Internet Speed Monitor.... help me kill this virus
FAQ Community Calendar Today's Posts Search

Reply
Page 1 of 2 1 2
 
Thread Tools Display Modes
  #1  
Old 08-28-2007, 03:34 PM
daveT daveT is offline
Senior Member
  
Join Date: Jun 2005
Location: disproving SAGE
Posts: 2,458
Default Internet Speed Monitor.... help me kill this virus
First time poster. I don't know the ethics of this forum.

I have obtained, courtesy of Rhapsody, a virus called Internet Speed Monitor. I looked all over online for information on this thing, and the information is plain wrong.

The first thing that happens is that you get a box opening up saying that your internet is slow, would you like to check it out? Of coarse not, as I can check this myself. Whether you press yes or no, the program begins downloading on the computer. I have already spent twelve hours on this thing. I have located 53 files of Trojans, miscellaneous, and .exe. The main thing is the .exe.

The .exe is a file that forces open several website. The websites involved are:

svchost
svehost
svchots
creditcard
exitetrade

and the list goes on and on.

The virus is not, as the internet searches dictate, and Adware. Is is an umbrella spyware, involving several sites.

This virus has opened over 50 internet windows on my computer, freezing Windows.

One of these sites is a pornsite. Another window pops open, asking if you would like these windows to stop. This is from a site called Purity. I simply x'ed out the box and the .exe downloaded on my computer anyways. This process was then continued with WinVirusPro 2007.

I did a full sweep of my computer and found all the files and contained them. This lasted all of a week, and now I have a newer version of Internet Speed Monitor.

Internet Speed Monitor runs on IE. I use FireFox.

I am afraid to manually extract all of the files, but I guess it needs to be done.

I will gladly post the entire Virus, with as much description as possible, or anything else that is needed.

Thank you all for your time. I am guessing that this could be a fascinating learning experience for everyone involved.

daveT.
Reply With Quote
  #2  
Old 08-28-2007, 05:07 PM
im_not_1337 im_not_1337 is offline
Member
  
Join Date: Jul 2007
Posts: 78
Default Re: Internet Speed Monitor.... help me kill this virus
It sounds like you are pretty infected and having troubles.

BEFORE BEGINNING, Please read completely through the instructions below. You may want to print these instructions or copy them to Notepad (or another word processor), and save it for easier reference. This is because we will be in Safe Mode during the fix and you won’t be able to access the Internet to view these instructions.

1. Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, look if you can click next icon next to the files found:
• If so, click it and then click the next icon right below and select Move incurable
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

2. Lets run an antivirus scan online. Lets try Trend Micro’s HouseCall. http://housecall.trendmicro.com/ . Make sure you scan your entire computer for everything listed, especially if it mentions hidden or archived files. Let it remove anything it finds and save the log. Then reboot your computer.

2. Please download CCleaner (http://www.ccleaner.com/download/) (you may already have this) and save it to your desktop:
• Run the CCleaner installer.
• During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
• Please do NOT run a scan with CCleaner yet!

3. Please download and install SUPERAntiSpyware (http://www.superantispyware.com/down...NTISPYWAREFREE) (This program is a resource hog, so after we are all done with this, I recommend you uninstall this)
• Load SUPERAntiSpyware and click the Check for Updates button.
• Once the update has finished, exit SUPERAntiSpyware.
• Please do NOT run a scan with SUPERAntiSpyware yet!

4. Please reboot your computer into Safe Mode by doing the following:
• Reboot your computer.
• After hearing your computer beep once during startup, but just before the Windows icon appears, begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Instead of Windows loading as normal, a menu should appear.
• Using the arrow keys on the keyboard, scroll to and select the "Safe Mode" menu item, and then press "Enter".

5. Once in Safe Mode, please run CCleaner. (If a reboot is required, please boot BACK into Safe Mode)
• Click the Windows tab.
• Select the following:
o Check everything under the "Internet Explorer" section.
o Check everything under the "Windows Explorer" section.
o Check everything under the "System" section.
o Check ONLY "Old Prefetch data" under the "Advanced" section.
• Then, click the "Applications" tab:
o CHECK everything there.
• Next, click the "Options" button in the left pane, then click the "Advanced" button:
o UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".
• Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.
• When done, please exit CCleaner.


7. Then please run a scan with SUPERAntiSpyware:

IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.
• Open SUPERAntiSpyware and click the "Scan your Computer" button.
• Check "Perform Complete Scan" and then click "Next".
• SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
• Make sure that they all have a check next to them, and then click "Next".
• Click "Finish" and you will be taken back to the main interface.
• It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
• I'll need a log afterwards of what has been found.
• To get the log, click "Preferences" and then click the "Statistics/Logs" tab. Click the dated log and press "View Log" and a text file will appear.
• Please post the results of the SUPERAntiSpyware log in your next reply.

8. Reboot Back into NORMAL MODE.

Download and run HijackThis and click "Scan". Save your log to your desktop.

NEXT:

Please make sure you have rebooted back into normal mode post these logs in your next reply (s):
1. Drweb cureit log
2. Trend micro online scan log
3. Superantispyware log
4. A hijackthis log (important)

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted and what kind of progress we have made.
Reply With Quote
  #3  
Old 08-28-2007, 06:28 PM
daveT daveT is offline
Senior Member
  
Join Date: Jun 2005
Location: disproving SAGE
Posts: 2,458
Default Re: Internet Speed Monitor.... help me kill this virus
wow!!!!!

That's some process. I see why people charge so much money for this stuff now!

I just ran another sweep, found 15 more items, and there's still stuff popping up. So, I guess I will have to jump on this right now.

Thanks a ton.

daveT.
Reply With Quote
  #4  
Old 08-28-2007, 08:24 PM
daveT daveT is offline
Senior Member
  
Join Date: Jun 2005
Location: disproving SAGE
Posts: 2,458
Default Re: Internet Speed Monitor.... help me kill this virus
So.....

Step one. I get into "safe mode."

Now, when I downloaded this web-dr, it simply began downloading as soon as I clicked the link.

In SafeMode, it tells me that I need to buy it. I waited, just to see if it would do anything, and nothing happened, except my computer restarted.

To be honest: If I have to spend a few hundred dollars to use all of these programs, I will just go ahead and buy a new computer.
Reply With Quote
  #5  
Old 08-28-2007, 11:34 PM
im_not_1337 im_not_1337 is offline
Member
  
Join Date: Jul 2007
Posts: 78
Default Re: Internet Speed Monitor.... help me kill this virus
No, everything i have posted is completely free. The bestbuy geeksquad usually charges $300 for service like this lol, its redic. Anyway, i tried out the above link for dr web cureit, and it worked just fine. Try it once more for me. If you can't get it to work, try it in normal mode not safe mode. Let me know how it goes.
Reply With Quote
  #6  
Old 08-29-2007, 04:10 AM
NT! NT! is offline
Senior Member
  
Join Date: Feb 2004
Location: i ain\'t got my taco
Posts: 17,165
Default Re: Internet Speed Monitor.... help me kill this virus
im_not,

when i run the dr web app, the buy info pops up too, and nothing else happens. my computer currently won't connect to the internet at all. (posting from my laptop obv). is a scan running in the background? if it is supposed to be 'quick' it is taking a long time, maybe there is a problem with the program?
Reply With Quote
  #7  
Old 08-29-2007, 05:58 AM
im_not_1337 im_not_1337 is offline
Member
  
Join Date: Jul 2007
Posts: 78
Default Re: Internet Speed Monitor.... help me kill this virus
Oops, im sorry guys, it looks like i was posting an old link to Dr. Web's cureit i had saved. I guess the old version was buggy, but the one i am linking to here i have tested and it works just fine. Just delete the old one. Here is the real link: ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe


Sorry about that.
Reply With Quote
  #8  
Old 08-29-2007, 01:40 PM
daveT daveT is offline
Senior Member
  
Join Date: Jun 2005
Location: disproving SAGE
Posts: 2,458
Default Re: Internet Speed Monitor.... help me kill this virus
Okay. So, I had to leave last night, but I have about ten hours to check kill this thing today.....

Starting with the new link right (now)
Reply With Quote
  #9  
Old 08-29-2007, 06:19 PM
daveT daveT is offline
Senior Member
  
Join Date: Jun 2005
Location: disproving SAGE
Posts: 2,458
Default Re: Internet Speed Monitor.... help me kill this virus
I am done with the DRWeb scan. I had to run it in Normal Mode. In Safe Mode, Windows simply restarted.

I don't know how to put all of the following in Palatable form, so here is an outline of what follows. I don't know if anything is important, but I guess for educational/ information sake, it could be of interest.


1- From DRWeb
2- History of Viral Scan/ Healing on 5/25
3- History of Viral Scan/ Healing on 5/28
4- Virus Vault of my Security System

Mind that some of the things in the Virus Vault are still posing a threat. I will compile a list if asked for it.

---------1--------1-------1------1-----1-----1

From DRWeb:

tmp13.tmp.exe;C:\Documents and Settings\new\Application Data;Trojan.Virtumod;Deleted.;
tmp1D.tmp.exe;C:\Documents and Settings\new\Application Data;Trojan.Virtumod;Deleted.;
tmp2.tmp.exe;C:\Documents and Settings\new\Application Data;Trojan.Virtumod;Deleted.;
tmp28.tmp.exe;C:\Documents and Settings\new\Application Data;Trojan.Virtumod;Deleted.;
tmp33.tmp.exe;C:\Documents and Settings\new\Application Data;Trojan.Virtumod;Deleted.;
tmp44.tmp.exe;C:\Documents and Settings\new\Application Data;Trojan.Virtumod;Deleted.;
tmp4C.tmp.exe;C:\Documents and Settings\new\Application Data;Trojan.Virtumod;Deleted.;
tmp62.tmp.exe;C:\Documents and Settings\new\Application Data;Trojan.Virtumod;Deleted.;
tmp6E.tmp.exe;C:\Documents and Settings\new\Application Data;Trojan.Virtumod;Deleted.;
tmp6F.tmp.exe;C:\Documents and Settings\new\Application Data;Trojan.Virtumod;Deleted.;
tmpA.tmp.exe;C:\Documents and Settings\new\Application Data;Trojan.Virtumod;Deleted.;
counter[1].htm\JavaScript.0;C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\41UJSXYB\counter[1].htm;VBS.PackFor;;
counter[1].htm;C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\41UJSXYB;Archive contains infected objects;Moved.;
counter[2].htm\JavaScript.0;C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\41UJSXYB\counter[2].htm;VBS.PackFor;;
counter[2].htm;C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\41UJSXYB;Archive contains infected objects;Moved.;
ffa_dn[1];C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\41UJSXYB;Trojan.Virtumod;Deleted .;
count[1].htm\javascript.0;C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\GPMZKLQ7\count[1].htm;VBS.Psyme.377;;
count[1].htm;C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\GPMZKLQ7;Archive contains infected objects;Moved.;
usa01[1].htm\JavaScript.0;C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\GPMZKLQ7\usa01[1].htm;VBS.PackFor;;
usa01[1].htm;C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\GPMZKLQ7;Archive contains infected objects;Moved.;
counter[2].htm\JavaScript.0;C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\W5E3G1AV\counter[2].htm;VBS.PackFor;;
counter[2].htm;C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\W5E3G1AV;Archive contains infected objects;Moved.;
ffa_dn[1];C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\W5E3G1AV;Trojan.Virtumod;Deleted .;
ffa_dn[2];C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\W5E3G1AV;Trojan.Virtumod;Deleted .;
popinstall.exe;C:\Program Files\InetGet2;Trojan.Winpop;Deleted.;
BndDrive.dll;C:\Program Files\ISM;Adware.SearchAid.37;;
A0049682.exe;C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP29;Trojan.Fakealert.305 - read error;Deleted.;
A0050690.exe;C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP29;Trojan.Fakealert.305 - read error;Deleted.;
A0050691.ini;C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP29;Trojan.Fakealert.305 - read error;Deleted.;
A0050692.dll;C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP29;Trojan.Fakealert.305 - read error;Deleted.;
A0050698.exe;C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP29;Trojan.Fakealert.305 - read error;Deleted.;
A0050748.exe;C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP29;Trojan.LowZones.267;Deleted.;
A0052749.dll;C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP30;Trojan.Virtumod;Deleted.;
A0052750.dll;C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP30;Trojan.Virtumod;Deleted.;
A0052751.dll;C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP30;Trojan.Virtumod;Deleted.;
A0053749.dll;C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP30;Trojan.Virtumod;Deleted.;
A0053800.dll;C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP32;Trojan.Virtumod;Deleted.;
A0054800.dll;C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP32;Trojan.Virtumod;Deleted.;
A0056993.dll;C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33;Trojan.Virtumod;Deleted.;
A0067023.exe;C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP37;Trojan.Virtumod;Deleted.;
A0067024.exe;C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP37;Trojan.Virtumod;Deleted.;
A0067025.exe;C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP37;Trojan.Virtumod;Deleted.;
A0067026.exe;C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP37;Trojan.Virtumod;Deleted.;
A0067027.exe;C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP37;Trojan.Virtumod;Deleted.;
A0067028.exe;C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP37;Trojan.Virtumod;Deleted.;
A0067029.exe;C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP37;Trojan.Virtumod;Deleted.;
A0067030.exe;C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP37;Trojan.Virtumod;Deleted.;
A0067031.exe;C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP37;Trojan.Virtumod;Deleted.;
A0067032.exe;C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP37;Trojan.Virtumod;Deleted.;
A0067033.exe;C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP37;Trojan.Virtumod;Deleted.;
A0067034.exe;C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP37;Trojan.Winpop;Deleted.;
awwvts.dll;C:\WINDOWS;Trojan.Virtumod;Deleted.;
gebbxv.dll;C:\WINDOWS;Trojan.Virtumod;Deleted.;
nnklif.dll;C:\WINDOWS;Trojan.Virtumod;Deleted.;
tusqop.dll;C:\WINDOWS;Trojan.Virtumod;Deleted.;
hadjajr.ini;C:\WINDOWS\system32;Trojan.Fakealert.3 05 - read error;Deleted.;
msbind32.exe;C:\WINDOWS\system32;Trojan.Fakealert. 319;Deleted.;
vtr.dll;C:\WINDOWS\system32;Trojan.Fakealert.305 - read error;Deleted.;
winavxx.exe;C:\WINDOWS\system32;Trojan.Fakealert.3 05 - read error;Deleted.;

-------2-------2------2------2--------2------2

Virus Scan/ Healing/ Moving from 5/25

"Scanned","70971"
"Threats Found","51"
"Cleaned","0"
"Moved to vault","0"
"Deleted","50"
"Errors","0"
"C:\DOCUME~1\new\LOCALS~1\Temp\HalSrv64\svchost.ex e","","Deleted"
"C:\DOCUME~1\new\LOCALS~1\Temp\Persist32\svchost.e xe","","Deleted"
"C:\DOCUME~1\new\LOCALS~1\Temp\Redist32A\svchost.e xe","","Deleted"
"C:\DOCUME~1\new\LOCALS~1\Temp\bq0\svchost.exe","" ,"Deleted"
"C:\DOCUME~1\new\LOCALS~1\Temp\svchots.exe","","De leted"
"C:\Documents and Settings\new\svchost.exe","","Deleted"
"C:\WINDOWS\system32\KB_963491.exe","","Delete d"
"C:\WINDOWS\system32\clcl14.exe","","Deleted"
"C:\WINDOWS\system32\drivers\svchost.exe","","Dele ted"
"C:\WINDOWS\system32\svehost.exe","","Deleted"
"C:\WINDOWS\system32\sysalgg.exe","","Deleted"
"C:\1228666","","Deleted"
"C:\78.tmp","","Deleted"
"C:\Documents and Settings\new\Application Data\tmp16.tmp.exe","","Deleted"
"C:\Documents and Settings\new\Application Data\tmp2C.tmp.exe","","Deleted"
"C:\Documents and Settings\new\Application Data\tmp63.tmp.exe","","Deleted"
"C:\Documents and Settings\new\Application Data\tmp70.tmp.exe","","Deleted"
"C:\Documents and Settings\new\Application Data\tmp72.tmp.exe","","Deleted"
"C:\Documents and Settings\new\Application Data\tmpB.tmp.exe","","Deleted"
"C:\Documents and Settings\new\Application Data\tmpF.tmp.exe","","Deleted"
"C:\Documents and Settings\new\Local Settings\Temp\2137213136.exe","","Deleted"
"C:\Documents and Settings\new\Local Settings\Temp\2364648736.exe","","Deleted"
"C:\Documents and Settings\new\Local Settings\Temp\322011568.exe","","Deleted"
"C:\Documents and Settings\new\Local Settings\Temp\487011808.exe","","Deleted"
"C:\Documents and Settings\new\Local Settings\Temp\799870240.exe","","Deleted"
"C:\Documents and Settings\new\Local Settings\Temp\bb.exe","","Deleted"
"C:\Documents and Settings\new\Local Settings\Temp\dekm.exe","","Deleted"
"C:\Documents and Settings\new\Local Settings\Temp\ffdn.exe","","Deleted"
"C:\Documents and Settings\new\Local Settings\Temp\par84D.tmp","","Deleted"
"C:\Documents and Settings\new\Local Settings\Temp\rsysinit.exe","","Deleted"
"C:\Documents and Settings\new\Local Settings\Temp\temp.exe","","Deleted"
"C:\Documents and Settings\new\Local Settings\Temp\~5536.tmp","","Deleted"
"C:\Documents and Settings\new\Local Settings\Temp\bq0\svchost.exe","","Deleted"
"C:\Documents and Settings\new\Local Settings\Temp\HalSrv64\svchost.exe","","Deleted"
"C:\Documents and Settings\new\Local Settings\Temp\Persist32\svchost.exe","","Deleted"
"C:\Documents and Settings\new\Local Settings\Temp\Redist32A\svchost.exe","","Deleted"
"C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\41UJSXYB\1808[1]","","Deleted"
"C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\41UJSXYB\packed_installer_cna[1]","","Deleted"
"C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\41UJSXYB\papamisha[1]","","Deleted"
"C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\41UJSXYB\rd[1].htm","","Deleted"
"C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\GPMZKLQ7\e199[1]","","Deleted"
"C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\GPMZKLQ7\eagle[1]","","Deleted"
"C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\GPMZKLQ7\rd[1].htm","","Deleted"
"C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\O9IJ0TIR\dedamisha[1]","","Deleted"
"C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\W5E3G1AV\papamisha[1]","","Deleted"
"C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\W5E3G1AV\sysalgg[1].exe","","Deleted"
"C:\Program Files\Common Files\Yazzle1552OinAdmin.exe","","Deleted"
"C:\WINDOWS\b122.exe","","Deleted"
"C:\WINDOWS\retadpu72.exe","","Deleted"
"C:\WINDOWS\system32\drivers\ip6fw.sys","","Delete d"

3-----3------3--------3---------3

Virus Scan 5/28

"Object summary",""
"Scanned","72473"
"Threats Found","14"
"Cleaned","0"
"Moved to vault","1"
"Deleted","12"
"Errors","0"
"C:\WINDOWS\system32\kernel32.dll","Change","Chang ed"
"C:\WINDOWS\system32\user32.dll","Change","Changed "
"C:\WINDOWS\system32\shell32.dll","Change","Change d"
"C:\WINDOWS\system32\ntoskrnl.exe","Change","Chang ed"
"C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\41UJSXYB\goo[1].htm","Virus found JS/Downloader.Agent","Infected"
"C:\Documents and Settings\new\Application Data\tmp19.tmp.exe","","Deleted"
"C:\Documents and Settings\new\Application Data\tmp2A.tmp.exe","","Deleted"
"C:\Documents and Settings\new\Application Data\tmp3.tmp.exe","","Deleted"
"C:\Documents and Settings\new\Application Data\tmp47.tmp.exe","","Deleted"
"C:\Documents and Settings\new\Application Data\tmp71.tmp.exe","","Deleted"
"C:\Documents and Settings\new\Application Data\tmpE.tmp.exe","","Deleted"
"C:\Documents and Settings\new\Local Settings\Temp\~9832.tmp","","Deleted"
"C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\41UJSXYB\prxgx[1].tiff","","Moved to Vault"
"C:\WINDOWS\system32\tmp19.tmp.dll","","Delete d"
"C:\WINDOWS\system32\tmp2A.tmp.dll","","Delete d"
"C:\WINDOWS\system32\tmp47.tmp.dll","","Delete d"
"C:\WINDOWS\system32\tmp71.tmp.dll","","Delete d"
"C:\WINDOWS\system32\tmpE.tmp.dll","","Deleted "

---4-------4--------4---------4-------

Virus Vault

"","","Virus identified Obfustat.ESQ","C:\WINDOWS\system32\fcyvwwv.dll","8/25/2007 3:49:17 AM","fcyvwwv.dll","13 KB"
"","","Trojan horse Downloader.Agent.PLZ","C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\GPMZKLQ7\rd[2].htm","8/25/2007 10:14:19 AM","rd[2].htm","14.56 KB"
"","","Trojan horse Downloader.Generic5.WGB","C:\DOCUME~1\new\LOCALS~1 \Temp\svchots.exe","8/25/2007 12:40:12 PM","svchots.exe","9.77 KB"
"","","Virus found Win32/PolyCrypt","C:\Documents and Settings\new\svchost.exe","8/25/2007 12:41:24 PM","svchost.exe","15.28 KB"
"","","Virus identified Obfustat.ITY","C:\WINDOWS\system32\hhclui.dll","8/25/2007 12:41:31 PM","hhclui.dll","92.49 KB"
"","","Trojan horse Downloader.Generic5.VVL","C:\WINDOWS\system32\htr4 ikg.dll","8/25/2007 12:41:38 PM","htr4ikg.dll","9.77 KB"
"","","Trojan horse Agent.GCP","C:\WINDOWS\system32\mashe.dll","8/25/2007 12:41:48 PM","mashe.dll","166 KB"
"","","Trojan horse Clicker.HRV","C:\DOCUME~1\new\LOCALS~1\Temp\wnset. exe","8/25/2007 10:19:20 AM","wnset.exe","14.56 KB"
"","","Virus identified Obfustat.AAK","C:\Documents and Settings\new\Application Data\tmp2.tmp.exe","8/25/2007 5:24:14 AM","tmp2.tmp.exe","57.42 KB"
"","","Trojan horse SHeur.FQO","C:\Program Files\Internet Explorer\idx1.exe","8/25/2007 3:57:49 AM","idx1.exe","51 KB"
"","","Trojan horse Generic6.SLO","C:\WINDOWS\system32\AClient.dll","8/25/2007 12:47:31 PM","AClient.dll","409.5 KB"
"","","Trojan horse Generic6.ADM","C:\WINDOWS\system32\clcl14.exe","8/25/2007 12:50:47 PM","clcl14.exe","389 KB"
"","","Trojan horse Proxy.EUN","C:\WINDOWS\system32\fbufv.dll","8/25/2007 12:56:23 PM","fbufv.dll","24.5 KB"
"","","Virus found Downloader.Obfuskated","C:\WINDOWS\system32\gopa.e xe","8/25/2007 12:57:36 PM","gopa.exe","8.5 KB"
"","","Trojan horse Proxy.LFD","C:\WINDOWS\system32\KB05895697.exe","8/25/2007 12:58:28 PM","KB05895697.exe","38 KB"
"","","Trojan horse Downloader.Tibs.7.O","C:\WINDOWS\system32\KB364743 88.exe","8/25/2007 12:58:54 PM","KB36474388.exe","7.64 KB"
"","","Trojan horse Downloader.Agent.KUR","C:\WINDOWS\system32\KB48559 630.exe","8/25/2007 12:58:59 PM","KB48559630.exe","16 KB"
"","","Trojan horse BackDoor.Generic8.DYA","C:\WINDOWS\system32\KB5169 5342.exe","8/25/2007 12:59:07 PM","KB51695342.exe","116 KB"
"","","Trojan horse Generic6.UUG","C:\WINDOWS\system32\KB73687313.exe" ,"8/25/2007 12:59:13 PM","KB73687313.exe","208 KB"
"","","Trojan horse Downloader.Generic5.MHM","C:\WINDOWS\system32\KB73 765802.exe","8/25/2007 12:59:18 PM","KB73765802.exe","7.5 KB"
"","","Trojan horse Agent.FXS","C:\WINDOWS\system32\KB83367426.exe","8/25/2007 12:59:23 PM","KB83367426.exe","19 KB"
"","","Trojan horse Generic6.USM","C:\WINDOWS\system32\KB87313428.exe" ,"8/25/2007 12:59:28 PM","KB87313428.exe","429 KB"
"","","Trojan horse Downloader.Generic5.DJQ","C:\WINDOWS\system32\KB_9 63491.exe","8/25/2007 1:00:51 PM","KB_963491.exe","13.38 KB"
"","","Trojan horse BackDoor.Generic8.BIY","C:\Documents and Settings\new\Application Data\tmp29.tmp.exe","8/25/2007 4:13:00 AM","tmp29.tmp.exe","54 KB"
"","","Virus identified Obfustat.AAK","C:\Documents and Settings\new\Application Data\tmp2B.tmp.exe","8/25/2007 4:14:05 AM","tmp2B.tmp.exe","57.42 KB"
"","","Trojan horse Clicker.HRV","C:\DOCUME~1\new\LOCALS~1\Temp\363098 8288.exe","8/25/2007 4:15:02 AM","3630988288.exe","14.56 KB"
"","","Trojan horse BackDoor.Generic8.BIY","C:\Documents and Settings\new\Application Data\tmp45.tmp.exe","8/25/2007 4:22:43 AM","tmp45.tmp.exe","54 KB"
"","","Virus identified Obfustat.ESQ","C:\WINDOWS\system32\fcyvwwv.dll","8/25/2007 3:07:48 AM","fcyvwwv.dll","13 KB"
"","","Virus identified Obfustat.AAK","C:\Documents and Settings\new\Application Data\tmp46.tmp.exe","8/25/2007 4:24:10 AM","tmp46.tmp.exe","57.42 KB"
"","","Trojan horse Clicker.HRV","C:\DOCUME~1\new\LOCALS~1\Temp\183302 0064.exe","8/25/2007 4:25:56 AM","1833020064.exe","14.56 KB"
"","","Trojan horse SHeur.HRE","C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\W5E3G1AV\bbros[1].exe","8/25/2007 1:17:15 PM","bbros[1].exe","27.5 KB"
"","","Trojan horse SHeur.FQO","C:\Program Files\Internet Explorer\idx0.exe","8/25/2007 1:19:19 PM","idx0.exe","49 KB"
"","","Trojan horse SHeur.HRE","C:\DOCUME~1\new\LOCALS~1\Temp\bb.exe", "8/25/2007 1:20:19 PM","bb.exe","27.5 KB"
"","","Trojan horse SHeur.FQO","C:\Program Files\Internet Explorer\index1.exe","8/25/2007 1:20:25 PM","index1.exe","51 KB"
"","","Virus found Win32/PolyCrypt","C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\GPMZKLQ7\lds[1].exe","8/25/2007 1:20:51 PM","lds[1].exe","15.28 KB"
"","","Trojan horse BackDoor.Agent.LXS","C:\WINDOWS\system32\spoolsvv. sys","8/25/2007 1:20:57 PM","spoolsvv.sys","7.44 KB"
"","","Virus identified Obfustat.UB","C:\WINDOWS\system32\qwerty12.exe","8/25/2007 1:21:06 PM","qwerty12.exe","53.94 KB"
"","","Trojan horse BackDoor.Generic8.BIY","C:\Documents and Settings\new\Application Data\tmp4D.tmp.exe","8/25/2007 4:32:02 AM","tmp4D.tmp.exe","54 KB"
"","","Trojan horse Downloader.Generic4.IQN","C:\WINDOWS\system32\svch 6.dll","8/25/2007 1:22:54 PM","svch6.dll","4 KB"
"","","Trojan horse Downloader.Generic3.FNV","C:\WINDOWS\system32\svch p4.exe","8/25/2007 1:23:09 PM","svchp4.exe","16.5 KB"
"","","Virus identified Obfustat.CVF","C:\WINDOWS\system32\svehost.exe","8/25/2007 1:23:31 PM","svehost.exe","31 KB"
"","","Trojan horse BackDoor.Agent.LXR","C:\WINDOWS\system32\sysalgg.e xe","8/25/2007 1:23:38 PM","sysalgg.exe","17.74 KB"
"","","Trojan horse Clicker.HRV","C:\DOCUME~1\new\LOCALS~1\Temp\352616 3248.exe","8/25/2007 4:35:19 AM","3526163248.exe","14.56 KB"
"","","Trojan horse BHO.ASI","C:\Documents and Settings\new\Application Data\tmp19.tmp.exe","8/28/2007 2:44:17 PM","tmp19.tmp.exe","77.61 KB"
"","","Trojan horse BHO.ASI","C:\Documents and Settings\new\Application Data\tmp2A.tmp.exe","8/28/2007 2:44:18 PM","tmp2A.tmp.exe","77.61 KB"
"","","Trojan horse BHO.ASI","C:\Documents and Settings\new\Application Data\tmp3.tmp.exe","8/28/2007 2:44:18 PM","tmp3.tmp.exe","77.61 KB"
"","","Trojan horse BHO.ASI","C:\Documents and Settings\new\Application Data\tmp47.tmp.exe","8/28/2007 2:44:19 PM","tmp47.tmp.exe","77.61 KB"
"","","Trojan horse BHO.ASI","C:\Documents and Settings\new\Application Data\tmp71.tmp.exe","8/28/2007 2:44:19 PM","tmp71.tmp.exe","77.61 KB"
"","","Trojan horse BHO.ASI","C:\Documents and Settings\new\Application Data\tmpE.tmp.exe","8/28/2007 2:44:19 PM","tmpE.tmp.exe","77.61 KB"
"","","Trojan horse BackDoor.Agent.LXR","C:\Documents and Settings\new\Local Settings\Temp\~9832.tmp","8/28/2007 2:44:19 PM","~9832.tmp","17.74 KB"
"","","May be infected by unknown virus Exploit.WMF","C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\41UJSXYB\prxgx[1].tiff","8/28/2007 2:44:31 PM","prxgx[1].tiff","13.65 KB"
"","","Trojan horse BHO.ASE","C:\WINDOWS\system32\tmp19.tmp.dll","8/28/2007 2:44:31 PM","tmp19.tmp.dll","63 KB"
"","","Trojan horse BHO.ASE","C:\WINDOWS\system32\tmp2A.tmp.dll","8/28/2007 2:44:32 PM","tmp2A.tmp.dll","63 KB"
"","","Trojan horse BHO.ASE","C:\WINDOWS\system32\tmp47.tmp.dll","8/28/2007 2:44:33 PM","tmp47.tmp.dll","63 KB"
"","","Trojan horse BHO.ASE","C:\WINDOWS\system32\tmp71.tmp.dll","8/28/2007 2:44:33 PM","tmp71.tmp.dll","63 KB"
"","","Trojan horse BHO.ASE","C:\WINDOWS\system32\tmpE.tmp.dll","8/28/2007 2:44:34 PM","tmpE.tmp.dll","63 KB"
"","","Virus found Win32/PolyCrypt","C:\WINDOWS\system32\drivers\svchost.ex e","8/25/2007 1:57:23 PM","svchost.exe","15.28 KB"
"","","Virus found Win32/PolyCrypt","C:\Documents and Settings\new\svchost.exe","8/25/2007 1:58:36 PM","svchost.exe","15.28 KB"
"","","Trojan horse SHeur.FQO","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP29\A0050687.exe","8/29/2007 12:48:31 PM","A0050687.exe","53.5 KB"
"","","Trojan horse SHeur.FQO","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP29\A0050704.exe","8/29/2007 12:49:18 PM","A0050704.exe","51 KB"
"","","Trojan horse Generic5.QGA","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP29\A0050749.exe","8/29/2007 12:49:23 PM","A0050749.exe","12.5 KB"
"","","Trojan horse SHeur.FQO","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP29\A0050751.exe","8/29/2007 12:49:25 PM","A0050751.exe","51 KB"
"","","Trojan horse BackDoor.Agent.LXS","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP30\A0052739.sys","8/29/2007 12:49:40 PM","A0052739.sys","7.44 KB"
"","","Virus identified Obfustat.UB","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP30\A0052746.exe","8/29/2007 12:49:43 PM","A0052746.exe","53.94 KB"
"","","Trojan horse BackDoor.Agent.LXS","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP30\A0052757.sys","8/29/2007 12:49:49 PM","A0052757.sys","7.44 KB"
"","","Trojan horse SHeur.FQO","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP30\A0052761.exe","8/29/2007 12:49:52 PM","A0052761.exe","51 KB"
"","","Trojan horse BackDoor.Agent.LXS","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP30\A0053755.sys","8/29/2007 12:49:56 PM","A0053755.sys","7.44 KB"
"","","Trojan horse SHeur.FQO","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP30\A0053759.exe","8/29/2007 12:49:59 PM","A0053759.exe","51 KB"
"","","Virus identified Obfustat.UB","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP30\A0053763.exe","8/29/2007 12:50:01 PM","A0053763.exe","53.94 KB"
"","","Trojan horse SHeur.FQO","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP31\A0053767.exe","8/29/2007 12:50:04 PM","A0053767.exe","51 KB"
"","","Trojan horse BackDoor.Agent.LXS","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP32\A0053811.sys","8/29/2007 12:50:24 PM","A0053811.sys","7.44 KB"
"","","Virus identified Obfustat.ESQ","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP32\A0053827.dll","8/29/2007 12:50:30 PM","A0053827.dll","13 KB"
"","","Trojan horse SHeur.FQO","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP32\A0053829.exe","8/29/2007 12:50:32 PM","A0053829.exe","51 KB"
"","","Trojan horse BackDoor.Generic8.BIY","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP32\A0053832.exe","8/29/2007 12:50:34 PM","A0053832.exe","54 KB"
"","","Trojan horse BackDoor.Agent.LXS","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP32\A0054804.sys","8/29/2007 12:50:37 PM","A0054804.sys","7.44 KB"
"","","Trojan horse BackDoor.Agent.LXS","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP32\A0055803.sys","8/29/2007 12:50:40 PM","A0055803.sys","7.44 KB"
"","","Trojan horse BackDoor.Agent.LXS","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP32\A0056803.sys","8/29/2007 12:50:42 PM","A0056803.sys","7.44 KB"
"","","Virus found Win32/PolyCrypt","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057041.exe","8/29/2007 12:53:13 PM","A0057041.exe","15.28 KB"
"","","Trojan horse Downloader.Generic5.VVL","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057043.dll","8/29/2007 12:53:21 PM","A0057043.dll","9.77 KB"
"","","Trojan horse Agent.GCP","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057044.dll","8/29/2007 12:53:28 PM","A0057044.dll","166 KB"
"","","Trojan horse Generic6.SLO","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057045.dll","8/29/2007 12:53:32 PM","A0057045.dll","409.5 KB"
"","","Trojan horse Generic6.ADM","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057046.exe","8/29/2007 12:53:40 PM","A0057046.exe","389 KB"
"","","Trojan horse Proxy.EUN","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057047.dll","8/29/2007 12:53:43 PM","A0057047.dll","24.5 KB"
"","","Virus found Downloader.Obfuskated","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057048.exe","8/29/2007 12:53:50 PM","A0057048.exe","8.5 KB"
"","","Trojan horse Proxy.LFD","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057049.exe","8/29/2007 12:53:54 PM","A0057049.exe","38 KB"
"","","Trojan horse Downloader.Tibs.7.O","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057050.exe","8/29/2007 12:53:57 PM","A0057050.exe","7.64 KB"
"","","Trojan horse Downloader.Agent.KUR","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057051.exe","8/29/2007 12:53:59 PM","A0057051.exe","16 KB"
"","","Trojan horse BackDoor.Generic8.DYA","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057052.exe","8/29/2007 12:54:03 PM","A0057052.exe","116 KB"
"","","Trojan horse Generic6.UUG","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057053.exe","8/29/2007 12:54:05 PM","A0057053.exe","208 KB"
"","","Trojan horse Downloader.Generic5.MHM","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057054.exe","8/29/2007 12:54:08 PM","A0057054.exe","7.5 KB"
"","","Trojan horse Agent.FXS","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057055.exe","8/29/2007 12:54:11 PM","A0057055.exe","19 KB"
"","","Trojan horse Generic6.USM","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057056.exe","8/29/2007 12:54:14 PM","A0057056.exe","429 KB"
"","","Trojan horse Downloader.Generic5.DJQ","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057057.exe","8/29/2007 12:54:19 PM","A0057057.exe","13.38 KB"
"","","Trojan horse BackDoor.Agent.LXR","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057058.exe","8/29/2007 12:54:23 PM","A0057058.exe","17.74 KB"
"","","Trojan horse SHeur.FQO","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057059.exe","8/29/2007 12:54:32 PM","A0057059.exe","49 KB"
"","","Trojan horse SHeur.FQO","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057060.exe","8/29/2007 12:54:35 PM","A0057060.exe","51 KB"
"","","Trojan horse BackDoor.Agent.LXS","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057061.sys","8/29/2007 12:54:37 PM","A0057061.sys","7.44 KB"
"","","Virus identified Obfustat.UB","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057062.exe","8/29/2007 12:54:41 PM","A0057062.exe","53.94 KB"
"","","Trojan horse Downloader.Generic4.IQN","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057063.dll","8/29/2007 12:54:43 PM","A0057063.dll","4 KB"
"","","Trojan horse Downloader.Generic3.FNV","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057064.exe","8/29/2007 12:54:46 PM","A0057064.exe","16.5 KB"
"","","Virus identified Obfustat.CVF","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057065.exe","8/29/2007 12:54:48 PM","A0057065.exe","31 KB"
"","","Virus found Win32/PolyCrypt","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057066.exe","8/29/2007 12:54:53 PM","A0057066.exe","15.28 KB"
"","","Trojan horse BackDoor.Generic8.BIY","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057067.exe","8/29/2007 12:54:56 PM","A0057067.exe","54 KB"
"","","Virus identified Obfustat.AAK","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057068.exe","8/29/2007 12:54:59 PM","A0057068.exe","57.42 KB"
"","","Trojan horse BackDoor.Generic8.BIY","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057069.exe","8/29/2007 12:55:00 PM","A0057069.exe","54 KB"
"","","Trojan horse BackDoor.Generic8.BIY","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057070.exe","8/29/2007 12:55:02 PM","A0057070.exe","54 KB"
"","","Virus identified Obfustat.AAK","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057071.exe","8/29/2007 12:55:04 PM","A0057071.exe","57.42 KB"
"","","Trojan horse BackDoor.Generic8.BIY","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057072.exe","8/29/2007 12:55:06 PM","A0057072.exe","54 KB"
"","","Virus identified Obfustat.AAK","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057073.exe","8/29/2007 12:55:09 PM","A0057073.exe","57.42 KB"
"","","Trojan horse Downloader.Generic5.BIU","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057074.exe","8/29/2007 12:55:11 PM","A0057074.exe","143.5 KB"
"","","Trojan horse Generic5.TZW","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057075.exe","8/29/2007 12:55:14 PM","A0057075.exe","55 KB"
"","","Trojan horse Downloader.Agent.NLE","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057076.exe","8/29/2007 12:55:17 PM","A0057076.exe","38.5 KB"
"","","Trojan horse BackDoor.Generic6.AIA","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP33\A0057077.sys","8/29/2007 12:55:20 PM","A0057077.sys","7.25 KB"
"","","Trojan horse BHO.ASE","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP34\A0059006.dll","8/29/2007 12:55:23 PM","A0059006.dll","63 KB"
"","","Trojan horse BHO.ASI","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP35\A0063013.exe","8/29/2007 12:55:44 PM","A0063013.exe","77.61 KB"
"","","Trojan horse BHO.ASI","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP35\A0063014.exe","8/29/2007 12:55:46 PM","A0063014.exe","77.61 KB"
"","","Trojan horse BHO.ASI","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP35\A0063015.exe","8/29/2007 12:55:48 PM","A0063015.exe","77.61 KB"
"","","Trojan horse BHO.ASI","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP35\A0063016.exe","8/29/2007 12:55:50 PM","A0063016.exe","77.61 KB"
"","","Trojan horse BHO.ASI","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP35\A0063017.exe","8/29/2007 12:55:52 PM","A0063017.exe","77.61 KB"
"","","Trojan horse BHO.ASI","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP35\A0063018.exe","8/29/2007 12:55:54 PM","A0063018.exe","77.61 KB"
"","","Trojan horse BHO.ASE","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP35\A0063019.dll","8/29/2007 12:55:56 PM","A0063019.dll","63 KB"
"","","Trojan horse BHO.ASE","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP35\A0063020.dll","8/29/2007 12:55:57 PM","A0063020.dll","63 KB"
"","","Trojan horse BHO.ASE","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP35\A0063021.dll","8/29/2007 12:55:59 PM","A0063021.dll","63 KB"
"","","Trojan horse BHO.ASE","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP35\A0063022.dll","8/29/2007 12:56:01 PM","A0063022.dll","63 KB"
"","","Trojan horse BHO.ASE","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP35\A0063023.dll","8/29/2007 12:56:02 PM","A0063023.dll","63 KB"
"","","Trojan horse BackDoor.Generic7.USL","C:\System Volume Information\_restore{77F3FC63-6211-47BA-B918-817616FF6D37}\RP29\A0047673.sys","8/25/2007 2:30:35 PM","A0047673.sys","28.38 KB"
"","","Trojan horse SHeur.FQO","C:\DOCUME~1\new\LOCALS~1\Temp\HalSrv64 \svchost.exe","8/25/2007 3:19:16 PM","svchost.exe","49 KB"
"","","Trojan horse SHeur.FQO","C:\DOCUME~1\new\LOCALS~1\Temp\Persist3 2\svchost.exe","8/25/2007 3:19:17 PM","svchost.exe","53.5 KB"
"","","Trojan horse SHeur.FQO","C:\DOCUME~1\new\LOCALS~1\Temp\Redist32 A\svchost.exe","8/25/2007 3:19:17 PM","svchost.exe","51 KB"
"","","Trojan horse SHeur.FQO","C:\DOCUME~1\new\LOCALS~1\Temp\bq0\svch ost.exe","8/25/2007 3:19:17 PM","svchost.exe","49 KB"
"","","Virus identified Obfustat.IWV","C:\1228666","8/25/2007 3:19:18 PM","1228666","117.91 KB"
"","","Trojan horse Downloader.Generic5.DYH","C:\78.tmp","8/25/2007 3:19:18 PM","78.tmp","9.57 KB"
"","","Trojan horse BackDoor.Generic8.BIY","C:\Documents and Settings\new\Application Data\tmp16.tmp.exe","8/25/2007 3:19:18 PM","tmp16.tmp.exe","54 KB"
"","","Virus identified Obfustat.AAK","C:\Documents and Settings\new\Application Data\tmp2C.tmp.exe","8/25/2007 3:19:18 PM","tmp2C.tmp.exe","57.42 KB"
"","","Trojan horse BackDoor.Generic8.BIY","C:\Documents and Settings\new\Application Data\tmp63.tmp.exe","8/25/2007 3:19:19 PM","tmp63.tmp.exe","54 KB"
"","","Trojan horse BackDoor.Generic8.BIY","C:\Documents and Settings\new\Application Data\tmp70.tmp.exe","8/25/2007 3:19:19 PM","tmp70.tmp.exe","54 KB"
"","","Virus identified Obfustat.AAK","C:\Documents and Settings\new\Application Data\tmp72.tmp.exe","8/25/2007 3:19:19 PM","tmp72.tmp.exe","57.42 KB"
"","","Trojan horse BackDoor.Generic8.BIY","C:\Documents and Settings\new\Application Data\tmpB.tmp.exe","8/25/2007 3:19:19 PM","tmpB.tmp.exe","54 KB"
"","","Virus identified Obfustat.AAK","C:\Documents and Settings\new\Application Data\tmpF.tmp.exe","8/25/2007 3:19:19 PM","tmpF.tmp.exe","57.42 KB"
"","","Trojan horse Downloader.Agent.PLZ","C:\Documents and Settings\new\Local Settings\Temp\2137213136.exe","8/25/2007 3:19:20 PM","2137213136.exe","14.56 KB"
"","","Trojan horse Downloader.Agent.PLZ","C:\Documents and Settings\new\Local Settings\Temp\2364648736.exe","8/25/2007 3:19:20 PM","2364648736.exe","14.56 KB"
"","","Trojan horse Downloader.Agent.PLZ","C:\Documents and Settings\new\Local Settings\Temp\322011568.exe","8/25/2007 3:19:20 PM","322011568.exe","14.56 KB"
"","","Trojan horse Downloader.Agent.PLZ","C:\Documents and Settings\new\Local Settings\Temp\487011808.exe","8/25/2007 3:19:20 PM","487011808.exe","14.56 KB"
"","","Trojan horse Downloader.Agent.PLZ","C:\Documents and Settings\new\Local Settings\Temp\799870240.exe","8/25/2007 3:19:20 PM","799870240.exe","14.56 KB"
"","","Virus identified Obfustat.CVF","C:\Documents and Settings\new\Local Settings\Temp\dekm.exe","8/25/2007 3:19:21 PM","dekm.exe","31 KB"
"","","Virus identified Obfustat.CVF","C:\Documents and Settings\new\Local Settings\Temp\ffdn.exe","8/25/2007 3:19:21 PM","ffdn.exe","31 KB"
"","","Trojan horse Proxy.SXP","C:\Documents and Settings\new\Local Settings\Temp\par84D.tmp","8/25/2007 3:19:21 PM","par84D.tmp","14 KB"
"","","Trojan horse Small.BM","C:\Documents and Settings\new\Local Settings\Temp\rsysinit.exe","8/25/2007 3:19:21 PM","rsysinit.exe","1.24 KB"
"","","Virus identified Obfustat.EXZ","C:\Documents and Settings\new\Local Settings\Temp\temp.exe","8/25/2007 3:19:21 PM","temp.exe","20.65 KB"
"","","Virus found Win32/PolyCrypt","C:\Documents and Settings\new\Local Settings\Temp\~5536.tmp","8/25/2007 3:19:21 PM","~5536.tmp","15.28 KB"
"","","Trojan horse Agent.FXS","C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\41UJSXYB\1808[1]","8/25/2007 3:19:35 PM","1808[1]","19 KB"
"","","Trojan horse Proxy.LFD","C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\41UJSXYB\packed_installer_cna[1]","8/25/2007 3:19:35 PM","packed_installer_cna[1]","38 KB"
"","","Trojan horse BackDoor.Generic8.BIY","C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\41UJSXYB\papamisha[1]","8/25/2007 3:19:36 PM","papamisha[1]","54 KB"
"","","Trojan horse Downloader.Agent.PLZ","C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\41UJSXYB\rd[1].htm","8/25/2007 3:19:36 PM","rd[1].htm","14.56 KB"
"","","Trojan horse BackDoor.Generic8.DYA","C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\GPMZKLQ7\e199[1]","8/25/2007 3:19:36 PM","e199[1]","116 KB"
"","","Trojan horse Downloader.Generic5.MHM","C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\GPMZKLQ7\eagle[1]","8/25/2007 3:19:36 PM","eagle[1]","7.5 KB"
"","","Trojan horse Clicker.HRV","C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\GPMZKLQ7\rd[1].htm","8/25/2007 3:19:37 PM","rd[1].htm","14.56 KB"
"","","Virus identified Obfustat.AAK","C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\O9IJ0TIR\dedamisha[1]","8/25/2007 3:19:37 PM","dedamisha[1]","57.42 KB"
"","","Trojan horse BackDoor.Generic8.BIY","C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\W5E3G1AV\papamisha[1]","8/25/2007 3:19:37 PM","papamisha[1]","54 KB"
"","","Trojan horse BackDoor.Agent.LXR","C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\W5E3G1AV\sysalgg[1].exe","8/25/2007 3:19:38 PM","sysalgg[1].exe","17.74 KB"
"","","Trojan horse Downloader.Generic5.BIU","C:\Program Files\Common Files\Yazzle1552OinAdmin.exe","8/25/2007 3:19:38 PM","Yazzle1552OinAdmin.exe","143.5 KB"
"","","Trojan horse Generic5.TZW","C:\WINDOWS\b122.exe","8/25/2007 3:19:39 PM","b122.exe","55 KB"
"","","Trojan horse Downloader.Agent.NLE","C:\WINDOWS\retadpu72.exe"," 8/25/2007 3:19:40 PM","retadpu72.exe","38.5 KB"
"","","Trojan horse BackDoor.Generic6.AIA","C:\WINDOWS\system32\driver s\ip6fw.sys","8/25/2007 3:19:41 PM","ip6fw.sys","7.25 KB"
Reply With Quote
  #10  
Old 08-29-2007, 08:38 PM
im_not_1337 im_not_1337 is offline
Member
  
Join Date: Jul 2007
Posts: 78
Default Re: Internet Speed Monitor.... help me kill this virus
OK, thanks for posting that. It gives me a lot of info and i now know exactly what we are dealing with here. Could you please follow the steps in my first post exactly, then post the 4 things i mentioned as well, and then we will go from there.
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 01:41 PM.

Contact Us - www.twoplustwo.com - Archive - Top

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.