Thread: Possible virus -- changed windows background (not desktop background)
View Single Post
Old 08-16-2007, 05:28 AM   #9 (permalink)
freefal1215
Registered User
 
Join Date: Aug 2007
Posts: 8
OS: Win XP


Re: Possible virus -- changed windows background (not desktop background)
Kaspersky Results:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, August 16, 2007 12:23:21 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 16/08/2007
Kaspersky Anti-Virus database records: 381715
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 79407
Number of viruses found: 23
Number of infected objects: 56
Number of suspicious objects: 0
Duration of the scan process: 00:56:19

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_61c.dat Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe Infected: Trojan.Win32.Patched.af skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP5\A0003968.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP5\A0003968.exe/data.rar Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP5\A0003968.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP8\A0005328.rbf Infected: Trojan.Win32.Patched.af skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP8\A0006461.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP8\A0006462.exe Infected: Virus.Win32.Virut.f skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP8\A0006463.exe Infected: Virus.Win32.Virut.f skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP8\A0006464.exe Infected: Virus.Win32.Virut.f skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP8\A0006465.exe Infected: Virus.Win32.Virut.f skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP8\A0006466.dll Infected: Backdoor.Win32.Agent.adr skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP8\A0006467.dll Infected: Backdoor.Win32.Agent.adr skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP8\A0006468.dll Infected: Backdoor.Win32.Agent.adr skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP8\A0006469.dll Infected: Backdoor.Win32.Agent.adr skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP8\A0006470.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Rond.b skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP8\A0006470.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP8\A0006470.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP8\A0006470.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP8\A0006470.exe CryptFF: infected - 3 skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP8\A0006471.exe Infected: Trojan-Downloader.Win32.Small.cxx skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP8\A0006472.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP8\A0006473.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.i skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP8\A0006474.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.i skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP8\A0006525.exe Infected: not-a-virus:AdWare.Win32.Agent.db skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP40\A0015008.exe Infected: Trojan-Spy.Win32.BZub.js skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP40\A0015009.exe Infected: not-a-virus:AdWare.Win32.Agent.db skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP40\A0015010.dll Infected: not-a-virus:AdWare.Win32.Agent.db skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP40\A0015011.dll Infected: not-a-virus:AdWare.Win32.BHO.cz skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP42\A0015240.exe Infected: Backdoor.Win32.Agent.ark skipped
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP43\change.log Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Admin\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\History\History.IE5\MSHist012007081620070817\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DFD68.tmp Object is locked skipped
C:\Documents and Settings\Admin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Admin\ntuser.dat.LOG Object is locked skipped
C:\OLD\D\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Z8Y8IL7J\20509[1].exe Infected: Trojan.Win32.Qhost.it skipped
C:\OLD\D\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CY8WVAN6\ztool4[1] Infected: Packed.Win32.Tibs.ar skipped
C:\OLD\D\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IJA5MFQR\n2_11_07_07_1[1].exe Infected: Trojan.Win32.Obfuscated.gp skipped
C:\OLD\D\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7967IHMR\ztool4[1] Infected: Packed.Win32.Tibs.ar skipped
C:\OLD\D\Admin\Local Settings\Temp\win9E.tmp.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\OLD\D\Admin\Local Settings\Temporary Internet Files\Content.IE5\WNAUFXU9\20509[1].exe Infected: Trojan.Win32.Qhost.it skipped
C:\OLD\D\Admin\Local Settings\Temporary Internet Files\Content.IE5\IBAPN88M\antzom[1].exe Infected: Trojan.Win32.Dialer.qn skipped
C:\OLD\W\smsys.dat Infected: Trojan-Proxy.Win32.Agent.mx skipped
C:\OLD\W\explorer.exe Infected: Trojan.Win32.Patched.aa skipped
C:\Deckard\System Scanner\20070813110755\backup\DOCUME~1\Admin\LOCALS~1\Temp\rvshost.exe Infected: Trojan-Downloader.Win32.VB.aza skipped
C:\Deckard\System Scanner\20070813110755\backup\DOCUME~1\Admin\LOCALS~1\Temp\runer.exe Infected: Trojan-Downloader.Win32.VB.aza skipped
C:\Deckard\System Scanner\20070813110755\backup\DOCUME~1\Admin\LOCALS~1\Temp\userint.exe Infected: Trojan-Downloader.Win32.VB.aza skipped
C:\Deckard\System Scanner\20070813110755\backup\DOCUME~1\Admin\LOCALS~1\Temp\windxp.exe Infected: Trojan-Downloader.Win32.VB.aza skipped
C:\Deckard\System Scanner\20070813110755\backup\DOCUME~1\Admin\LOCALS~1\Temp\winzipt.exe Infected: Trojan-Downloader.Win32.VB.aza skipped
C:\Deckard\System Scanner\20070813110755\backup\DOCUME~1\Admin\LOCALS~1\Temp\system31.exe Infected: Trojan-Downloader.Win32.VB.aza skipped
C:\Deckard\System Scanner\20070813110755\backup\DOCUME~1\Admin\LOCALS~1\Temp\Ngsys.exe Infected: Trojan-Downloader.Win32.VB.aza skipped
C:\Deckard\System Scanner\20070813110755\backup\DOCUME~1\Admin\LOCALS~1\Temp\Vel.exe Infected: Trojan-Downloader.Win32.VB.aza skipped
C:\SDFix\backups\backups.zip/backups/5.dllb Infected: Email-Worm.Win32.Zhelatin.fr skipped
C:\SDFix\backups\backups.zip/backups/v5xd2.g3ame Infected: Trojan-Downloader.Win32.Small.ehu skipped
C:\SDFix\backups\backups.zip/backups/v6xdt4.game Infected: Packed.Win32.Tibs.ar skipped
C:\SDFix\backups\backups.zip/backups/vx1dt3.game Infected: Email-Worm.Win32.Zhelatin.gm skipped
C:\SDFix\backups\backups.zip ZIP: infected - 4 skipped
C:\QooBox\Quarantine\C\a.exe.vir Infected: Trojan-Spy.Win32.BZub.js skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\Y12d0Vn5.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.db skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bTbVnD0J.exe.vir Infected: Backdoor.Win32.Agent.ark skipped
C:\QooBox\Quarantine\C\WINDOWS\xhelper.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.db skipped
C:\QooBox\Quarantine\C\WINDOWS\WebAssist.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.cz skipped

Scan process completed.

Attached is SRE Log..

Thanks Again,
Gita
Attached Files
File Type: txt SREngLOG.txt (29.2 KB, 1 views)
freefal1215 is offline