Tech Support Forum - View Single Post - Possible virus -- changed windows background (not desktop background)

freefal1215 · 08-17-2007, 07:12 AM

Hi,
AVG report:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:03:01 PM 8/17/2007

+ Scan result:

C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP8\A0005493.dll -> Adware.Dap : No action taken.
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP8\A0005496.dll -> Adware.Dap : No action taken.
C:\SDFix\backups\backups.zip/backups/5.dllb -> Downloader.Small : No action taken.
C:\SDFix\backups\backups.zip/backups/v5xd2.g3ame -> Downloader.Small.ehu : No action taken.
C:\Deckard\System Scanner\20070813110755\backup\DOCUME~1\Admin\LOCALS~1\Temp\Ngsys.exe -> Downloader.VB.aza : No action taken.
C:\Deckard\System Scanner\20070813110755\backup\DOCUME~1\Admin\LOCALS~1\Temp\Vel.exe -> Downloader.VB.aza : No action taken.
C:\Deckard\System Scanner\20070813110755\backup\DOCUME~1\Admin\LOCALS~1\Temp\runer.exe -> Downloader.VB.aza : No action taken.
C:\Deckard\System Scanner\20070813110755\backup\DOCUME~1\Admin\LOCALS~1\Temp\rvshost.exe -> Downloader.VB.aza : No action taken.
C:\Deckard\System Scanner\20070813110755\backup\DOCUME~1\Admin\LOCALS~1\Temp\system31.exe -> Downloader.VB.aza : No action taken.
C:\Deckard\System Scanner\20070813110755\backup\DOCUME~1\Admin\LOCALS~1\Temp\userint.exe -> Downloader.VB.aza : No action taken.
C:\Deckard\System Scanner\20070813110755\backup\DOCUME~1\Admin\LOCALS~1\Temp\windxp.exe -> Downloader.VB.aza : No action taken.
C:\Deckard\System Scanner\20070813110755\backup\DOCUME~1\Admin\LOCALS~1\Temp\winzipt.exe -> Downloader.VB.aza : No action taken.
C:\RECYCLED\Dc3.dat -> Proxy.Agent.mx : No action taken.
C:\SDFix\backups\backups.zip/backups/vx1dt3.game -> Proxy.Agent.mx : No action taken.
C:\Documents and Settings\Admin\Cookies\admin@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Admin\Cookies\admin@pandasoftware.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\OLD\D\Admin\Cookies\admin@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\OLD\D\Admin\Cookies\admin@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\OLD\D\Admin\Local Settings\Temp\Cookies\admin@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\OLD\D\Admin\Local Settings\Temp\Cookies\admin@maxim.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Admin\Cookies\admin@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Admin\Cookies\admin@ads.adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
C:\OLD\D\Admin\Cookies\admin@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\OLD\D\Admin\Cookies\admin@ads.adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
C:\OLD\D\Admin\Cookies\admin@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\OLD\D\Admin\Local Settings\Temp\Cookies\admin@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Admin\Cookies\admin@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
C:\OLD\D\Admin\Cookies\admin@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\OLD\D\Admin\Local Settings\Temp\Cookies\admin@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\OLD\D\Admin\Cookies\admin@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Admin\Cookies\admin@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\OLD\D\Admin\Cookies\admin@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\OLD\D\Admin\Local Settings\Temp\Cookies\admin@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
C:\OLD\D\Admin\Local Settings\Temp\Cookies\admin@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Admin\Cookies\admin@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\OLD\D\Admin\Cookies\admin@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\OLD\D\Admin\Cookies\admin@media.fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\OLD\D\Admin\Cookies\admin@goclick[2].txt -> TrackingCookie.Goclick : No action taken.
C:\Documents and Settings\Admin\Cookies\admin@search.live[2].txt -> TrackingCookie.Live : No action taken.
C:\OLD\D\Admin\Cookies\admin@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Admin\Cookies\admin@auto.search.msn[1].txt -> TrackingCookie.Msn : No action taken.
C:\Documents and Settings\Admin\Cookies\admin@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : No action taken.
C:\Documents and Settings\Admin\Cookies\admin@overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\OLD\D\Admin\Cookies\admin@overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\OLD\D\Admin\Local Settings\Temp\Cookies\admin@overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\OLD\D\Admin\Cookies\admin@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
C:\OLD\D\Admin\Local Settings\Temp\Cookies\admin@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Admin\Cookies\admin@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
C:\OLD\D\Admin\Cookies\admin@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\OLD\D\Admin\Local Settings\Temp\Cookies\admin@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\OLD\D\Admin\Cookies\admin@realmedia[2].txt -> TrackingCookie.Realmedia : No action taken.
C:\OLD\D\Admin\Cookies\admin@revsci[2].txt -> TrackingCookie.Revsci : No action taken.
C:\OLD\D\Admin\Local Settings\Temp\Cookies\admin@revsci[2].txt -> TrackingCookie.Revsci : No action taken.
C:\Documents and Settings\Admin\Cookies\admin@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Admin\Cookies\admin@statcounter[2].txt -> TrackingCookie.Statcounter : No action taken.
C:\OLD\D\Admin\Cookies\admin@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\OLD\D\Admin\Local Settings\Temp\Cookies\admin@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\OLD\D\Admin\Cookies\admin@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Admin\Cookies\admin@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\OLD\D\Admin\Cookies\admin@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\OLD\D\Admin\Cookies\admin@zedo[2].txt -> TrackingCookie.Zedo : No action taken.
C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP5\A0003968.exe/serial.exe -> Trojan.Dialer.qn : No action taken.

::Report end

awf.txt contents:
Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Fri 08/17/2007
The current time is: 20

14.39

bak folders found
~~~~~~~~~~~

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

end of report

Many Thanks,
Gita

08-17-2007, 07:12 AM	#11 (permalink)
freefal1215 Registered User Join Date: Aug 2007 Posts: 8 OS: Win XP	Re: Possible virus -- changed windows background (not desktop background) Hi, AVG report: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 8:03:01 PM 8/17/2007 + Scan result: C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP8\A0005493.dll -> Adware.Dap : No action taken. C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP8\A0005496.dll -> Adware.Dap : No action taken. C:\SDFix\backups\backups.zip/backups/5.dllb -> Downloader.Small : No action taken. C:\SDFix\backups\backups.zip/backups/v5xd2.g3ame -> Downloader.Small.ehu : No action taken. C:\Deckard\System Scanner\20070813110755\backup\DOCUME~1\Admin\LOCALS~1\Temp\Ngsys.exe -> Downloader.VB.aza : No action taken. C:\Deckard\System Scanner\20070813110755\backup\DOCUME~1\Admin\LOCALS~1\Temp\Vel.exe -> Downloader.VB.aza : No action taken. C:\Deckard\System Scanner\20070813110755\backup\DOCUME~1\Admin\LOCALS~1\Temp\runer.exe -> Downloader.VB.aza : No action taken. C:\Deckard\System Scanner\20070813110755\backup\DOCUME~1\Admin\LOCALS~1\Temp\rvshost.exe -> Downloader.VB.aza : No action taken. C:\Deckard\System Scanner\20070813110755\backup\DOCUME~1\Admin\LOCALS~1\Temp\system31.exe -> Downloader.VB.aza : No action taken. C:\Deckard\System Scanner\20070813110755\backup\DOCUME~1\Admin\LOCALS~1\Temp\userint.exe -> Downloader.VB.aza : No action taken. C:\Deckard\System Scanner\20070813110755\backup\DOCUME~1\Admin\LOCALS~1\Temp\windxp.exe -> Downloader.VB.aza : No action taken. C:\Deckard\System Scanner\20070813110755\backup\DOCUME~1\Admin\LOCALS~1\Temp\winzipt.exe -> Downloader.VB.aza : No action taken. C:\RECYCLED\Dc3.dat -> Proxy.Agent.mx : No action taken. C:\SDFix\backups\backups.zip/backups/vx1dt3.game -> Proxy.Agent.mx : No action taken. C:\Documents and Settings\Admin\Cookies\admin@2o7[2].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Admin\Cookies\admin@pandasoftware.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken. C:\OLD\D\Admin\Cookies\admin@2o7[2].txt -> TrackingCookie.2o7 : No action taken. C:\OLD\D\Admin\Cookies\admin@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken. C:\OLD\D\Admin\Local Settings\Temp\Cookies\admin@2o7[1].txt -> TrackingCookie.2o7 : No action taken. C:\OLD\D\Admin\Local Settings\Temp\Cookies\admin@maxim.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Admin\Cookies\admin@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken. C:\Documents and Settings\Admin\Cookies\admin@ads.adbrite[1].txt -> TrackingCookie.Adbrite : No action taken. C:\OLD\D\Admin\Cookies\admin@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken. C:\OLD\D\Admin\Cookies\admin@ads.adbrite[1].txt -> TrackingCookie.Adbrite : No action taken. C:\OLD\D\Admin\Cookies\admin@advertising[2].txt -> TrackingCookie.Advertising : No action taken. C:\OLD\D\Admin\Local Settings\Temp\Cookies\admin@advertising[2].txt -> TrackingCookie.Advertising : No action taken. C:\Documents and Settings\Admin\Cookies\admin@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken. C:\OLD\D\Admin\Cookies\admin@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken. C:\OLD\D\Admin\Local Settings\Temp\Cookies\admin@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken. C:\OLD\D\Admin\Cookies\admin@com[1].txt -> TrackingCookie.Com : No action taken. C:\Documents and Settings\Admin\Cookies\admin@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken. C:\OLD\D\Admin\Cookies\admin@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken. C:\OLD\D\Admin\Local Settings\Temp\Cookies\admin@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken. C:\OLD\D\Admin\Local Settings\Temp\Cookies\admin@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken. C:\Documents and Settings\Admin\Cookies\admin@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken. C:\OLD\D\Admin\Cookies\admin@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken. C:\OLD\D\Admin\Cookies\admin@media.fastclick[1].txt -> TrackingCookie.Fastclick : No action taken. C:\OLD\D\Admin\Cookies\admin@goclick[2].txt -> TrackingCookie.Goclick : No action taken. C:\Documents and Settings\Admin\Cookies\admin@search.live[2].txt -> TrackingCookie.Live : No action taken. C:\OLD\D\Admin\Cookies\admin@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken. C:\Documents and Settings\Admin\Cookies\admin@auto.search.msn[1].txt -> TrackingCookie.Msn : No action taken. C:\Documents and Settings\Admin\Cookies\admin@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : No action taken. C:\Documents and Settings\Admin\Cookies\admin@overture[1].txt -> TrackingCookie.Overture : No action taken. C:\OLD\D\Admin\Cookies\admin@overture[1].txt -> TrackingCookie.Overture : No action taken. C:\OLD\D\Admin\Local Settings\Temp\Cookies\admin@overture[1].txt -> TrackingCookie.Overture : No action taken. C:\OLD\D\Admin\Cookies\admin@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken. C:\OLD\D\Admin\Local Settings\Temp\Cookies\admin@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken. C:\Documents and Settings\Admin\Cookies\admin@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken. C:\OLD\D\Admin\Cookies\admin@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken. C:\OLD\D\Admin\Local Settings\Temp\Cookies\admin@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken. C:\OLD\D\Admin\Cookies\admin@realmedia[2].txt -> TrackingCookie.Realmedia : No action taken. C:\OLD\D\Admin\Cookies\admin@revsci[2].txt -> TrackingCookie.Revsci : No action taken. C:\OLD\D\Admin\Local Settings\Temp\Cookies\admin@revsci[2].txt -> TrackingCookie.Revsci : No action taken. C:\Documents and Settings\Admin\Cookies\admin@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken. C:\Documents and Settings\Admin\Cookies\admin@statcounter[2].txt -> TrackingCookie.Statcounter : No action taken. C:\OLD\D\Admin\Cookies\admin@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken. C:\OLD\D\Admin\Local Settings\Temp\Cookies\admin@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken. C:\OLD\D\Admin\Cookies\admin@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken. C:\Documents and Settings\Admin\Cookies\admin@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken. C:\OLD\D\Admin\Cookies\admin@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken. C:\OLD\D\Admin\Cookies\admin@zedo[2].txt -> TrackingCookie.Zedo : No action taken. C:\System Volume Information\_restore{3E4CA2C9-9B9A-4F58-B2B7-9B9066ED8CE8}\RP5\A0003968.exe/serial.exe -> Trojan.Dialer.qn : No action taken. ::Report end awf.txt contents: Find AWF report by noahdfear ©2006 Version 1.40 The current date is: Fri 08/17/2007 The current time is: 2014.39 bak folders found ~~~~~~~~~~~ Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ end of report Many Thanks, Gita