Tech Support Forum - View Single Post - System32 folder's in quarantine

Ecinue · 10-12-2007, 01:19 PM

Last week my computer got infected by around 11 viruses, 7 of this troyans. I scanned it with my antivirus and it detected 11 more viruses in my system32 folder, all moved to quarantine or deleted. I did a scan with ComboFix and it detected around 11 files that were infected including 7 of the system32 folders, all of this were moved to quarantine. I really want to know if this is a serious problem or if it has a better solution that just restarting my whole system.

Heres is my activescan log:

Incident Status Location

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Eunice\Cookies\eunice@atwola[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Eunice\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Eunice\Desktop\ComboFix.exe[nircmd.cfexe]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[.2o7.net/]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-d989ce7-293dfd56.zip[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-d989ce7-293dfd56.zip[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-d989ce7-293dfd56.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-d989ce7-293dfd56.zip[Beyond.class]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Eunice Nieves\Cookies\eunice nieves@azjmp[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Eunice Nieves\Cookies\eunice nieves@i.screensavers[2].txt
Adware:Adware/TTC Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\rev1\gbb83122.exe.vir
Virus:Generic Malware Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\ssqrrpq.dll.vir
Virus:Generic Malware Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\vtuttrr.dll.vir
Virus:Generic Malware Disinfected C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP268\A0070080.dll
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
Adware:Adware/Amera Not disinfected C:\WINDOWS\system32\abc2\aisven2.exe[ISMPack6.exe]
Potentially unwanted tool:Application/CloseApp Not disinfected C:\WINDOWS\system32\closeapp.exe

10-12-2007, 01:19 PM	#1 (permalink)
Ecinue Registered User Join Date: Oct 2007 Posts: 17 OS: xp service pack 2	System32 folder's in quarantine - Log Last week my computer got infected by around 11 viruses, 7 of this troyans. I scanned it with my antivirus and it detected 11 more viruses in my system32 folder, all moved to quarantine or deleted. I did a scan with ComboFix and it detected around 11 files that were infected including 7 of the system32 folders, all of this were moved to quarantine. I really want to know if this is a serious problem or if it has a better solution that just restarting my whole system. Heres is my activescan log: Incident Status Location Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Eunice\Cookies\eunice@atwola[1].txt Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Eunice\Desktop\ComboFix.exe[nircmd.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Eunice\Desktop\ComboFix.exe[nircmd.cfexe] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[.fastclick.net/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[.tradedoubler.com/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[.xiti.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[.zedo.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[.atdmt.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[.microsofteup.112.2o7.net/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Mozilla\Firefox\Profiles\gh6blr1m.default\cookies.txt[.2o7.net/] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-d989ce7-293dfd56.zip[BlackBox.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-d989ce7-293dfd56.zip[VerifierBug.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-d989ce7-293dfd56.zip[Dummy.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Eunice Nieves\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-d989ce7-293dfd56.zip[Beyond.class] Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Eunice Nieves\Cookies\eunice nieves@azjmp[2].txt Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Eunice Nieves\Cookies\eunice nieves@i.screensavers[2].txt Adware:Adware/TTC Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\rev1\gbb83122.exe.vir Virus:Generic Malware Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\ssqrrpq.dll.vir Virus:Generic Malware Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\vtuttrr.dll.vir Virus:Generic Malware Disinfected C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP268\A0070080.dll Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe Adware:Adware/Amera Not disinfected C:\WINDOWS\system32\abc2\aisven2.exe[ISMPack6.exe] Potentially unwanted tool:Application/CloseApp Not disinfected C:\WINDOWS\system32\closeapp.exe Last edited by Ecinue; 10-12-2007 at 01:21 PM.