Re: Continuous pop ups - Win32:Agent LVW(Trj) + CVE-2007-0038 found by AVAST
Ok, here Kaspersky log:
It still found VNC as an infection but it is voluntarily installed.
updwmaph.exe seem to be still there and locked... and also the jkevny.job!
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, January 31, 2008 8:39:08 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/01/2008
Kaspersky Anti-Virus database records: 538462
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
V:\
Z:\
Scan Statistics:
Total number of scanned objects: 132564
Number of viruses found: 1
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 06:44:13
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Alessio Zanibelli\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\dbdam Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\dbdao Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\dbeam Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\dbeao Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\dbm Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\fii.cf1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\hp Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Microsoft\Windows Defender\FileTracker\{BB810C75-FC8C-4DDE-B89F-172C4D5C3FF3} Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Temp\~DF769D.tmp Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Temp\~DF96A7.tmp Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Temp\~DFA497.tmp Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Temp\~DFA862.tmp Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Support\MPLog-04172007-102748.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\temp\MpCmdRun-30-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\temp\MpCmdRun.log Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\updwmaph.exe Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Tasks\jkevny.job Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_2b4.dat Object is locked skipped
C:\WINDOWS\Temp\TMP0000010614AD2DC451107159 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Z:\Lettere\VPN\vnc-4_1_2-x86_win32.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
Z:\Lettere\VPN\vnc-4_1_2-x86_win32.exe/file2 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
Z:\Lettere\VPN\vnc-4_1_2-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
Z:\Lettere\VPN\vnc-4_1_2-x86_win32.exe/file5 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
Z:\Lettere\VPN\vnc-4_1_2-x86_win32.exe Inno: infected - 4 skipped
Z:\Virtual private network\vnc-4_1_2-x86_win32.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
Z:\Virtual private network\vnc-4_1_2-x86_win32.exe/file2 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
Z:\Virtual private network\vnc-4_1_2-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
Z:\Virtual private network\vnc-4_1_2-x86_win32.exe/file5 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
Z:\Virtual private network\vnc-4_1_2-x86_win32.exe Inno: infected - 4 skipped
Scan process completed.
Last edited by Axo; 02-05-2008 at 08:21 AM.
|