Tech Support Forum - View Single Post - Took steps to speed up slow computer but may still have traces of spyware or viruses.

jabberwockdb · 06-15-2008, 04:23 PM

Hi Amateur,

I haven't seen GLB46.tmp attempt to access the internet again because I had blocked it by the McAfee Total Protection firewall. Unfortunately, I don't know if this version of McAfee keeps a log of attempts.

I used to be in IT many years ago, and I just downloaded examdiff to compare the changes to the HJT logs.

Here are the results of Kaspersky Online Scanner

Thanks again for your help.

David

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, June 15, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, June 15, 2008 14:57:52
Records in database: 867406
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 106733
Threat name: 5
Infected objects: 7
Suspicious objects: 5
Duration of the scan: 04:51:34

File name / Threat name / Threats count
C:\Documents and Settings\A276BEL\YugmaSkype\lib\DskHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 1
C:\Documents and Settings\A276BEL\YugmaSkype\lib\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 1
C:\Documents and Settings\A276BEL\YugmaSkype_NOJVM.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 2
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00EC0000.VBN Suspicious: Exploit.HTML.Mht 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00F40000.VBN Suspicious: Exploit.HTML.Mht 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01380000.VBN Suspicious: Exploit.HTML.CodeBaseExec 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\028C0000.VBN Infected: Trojan-Dropper.Win32.Delf.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\028C0001.VBN Infected: Trojan-Dropper.Win32.Delf.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02C80000.VBN Suspicious: Exploit.HTML.Mht 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02C80001.VBN Suspicious: Exploit.HTML.Mht 1
C:\PSKILL.EXE Infected: not-a-virus:NetTool.Win32.PsKill.a 1

The selected area was scanned.

06-15-2008, 04:23 PM	#8 (permalink)
jabberwockdb Registered User Join Date: Jun 2008 Posts: 8 OS: win xp pro sp2	Re: Took steps to speed up slow computer but may still have traces of spyware or viru Hi Amateur, I haven't seen GLB46.tmp attempt to access the internet again because I had blocked it by the McAfee Total Protection firewall. Unfortunately, I don't know if this version of McAfee keeps a log of attempts. I used to be in IT many years ago, and I just downloaded examdiff to compare the changes to the HJT logs. Here are the results of Kaspersky Online Scanner Thanks again for your help. David -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Sunday, June 15, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Sunday, June 15, 2008 14:57:52 Records in database: 867406 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ Scan statistics: Files scanned: 106733 Threat name: 5 Infected objects: 7 Suspicious objects: 5 Duration of the scan: 04:51:34 File name / Threat name / Threats count C:\Documents and Settings\A276BEL\YugmaSkype\lib\DskHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 1 C:\Documents and Settings\A276BEL\YugmaSkype\lib\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 1 C:\Documents and Settings\A276BEL\YugmaSkype_NOJVM.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 2 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00EC0000.VBN Suspicious: Exploit.HTML.Mht 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00F40000.VBN Suspicious: Exploit.HTML.Mht 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01380000.VBN Suspicious: Exploit.HTML.CodeBaseExec 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\028C0000.VBN Infected: Trojan-Dropper.Win32.Delf.z 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\028C0001.VBN Infected: Trojan-Dropper.Win32.Delf.z 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02C80000.VBN Suspicious: Exploit.HTML.Mht 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02C80001.VBN Suspicious: Exploit.HTML.Mht 1 C:\PSKILL.EXE Infected: not-a-virus:NetTool.Win32.PsKill.a 1 The selected area was scanned.