Tech Support Forum - View Single Post

threehundred · 08-12-2008, 09:39 PM

I installed the free Avira Antivir program and it immediately found this:

File: C:\Users\Holly\Setup.exe

Trojan: TR/Agent.VB.AQC

I did an update of the Antivir software and ran a scan, it started finding thousands of files in a folder that I do not think exists. Each of the files found were zip files and they were named after different downloadable programs and thousands of different movie titles. I ended up stopping the scan as it had already been running 2 hours and it was basically naming every movie or software in alphabetical order and it had only made it to the C's.

After getting Kaspersky finally to download and start scanning, it scanned for a very long time working constantly. I tried to save the report, but it would not let me save it ANYWHERE on the computer. I tried 20 or so different places. Viewing the report, it looks as though it is the huge list that the antivir scan was finding (tons of programs and movie names in zip format). Since I could not get the Kaspersky scan to save, I have included an excerpt from the beginning of the Antivir scan to the point where it starts listing the programs and movies (the list was way too long to post).

The computer is running, and seems to be working a little better than previous to working with you on it. I really appreciate your help on it.

The following are the 3 virustotal scans of the 3 bat files you requested. After that is the Avira Antivir scan log file.

C:\Users\Holly\996.bat

Antivirus Version Last Update Result
AhnLab-V3 2008.8.13.0 2008.08.12 -
AntiVir 7.8.1.19 2008.08.12 -
Authentium 5.1.0.4 2008.08.12 -
Avast 4.8.1195.0 2008.08.12 -
AVG 8.0.0.156 2008.08.12 -
BitDefender 7.2 2008.08.12 -
CAT-QuickHeal 9.50 2008.08.12 -
ClamAV 0.93.1 2008.08.12 -
DrWeb 4.44.0.09170 2008.08.12 -
eSafe 7.0.17.0 2008.08.12 -
eTrust-Vet 31.6.6027 2008.08.12 -
Ewido 4.0 2008.08.12 -
F-Prot 4.4.4.56 2008.08.12 -
Fortinet 3.14.0.0 2008.08.12 -
GData 2.0.7306.1023 2008.08.12 -
Ikarus T3.1.1.34.0 2008.08.12 -
K7AntiVirus 7.10.412 2008.08.12 -
Kaspersky 7.0.0.125 2008.08.12 -
McAfee 5358 2008.08.11 -
Microsoft 1.3807 2008.08.12 -
NOD32v2 3349 2008.08.12 -
Norman 5.80.02 2008.08.12 -
Panda 9.0.0.4 2008.08.12 -
PCTools 4.4.2.0 2008.08.12 -
Prevx1 V2 2008.08.12 -
Rising 20.57.12.00 2008.08.12 -
Sophos 4.32.0 2008.08.12 -
Sunbelt 3.1.1542.1 2008.08.12 -
Symantec 10 2008.08.12 -
TheHacker 6.3.0.3.046 2008.08.12 -
TrendMicro 8.700.0.1004 2008.08.12 -
VBA32 3.12.8.3 2008.08.11 -
ViRobot 2008.8.12.1333 2008.08.12 -
VirusBuster 4.5.11.0 2008.08.12 -
Webwasher-Gateway 6.6.2 2008.08.12 -
Additional information
File size: 511 bytes
MD5...: eb47c78e926d9ae9e95583fbdcf604ef
SHA1..: 8fcf3a9fca4921bf9e0a6f2102ef41ef4f901af2
SHA256: 8aedb9c8a1863c588226a82b5be4786952fd202762df004704f2cce1668ffd43
SHA512: 2a8a5b8482908fb899ca7f49cc877676e31911b117bbaa807ff92d3d5bd1b5db
05009ce281e69fef1522f5392d1f8be228191a7ad473b71ffc49807c62377c7e
PEiD..: -
PEInfo: -

C:\Users\Holly\213.bat

Antivirus Version Last Update Result
AhnLab-V3 2008.8.13.0 2008.08.12 -
AntiVir 7.8.1.19 2008.08.12 -
Authentium 5.1.0.4 2008.08.12 -
Avast 4.8.1195.0 2008.08.12 -
AVG 8.0.0.156 2008.08.12 -
BitDefender 7.2 2008.08.12 -
CAT-QuickHeal 9.50 2008.08.12 -
ClamAV 0.93.1 2008.08.12 -
DrWeb 4.44.0.09170 2008.08.12 -
eSafe 7.0.17.0 2008.08.12 -
eTrust-Vet 31.6.6027 2008.08.12 -
Ewido 4.0 2008.08.12 -
F-Prot 4.4.4.56 2008.08.12 -
F-Secure 7.60.13501.0 2008.08.12 -
Fortinet 3.14.0.0 2008.08.12 -
GData 2.0.7306.1023 2008.08.12 -
Ikarus T3.1.1.34.0 2008.08.12 -
K7AntiVirus 7.10.412 2008.08.12 -
Kaspersky 7.0.0.125 2008.08.12 -
McAfee 5358 2008.08.11 -
Microsoft 1.3807 2008.08.12 -
NOD32v2 3349 2008.08.12 -
Norman 5.80.02 2008.08.12 -
Panda 9.0.0.4 2008.08.12 -
PCTools 4.4.2.0 2008.08.12 -
Prevx1 V2 2008.08.12 -
Rising 20.57.12.00 2008.08.12 -
Sophos 4.32.0 2008.08.12 -
Sunbelt 3.1.1542.1 2008.08.12 -
Symantec 10 2008.08.12 -
TheHacker 6.3.0.3.046 2008.08.12 -
TrendMicro 8.700.0.1004 2008.08.12 -
VBA32 3.12.8.3 2008.08.11 -
ViRobot 2008.8.12.1333 2008.08.12 -
VirusBuster 4.5.11.0 2008.08.12 -
Webwasher-Gateway 6.6.2 2008.08.12 -
Additional information
File size: 511 bytes
MD5...: 468207fe4a6f00c1b58f7284543634f6
SHA1..: 8c99fdd39c766c71e9acb0324edf3c0b4b492e37
SHA256: 78aa64072225a9e187bf40c2323f2ea179dbf25adc80eb1ba289e47cb45c4f68
SHA512: 6e6de6a41da5664c194e94cc30b0b9aca9c6183a90fbe86a524bbd8dcc56c81d
e97d7b75780bc718509808ee094ea6dc303b91ff317ab42261c4cc1ef65a42d6
PEiD..: -
PEInfo: -

C:\Users\Holly\n.bat

Antivirus Version Last Update Result
AhnLab-V3 2008.8.13.0 2008.08.12 -
AntiVir 7.8.1.19 2008.08.12 -
Authentium 5.1.0.4 2008.08.12 -
Avast 4.8.1195.0 2008.08.12 -
AVG 8.0.0.156 2008.08.12 -
BitDefender 7.2 2008.08.12 -
CAT-QuickHeal 9.50 2008.08.12 -
ClamAV 0.93.1 2008.08.12 -
DrWeb 4.44.0.09170 2008.08.12 -
eSafe 7.0.17.0 2008.08.12 -
eTrust-Vet 31.6.6027 2008.08.12 -
Ewido 4.0 2008.08.12 -
F-Prot 4.4.4.56 2008.08.12 -
F-Secure 7.60.13501.0 2008.08.12 -
Fortinet 3.14.0.0 2008.08.12 -
GData 2.0.7306.1023 2008.08.12 -
Ikarus T3.1.1.34.0 2008.08.12 -
K7AntiVirus 7.10.412 2008.08.12 -
Kaspersky 7.0.0.125 2008.08.12 -
McAfee 5358 2008.08.11 -
Microsoft 1.3807 2008.08.12 -
NOD32v2 3349 2008.08.12 -
Norman 5.80.02 2008.08.12 -
Panda 9.0.0.4 2008.08.12 -
PCTools 4.4.2.0 2008.08.12 -
Prevx1 V2 2008.08.12 -
Rising 20.57.12.00 2008.08.12 -
Sophos 4.32.0 2008.08.12 -
Sunbelt 3.1.1542.1 2008.08.12 -
Symantec 10 2008.08.12 -
TheHacker 6.3.0.3.046 2008.08.12 -
TrendMicro 8.700.0.1004 2008.08.12 -
VBA32 3.12.8.3 2008.08.11 -
ViRobot 2008.8.12.1333 2008.08.12 -
VirusBuster 4.5.11.0 2008.08.12 -
Webwasher-Gateway 6.6.2 2008.08.12 -
Additional information
File size: 74 bytes
MD5...: 5600501da82eb973d1a5f9d97fd6c6cb
SHA1..: f73315037e5f772bde3f8be459602263d5fad453
SHA256: ca0db7693585e51c8a2c631c7035c37bf97f69afc03a0f3d2988b68beb3594b5
SHA512: 33323e46bcfea888c4ab9cd8fda57468a88ef175a2701465f3f9606151848381
61d189a312115413e5d22db3f8c08c44d2e4e9434cfa0d6eefaa79acf1e98b24
PEiD..: -
PEInfo: -

Scan from Antivir

Avira AntiVir Personal
Report file date: Tuesday, August 12, 2008 13:46

Scanning for 1549254 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: SYSTEM
Computer name: HOLLY-PC

Version information:
BUILD.DAT : 8.1.0.326 16933 Bytes 7/11/2008 12:57:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 14:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 13:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 16:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 19:54:15
ANTIVIR2.VDF : 7.0.5.207 2316800 Bytes 8/4/2008 17:42:53
ANTIVIR3.VDF : 7.0.6.2 258560 Bytes 8/12/2008 17:42:55
Engineversion : 8.1.1.19
AEVDF.DLL : 8.1.0.5 102772 Bytes 7/9/2008 14:46:50
AESCRIPT.DLL : 8.1.0.63 311673 Bytes 8/12/2008 17:43:10
AESCN.DLL : 8.1.0.23 119156 Bytes 8/12/2008 17:43:09
AERDL.DLL : 8.1.0.20 418165 Bytes 7/9/2008 14:46:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 8/12/2008 17:43:07
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 8/12/2008 17:43:05
AEHEUR.DLL : 8.1.0.47 1368437 Bytes 8/12/2008 17:43:04
AEHELP.DLL : 8.1.0.15 115063 Bytes 7/9/2008 14:46:50
AEGEN.DLL : 8.1.0.35 315764 Bytes 8/12/2008 17:43:01
AEEMU.DLL : 8.1.0.7 430452 Bytes 8/12/2008 17:42:59
AECORE.DLL : 8.1.1.8 172406 Bytes 8/12/2008 17:42:58
AEBB.DLL : 8.1.0.1 53617 Bytes 4/24/2008 14:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 15:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 8/12/2008 17:42:56
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 19:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Tuesday, August 12, 2008 13:46

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VSSVC.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ieuser.exe' - '1' Module(s) have been scanned
Scan process 'Ivpsvmgr.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '1' Module(s) have been scanned
Scan process 'CFSwMgr.exe' - '1' Module(s) have been scanned
Scan process 'SynToshiba.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'TOSCDSPD.exe' - '1' Module(s) have been scanned
Scan process 'wpcumi.exe' - '1' Module(s) have been scanned
Scan process 'TCrdMain.exe' - '1' Module(s) have been scanned
Scan process 'SmoothView.exe' - '1' Module(s) have been scanned
Scan process 'TPwrMain.exe' - '1' Module(s) have been scanned
Scan process 'KeNotify.exe' - '1' Module(s) have been scanned
Scan process 'NDSTray.exe' - '1' Module(s) have been scanned
Scan process 'ltmoh.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'TosBtSrv.exe' - '1' Module(s) have been scanned
Scan process 'TosCoSrv.exe' - '1' Module(s) have been scanned
Scan process 'TODDSrv.exe' - '1' Module(s) have been scanned
Scan process 'swupdtmr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'pinger.exe' - '1' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
68 processes with 68 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '51' files ).

Starting the file scan:

Begin scan in 'C:\' <SQ004508V01>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\aoafowrq.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4902cd00.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\avtqpojy.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4915cd1b.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\awtsTMEv.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4915cd22.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\byXNeFxX.dll
[DETECTION] Is the TR/Monder.31232 Trojan
[NOTE] The file was moved to '48f9cd28.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\cbXQjhGx.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f9cd16.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\ddcDWPjg.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4904cd19.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\dlvthukk.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[NOTE] The file was moved to '4917cd21.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\efcbBQHW.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4904cd1b.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\fecgmvfy.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4904cd1a.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\gebAromm.dll
[DETECTION] Is the TR/Monder.31232 Trojan
[NOTE] The file was moved to '4903cd1b.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\geBrpmno.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48e3cd1b.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\hhckqeqj.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4904cd1e.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\hncjteab.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4904cd25.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\hwasvfpw.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4902cd2e.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\iifcBuUo.dll
[DETECTION] Is the TR/Monderb.AA Trojan
[NOTE] The file was moved to '4907cd20.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\iifebCUO.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4907cd21.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\ikibevvi.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[NOTE] The file was moved to '490acd23.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\imvawgmm.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4917cd25.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\ipawgrxm.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[NOTE] The file was moved to '4902cd28.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\ireyveqf.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4906cd2b.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\itvandac.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4917cd2d.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\ixikiact.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '490acd31.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\jkkJcBsp.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490ccd25.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\jpmvaeak.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '490ecd2a.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\leadbpee.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4902cd1f.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\mftiqadj.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4915cd21.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\mlJBQHYQ.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48ebcd27.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\okmpccuj.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '490ecd26.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\oqbvcwdc.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4903cd2d.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\pjeocknb.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4906cd26.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\pmnMdDww.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490fcd29.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\porpqwtm.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4913cd2c.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\qoMdCVPJ.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48eecd2c.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\qoMeEVnN.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c30202d.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\qpxfwayk.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4919cd2d.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\rmqfqskm.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4912cd2b.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\skebfspl.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4906cd29.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\snbbxnxb.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4ddd202e.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\ssqOHbCR.dll
[DETECTION] Is the TR/Monder.31232 Trojan
[NOTE] The file was moved to '4912cd32.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\ssqRLEUO.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4dcc2033.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmfjqokr.dll
[DETECTION] Is the TR/Agent.vpx Trojan
[NOTE] The file was moved to '4907cd2d.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp00012a3a
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4911cd2d.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp00012b92
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4dcf202e.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp00012d08
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4911cd2f.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp00012d75
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4911cd2e.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp00012e8e
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4dcf202f.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp00012ecc
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4de39baf.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp00013062
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4911cd30.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp000131c9
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4de39bb0.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp000131e8
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4911cd31.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp00013217
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4de39bb2.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp000133eb
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4dc184e9.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp0001381f
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4911cd32.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp000139c4
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4dc184eb.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp000139d4
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4dc18341.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp00013a51
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4dc184ea.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp00013de9
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4911cd33.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp000167d6
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4dc184ec.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp0001a42a
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4911cd34.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp0002c189
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4dc184ed.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp00048af0
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4911cd36.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp00170c8e
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4dc184ef.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\urqNDVml.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4912cd38.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\urqomlKA.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4dc284e1.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\urqPjIyx.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4912cd3a.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\vrpfvlgw.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[NOTE] The file was moved to '4911cd39.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\vtuSLfFW.dll
[DETECTION] Is the TR/Monder.31232 Trojan
[NOTE] The file was moved to '4916cd3b.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\wgsvtdtb.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[NOTE] The file was moved to '4914cd2e.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\whekumha.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[NOTE] The file was moved to '4906cd30.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\xgyvmvro.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '491acd2f.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\xydxnljk.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[NOTE] The file was moved to '4905cd41.qua'!
C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\yvqpkudn.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4912cd3f.qua'!
C:\QooBox\Quarantine\C\Users\Holly\ctfmon.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4907cfed.qua'!
C:\QooBox\Quarantine\C\Users\Holly\svchost.exe.vir
[DETECTION] Is the TR/Agent.VB.AQC Trojan
[NOTE] The file was moved to '4904cfef.qua'!
C:\Users\Holly\a.zip
[0] Archive type: ZIP
--> Setup.exe
[DETECTION] Is the TR/Agent.VB.AQC Trojan
[NOTE] The file was moved to '491bcfdb.qua'!
C:\Users\Holly\'\#1 DVD Audio Ripper 1.2.50.zip
[0] Archive type: ZIP
--> Setup.exe
[DETECTION] Is the TR/Agent.VB.AQC Trojan
[NOTE] The file was moved to '48c1cfe0.qua'!
C:\Users\Holly\'\#1 DVD Audio Ripper 1.2.54.zip
[0] Archive type: ZIP
--> Setup.exe
[DETECTION] Is the TR/Agent.VB.AQC Trojan
[NOTE] The file was moved to '4a449d41.qua'!
C:\Users\Holly\'\#1 DVD Ripper 4.0.zip
[0] Archive type: ZIP
--> Setup.exe
[DETECTION] Is the TR/Agent.VB.AQC Trojan
[NOTE] The file was moved to '48c1cfe2.qua'!
C:\Users\Holly\'\#1 DVD Ripper 6.2.4.zip
[0] Archive type: ZIP
--> Setup.exe

08-12-2008, 09:39 PM	#6 (permalink)
threehundred Registered User Join Date: Nov 2007 Posts: 13 OS: Win XP Service Pack 2	Re: Possible Vundo Infection I installed the free Avira Antivir program and it immediately found this: File: C:\Users\Holly\Setup.exe Trojan: TR/Agent.VB.AQC I did an update of the Antivir software and ran a scan, it started finding thousands of files in a folder that I do not think exists. Each of the files found were zip files and they were named after different downloadable programs and thousands of different movie titles. I ended up stopping the scan as it had already been running 2 hours and it was basically naming every movie or software in alphabetical order and it had only made it to the C's. After getting Kaspersky finally to download and start scanning, it scanned for a very long time working constantly. I tried to save the report, but it would not let me save it ANYWHERE on the computer. I tried 20 or so different places. Viewing the report, it looks as though it is the huge list that the antivir scan was finding (tons of programs and movie names in zip format). Since I could not get the Kaspersky scan to save, I have included an excerpt from the beginning of the Antivir scan to the point where it starts listing the programs and movies (the list was way too long to post). The computer is running, and seems to be working a little better than previous to working with you on it. I really appreciate your help on it. The following are the 3 virustotal scans of the 3 bat files you requested. After that is the Avira Antivir scan log file. C:\Users\Holly\996.bat Antivirus Version Last Update Result AhnLab-V3 2008.8.13.0 2008.08.12 - AntiVir 7.8.1.19 2008.08.12 - Authentium 5.1.0.4 2008.08.12 - Avast 4.8.1195.0 2008.08.12 - AVG 8.0.0.156 2008.08.12 - BitDefender 7.2 2008.08.12 - CAT-QuickHeal 9.50 2008.08.12 - ClamAV 0.93.1 2008.08.12 - DrWeb 4.44.0.09170 2008.08.12 - eSafe 7.0.17.0 2008.08.12 - eTrust-Vet 31.6.6027 2008.08.12 - Ewido 4.0 2008.08.12 - F-Prot 4.4.4.56 2008.08.12 - Fortinet 3.14.0.0 2008.08.12 - GData 2.0.7306.1023 2008.08.12 - Ikarus T3.1.1.34.0 2008.08.12 - K7AntiVirus 7.10.412 2008.08.12 - Kaspersky 7.0.0.125 2008.08.12 - McAfee 5358 2008.08.11 - Microsoft 1.3807 2008.08.12 - NOD32v2 3349 2008.08.12 - Norman 5.80.02 2008.08.12 - Panda 9.0.0.4 2008.08.12 - PCTools 4.4.2.0 2008.08.12 - Prevx1 V2 2008.08.12 - Rising 20.57.12.00 2008.08.12 - Sophos 4.32.0 2008.08.12 - Sunbelt 3.1.1542.1 2008.08.12 - Symantec 10 2008.08.12 - TheHacker 6.3.0.3.046 2008.08.12 - TrendMicro 8.700.0.1004 2008.08.12 - VBA32 3.12.8.3 2008.08.11 - ViRobot 2008.8.12.1333 2008.08.12 - VirusBuster 4.5.11.0 2008.08.12 - Webwasher-Gateway 6.6.2 2008.08.12 - Additional information File size: 511 bytes MD5...: eb47c78e926d9ae9e95583fbdcf604ef SHA1..: 8fcf3a9fca4921bf9e0a6f2102ef41ef4f901af2 SHA256: 8aedb9c8a1863c588226a82b5be4786952fd202762df004704f2cce1668ffd43 SHA512: 2a8a5b8482908fb899ca7f49cc877676e31911b117bbaa807ff92d3d5bd1b5db 05009ce281e69fef1522f5392d1f8be228191a7ad473b71ffc49807c62377c7e PEiD..: - PEInfo: - C:\Users\Holly\213.bat Antivirus Version Last Update Result AhnLab-V3 2008.8.13.0 2008.08.12 - AntiVir 7.8.1.19 2008.08.12 - Authentium 5.1.0.4 2008.08.12 - Avast 4.8.1195.0 2008.08.12 - AVG 8.0.0.156 2008.08.12 - BitDefender 7.2 2008.08.12 - CAT-QuickHeal 9.50 2008.08.12 - ClamAV 0.93.1 2008.08.12 - DrWeb 4.44.0.09170 2008.08.12 - eSafe 7.0.17.0 2008.08.12 - eTrust-Vet 31.6.6027 2008.08.12 - Ewido 4.0 2008.08.12 - F-Prot 4.4.4.56 2008.08.12 - F-Secure 7.60.13501.0 2008.08.12 - Fortinet 3.14.0.0 2008.08.12 - GData 2.0.7306.1023 2008.08.12 - Ikarus T3.1.1.34.0 2008.08.12 - K7AntiVirus 7.10.412 2008.08.12 - Kaspersky 7.0.0.125 2008.08.12 - McAfee 5358 2008.08.11 - Microsoft 1.3807 2008.08.12 - NOD32v2 3349 2008.08.12 - Norman 5.80.02 2008.08.12 - Panda 9.0.0.4 2008.08.12 - PCTools 4.4.2.0 2008.08.12 - Prevx1 V2 2008.08.12 - Rising 20.57.12.00 2008.08.12 - Sophos 4.32.0 2008.08.12 - Sunbelt 3.1.1542.1 2008.08.12 - Symantec 10 2008.08.12 - TheHacker 6.3.0.3.046 2008.08.12 - TrendMicro 8.700.0.1004 2008.08.12 - VBA32 3.12.8.3 2008.08.11 - ViRobot 2008.8.12.1333 2008.08.12 - VirusBuster 4.5.11.0 2008.08.12 - Webwasher-Gateway 6.6.2 2008.08.12 - Additional information File size: 511 bytes MD5...: 468207fe4a6f00c1b58f7284543634f6 SHA1..: 8c99fdd39c766c71e9acb0324edf3c0b4b492e37 SHA256: 78aa64072225a9e187bf40c2323f2ea179dbf25adc80eb1ba289e47cb45c4f68 SHA512: 6e6de6a41da5664c194e94cc30b0b9aca9c6183a90fbe86a524bbd8dcc56c81d e97d7b75780bc718509808ee094ea6dc303b91ff317ab42261c4cc1ef65a42d6 PEiD..: - PEInfo: - C:\Users\Holly\n.bat Antivirus Version Last Update Result AhnLab-V3 2008.8.13.0 2008.08.12 - AntiVir 7.8.1.19 2008.08.12 - Authentium 5.1.0.4 2008.08.12 - Avast 4.8.1195.0 2008.08.12 - AVG 8.0.0.156 2008.08.12 - BitDefender 7.2 2008.08.12 - CAT-QuickHeal 9.50 2008.08.12 - ClamAV 0.93.1 2008.08.12 - DrWeb 4.44.0.09170 2008.08.12 - eSafe 7.0.17.0 2008.08.12 - eTrust-Vet 31.6.6027 2008.08.12 - Ewido 4.0 2008.08.12 - F-Prot 4.4.4.56 2008.08.12 - F-Secure 7.60.13501.0 2008.08.12 - Fortinet 3.14.0.0 2008.08.12 - GData 2.0.7306.1023 2008.08.12 - Ikarus T3.1.1.34.0 2008.08.12 - K7AntiVirus 7.10.412 2008.08.12 - Kaspersky 7.0.0.125 2008.08.12 - McAfee 5358 2008.08.11 - Microsoft 1.3807 2008.08.12 - NOD32v2 3349 2008.08.12 - Norman 5.80.02 2008.08.12 - Panda 9.0.0.4 2008.08.12 - PCTools 4.4.2.0 2008.08.12 - Prevx1 V2 2008.08.12 - Rising 20.57.12.00 2008.08.12 - Sophos 4.32.0 2008.08.12 - Sunbelt 3.1.1542.1 2008.08.12 - Symantec 10 2008.08.12 - TheHacker 6.3.0.3.046 2008.08.12 - TrendMicro 8.700.0.1004 2008.08.12 - VBA32 3.12.8.3 2008.08.11 - ViRobot 2008.8.12.1333 2008.08.12 - VirusBuster 4.5.11.0 2008.08.12 - Webwasher-Gateway 6.6.2 2008.08.12 - Additional information File size: 74 bytes MD5...: 5600501da82eb973d1a5f9d97fd6c6cb SHA1..: f73315037e5f772bde3f8be459602263d5fad453 SHA256: ca0db7693585e51c8a2c631c7035c37bf97f69afc03a0f3d2988b68beb3594b5 SHA512: 33323e46bcfea888c4ab9cd8fda57468a88ef175a2701465f3f9606151848381 61d189a312115413e5d22db3f8c08c44d2e4e9434cfa0d6eefaa79acf1e98b24 PEiD..: - PEInfo: - Scan from Antivir Avira AntiVir Personal Report file date: Tuesday, August 12, 2008 13:46 Scanning for 1549254 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows Vista Windows version: (plain) [6.0.6000] Boot mode: Normally booted Username: SYSTEM Computer name: HOLLY-PC Version information: BUILD.DAT : 8.1.0.326 16933 Bytes 7/11/2008 12:57:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 14:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 13:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 18:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 13:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 16:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 19:54:15 ANTIVIR2.VDF : 7.0.5.207 2316800 Bytes 8/4/2008 17:42:53 ANTIVIR3.VDF : 7.0.6.2 258560 Bytes 8/12/2008 17:42:55 Engineversion : 8.1.1.19 AEVDF.DLL : 8.1.0.5 102772 Bytes 7/9/2008 14:46:50 AESCRIPT.DLL : 8.1.0.63 311673 Bytes 8/12/2008 17:43:10 AESCN.DLL : 8.1.0.23 119156 Bytes 8/12/2008 17:43:09 AERDL.DLL : 8.1.0.20 418165 Bytes 7/9/2008 14:46:50 AEPACK.DLL : 8.1.2.1 364917 Bytes 8/12/2008 17:43:07 AEOFFICE.DLL : 8.1.0.21 192891 Bytes 8/12/2008 17:43:05 AEHEUR.DLL : 8.1.0.47 1368437 Bytes 8/12/2008 17:43:04 AEHELP.DLL : 8.1.0.15 115063 Bytes 7/9/2008 14:46:50 AEGEN.DLL : 8.1.0.35 315764 Bytes 8/12/2008 17:43:01 AEEMU.DLL : 8.1.0.7 430452 Bytes 8/12/2008 17:42:59 AECORE.DLL : 8.1.1.8 172406 Bytes 8/12/2008 17:42:58 AEBB.DLL : 8.1.0.1 53617 Bytes 4/24/2008 14:50:42 AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 14:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 15:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 8/12/2008 17:42:56 AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 17:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 18:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 18:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 19:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 19:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: Tuesday, August 12, 2008 13:46 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'notepad.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'VSSVC.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'ieuser.exe' - '1' Module(s) have been scanned Scan process 'Ivpsvmgr.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'PresentationFontCache.exe' - '1' Module(s) have been scanned Scan process 'CFSwMgr.exe' - '1' Module(s) have been scanned Scan process 'SynToshiba.exe' - '1' Module(s) have been scanned Scan process 'unsecapp.exe' - '1' Module(s) have been scanned Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned Scan process 'TOSCDSPD.exe' - '1' Module(s) have been scanned Scan process 'wpcumi.exe' - '1' Module(s) have been scanned Scan process 'TCrdMain.exe' - '1' Module(s) have been scanned Scan process 'SmoothView.exe' - '1' Module(s) have been scanned Scan process 'TPwrMain.exe' - '1' Module(s) have been scanned Scan process 'KeNotify.exe' - '1' Module(s) have been scanned Scan process 'NDSTray.exe' - '1' Module(s) have been scanned Scan process 'ltmoh.exe' - '1' Module(s) have been scanned Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'igfxpers.exe' - '1' Module(s) have been scanned Scan process 'hkcmd.exe' - '1' Module(s) have been scanned Scan process 'igfxtray.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'dwm.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned Scan process 'TosBtSrv.exe' - '1' Module(s) have been scanned Scan process 'TosCoSrv.exe' - '1' Module(s) have been scanned Scan process 'TODDSrv.exe' - '1' Module(s) have been scanned Scan process 'swupdtmr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'pinger.exe' - '1' Module(s) have been scanned Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SLsvc.exe' - '1' Module(s) have been scanned Scan process 'audiodg.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 68 processes with 68 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '51' files ). Starting the file scan: Begin scan in 'C:\' <SQ004508V01> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\aoafowrq.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4902cd00.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\avtqpojy.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4915cd1b.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\awtsTMEv.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4915cd22.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\byXNeFxX.dll [DETECTION] Is the TR/Monder.31232 Trojan [NOTE] The file was moved to '48f9cd28.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\cbXQjhGx.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '48f9cd16.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\ddcDWPjg.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4904cd19.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\dlvthukk.dll [DETECTION] Is the TR/Crypt.Morphine.Gen Trojan [NOTE] The file was moved to '4917cd21.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\efcbBQHW.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4904cd1b.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\fecgmvfy.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4904cd1a.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\gebAromm.dll [DETECTION] Is the TR/Monder.31232 Trojan [NOTE] The file was moved to '4903cd1b.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\geBrpmno.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '48e3cd1b.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\hhckqeqj.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4904cd1e.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\hncjteab.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4904cd25.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\hwasvfpw.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4902cd2e.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\iifcBuUo.dll [DETECTION] Is the TR/Monderb.AA Trojan [NOTE] The file was moved to '4907cd20.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\iifebCUO.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4907cd21.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\ikibevvi.dll [DETECTION] Is the TR/Crypt.Morphine.Gen Trojan [NOTE] The file was moved to '490acd23.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\imvawgmm.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4917cd25.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\ipawgrxm.dll [DETECTION] Is the TR/Crypt.Morphine.Gen Trojan [NOTE] The file was moved to '4902cd28.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\ireyveqf.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4906cd2b.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\itvandac.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4917cd2d.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\ixikiact.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '490acd31.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\jkkJcBsp.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '490ccd25.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\jpmvaeak.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '490ecd2a.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\leadbpee.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4902cd1f.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\mftiqadj.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4915cd21.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\mlJBQHYQ.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '48ebcd27.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\okmpccuj.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '490ecd26.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\oqbvcwdc.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4903cd2d.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\pjeocknb.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4906cd26.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\pmnMdDww.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '490fcd29.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\porpqwtm.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4913cd2c.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\qoMdCVPJ.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '48eecd2c.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\qoMeEVnN.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4c30202d.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\qpxfwayk.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4919cd2d.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\rmqfqskm.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4912cd2b.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\skebfspl.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4906cd29.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\snbbxnxb.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4ddd202e.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\ssqOHbCR.dll [DETECTION] Is the TR/Monder.31232 Trojan [NOTE] The file was moved to '4912cd32.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\ssqRLEUO.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4dcc2033.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmfjqokr.dll [DETECTION] Is the TR/Agent.vpx Trojan [NOTE] The file was moved to '4907cd2d.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp00012a3a [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4911cd2d.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp00012b92 [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4dcf202e.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp00012d08 [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4911cd2f.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp00012d75 [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4911cd2e.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp00012e8e [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4dcf202f.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp00012ecc [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4de39baf.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp00013062 [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4911cd30.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp000131c9 [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4de39bb0.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp000131e8 [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4911cd31.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp00013217 [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4de39bb2.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp000133eb [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4dc184e9.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp0001381f [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4911cd32.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp000139c4 [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4dc184eb.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp000139d4 [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4dc18341.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp00013a51 [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4dc184ea.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp00013de9 [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4911cd33.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp000167d6 [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4dc184ec.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp0001a42a [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4911cd34.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp0002c189 [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4dc184ed.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp00048af0 [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4911cd36.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\tmp00170c8e [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4dc184ef.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\urqNDVml.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4912cd38.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\urqomlKA.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4dc284e1.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\urqPjIyx.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4912cd3a.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\vrpfvlgw.dll [DETECTION] Is the TR/Crypt.Morphine.Gen Trojan [NOTE] The file was moved to '4911cd39.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\vtuSLfFW.dll [DETECTION] Is the TR/Monder.31232 Trojan [NOTE] The file was moved to '4916cd3b.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\wgsvtdtb.dll [DETECTION] Is the TR/Crypt.Morphine.Gen Trojan [NOTE] The file was moved to '4914cd2e.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\whekumha.dll [DETECTION] Is the TR/Crypt.Morphine.Gen Trojan [NOTE] The file was moved to '4906cd30.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\xgyvmvro.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '491acd2f.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\xydxnljk.dll [DETECTION] Is the TR/Crypt.Morphine.Gen Trojan [NOTE] The file was moved to '4905cd41.qua'! C:\Deckard\System Scanner\20080810162959\backup\Users\Holly\AppData\Local\Temp\yvqpkudn.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4912cd3f.qua'! C:\QooBox\Quarantine\C\Users\Holly\ctfmon.exe.vir [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '4907cfed.qua'! C:\QooBox\Quarantine\C\Users\Holly\svchost.exe.vir [DETECTION] Is the TR/Agent.VB.AQC Trojan [NOTE] The file was moved to '4904cfef.qua'! C:\Users\Holly\a.zip [0] Archive type: ZIP --> Setup.exe [DETECTION] Is the TR/Agent.VB.AQC Trojan [NOTE] The file was moved to '491bcfdb.qua'! C:\Users\Holly\'\#1 DVD Audio Ripper 1.2.50.zip [0] Archive type: ZIP --> Setup.exe [DETECTION] Is the TR/Agent.VB.AQC Trojan [NOTE] The file was moved to '48c1cfe0.qua'! C:\Users\Holly\'\#1 DVD Audio Ripper 1.2.54.zip [0] Archive type: ZIP --> Setup.exe [DETECTION] Is the TR/Agent.VB.AQC Trojan [NOTE] The file was moved to '4a449d41.qua'! C:\Users\Holly\'\#1 DVD Ripper 4.0.zip [0] Archive type: ZIP --> Setup.exe [DETECTION] Is the TR/Agent.VB.AQC Trojan [NOTE] The file was moved to '48c1cfe2.qua'! C:\Users\Holly\'\#1 DVD Ripper 6.2.4.zip [0] Archive type: ZIP --> Setup.exe