Tech Support Forum - View Single Post

jordanl · 04-21-2005, 06:08 PM

File C:\WINDOWS\Bolger.dll infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File c:\windows\system32\atdmvq.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\svcproc.exe infected by "Trojan.Win32.Stervis.b" Virus. Action Taken: No Action Taken.
File System Found infected by "Visicom Media Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "autoloader Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\flnlhkh.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\woinstall.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wpvwdiqga.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\AfcicuO.exe infected by "Trojan-Downloader.Win32.VB.em" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\Ihjc.exe infected by "Trojan-Downloader.Win32.VB.em" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\Lun8r9.exe infected by "Trojan-Downloader.Win32.VB.em" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\LwiPYK.exe infected by "Trojan-Downloader.Win32.VB.em" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\LISAAN~1\LOCALS~1\Temp\all_files7.exe infected by "not-a-virus:AdWare.EZula.ar" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\LISAAN~1\LOCALS~1\Temp\LEL\aurareco.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\LISAAN~1\LOCALS~1\Temp\pacificpokersetup.exe tagged as not-a-virus:RiskWare.Tool.PrcView.3725. No Action Taken.
File C:\DOCUME~1\LISAAN~1\LOCALS~1\Temp\pop_eu.exe infected by "Trojan-Downloader.Win32.Apropo.h" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\LISAAN~1\LOCALS~1\Temp\SEPInst.exe infected by "Trojan.Win32.Septic.a" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\LISAAN~1\LOCALS~1\Temp\temp.fr3EA5 infected by "Trojan-Downloader.Win32.Apropo.w" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\LISAAN~1\LOCALS~1\Temp\WBCM_Installer.exe infected by "Trojan.Win32.Agent.az" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\LISAAN~1\LOCALS~1\TEMPOR~1\Content.IE5\GD6JWHMR\Nail[1].exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\LISAAN~1\LOCALS~1\TEMPOR~1\Content.IE5\R6QIEEPY\svcproc[1].exe infected by "Trojan.Win32.Stervis.b" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06380000.VBN infected by "Email-Worm.Win32.NetSky.q" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C300000.VBN infected by "Exploit.Java.Bytverify" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C300001.VBN infected by "Exploit.Java.Bytverify" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C300002.VBN infected by "Trojan.Java.ClassLoader.h" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C300003.VBN infected by "Trojan.Java.ClassLoader.h" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Lisa and Jimmy\Local Settings\Temp\all_files7.exe infected by "not-a-virus:AdWare.EZula.ar" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Lisa and Jimmy\Local Settings\Temp\LEL\aurareco.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Lisa and Jimmy\Local Settings\Temp\pacificpokersetup.exe tagged as not-a-virus:RiskWare.Tool.PrcView.3725. No Action Taken.
File C:\Documents and Settings\Lisa and Jimmy\Local Settings\Temp\pop_eu.exe infected by "Trojan-Downloader.Win32.Apropo.h" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Lisa and Jimmy\Local Settings\Temp\SEPInst.exe infected by "Trojan.Win32.Septic.a" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Lisa and Jimmy\Local Settings\Temp\temp.fr3EA5 infected by "Trojan-Downloader.Win32.Apropo.w" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Lisa and Jimmy\Local Settings\Temp\WBCM_Installer.exe infected by "Trojan.Win32.Agent.az" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Lisa and Jimmy\Local Settings\Temporary Internet Files\Content.IE5\GD6JWHMR\Nail[1].exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Lisa and Jimmy\Local Settings\Temporary Internet Files\Content.IE5\R6QIEEPY\svcproc[1].exe infected by "Trojan.Win32.Stervis.b" Virus. Action Taken: No Action Taken.
File C:\Downloads\PedalToTheMetalSetup-dm[1].exe infected by "not-a-virus:AdWare.Trymedia.a" Virus. Action Taken: No Action Taken.
File C:\iMeshInst.exe infected by "not-a-virus:AdWare.WinFetcher.g" Virus. Action Taken: No Action Taken.
File C:\MemoryWatcher_b.exe infected by "Backdoor.Win32.VB.oq" Virus. Action Taken: No Action Taken.
File C:\Program Files\AOL 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Common Files\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\PacificPoker\pv.exe tagged as not-a-virus:RiskWare.Tool.PrcView.3725. No Action Taken.
File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058109.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058123.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058151.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058180.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058181.dll infected by "Trojan.Win32.Septic.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058196.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058214.exe infected by "Trojan.Win32.Stervis.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058222.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058229.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058247.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058252.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058280.exe infected by "Trojan-Downloader.Win32.Apropo.aa" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058281.exe infected by "not-a-virus:AdWare.Apropos.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058282.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058283.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058284.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058290.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058344.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058384.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058434.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058469.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058517.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP319\A0058550.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\flnlhkh.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\AfcicuO.exe infected by "Trojan-Downloader.Win32.VB.em" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\Ihjc.exe infected by "Trojan-Downloader.Win32.VB.em" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\Lun8r9.exe infected by "Trojan-Downloader.Win32.VB.em" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\LwiPYK.exe infected by "Trojan-Downloader.Win32.VB.em" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\woinstall.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wpvwdiqga.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.

FIND IT LOG:

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»»»»»»»» Todo Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* Todo C:\WINDOWS\System32\VHXVFB.EXE
»»»»»»»»»»»»»»»»»»»»»»»» aurora Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»

* 1 aurora C:\WINDOWS\FLNLHKH.EXE

»»»»»»»»»»»»»»»»»»»»»»»» Suspect's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Dont delete file's in the section without guidence
Even then back them up first

* UPX! C:\WINDOWS\System32\VHXVFB.EXE
* UPX! C:\WINDOWS\SVCPROC.EXE
* UPX! C:\WINDOWS\TSC.EXE
* UPX! C:\WINDOWS\WPVWDI~1.EXE
* Sniffed C:\WINDOWS\System32\DRPMON.DLL
»»»»»»»»»»»»»»»»»»»»»»»» Possible SAHAgent Files found »»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» Misc checks »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
* buddy C:\WINDOWS\WPVWDI~1.EXE

Volume in drive C has no label.
Volume Serial Number is 841C-FF6B

Directory of C:\WINDOWS\system32

16/08/2001 15:42 2,238 Autorun.ico
1 File(s) 2,238 bytes
0 Dir(s) 32,336,273,408 bytes free
svcproc.exe
DrPMon.dll
Volume in drive C has no label.
Volume Serial Number is 841C-FF6B

Directory of C:\WINDOWS\SYSTEM32

Volume in drive C has no label.
Volume Serial Number is 841C-FF6B

Directory of C:\WINDOWS\SYSTEM

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon\Driver SZ DrPMon.dll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\ZepMon\Driver SZ DrPMon.dll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Monitors\ZepMon\Driver SZ DrPMon.dll

04-21-2005, 06:08 PM	#21 (permalink)
jordanl Registered User Join Date: Apr 2005 Posts: 14 OS: WinXP	Here are the files: File C:\WINDOWS\Bolger.dll infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. File c:\windows\system32\atdmvq.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken. File C:\WINDOWS\svcproc.exe infected by "Trojan.Win32.Stervis.b" Virus. Action Taken: No Action Taken. File System Found infected by "Visicom Media Spyware/Adware" Virus. Action Taken: No Action Taken. File System Found infected by "autoloader Spyware/Adware" Virus. Action Taken: No Action Taken. File C:\WINDOWS\flnlhkh.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. File C:\WINDOWS\woinstall.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken. File C:\WINDOWS\wpvwdiqga.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. File C:\WINDOWS\System32\AfcicuO.exe infected by "Trojan-Downloader.Win32.VB.em" Virus. Action Taken: No Action Taken. File C:\WINDOWS\System32\Ihjc.exe infected by "Trojan-Downloader.Win32.VB.em" Virus. Action Taken: No Action Taken. File C:\WINDOWS\System32\Lun8r9.exe infected by "Trojan-Downloader.Win32.VB.em" Virus. Action Taken: No Action Taken. File C:\WINDOWS\System32\LwiPYK.exe infected by "Trojan-Downloader.Win32.VB.em" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\LISAAN~1\LOCALS~1\Temp\all_files7.exe infected by "not-a-virus:AdWare.EZula.ar" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\LISAAN~1\LOCALS~1\Temp\LEL\aurareco.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\LISAAN~1\LOCALS~1\Temp\pacificpokersetup.exe tagged as not-a-virus:RiskWare.Tool.PrcView.3725. No Action Taken. File C:\DOCUME~1\LISAAN~1\LOCALS~1\Temp\pop_eu.exe infected by "Trojan-Downloader.Win32.Apropo.h" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\LISAAN~1\LOCALS~1\Temp\SEPInst.exe infected by "Trojan.Win32.Septic.a" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\LISAAN~1\LOCALS~1\Temp\temp.fr3EA5 infected by "Trojan-Downloader.Win32.Apropo.w" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\LISAAN~1\LOCALS~1\Temp\WBCM_Installer.exe infected by "Trojan.Win32.Agent.az" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\LISAAN~1\LOCALS~1\TEMPOR~1\Content.IE5\GD6JWHMR\Nail[1].exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\LISAAN~1\LOCALS~1\TEMPOR~1\Content.IE5\R6QIEEPY\svcproc[1].exe infected by "Trojan.Win32.Stervis.b" Virus. Action Taken: No Action Taken. File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06380000.VBN infected by "Email-Worm.Win32.NetSky.q" Virus. Action Taken: No Action Taken. File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C300000.VBN infected by "Exploit.Java.Bytverify" Virus. Action Taken: No Action Taken. File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C300001.VBN infected by "Exploit.Java.Bytverify" Virus. Action Taken: No Action Taken. File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C300002.VBN infected by "Trojan.Java.ClassLoader.h" Virus. Action Taken: No Action Taken. File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C300003.VBN infected by "Trojan.Java.ClassLoader.h" Virus. Action Taken: No Action Taken. File C:\Documents and Settings\Lisa and Jimmy\Local Settings\Temp\all_files7.exe infected by "not-a-virus:AdWare.EZula.ar" Virus. Action Taken: No Action Taken. File C:\Documents and Settings\Lisa and Jimmy\Local Settings\Temp\LEL\aurareco.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. File C:\Documents and Settings\Lisa and Jimmy\Local Settings\Temp\pacificpokersetup.exe tagged as not-a-virus:RiskWare.Tool.PrcView.3725. No Action Taken. File C:\Documents and Settings\Lisa and Jimmy\Local Settings\Temp\pop_eu.exe infected by "Trojan-Downloader.Win32.Apropo.h" Virus. Action Taken: No Action Taken. File C:\Documents and Settings\Lisa and Jimmy\Local Settings\Temp\SEPInst.exe infected by "Trojan.Win32.Septic.a" Virus. Action Taken: No Action Taken. File C:\Documents and Settings\Lisa and Jimmy\Local Settings\Temp\temp.fr3EA5 infected by "Trojan-Downloader.Win32.Apropo.w" Virus. Action Taken: No Action Taken. File C:\Documents and Settings\Lisa and Jimmy\Local Settings\Temp\WBCM_Installer.exe infected by "Trojan.Win32.Agent.az" Virus. Action Taken: No Action Taken. File C:\Documents and Settings\Lisa and Jimmy\Local Settings\Temporary Internet Files\Content.IE5\GD6JWHMR\Nail[1].exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. File C:\Documents and Settings\Lisa and Jimmy\Local Settings\Temporary Internet Files\Content.IE5\R6QIEEPY\svcproc[1].exe infected by "Trojan.Win32.Stervis.b" Virus. Action Taken: No Action Taken. File C:\Downloads\PedalToTheMetalSetup-dm[1].exe infected by "not-a-virus:AdWare.Trymedia.a" Virus. Action Taken: No Action Taken. File C:\iMeshInst.exe infected by "not-a-virus:AdWare.WinFetcher.g" Virus. Action Taken: No Action Taken. File C:\MemoryWatcher_b.exe infected by "Backdoor.Win32.VB.oq" Virus. Action Taken: No Action Taken. File C:\Program Files\AOL 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Common Files\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\PacificPoker\pv.exe tagged as not-a-virus:RiskWare.Tool.PrcView.3725. No Action Taken. File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058109.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058123.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058151.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058180.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058181.dll infected by "Trojan.Win32.Septic.a" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058196.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058214.exe infected by "Trojan.Win32.Stervis.b" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058222.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058229.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058247.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058252.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058280.exe infected by "Trojan-Downloader.Win32.Apropo.aa" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058281.exe infected by "not-a-virus:AdWare.Apropos.i" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058282.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058283.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058284.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058290.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058344.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058384.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058434.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058469.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP318\A0058517.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{38D6DCA9-0982-4880-B163-4A0F5FD5EC88}\RP319\A0058550.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken. File C:\WINDOWS\flnlhkh.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\AfcicuO.exe infected by "Trojan-Downloader.Win32.VB.em" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\Ihjc.exe infected by "Trojan-Downloader.Win32.VB.em" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\Lun8r9.exe infected by "Trojan-Downloader.Win32.VB.em" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\LwiPYK.exe infected by "Trojan-Downloader.Win32.VB.em" Virus. Action Taken: No Action Taken. File C:\WINDOWS\woinstall.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken. File C:\WINDOWS\wpvwdiqga.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. FIND IT LOG: PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»»»»»»»»»»»»»»»»»»»»» Todo Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»» * Todo C:\WINDOWS\System32\VHXVFB.EXE »»»»»»»»»»»»»»»»»»»»»»»» aurora Files found »»»»»»»»»»»»»»»»»»»»»»»»»»» * 1 aurora C:\WINDOWS\FLNLHKH.EXE »»»»»»»»»»»»»»»»»»»»»»»» Suspect's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Dont delete file's in the section without guidence Even then back them up first * UPX! C:\WINDOWS\System32\VHXVFB.EXE * UPX! C:\WINDOWS\SVCPROC.EXE * UPX! C:\WINDOWS\TSC.EXE * UPX! C:\WINDOWS\WPVWDI~1.EXE * Sniffed C:\WINDOWS\System32\DRPMON.DLL »»»»»»»»»»»»»»»»»»»»»»»» Possible SAHAgent Files found »»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» Misc checks »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» * buddy C:\WINDOWS\WPVWDI~1.EXE Volume in drive C has no label. Volume Serial Number is 841C-FF6B Directory of C:\WINDOWS\system32 16/08/2001 15:42 2,238 Autorun.ico 1 File(s) 2,238 bytes 0 Dir(s) 32,336,273,408 bytes free svcproc.exe DrPMon.dll Volume in drive C has no label. Volume Serial Number is 841C-FF6B Directory of C:\WINDOWS\SYSTEM32 Volume in drive C has no label. Volume Serial Number is 841C-FF6B Directory of C:\WINDOWS\SYSTEM HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon\Driver SZ DrPMon.dll HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\ZepMon\Driver SZ DrPMon.dll HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Monitors\ZepMon\Driver SZ DrPMon.dll