Tech Support Forum - View Single Post

Daddis · 08-26-2005, 04:37 PM

My apologies Reid and Microbell.

I somehow neglected to get the Panda instructions when I copy and pasted the instructions.

Here is the results of the PandaScan:

Incident Status Location

Adware:adware/cws.yexe No disinfected C:\WINDOWS\inet20057
Adware:adware/sqwire No disinfected Windows Registry
Dialer:dialer.bjp No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\ARCHIVIOSEX.NET
Dialer:dialer.akd No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\SGRUNT.BIZ
Adware:adware/neededware No disinfected Windows Registry
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\counter.jpg-52050db9-2b90378e.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\counter.jpg-52050db9-2b90378e.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\counter.jpg-52050db9-2b90378e.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\counter.jpg-52050db9-2b90378e.zip[Worker.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\counter.jpg-52050db9-2b90378e.zip[Xeyond.class]
Virus:Trj/Downloader.CPC Disinfected C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\counter.jpg-52050db9-2b90378e.zip[web.exe]
Adware:Adware/PsGuard No disinfected C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38564.9707740162.WCU[A~NSISu_.exe]
Spyware:Spyware/ISTBar No disinfected C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38564.9707740162.WCU[tsinstall_4_0_3_8_b17.exe]
Virus:Trj/Downloader.DGM Disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FCXXKQ25\sia[1].txt
Adware:Adware/Winstat No disinfected C:\Documents and Settings\Owner\My Documents\Utilities sheila downloaded\backups\backup-20050824-165925-988.dll
Possible Virus. No disinfected C:\Program Files\2Wire\sy_apps\dllupdate.exe
Adware:Adware/Sqwire No disinfected C:\Program Files\Common Files\rmuw\rmuwd\rmuwc.dll
Virus:Trj/Downloader.DEW Disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2Y406T30\1[1].htm
Spyware:Spyware/ISTBar No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2Y406T30\error[1].htm
Virus:Trj/Downloader.DEW Disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2Y406T30\targ[1].chm
Virus:Exploit/Codebase.X No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2Y406T30\targ[2].chm[target.htm]
Virus:Trj/Downloader.DEW No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2Y406T30\targ[2].chm[win32.exe]
Adware:Adware/TopConvert No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IU4GMC4Z\protect[1].htm
Adware:Adware/MediaTickets No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\M5OG28JH\media000[1].html
Adware:Adware/MediaTickets No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YD9ABCDN\CA0HRZTK.HTM
Adware:Adware/MediaTickets No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YD9ABCDN\symantec[1].css
Virus:Exploit/Codebase.AE No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YD9ABCDN\x[1].chm[x.htm]
Virus:Trj/Downloader.DEI No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YD9ABCDN\x[1].chm[load.exe]
My next post will have the FindIt log and the new Hijackthis log.

08-26-2005, 04:37 PM	#7 (permalink)
Daddis Registered User Join Date: Aug 2005 Posts: 12 OS: Win XP	My apologies Reid and Microbell. I somehow neglected to get the Panda instructions when I copy and pasted the instructions. Here is the results of the PandaScan: Incident Status Location Adware:adware/cws.yexe No disinfected C:\WINDOWS\inet20057 Adware:adware/sqwire No disinfected Windows Registry Dialer:dialer.bjp No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\ARCHIVIOSEX.NET Dialer:dialer.akd No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\SGRUNT.BIZ Adware:adware/neededware No disinfected Windows Registry Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\counter.jpg-52050db9-2b90378e.zip[Counter.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\counter.jpg-52050db9-2b90378e.zip[Gummy.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\counter.jpg-52050db9-2b90378e.zip[VerifierBug.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\counter.jpg-52050db9-2b90378e.zip[Worker.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\counter.jpg-52050db9-2b90378e.zip[Xeyond.class] Virus:Trj/Downloader.CPC Disinfected C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\counter.jpg-52050db9-2b90378e.zip[web.exe] Adware:Adware/PsGuard No disinfected C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38564.9707740162.WCU[A~NSISu_.exe] Spyware:Spyware/ISTBar No disinfected C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38564.9707740162.WCU[tsinstall_4_0_3_8_b17.exe] Virus:Trj/Downloader.DGM Disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FCXXKQ25\sia[1].txt Adware:Adware/Winstat No disinfected C:\Documents and Settings\Owner\My Documents\Utilities sheila downloaded\backups\backup-20050824-165925-988.dll Possible Virus. No disinfected C:\Program Files\2Wire\sy_apps\dllupdate.exe Adware:Adware/Sqwire No disinfected C:\Program Files\Common Files\rmuw\rmuwd\rmuwc.dll Virus:Trj/Downloader.DEW Disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2Y406T30\1[1].htm Spyware:Spyware/ISTBar No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2Y406T30\error[1].htm Virus:Trj/Downloader.DEW Disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2Y406T30\targ[1].chm Virus:Exploit/Codebase.X No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2Y406T30\targ[2].chm[target.htm] Virus:Trj/Downloader.DEW No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2Y406T30\targ[2].chm[win32.exe] Adware:Adware/TopConvert No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IU4GMC4Z\protect[1].htm Adware:Adware/MediaTickets No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\M5OG28JH\media000[1].html Adware:Adware/MediaTickets No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YD9ABCDN\CA0HRZTK.HTM Adware:Adware/MediaTickets No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YD9ABCDN\symantec[1].css Virus:Exploit/Codebase.AE No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YD9ABCDN\x[1].chm[x.htm] Virus:Trj/Downloader.DEI No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YD9ABCDN\x[1].chm[load.exe] My next post will have the FindIt log and the new Hijackthis log.