Tech Support Forum - View Single Post

michaelsubtonik · 10-16-2005, 08:39 AM

Thanks for replying so quickly ! : )

The online scan took quite a while... but it finally made it through a full scan of my PC.

Kaspersky found this :

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, October 17, 2005 00:32:17
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 16/10/2005
Kaspersky Anti-Virus database records: 145074
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 106209
Number of viruses found: 3
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 13821 sec

Infected Object Name - Virus Name
C:\ms32.tmp Infected: Trojan-Downloader.Win32.Delf.h
C:\System Volume Information\_restore{35AD59EB-21E3-4539-B284-06A52C1B5351}\RP74\A0008892.exe Infected: Trojan-Downloader.Win32.Delf.ks
D:\System Volume Information\_restore{7FE14B5E-E530-4CF5-AC1D-0F35B5FFD583}\RP61\A0022250.exe Infected: Virus.Win32.Parite.b
D:\System Volume Information\_restore{7FE14B5E-E530-4CF5-AC1D-0F35B5FFD583}\RP61\A0022251.exe Infected: Virus.Win32.Parite.b

Scan process completed.

After the scan I rescanned with HTJ.

Logfile of HijackThis v1.99.1
Scan saved at 12:35:47 AM, on 17/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\camera drivers\USBDriver\amcap.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\anit virus stuff\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {93336822-F4C1-AF1D-E76D-F47A94E10EE5} - C:\WINDOWS\system32\ejk.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07F31DF4-24AB-403F-9962-6E1F5FAE7D0B}: NameServer = 85.255.113.130,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2B90886-2AA6-4501-B966-B7A22D9E0A44}: NameServer = 85.255.113.130,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA7E4442-574D-46F1-9A0F-1B063193247E}: NameServer = 85.255.113.130,85.255.112.19
O17 - HKLM\System\CS1\Services\Tcpip\..\{07F31DF4-24AB-403F-9962-6E1F5FAE7D0B}: NameServer = 85.255.113.130,85.255.112.19
O20 - Winlogon Notify: style32 - c:\ms32.tmp
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

cheers

Michael

10-16-2005, 08:39 AM	#3 (permalink)
michaelsubtonik Registered User Join Date: Oct 2005 Posts: 6 OS: winXP	virus scanned and a new HJT scan Thanks for replying so quickly ! : ) The online scan took quite a while... but it finally made it through a full scan of my PC. Kaspersky found this : ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Monday, October 17, 2005 00:32:17 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 16/10/2005 Kaspersky Anti-Virus database records: 145074 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 106209 Number of viruses found: 3 Number of infected objects: 4 Number of suspicious objects: 0 Duration of the scan process: 13821 sec Infected Object Name - Virus Name C:\ms32.tmp Infected: Trojan-Downloader.Win32.Delf.h C:\System Volume Information\_restore{35AD59EB-21E3-4539-B284-06A52C1B5351}\RP74\A0008892.exe Infected: Trojan-Downloader.Win32.Delf.ks D:\System Volume Information\_restore{7FE14B5E-E530-4CF5-AC1D-0F35B5FFD583}\RP61\A0022250.exe Infected: Virus.Win32.Parite.b D:\System Volume Information\_restore{7FE14B5E-E530-4CF5-AC1D-0F35B5FFD583}\RP61\A0022251.exe Infected: Virus.Win32.Parite.b Scan process completed. After the scan I rescanned with HTJ. Logfile of HijackThis v1.99.1 Scan saved at 12:35:47 AM, on 17/10/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe D:\camera drivers\USBDriver\amcap.exe C:\WINDOWS\system32\NOTEPAD.EXE D:\anit virus stuff\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {93336822-F4C1-AF1D-E76D-F47A94E10EE5} - C:\WINDOWS\system32\ejk.dll (file missing) O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{07F31DF4-24AB-403F-9962-6E1F5FAE7D0B}: NameServer = 85.255.113.130,85.255.112.19 O17 - HKLM\System\CCS\Services\Tcpip\..\{A2B90886-2AA6-4501-B966-B7A22D9E0A44}: NameServer = 85.255.113.130,85.255.112.19 O17 - HKLM\System\CCS\Services\Tcpip\..\{AA7E4442-574D-46F1-9A0F-1B063193247E}: NameServer = 85.255.113.130,85.255.112.19 O17 - HKLM\System\CS1\Services\Tcpip\..\{07F31DF4-24AB-403F-9962-6E1F5FAE7D0B}: NameServer = 85.255.113.130,85.255.112.19 O20 - Winlogon Notify: style32 - c:\ms32.tmp O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe cheers Michael