Thread: Nowfind.net Hijack - Please Help!
View Single Post
Old 03-01-2006, 09:58 PM   #4 (permalink)
prp101368
Registered User
 
Join Date: Feb 2005
Posts: 16
OS: XP


Latest Post Part2
Here is the virus scan, it did not fit on the last post.



-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, February 28, 2006 23:37:34
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 1/03/2006
Kaspersky Anti-Virus database records: 179360
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 79699
Number of viruses found: 18
Number of infected objects: 53
Number of suspicious objects: 6
Duration of the scan process: 3307 sec

Infected Object Name - Virus Name
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq1C12.tmp Infected: Trojan-Downloader.Win32.Dluca.gen
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq1CFC.tmp Infected: Trojan-Downloader.Win32.Dyfuca.ck
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer10.zip/install.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer10.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer3.zip/optimize.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer3.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy1.zip/msexreg.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy1.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\Paul Potvin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fa9f21f-1b31a70d.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\Paul Potvin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fa9f21f-1b31a70d.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Paul Potvin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fa9f21f-1b31a70d.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\Paul Potvin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fa9f21f-1b31a70d.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\Paul Potvin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fa9f21f-1b31a70d.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\Paul Potvin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1101e5-5ed269c0.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Paul Potvin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1101e5-5ed269c0.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Paul Potvin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1101e5-5ed269c0.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Paul Potvin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1101e5-5ed269c0.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Common Files\System\MSMAPI\1033\a679a0.js Infected: Trojan-Downloader.JS.Small.af
C:\Program Files\Common Files\System\MSMAPI\1033\as Infected: Trojan-Clicker.JS.Linker.j
C:\Program Files\Common Files\System\MSMAPI\1033\bad Infected: Trojan-Clicker.JS.Linker.m
C:\Program Files\Yahoo!\YPSR(2)\Quarantine(2)\ppqE.tmp Infected: Trojan-Downloader.Win32.Dluca.gen
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP277\A0017298.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP277\A0017299.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP277\A0017301.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017681.dll Infected: not-a-virus:AdWare.Win32.Relevance.b
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017682.dll Infected: Trojan.Win32.Dialer.bi
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017683.exe Infected: Trojan-Clicker.Win32.Small.du
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017684.exe Infected: Trojan-Downloader.Win32.Small.agk
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017685.exe Infected: Trojan-Downloader.Win32.Small.agk
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017686.exe Infected: not-a-virus:Porn-Downloader.Win32.TibSystems
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017687.exe Infected: Trojan-Downloader.Win32.Small.agk
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017688.exe Infected: Trojan-Downloader.Win32.Small.agk
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017689.exe Infected: not-a-virus:Porn-Downloader.Win32.TibSystems
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017690.exe Infected: Trojan-Clicker.Win32.Small.du
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017691.exe Infected: Trojan-Downloader.Win32.Small.agk
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017692.exe Infected: Trojan-Downloader.Win32.Small.agk
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017693.exe Infected: not-a-virus:Porn-Downloader.Win32.TibSystems
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017694.exe Infected: Trojan-Clicker.Win32.Small.du
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017695.exe Infected: Trojan-Downloader.Win32.Small.agk
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017696.exe Infected: Trojan-Downloader.Win32.Small.agk
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017697.exe Infected: not-a-virus:Porn-Downloader.Win32.TibSystems
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017698.exe Infected: Trojan-Clicker.Win32.Small.du
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017699.exe Infected: Trojan-Downloader.Win32.Small.agk
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017700.exe Infected: not-a-virus:Porn-Downloader.Win32.TibSystems
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017701.exe Infected: Trojan-Clicker.Win32.Small.du
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017702.exe Infected: Trojan-Downloader.Win32.Small.agk
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017703.exe Infected: Trojan-Downloader.Win32.Small.agk
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017704.exe Infected: not-a-virus:Porn-Downloader.Win32.TibSystems
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017705.exe Infected: Trojan-Clicker.Win32.Small.du
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017706.exe Infected: Trojan-Downloader.Win32.Small.agk
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017707.exe Infected: Trojan-Downloader.Win32.Small.agk
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017708.exe Infected: not-a-virus:Porn-Downloader.Win32.TibSystems
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017709.exe Infected: Trojan-Clicker.Win32.Small.du
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017710.exe Infected: Trojan-Downloader.Win32.Small.agk
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017711.exe Infected: not-a-virus:Porn-Downloader.Win32.TibSystems
C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP285\A0017713.dll Infected: Trojan.Win32.StartPage.mz
C:\WINDOWS\system32\a679a0.js Infected: Trojan-Downloader.JS.Small.af
C:\WINDOWS\system32\as Infected: Trojan-Clicker.JS.Linker.j
C:\WINDOWS\system32\bad Infected: Trojan-Clicker.JS.Linker.m

Scan process completed.
prp101368 is offline