Thread: HijackThis log for non-working cmd, regeidt, msconfig, taskmanager
View Single Post
Old 04-24-2006, 09:46 PM   #8 (permalink)
sgu
Registered User
 
Join Date: Apr 2006
Posts: 13
OS: XP Pro


Hello again,

Here's Kaspersky's scan log. It looks huge, but I think the only critical items not found the earlier scans are:

C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP69\A0006815.exe//Disk1/ieatgpc.dll Infected: not-a-virus:AdWare.Win32.WebEx
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP69\A0006815.exe Infected: not-a-virus:AdWare.Win32.WebEx
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP88\A0007927.dll Infected: not-a-virus:AdWare.Win32.WebEx

Please advice.

PS: Three bugs in Kasparesky
-- they think April 25, 2006 has passed!
-- during the scan, the info box on the right said release date was "Sunday, April 25, 2006" so they think Sunday was April 25, 2006
-- during the scan, the info box on the right lower corner said 178287 records, but the summary says 189735 records.

Thanks,

--sgu

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, April 24, 2006 20:27:08
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 25/04/2006
Kaspersky Anti-Virus database records: 189735
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\

Scan Statistics:
Total number of scanned objects: 111128
Number of viruses found: 31
Number of infected objects: 193
Number of suspicious objects: 6
Duration of the scan process: 5362 sec

Infected Object Name - Virus Name

C:\admin\tools\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101

C:\OfficeScan NT\SUSPECT\0i09u5rug08r89589gjrg.eml/[From george@reilly.org][Date Mon, 31 Jan 2005 12:52:45 +0100]/id43342_vim-dev.pif Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\0i09u5rug08r89589gjrg.eml Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\agradou.eml/[From ackahn@netapp.com][Date Sat, 8 Jan 2005 14:37:02 -0300]/:(.doc.bat Infected: Email-Worm.Win32.NetSky.af
C:\OfficeScan NT\SUSPECT\agradou.eml Infected: Email-Worm.Win32.NetSky.af
C:\OfficeScan NT\SUSPECT\archive1213.jar-4f861510-23e4d6cc.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.ak
C:\OfficeScan NT\SUSPECT\archive1213.jar-4f861510-23e4d6cc.zip/VB.class Infected: Trojan.Java.ClassLoader.ak
C:\OfficeScan NT\SUSPECT\archive1213.jar-4f861510-23e4d6cc.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.ah
C:\OfficeScan NT\SUSPECT\archive1213.jar-4f861510-23e4d6cc.zip Infected: Trojan-Downloader.Java.OpenConnection.ah
C:\OfficeScan NT\SUSPECT\delivery_error__vim_vim_org_.eml/[From leitner@math.fu-berlin.de][Date Mon, 28 Nov 2005 22:40:50 +0900]/data19513.zip/data.eml .scr Infected: Email-Worm.Win32.NetSky.r
C:\OfficeScan NT\SUSPECT\delivery_error__vim_vim_org_.eml/[From leitner@math.fu-berlin.de][Date Mon, 28 Nov 2005 22:40:50 +0900]/data19513.zip Infected: Email-Worm.Win32.NetSky.r
C:\OfficeScan NT\SUSPECT\delivery_error__vim_vim_org_.eml Infected: Email-Worm.Win32.NetSky.r
C:\OfficeScan NT\SUSPECT\delivery_failure_notice__id_00004b5f_.eml/[From vinschen@redhat.com][Date Sat, 5 Mar 2005 08:44:28 -0300]/www.vim.org.vim-dev.session-00004B5F.com Infected: Email-Worm.Win32.NetSky.z
C:\OfficeScan NT\SUSPECT\delivery_failure_notice__id_00004b5f_.eml Infected: Email-Worm.Win32.NetSky.z
C:\OfficeScan NT\SUSPECT\delivery__vim_vim_org_.eml/[From vinschen@redhat.com][Date Tue, 18 Oct 2005 23:53:10 +0200]/mail23654.pif Infected: Email-Worm.Win32.NetSky.r
C:\OfficeScan NT\SUSPECT\delivery__vim_vim_org_.eml Infected: Email-Worm.Win32.NetSky.r
C:\OfficeScan NT\SUSPECT\document_1d8.VIR/[From ackahn@netapp.com][Date Mon, 28 Mar 2005 10:00:20 +0200]/Details.zip/Details.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\OfficeScan NT\SUSPECT\document_1d8.VIR/[From ackahn@netapp.com][Date Mon, 28 Mar 2005 10:00:20 +0200]/Details.zip Infected: Email-Worm.Win32.NetSky.aa
C:\OfficeScan NT\SUSPECT\document_1d8.VIR Infected: Email-Worm.Win32.NetSky.aa
C:\OfficeScan NT\SUSPECT\document_all.eml/[From vinschen@redhat.com][Date Tue, 22 Feb 2005 09:25:42 +0700]/document.scr Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\document_all.eml Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\does_it_matter_.eml/[From bram@moolenaar.net][Date Tue, 22 Feb 2005 21:48:19 +0530]/text01.doc Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\does_it_matter_.eml Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\does_it_matter__2b0.VIR/[From mikmach@wp.pl][Date Fri, 7 Apr 2006 14:33:46 -0700]/d4334938.scr Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\does_it_matter__2b0.VIR Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\error.eml/[From philips_24@yahoo.com][Date Thu, 22 Sep 2005 12:27:21 +0530]/document.zip/document.scr Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\error.eml/[From philips_24@yahoo.com][Date Thu, 22 Sep 2005 12:27:21 +0530]/document.zip Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\error.eml Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\error_270.VIR/[From hari_vim@yahoo.com][Date Tue, 21 Feb 2006 08:51:22 +0100]/message.bat Infected: Net-Worm.Win32.Mytob.h
C:\OfficeScan NT\SUSPECT\error_270.VIR Infected: Net-Worm.Win32.Mytob.h
C:\OfficeScan NT\SUSPECT\good_day.eml/[From ackahn@netapp.com][Date Wed, 21 Sep 2005 10:30:35 +0530]/readme.zip/readme.doc .scr Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\good_day.eml/[From ackahn@netapp.com][Date Wed, 21 Sep 2005 10:30:35 +0530]/readme.zip Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\good_day.eml Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\good_day_278.VIR/[From ackahn@netapp.com][Date Mon, 30 Jan 2006 23:09:14 +0530]/document.zip/document.pif Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\good_day_278.VIR/[From ackahn@netapp.com][Date Mon, 30 Jan 2006 23:09:14 +0530]/document.zip Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\good_day_278.VIR Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\good_day_608.VIR/[From george@reilly.org][Date Mon, 10 Oct 2005 18:41:45 -0500]/body.scr Infected: Net-Worm.Win32.Mytob.x
C:\OfficeScan NT\SUSPECT\good_day_608.VIR Infected: Net-Worm.Win32.Mytob.x
C:\OfficeScan NT\SUSPECT\good_day_6a8.VIR/[From george@reilly.org][Date Mon, 23 Jan 2006 00:20:02 -0600]/document.zip/document.pif Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\good_day_6a8.VIR/[From george@reilly.org][Date Mon, 23 Jan 2006 00:20:02 -0600]/document.zip Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\good_day_6a8.VIR Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\hello.eml/[From bram@moolenaar.net][Date Wed, 28 Sep 2005 13:33:13 +0530]/readme.zip/readme.pif Infected: Net-Worm.Win32.Mytob.q
C:\OfficeScan NT\SUSPECT\hello.eml/[From bram@moolenaar.net][Date Wed, 28 Sep 2005 13:33:13 +0530]/readme.zip Infected: Net-Worm.Win32.Mytob.q
C:\OfficeScan NT\SUSPECT\hello.eml Infected: Net-Worm.Win32.Mytob.q
C:\OfficeScan NT\SUSPECT\hello_1e0.VIR/[From mattn_jp@hotmail.com][Date Tue, 21 Feb 2006 18:46:20 +0100]/message.exe Infected: Net-Worm.Win32.Mytob.h
C:\OfficeScan NT\SUSPECT\hello_1e0.VIR Infected: Net-Worm.Win32.Mytob.h
C:\OfficeScan NT\SUSPECT\hello_290.VIR/[From ackahn@netapp.com][Date Wed, 22 Feb 2006 16:39:33 +0800]/data.pif Infected: Net-Worm.Win32.Mytob.ab
C:\OfficeScan NT\SUSPECT\hello_290.VIR Infected: Net-Worm.Win32.Mytob.ab
C:\OfficeScan NT\SUSPECT\hello_340.VIR/[From george@reilly.org][Date Thu, 1 Dec 2005 15:48:54 +0600]/text.pif Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\hello_340.VIR Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\hello_7e8.VIR/[From dany.stamant@sympatico.ca][Date Wed, 19 Oct 2005 15:45:28 +0700]/document.exe Infected: Net-Worm.Win32.Mytob.c
C:\OfficeScan NT\SUSPECT\hello_7e8.VIR Infected: Net-Worm.Win32.Mytob.c
C:\OfficeScan NT\SUSPECT\hello_c0.VIR/[From ackahn@netapp.com][Date Sat, 19 Nov 2005 19:09:04 +0530]/readme.scr Infected: Net-Worm.Win32.Mytob.dam
C:\OfficeScan NT\SUSPECT\hello_c0.VIR Infected: Net-Worm.Win32.Mytob.dam
C:\OfficeScan NT\SUSPECT\hello_d8.VIR/[From bram@moolenaar.net][Date Fri, 3 Jun 2005 20:46:56 -0700]/lzxoe.scr Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\hello_d8.VIR Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\hello_f0.VIR/[From ackahn@netapp.com][Date Fri, 18 Nov 2005 09:57:05 +0530]/doc.scr Infected: Net-Worm.Win32.Mytob.dam
C:\OfficeScan NT\SUSPECT\hello_f0.VIR Infected: Net-Worm.Win32.Mytob.dam
C:\OfficeScan NT\SUSPECT\hi.eml/[From ron@ronware.org][Date Tue, 8 Nov 2005 20:01:27 +0530]/doc.pif Infected: Net-Worm.Win32.Mytob.c
C:\OfficeScan NT\SUSPECT\hi.eml Infected: Net-Worm.Win32.Mytob.c
C:\OfficeScan NT\SUSPECT\important_website.eml/[From zbyszek@unccvax.ucc.edu][Date Mon, 31 Jan 2005 14:12:57 +0530]/website_sgovindachar.zip/document.txt .exe Infected: Virus.Win32.Kriz.4029
C:\OfficeScan NT\SUSPECT\important_website.eml/[From zbyszek@unccvax.ucc.edu][Date Mon, 31 Jan 2005 14:12:57 +0530]/website_sgovindachar.zip Infected: Virus.Win32.Kriz.4029
C:\OfficeScan NT\SUSPECT\important_website.eml Infected: Virus.Win32.Kriz.4029
C:\OfficeScan NT\SUSPECT\information.eml/[From george@reilly.org][Date Wed, 5 Oct 2005 11:51:33 +0530]/news01_vim-dev.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\information.eml/[From george@reilly.org][Date Wed, 5 Oct 2005 11:51:33 +0530]/news01_vim-dev.zip Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\information.eml Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\information_23c.VIR/[From ackahn@netapp.com][Date Thu, 3 Mar 2005 21:13:57 -0300]/disco.zip/disco.doc.exe Infected: Email-Worm.Win32.NetSky.b
C:\OfficeScan NT\SUSPECT\information_23c.VIR/[From ackahn@netapp.com][Date Thu, 3 Mar 2005 21:13:57 -0300]/disco.zip Infected: Email-Worm.Win32.NetSky.b
C:\OfficeScan NT\SUSPECT\information_23c.VIR Infected: Email-Worm.Win32.NetSky.b
C:\OfficeScan NT\SUSPECT\information_7f4.VIR/[From ackahn@netapp.com][Date Mon, 21 Mar 2005 08:48:21 +0100]/Informations.zip/Informations.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\OfficeScan NT\SUSPECT\information_7f4.VIR/[From ackahn@netapp.com][Date Mon, 21 Mar 2005 08:48:21 +0100]/Informations.zip Infected: Email-Worm.Win32.NetSky.aa
C:\OfficeScan NT\SUSPECT\information_7f4.VIR Infected: Email-Worm.Win32.NetSky.aa
C:\OfficeScan NT\SUSPECT\i_cannot_forget_you_.eml/[From wanted121@hotmail.com][Date Mon, 31 Jan 2005 10:11:11 -0500]/photo.doc Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\i_cannot_forget_you_.eml Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\mail_delivery_system.eml/[From george@reilly.org][Date Sun, 18 Sep 2005 13:52:18 +0530]/message.exe Infected: Net-Worm.Win32.Mytob.bx
C:\OfficeScan NT\SUSPECT\mail_delivery_system.eml Infected: Net-Worm.Win32.Mytob.bx
C:\OfficeScan NT\SUSPECT\mail_delivery_system__vim_vim_org_.eml/[From george@reilly.org][Date Tue, 19 Apr 2005 13:03:10 +0200]/message15014.zip/data.eml .scr Infected: Email-Worm.Win32.NetSky.r
C:\OfficeScan NT\SUSPECT\mail_delivery_system__vim_vim_org_.eml/[From george@reilly.org][Date Tue, 19 Apr 2005 13:03:10 +0200]/message15014.zip Infected: Email-Worm.Win32.NetSky.r
C:\OfficeScan NT\SUSPECT\mail_delivery_system__vim_vim_org_.eml Infected: Email-Worm.Win32.NetSky.r
C:\OfficeScan NT\SUSPECT\mail_delivery__failure_sgovindachar_yahoo_com__2ac.VIR/[From nena@admin.boletines.com][Date Tue, 1 Feb 2005 23:17:19 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\OfficeScan NT\SUSPECT\mail_delivery__failure_sgovindachar_yahoo_com__2ac.VIR/[From nena@admin.boletines.com][Date Tue, 1 Feb 2005 23:17:19 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\OfficeScan NT\SUSPECT\mail_delivery__failure_sgovindachar_yahoo_com__2ac.VIR/[From nena@admin.boletines.com][Date Tue, 1 Feb 2005 23:17:19 -0500]/message.scr Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\mail_delivery__failure_sgovindachar_yahoo_com__2ac.VIR Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\mail_delivery__failure_sgovindachar_yahoo_com__75c.VIR/[From fgferrei@unalmed.edu.co][Date Mon, 31 Jan 2005 12:53:37 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\OfficeScan NT\SUSPECT\mail_delivery__failure_sgovindachar_yahoo_com__75c.VIR/[From fgferrei@unalmed.edu.co][Date Mon, 31 Jan 2005 12:53:37 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\OfficeScan NT\SUSPECT\mail_delivery__failure_sgovindachar_yahoo_com__75c.VIR/[From fgferrei@unalmed.edu.co][Date Mon, 31 Jan 2005 12:53:37 -0500]/message.scr Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\mail_delivery__failure_sgovindachar_yahoo_com__75c.VIR Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\mail_delivery__failure_sgovindachar_yahoo_com__788.VIR/[From arultms@ddsl.net][Date Tue, 8 Mar 2005 14:34:02 +0530]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\OfficeScan NT\SUSPECT\mail_delivery__failure_sgovindachar_yahoo_com__788.VIR/[From arultms@ddsl.net][Date Tue, 8 Mar 2005 14:34:02 +0530]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\OfficeScan NT\SUSPECT\mail_delivery__failure_sgovindachar_yahoo_com__788.VIR/[From arultms@ddsl.net][Date Tue, 8 Mar 2005 14:34:02 +0530]/message.scr Infected: Virus.Win32.Kriz.4029
C:\OfficeScan NT\SUSPECT\mail_delivery__failure_sgovindachar_yahoo_com__788.VIR Infected: Virus.Win32.Kriz.4029
C:\OfficeScan NT\SUSPECT\mail_system__vim_dev_vim_org__194.VIR/[From ackahn@netapp.com][Date Tue, 6 Sep 2005 11:15:12 +0900]/data26840.zip/mail.eml .scr Infected: Email-Worm.Win32.NetSky.r
C:\OfficeScan NT\SUSPECT\mail_system__vim_dev_vim_org__194.VIR/[From ackahn@netapp.com][Date Tue, 6 Sep 2005 11:15:12 +0900]/data26840.zip Infected: Email-Worm.Win32.NetSky.r
C:\OfficeScan NT\SUSPECT\mail_system__vim_dev_vim_org__194.VIR Infected: Email-Worm.Win32.NetSky.r
C:\OfficeScan NT\SUSPECT\news.eml/[From dany.stamant@sympatico.ca][Date Sun, 10 Jul 2005 12:17:34 +0530]/info02.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\news.eml/[From dany.stamant@sympatico.ca][Date Sun, 10 Jul 2005 12:17:34 +0530]/info02.zip Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\news.eml Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\owjnatd.eml/[From aab@cichlid.com][Date Thu, 9 Feb 2006 19:53:51 -0500]/wseb.zip/wseb.htm .scr Infected: Email-Worm.Win32.Mydoom.m
C:\OfficeScan NT\SUSPECT\owjnatd.eml/[From aab@cichlid.com][Date Thu, 9 Feb 2006 19:53:51 -0500]/wseb.zip Infected: Email-Worm.Win32.Mydoom.m
C:\OfficeScan NT\SUSPECT\owjnatd.eml Infected: Email-Worm.Win32.Mydoom.m
C:\OfficeScan NT\SUSPECT\picture.eml/[From ackahn@netapp.com][Date Mon, 27 Dec 2004 20:27:11 +0900]/all_pictures.pif Infected: Email-Worm.Win32.NetSky.ac
C:\OfficeScan NT\SUSPECT\picture.eml Infected: Email-Worm.Win32.NetSky.ac
C:\OfficeScan NT\SUSPECT\private_document.eml/[From george@reilly.org][Date Mon, 27 Mar 2006 02:26:58 +0530]/your_document.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\private_document.eml/[From george@reilly.org][Date Mon, 27 Mar 2006 02:26:58 +0530]/your_document.zip Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\private_document.eml Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\report_234.VIR/[From ackahn@netapp.com][Date Fri, 4 Mar 2005 12:33:06 +0700]/friend.zip/friend.scr Infected: Email-Worm.Win32.NetSky.c
C:\OfficeScan NT\SUSPECT\report_234.VIR/[From ackahn@netapp.com][Date Fri, 4 Mar 2005 12:33:06 +0700]/friend.zip Infected: Email-Worm.Win32.NetSky.c
C:\OfficeScan NT\SUSPECT\report_234.VIR Infected: Email-Worm.Win32.NetSky.c
C:\OfficeScan NT\SUSPECT\returned_mail__see_transcript_for_details_23c.VIR/[From geulig@nentec.de][Date Thu, 27 Jan 2005 13:26:51 +0700]/document.zip/document.html .exe Infected: Email-Worm.Win32.Mydoom.m
C:\OfficeScan NT\SUSPECT\returned_mail__see_transcript_for_details_23c.VIR/[From geulig@nentec.de][Date Thu, 27 Jan 2005 13:26:51 +0700]/document.zip Infected: Email-Worm.Win32.Mydoom.m
C:\OfficeScan NT\SUSPECT\returned_mail__see_transcript_for_details_23c.VIR Infected: Email-Worm.Win32.Mydoom.m
C:\OfficeScan NT\SUSPECT\re__administration.eml/[From jjones@genie.com][Date Mon, 31 Jan 2005 18:39:50 +0530]/msg.zip/details.txt .pif Infected: Virus.Win32.Kriz.4029
C:\OfficeScan NT\SUSPECT\re__administration.eml/[From jjones@genie.com][Date Mon, 31 Jan 2005 18:39:50 +0530]/msg.zip Infected: Virus.Win32.Kriz.4029
C:\OfficeScan NT\SUSPECT\re__administration.eml Infected: Virus.Win32.Kriz.4029
C:\OfficeScan NT\SUSPECT\re__administration_27c.VIR/[From ron@ronware.org][Date Tue, 15 Nov 2005 15:49:17 +0200]/readme.pif Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__administration_27c.VIR Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__bill.eml/[From ackahn@netapp.com][Date Wed, 22 Feb 2006 09:20:18 -0600]/bill.txt Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__bill.eml Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__document88.eml/[From ackahn@netapp.com][Date Wed, 11 Jan 2006 15:12:32 -0300]/Document88.pif Infected: Email-Worm.Win32.NetSky.s
C:\OfficeScan NT\SUSPECT\re__document88.eml Infected: Email-Worm.Win32.NetSky.s
C:\OfficeScan NT\SUSPECT\re__encrypted_mail.eml/[From dany.stamant@sympatico.ca][Date Sat, 23 Jul 2005 12:36:43 +0530]/details.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__encrypted_mail.eml/[From dany.stamant@sympatico.ca][Date Sat, 23 Jul 2005 12:36:43 +0530]/details.zip Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__encrypted_mail.eml Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__hello.eml/[From ron@ronware.org][Date Thu, 6 Oct 2005 10:35:42 -0500]/summary2004_vim.doc.pif Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__hello.eml Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__here_is_the_document.eml/[From eljay@adobe.com][Date Mon, 21 Feb 2005 09:55:31 +0800]/document_full.pif Infected: Email-Worm.Win32.NetSky.d
C:\OfficeScan NT\SUSPECT\re__here_is_the_document.eml Infected: Email-Worm.Win32.NetSky.d
C:\OfficeScan NT\SUSPECT\re__hi.eml/[From ackahn@netapp.com][Date Sat, 17 Sep 2005 10:09:00 -0300]/letter32_vim.pif Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__hi.eml Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__list.eml/[From dany.stamant@sympatico.ca][Date Sat, 7 Jan 2006 11:24:50 -0700]/archive.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__list.eml/[From dany.stamant@sympatico.ca][Date Sat, 7 Jan 2006 11:24:50 -0700]/archive.zip Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__list.eml Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__question.eml/[From vinschen@redhat.com][Date Mon, 2 Jan 2006 18:19:05 +0900]/sample01.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__question.eml/[From vinschen@redhat.com][Date Mon, 2 Jan 2006 18:19:05 +0900]/sample01.zip Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__question.eml Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__read_it_immediately.eml/[From george@reilly.org][Date Sat, 23 Apr 2005 10:29:10 +0900]/application.txt.pif Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__read_it_immediately.eml Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__re__approved.eml/[From vinschen@redhat.com][Date Wed, 4 Jan 2006 01:41:45 +0900]/information.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__re__approved.eml/[From vinschen@redhat.com][Date Wed, 4 Jan 2006 01:41:45 +0900]/information.zip Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__re__approved.eml Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__re__bill.eml/[From eljay@adobe.com][Date Mon, 10 Apr 2006 04:21:25 +0200]/bill.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__re__bill.eml/[From eljay@adobe.com][Date Mon, 10 Apr 2006 04:21:25 +0200]/bill.zip Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__re__bill.eml Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__re__word_document.eml/[From ackahn@netapp.com][Date Sun, 30 Oct 2005 07:39:48 +0100]/document_vim-dev.pif Infected: Email-Worm.Win32.NetSky.x
C:\OfficeScan NT\SUSPECT\re__re__word_document.eml Infected: Email-Worm.Win32.NetSky.x
C:\OfficeScan NT\SUSPECT\re__screensaver.eml/[From ackahn@netapp.com][Date Sat, 22 Oct 2005 20:09:37 +0700]/screensaver.pif Infected: Email-Worm.Win32.NetSky.x
C:\OfficeScan NT\SUSPECT\re__screensaver.eml Infected: Email-Worm.Win32.NetSky.x
C:\OfficeScan NT\SUSPECT\re__test.eml/[From eljay@adobe.com][Date Sun, 29 Jan 2006 13:24:46 -0800]/document_vim.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__test.eml/[From eljay@adobe.com][Date Sun, 29 Jan 2006 13:24:46 -0800]/document_vim.zip Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__test.eml Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__thanks_.eml/[From eljay@adobe.com][Date Mon, 16 Jan 2006 10:14:04 -0600]/message.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__thanks_.eml/[From eljay@adobe.com][Date Mon, 16 Jan 2006 10:14:04 -0600]/message.zip Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__thanks_.eml Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\re__your_archive.eml/[From eljay@adobe.com][Date Tue, 22 Feb 2005 19:13:46 +0200]/your_archive.pif Infected: Email-Worm.Win32.NetSky.d
C:\OfficeScan NT\SUSPECT\re__your_archive.eml Infected: Email-Worm.Win32.NetSky.d
C:\OfficeScan NT\SUSPECT\server_report.eml/[From george@reilly.org][Date Thu, 22 Sep 2005 11:00:14 +0530]/data.zip/data.htm .scr Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\server_report.eml/[From george@reilly.org][Date Thu, 22 Sep 2005 11:00:14 +0530]/data.zip Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\server_report.eml Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\server_report_1d8.VIR/[From bram@moolenaar.net][Date Fri, 23 Dec 2005 13:57:41 +0700]/file.pif Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\server_report_1d8.VIR Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\snulpb.eml/[From ackahn@netapp.com][Date Tue, 25 Oct 2005 14:08:52 +0200]/document.zip/document.scr Infected: Net-Worm.Win32.Mytob.q
C:\OfficeScan NT\SUSPECT\snulpb.eml/[From ackahn@netapp.com][Date Tue, 25 Oct 2005 14:08:52 +0200]/document.zip Infected: Net-Worm.Win32.Mytob.q
C:\OfficeScan NT\SUSPECT\snulpb.eml Infected: Net-Worm.Win32.Mytob.q
C:\OfficeScan NT\SUSPECT\spamed_.eml/[From dany.stamant@sympatico.ca][Date Thu, 29 Sep 2005 17:01:22 +0700]/abuse_list.exe Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\spamed_.eml Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\status.eml/[From ackahn@netapp.com][Date Sun, 23 Oct 2005 17:53:35 -0700]/data.zip/data.doc .scr Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\status.eml/[From ackahn@netapp.com][Date Sun, 23 Oct 2005 17:53:35 -0700]/data.zip Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\status.eml Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\status_22c.VIR/[From george@reilly.org][Date Sat, 19 Nov 2005 11:51:22 +0530]/file.zip/file.pif Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\status_22c.VIR/[From george@reilly.org][Date Sat, 19 Nov 2005 11:51:22 +0530]/file.zip Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\status_22c.VIR Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\status_280.VIR/[From ackahn@netapp.com][Date Tue, 19 Jul 2005 09:10:16 -0600]/message.pif Infected: Net-Worm.Win32.Mytob.a
C:\OfficeScan NT\SUSPECT\status_280.VIR Infected: Net-Worm.Win32.Mytob.a
C:\OfficeScan NT\SUSPECT\test.eml/[From bram@moolenaar.net][Date Wed, 21 Dec 2005 14:43:54 +0700]/data.scr Infected: Net-Worm.Win32.Mytob.a
C:\OfficeScan NT\SUSPECT\test.eml Infected: Net-Worm.Win32.Mytob.a
C:\OfficeScan NT\SUSPECT\test_64c.VIR/[From bram@moolenaar.net][Date Fri, 5 May 2006 00:04:46 +0700]/message.pif Infected: Net-Worm.Win32.Mytob.c
C:\OfficeScan NT\SUSPECT\test_64c.VIR Infected: Net-Worm.Win32.Mytob.c
C:\OfficeScan NT\SUSPECT\vim_digest_of__get_59339_59341.eml/[From Suresh Govindachar<sgovindachar@yahoo.com>][Date Tue, 13 Dec 2005 21:17:13 +0000]/vim_59341.ezm/[From george@reilly.org][Date Thu, 1 Dec 2005 15:48:54 +0600]/text.pif Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\vim_digest_of__get_59339_59341.eml/[From Suresh Govindachar<sgovindachar@yahoo.com>][Date Tue, 13 Dec 2005 21:17:13 +0000]/vim_59341.ezm Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\vim_digest_of__get_59339_59341.eml Infected: Net-Worm.Win32.Mytob.u
C:\OfficeScan NT\SUSPECT\you_cannot_do_that_.eml/[From vinschen@redhat.com][Date Tue, 22 Feb 2005 16:58:46 +0100]/document05.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\you_cannot_do_that_.eml/[From vinschen@redhat.com][Date Tue, 22 Feb 2005 16:58:46 +0100]/document05.zip Infected: Email-Worm.Win32.NetSky.q
C:\OfficeScan NT\SUSPECT\you_cannot_do_that_.eml Infected: Email-Worm.Win32.NetSky.q

C:\opt\RealVNC\vnc-4.0-x86_win32_viewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4

C:\opt\src\RealVNC\vnc-4.0-x86_win32.zip/vnc-4.0-x86_win32.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4
C:\opt\src\RealVNC\vnc-4.0-x86_win32.zip/vnc-4.0-x86_win32.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4
C:\opt\src\RealVNC\vnc-4.0-x86_win32.zip/vnc-4.0-x86_win32.exe/data0006 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4
C:\opt\src\RealVNC\vnc-4.0-x86_win32.zip/vnc-4.0-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4
C:\opt\src\RealVNC\vnc-4.0-x86_win32.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4
C:\opt\src\RealVNC\vnc-4.0-x86_win32_viewer.zip/vnc-4.0-x86_win32_viewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4
C:\opt\src\RealVNC\vnc-4.0-x86_win32_viewer.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4

C:\opt\WebEx\atplay_exe___for_viewer//Disk1/ieatgpc.dll Infected: not-a-virus:AdWare.Win32.WebEx
C:\opt\WebEx\atplay_exe___for_viewer Infected: not-a-virus:AdWare.Win32.WebEx

C:\opt\wu\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k

C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP69\A0006815.exe//Disk1/ieatgpc.dll Infected: not-a-virus:AdWare.Win32.WebEx
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP69\A0006815.exe Infected: not-a-virus:AdWare.Win32.WebEx
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP88\A0007927.dll Infected: not-a-virus:AdWare.Win32.WebEx

C:\WINDOWS\omnithread_rt.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.g
C:\WINDOWS\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1540

Scan process completed.
sgu is offline