|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
08-27-2007, 06:29 PM
|
#21 (permalink) |
|
Registered User
Join Date: Oct 2006
Posts: 84
OS: XP
|
Re: Was informed DriveCleaner sign of malware
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT Monday, August 27, 2007 7:27:02 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 28/08/2007 Kaspersky Anti-Virus database records: 393046 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ L:\ M:\ Scan Statistics: Total number of scanned objects: 96810 Number of viruses found: 1 Number of infected objects: 1 Number of suspicious objects: 0 Duration of the scan process: 01:28:26 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\fq9x9u0k.default\cert8.db Object is locked skipped C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\fq9x9u0k.default\formhistory.dat Object is locked skipped C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\fq9x9u0k.default\history.dat Object is locked skipped C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\fq9x9u0k.default\key3.db Object is locked skipped C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\fq9x9u0k.default\parent.lock Object is locked skipped C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\fq9x9u0k.default\search.sqlite Object is locked skipped C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\fq9x9u0k.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{9F3F1FB5-9CCB-44C4-8345-B1DFB7F0F848}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{9F3F1FB5-9CCB-44C4-8345-B1DFB7F0F848}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{9F3F1FB5-9CCB-44C4-8345-B1DFB7F0F848}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\fq9x9u0k.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\fq9x9u0k.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\fq9x9u0k.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\fq9x9u0k.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\Free Download Manager\tic283.tmp Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\Free Download Manager\tic298.tmp Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\eMachine_Specific.dat Object is locked skipped C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Security.dat Object is locked skipped C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Security_UK.dat Object is locked skipped C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\UK_Specific.dat Object is locked skipped C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Urgent.dat Object is locked skipped C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Virus.dat Object is locked skipped C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Welcome.dat Object is locked skipped C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\WinXP.dat Object is locked skipped C:\Program Files\BigFix\__Data\__Global\Logs\20070827.log Object is locked skipped C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP373\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. |
|
     
|
|
08-27-2007, 06:42 PM
|
#22 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,435
OS: 2000 Pro; XP Pro; XP Home
|
Re: Was informed DriveCleaner sign of malware
Good job.
All it found was RealVNC, which gets flagged due to it's remote logon capabilities. If you've intentionally installed it, it's safe to ignore. I'm not seeing any malware in any of these logs. As I asked back in post #6, are you still having popups? Because I'm not seeing anything that would be causing them.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Please do not ask for help via Private Message. |
|
|
|
|
08-27-2007, 07:01 PM
|
#23 (permalink) |
|
Registered User
Join Date: Oct 2006
Posts: 84
OS: XP
|
Re: Was informed DriveCleaner sign of malware
Thanx for hangin in there Bob! I did remove one of the programs in your original list..I cannot recall which one it was..it was on the first list. I am feeling vulnerable because I am in the wholesale nursery business, and I logged onto a site selling bulbs and was required to register my name, e-mail, the whole shooting match and it opened up into a site that was clearly a scam. I couldn't get out fast enough. The next morning my e-mail was chock full of spam. I haven't changed my e-mail because it will be changing anyway on the 1rst when I will lose my broadband connection and didn't want to have to notify everyone I know to change it twice. Can I put in one of those deals whereby I can screen these unwanteds? I thought they might have been the source of the infection.
|
|
|
|
|
08-27-2007, 07:16 PM
|
#24 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,435
OS: 2000 Pro; XP Pro; XP Home
|
Re: Was informed DriveCleaner sign of malware
Hi Jacey2 -
It's quite possible the bad guys have found an exploit in a legit site, and have parked their bad stuff in some code on that page. If you're sure of where you got it, you may want to contact the webmaster of that site. This is also one of the reasons I wanted you to uninstall the older versions of Java. These types of popup intrusions are more designed to scare people into buying bad programs, which themselves often place many items into the registry so that they can brag about what they've found, and make the sale. It's called foistware, or scareware. Depending on your email program, or your ISP, there should be filters you can use to cut down on the amount of unwanted mail making it to your inbox. As I don't use one, I'd not really be able to advise you in that regard. The folks in the Windows XP or MS Office forums would be better able to help you out with that. It's not an area I specialize in. I generally use Hotmail, and set it to exclusive, so only people I've let in, get in. Hope that helps. If you're not experiencing any popups, I think we can consider the malware issue resolved. Let me know.....
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
| Thread Tools | |
|
|
hope so..g'nite, Bob...thanx for all your help.
