Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > HijackThis Log Help (Inactive)
Reload this Page Virtumonde removal
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


 
 
LinkBack Thread Tools
Old 07-08-2007, 03:16 PM   #1 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 22
OS: Windows Xp


Virtumonde removal
I have gotten this nasty trojan virus names lop.ch wich installed me a pack of spyware most notably virtumonde, the only one so far i'm having big trouble with. Here is the list of what i have done so far

Avg full system scan
Avg full system scan in safe mode
Ad-aware in safe mode
Spybot search and destroy
Ad-aware 2007
manually searched for all vitumonde dll, process, registry key
Spybot search and destroy in safe mode

When i searched for all the files manually, I did't find any but when I ran spybot again, it stilled showed it was on the computer which led me to get the hijack file log in regular mode. Here it is....


Logfile of HijackThis v1.99.1
Scan saved at 18:04:57, on 2007-07-08
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe
C:\PROGRA~1\FICHIE~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINNT\system32\internat.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\nom\Application Data\Mozilla\Profiles\default\k31s9osi.slt\prefs.js)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive2k\Program\AHQInit.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\FICHIE~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKLM\..\Run: [hpsjbmgr] C:\SCANJET\PrecisionScanLT\hpsjbmgr.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINNT\system32\cclrojrg.dll",forkonce
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/game...s/y/cct0_x.cab
O16 - DPF: {10B80396-96A7-11D3-B7A6-00A0C94C6AE0} (ParallelGraphics Cortona VRML 1.0 to VRML 2.0 convertor) - http://www.parallelgraphics.com/bin/cortvrml10.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://cs8.chat.sc5.yahoo.com/v43/yacscom.cab
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://antu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

so thats where i stand now. I don't think the spybot removed it in safe mode so tell me if I am missing anything or if you know what I should do to remove this one. Thanks in advance

JN
Meestho is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 07-09-2007, 02:29 AM   #2 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 23,228
OS: N/A


Re: Virtumonde removal
1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
__________________
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 07-09-2007, 05:35 AM   #3 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 22
OS: Windows Xp


Re: Virtumonde removal
Thank you for the help

The combo fix log is

"nom" - 2007-07-09 8:19:17 - ComboFix 07-07-09.7 - Service Pack 4


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINNT\system32\cclrojrg.dll
C:\WINNT\system32\haauvrsa.dll
C:\WINNT\system32\owkxsuan.dll
C:\WINNT\system32\ocxbblmf.exe
C:\WINNT\system32\tjucjeuk.exe
C:\WINNT\system32\awttttu.dll
C:\WINNT\system32\efcccda.dll
C:\WINNT\system32\hgghedc.dll
C:\WINNT\system32\khfcbcd.dll
C:\WINNT\system32\opnlifg.dll
C:\WINNT\system32\qomkkif.dll
C:\WINNT\system32\qomkljh.dll
C:\WINNT\system32\rqronkl.dll
C:\WINNT\system32\rqrpnnn.dll
C:\WINNT\system32\vtuttrq.dll
C:\WINNT\system32\vtuusqo.dll
C:\WINNT\system32\grjorlcc.ini
C:\WINNT\system32\jmllm.bak1
C:\WINNT\system32\jmllm.bak2
C:\WINNT\system32\jmllm.ini
C:\WINNT\system32\mllmj.dll
C:\WINNT\system32\qomnmnk.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((( Files Created from 2007-06-09 to 2007-07-09 )))))))))))))))))))))))))))))))


2007-07-09 08:18 51,200 --a------ C:\WINNT\nircmd.exe
2007-07-08 12:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
2007-07-08 12:04 <DIR> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-07-07 18:42 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-07-07 18:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
2007-07-07 16:03 <DIR> d-------- C:\Program Files\THQ
2007-07-07 16:02 <DIR> d-------- C:\DOCUME~1\nom\APPLIC~1\InstallShield
2007-07-07 12:57 <DIR> d-------- C:\download
2007-07-06 17:10 <DIR> d--h----- C:\WINNT\PIF


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-08 16:05:08 -------- d-----w C:\Program Files\Lavasoft
2007-07-08 16:05:04 -------- d-----w C:\DOCUME~1\nom\APPLIC~1\Lavasoft
2007-07-08 03:33:04 -------- d-----w C:\Program Files\MSN Messenger
2007-07-07 20:03:22 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-07 13:32:48 -------- d-----w C:\Program Files\NSRCG
2007-07-07 13:31:29 -------- d-----w C:\Program Files\MAIET
2007-07-06 12:19:15 -------- d-----w C:\Program Files\SoulSeek
2007-07-05 21:29:38 -------- d-----w C:\Program Files\mIRC
2007-07-02 16:49:54 -------- d-----w C:\Program Files\Zoom Player
2007-06-22 03:01:58 -------- d-----w C:\DOCUME~1\nom\APPLIC~1\uTorrent
2007-06-22 00:51:20 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-06-04 19:18:48 9,344 ----a-w C:\WINNT\system32\drivers\NSDriver.sys
2007-06-04 19:17:02 8,320 ----a-w C:\WINNT\system32\drivers\AWRTRD.sys
2007-06-04 19:14:56 6,272 ----a-w C:\WINNT\system32\drivers\AWRTPD.sys
2007-06-02 23:40:07 120 ----a-w C:\drmHeader.bin
2007-04-25 07:52:16 147,216 ----a-w C:\WINNT\system32\SCHANNEL.DLL
2007-04-17 02:47:36 33,624 ----a-w C:\WINNT\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINNT\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINNT\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINNT\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINNT\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINNT\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINNT\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINNT\system32\wups2.dll
2007-04-16 12:44:23 54,032 ----a-w C:\WINNT\system32\mpr.dll
2007-04-13 19:19:52 7,680 ----a-w C:\WINNT\system32\lsdelete.exe
2007-04-11 00:17:04 20,205 ----a-w C:\WINNT\mozver.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
03-11-03 18:17 54248 --a------ C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
07-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c1ce531-09e9-4fc5-9803-1c2956615786}]
07-05-18 07:12 112128 --a------ C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
03-05-15 01:03 147456 --a------ C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 15:05 C:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [02-01-15 11:06 C:\WINNT\system32\nwiz.exe]
"AHQInit"="C:\Program Files\Creative\SBLive2k\Program\AHQInit.exe" [01-05-10 12:49 ]
"ATIPTA"="C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe" []
"LoadQM"="loadqm.exe" [00-05-03 18:23 C:\WINNT\loadqm.exe]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [02-10-17 20:15 ]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [02-11-27 09:58 ]
"CreateCD50"="C:\PROGRA~1\FICHIE~1\ADAPTE~1\CreateCD\CREATE~1.exe" [02-11-27 09:58 ]
"hpsjbmgr"="C:\SCANJET\PrecisionScanLT\hpsjbmgr.exe" []
"MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [06-09-28 22:03 ]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [05-07-15 14:48 ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [07-04-22 09:00 ]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [06-12-11 20:36 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-02-16 10:54 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [07-03-14 03:43 ]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [07-05-18 07:12 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [99-12-14 20:30 C:\WINNT\system32\internat.exe]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\launchpd.exe" [02-05-02 09:57 ]
"MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [06-09-28 22:03 ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [05-03-29 18:28 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
WmdmPmSN

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-09 08:26:23
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-09 8:28:08 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-07-09 08:27

--- E O F ---


and the new hijack this log is

Logfile of HijackThis v1.99.1
Scan saved at 08:33:29, on 2007-07-09
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\FICHIE~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINNT\system32\internat.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\nom\Application Data\Mozilla\Profiles\default\k31s9osi.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive2k\Program\AHQInit.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\FICHIE~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKLM\..\Run: [hpsjbmgr] C:\SCANJET\PrecisionScanLT\hpsjbmgr.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/game...s/y/cct0_x.cab
O16 - DPF: {10B80396-96A7-11D3-B7A6-00A0C94C6AE0} (ParallelGraphics Cortona VRML 1.0 to VRML 2.0 convertor) - http://www.parallelgraphics.com/bin/cortvrml10.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://cs8.chat.sc5.yahoo.com/v43/yacscom.cab
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://antu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

thank you again

JN
Meestho is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 07-09-2007, 05:40 AM   #4 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 23,228
OS: N/A


Re: Virtumonde removal
Please perform an online scan using Internet Explorer at http://www.kaspersky.com/virusscanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. We only require a report from it.
    It does not provide an option to clean/disinfect.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
* If you're downloading torrents in the background, please disconnect all of them.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
__________________
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 07-09-2007, 08:27 AM   #5 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 22
OS: Windows Xp


Re: Virtumonde removal
Alright, the scan just completed, and here's the log... Thanks again for you help!

********************

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, July 09, 2007 11:22:34 AM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 9/07/2007
Kaspersky Anti-Virus database records: 360123
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 178643
Number of viruses found: 13
Number of infected objects: 98 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:16:37

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users.WINNT\Application Data\AVG7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users.WINNT\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users.WINNT\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\nom\Application Data\Mozilla\Firefox\Profiles\default.y6e\cert8.db Object is locked skipped
C:\Documents and Settings\nom\Application Data\Mozilla\Firefox\Profiles\default.y6e\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\nom\Application Data\Mozilla\Firefox\Profiles\default.y6e\history.dat Object is locked skipped
C:\Documents and Settings\nom\Application Data\Mozilla\Firefox\Profiles\default.y6e\key3.db Object is locked skipped
C:\Documents and Settings\nom\Application Data\Mozilla\Firefox\Profiles\default.y6e\parent.lock Object is locked skipped
C:\Documents and Settings\nom\Application Data\Mozilla\Firefox\Profiles\default.y6e\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\nom\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Google\Google Desktop Search\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Google\Google Desktop Search\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Google\Google Desktop Search\hp Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Google\Google Desktop Search\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.y6e\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.y6e\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.y6e\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.y6e\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Temp\~DF8878.tmp Object is locked skipped
C:\Documents and Settings\nom\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\nom\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\nom\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ddm\ddm_d.exe Infected: not-a-virus:AdWare.Win32.DynaDesk skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Program Files\Winamp\Skins\32326.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.Gator.3103 skipped
C:\Program Files\Winamp\Skins\32326.exe WiseSFX: infected - 1 skipped
C:\QooBox\Quarantine\C\WINNT\system32\awttttu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\QooBox\Quarantine\C\WINNT\system32\efcccda.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\QooBox\Quarantine\C\WINNT\system32\hgghedc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\QooBox\Quarantine\C\WINNT\system32\khfcbcd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\QooBox\Quarantine\C\WINNT\system32\mllmj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.af skipped
C:\QooBox\Quarantine\C\WINNT\system32\ocxbblmf.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINNT\system32\opnlifg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\QooBox\Quarantine\C\WINNT\system32\qomkkif.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\QooBox\Quarantine\C\WINNT\system32\qomkljh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\QooBox\Quarantine\C\WINNT\system32\qomnmnk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\QooBox\Quarantine\C\WINNT\system32\rqronkl.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\QooBox\Quarantine\C\WINNT\system32\rqrpnnn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\QooBox\Quarantine\C\WINNT\system32\tjucjeuk.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINNT\system32\vtuttrq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\QooBox\Quarantine\C\WINNT\system32\vtuusqo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\WINNT\CSC\00000001 Object is locked skipped
C:\WINNT\Debug\ipsecpa.log Object is locked skipped
C:\WINNT\Debug\oakley.log Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINNT\Sti_Trace.log Object is locked skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\default Object is locked skipped
C:\WINNT\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\software Object is locked skipped
C:\WINNT\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\system32\config\system Object is locked skipped
C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped
C:\WINNT\WindowsUpdate.log Object is locked skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spirale-elements.com/christine/spam/[From dtm@zorg.it][Date Fri, 30 Jan 2004 19:44:02 +0100]/UNNAMED/[From dtm@zorg.it][Date Fri, 30 Jan 2004 19:44:02 +0100]/body.zip/body.scr Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spirale-elements.com/christine/spam/[From dtm@zorg.it][Date Fri, 30 Jan 2004 19:44:02 +0100]/UNNAMED/[From dtm@zorg.it][Date Fri, 30 Jan 2004 19:44:02 +0100]/body.zip Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spirale-elements.com/christine/spam/[From dtm@zorg.it][Date Fri, 30 Jan 2004 19:44:02 +0100]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spirale-elements.com/christine/spam/[From atvivant@worldcom.ch][Date Sat, 31 Jan 2004 15:52:48 +0100]/UNNAMED/[From atvivant@worldcom.ch][Date Sat, 31 Jan 2004 15:52:48 +0100]/message.zip/message.htm .exe Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spirale-elements.com/christine/spam/[From atvivant@worldcom.ch][Date Sat, 31 Jan 2004 15:52:48 +0100]/UNNAMED/[From atvivant@worldcom.ch][Date Sat, 31 Jan 2004 15:52:48 +0100]/message.zip Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spirale-elements.com/christine/spam/[From atvivant@worldcom.ch][Date Sat, 31 Jan 2004 15:52:48 +0100]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spirale-elements.com/christine/spam/[From dave@playboy.com][Date Sat, 31 Jan 2004 23:40:34 +0100]/UNNAMED/[From dave@playboy.com][Date Sat, 31 Jan 2004 23:40:34 +0100]/itwj.zip/itwj.scr Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spirale-elements.com/christine/spam/[From dave@playboy.com][Date Sat, 31 Jan 2004 23:40:34 +0100]/UNNAMED/[From dave@playboy.com][Date Sat, 31 Jan 2004 23:40:34 +0100]/itwj.zip Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spirale-elements.com/christine/spam/[From dave@playboy.com][Date Sat, 31 Jan 2004 23:40:34 +0100]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spirale-elements.com/christine/spam/[From nicojaouen@wanadoo.fr][Date Mon, 2 Feb 2004 12:05:45 +0100]/UNNAMED/[From nicojaouen@wanadoo.fr][Date Mon, 2 Feb 2004 12:05:45 +0100]/text.zip/text.pif Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spirale-elements.com/christine/spam/[From nicojaouen@wanadoo.fr][Date Mon, 2 Feb 2004 12:05:45 +0100]/UNNAMED/[From nicojaouen@wanadoo.fr][Date Mon, 2 Feb 2004 12:05:45 +0100]/text.zip Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spirale-elements.com/christine/spam/[From nicojaouen@wanadoo.fr][Date Mon, 2 Feb 2004 12:05:45 +0100]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spirale-elements.com/christine/spam/[From pgautrand@hfp.fr][Date Tue, 3 Feb 2004 00:40:06 +0100]/UNNAMED/[From pgautrand@hfp.fr][Date Tue, 3 Feb 2004 00:40:06 +0100]/text.zip/text.htm .exe Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spirale-elements.com/christine/spam/[From pgautrand@hfp.fr][Date Tue, 3 Feb 2004 00:40:06 +0100]/UNNAMED/[From pgautrand@hfp.fr][Date Tue, 3 Feb 2004 00:40:06 +0100]/text.zip Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spirale-elements.com/christine/spam/[From pgautrand@hfp.fr][Date Tue, 3 Feb 2004 00:40:06 +0100]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spirale-elements.com/christine/spam Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From claude.gueant@free.fr][Date Sat, 31 Jan 2004 03:12:09 +0100]/UNNAMED/[From claude.gueant@free.fr][Date Sat, 31 Jan 2004 03:12:09 +0100]/document.zip/document.pif Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From claude.gueant@free.fr][Date Sat, 31 Jan 2004 03:12:09 +0100]/UNNAMED/[From claude.gueant@free.fr][Date Sat, 31 Jan 2004 03:12:09 +0100]/document.zip Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From claude.gueant@free.fr][Date Sat, 31 Jan 2004 03:12:09 +0100]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From java2d-comments@sun.com][Date Sat, 31 Jan 2004 05:43:52 +0100]/UNNAMED/[From java2d-comments@sun.com][Date Sat, 31 Jan 2004 05:43:52 +0100]/document.zip/document.scr Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From java2d-comments@sun.com][Date Sat, 31 Jan 2004 05:43:52 +0100]/UNNAMED/[From java2d-comments@sun.com][Date Sat, 31 Jan 2004 05:43:52 +0100]/document.zip Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From java2d-comments@sun.com][Date Sat, 31 Jan 2004 05:43:52 +0100]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From robert@investir.fr][Date Sat, 31 Jan 2004 18:56:46 +0100]/UNNAMED/[From robert@investir.fr][Date Sat, 31 Jan 2004 18:56:46 +0100]/file.zip/file.pif Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From robert@investir.fr][Date Sat, 31 Jan 2004 18:56:46 +0100]/UNNAMED/[From robert@investir.fr][Date Sat, 31 Jan 2004 18:56:46 +0100]/file.zip Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From robert@investir.fr][Date Sat, 31 Jan 2004 18:56:46 +0100]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From helen@prisma-presse.com][Date Sat, 31 Jan 2004 2037 +0100]/UNNAMED/[From helen@prisma-presse.com][Date Sat, 31 Jan 2004 2037 +0100]/embhd.zip/embhd.scr Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From helen@prisma-presse.com][Date Sat, 31 Jan 2004 2037 +0100]/UNNAMED/[From helen@prisma-presse.com][Date Sat, 31 Jan 2004 2037 +0100]/embhd.zip Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From helen@prisma-presse.com][Date Sat, 31 Jan 2004 2037 +0100]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From ray@free.fr][Date Sat, 31 Jan 2004 21:13:20 +0100]/UNNAMED/[From ray@free.fr][Date Sat, 31 Jan 2004 21:13:20 +0100]/message.zip/message.htm .exe Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From ray@free.fr][Date Sat, 31 Jan 2004 21:13:20 +0100]/UNNAMED/[From ray@free.fr][Date Sat, 31 Jan 2004 21:13:20 +0100]/message.zip Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From ray@free.fr][Date Sat, 31 Jan 2004 21:13:20 +0100]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From license@php.net][Date Sun, 1 Feb 2004 00:23:42 +0100]/UNNAMED/[From license@php.net][Date Sun, 1 Feb 2004 00:23:42 +0100]/body.zip/body.scr Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From license@php.net][Date Sun, 1 Feb 2004 00:23:42 +0100]/UNNAMED/[From license@php.net][Date Sun, 1 Feb 2004 00:23:42 +0100]/body.zip Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From license@php.net][Date Sun, 1 Feb 2004 00:23:42 +0100]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From leo@aol.com][Date Sun, 1 Feb 2004 01:55:05 +0100]/UNNAMED/[From leo@aol.com][Date Sun, 1 Feb 2004 01:55:05 +0100]/file.zip/file.txt .scr Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From leo@aol.com][Date Sun, 1 Feb 2004 01:55:05 +0100]/UNNAMED/[From leo@aol.com][Date Sun, 1 Feb 2004 01:55:05 +0100]/file.zip Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From leo@aol.com][Date Sun, 1 Feb 2004 01:55:05 +0100]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From serg@sden.org][Date Sun, 1 Feb 2004 04:16:54 +0100]/UNNAMED/[From serg@sden.org][Date Sun, 1 Feb 2004 04:16:54 +0100]/doc.zip/doc.txt .pif Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From serg@sden.org][Date Sun, 1 Feb 2004 04:16:54 +0100]/UNNAMED/[From serg@sden.org][Date Sun, 1 Feb 2004 04:16:54 +0100]/doc.zip Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From serg@sden.org][Date Sun, 1 Feb 2004 04:16:54 +0100]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From oteu@proveedor.com][Date Mon, 2 Feb 2004 01:40:26 +0100]/UNNAMED/[From oteu@proveedor.com][Date Mon, 2 Feb 2004 01:40:26 +0100]/data.zip/data.scr Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From oteu@proveedor.com][Date Mon, 2 Feb 2004 01:40:26 +0100]/UNNAMED/[From oteu@proveedor.com][Date Mon, 2 Feb 2004 01:40:26 +0100]/data.zip Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From oteu@proveedor.com][Date Mon, 2 Feb 2004 01:40:26 +0100]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From ray@thecelebrityworld.net][Date Mon, 2 Feb 2004 14:29:07 +0100]/UNNAMED/[From ray@thecelebrityworld.net][Date Mon, 2 Feb 2004 14:29:07 +0100]/body.zip/body.htm .exe Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From ray@thecelebrityworld.net][Date Mon, 2 Feb 2004 14:29:07 +0100]/UNNAMED/[From ray@thecelebrityworld.net][Date Mon, 2 Feb 2004 14:29:07 +0100]/body.zip Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From ray@thecelebrityworld.net][Date Mon, 2 Feb 2004 14:29:07 +0100]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From debby@wsj.com][Date Mon, 2 Feb 2004 22:47:38 +0100]/UNNAMED/[From debby@wsj.com][Date Mon, 2 Feb 2004 22:47:38 +0100]/message.zip/message.scr Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From debby@wsj.com][Date Mon, 2 Feb 2004 22:47:38 +0100]/UNNAMED/[From debby@wsj.com][Date Mon, 2 Feb 2004 22:47:38 +0100]/message.zip Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From debby@wsj.com][Date Mon, 2 Feb 2004 22:47:38 +0100]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From helen@challenges-eco.com][Date Mon, 2 Feb 2004 23:12:05 +0100]/UNNAMED/[From helen@challenges-eco.com][Date Mon, 2 Feb 2004 23:12:05 +0100]/body.zip/body.txt .exe Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From helen@challenges-eco.com][Date Mon, 2 Feb 2004 23:12:05 +0100]/UNNAMED/[From helen@challenges-eco.com][Date Mon, 2 Feb 2004 23:12:05 +0100]/body.zip Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From helen@challenges-eco.com][Date Mon, 2 Feb 2004 23:12:05 +0100]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From jack@yahoogroupes.fr][Date Tue, 3 Feb 2004 07:23:00 +0100]/UNNAMED/[From jack@yahoogroupes.fr][Date Tue, 3 Feb 2004 07:23:00 +0100]/doc.zip/doc.txt .scr Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From jack@yahoogroupes.fr][Date Tue, 3 Feb 2004 07:23:00 +0100]/UNNAMED/[From jack@yahoogroupes.fr][Date Tue, 3 Feb 2004 07:23:00 +0100]/doc.zip Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam/[From jack@yahoogroupes.fr][Date Tue, 3 Feb 2004 07:23:00 +0100]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/spam Infected: Email-Worm.Win32.Mydoom.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/whispers-voices.com/christine/spam/[From SmithBarney <custservice.ref.num520704474887@smithbarney.com>][Date Wed, 02 Feb 2005 12:02:05 -0300]/UNNAMED/[From SmithBarney <custservice.ref.num520704474887@smithbarney.com>][Date Wed, 02 Feb 2005 12:02:05 -0300]/html Infected: Trojan-Spy.HTML.Smitfraud.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/whispers-voices.com/christine/spam/[From SmithBarney <custservice.ref.num520704474887@smithbarney.com>][Date Wed, 02 Feb 2005 12:02:05 -0300]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.a skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/whispers-voices.com/christine/spam/[From "Christine" <christine@whichproperty.com.au>][Date Tue, 01 Mar 2005 07:42:13 +0100]/UNNAMED/[From "Christine" <christine@whichproperty.com.au>][Date Tue, 01 Mar 2005 07:42:13 +0100]/newprice.zip/prs_03.exe Infected: Email-Worm.Win32.Bagle.bc skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/whispers-voices.com/christine/spam/[From "Christine" <christine@whichproperty.com.au>][Date Tue, 01 Mar 2005 07:42:13 +0100]/UNNAMED/[From "Christine" <christine@whichproperty.com.au>][Date Tue, 01 Mar 2005 07:42:13 +0100]/newprice.zip Infected: Email-Worm.Win32.Bagle.bc skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/whispers-voices.com/christine/spam/[From "Christine" <christine@whichproperty.com.au>][Date Tue, 01 Mar 2005 07:42:13 +0100]/UNNAMED Infected: Email-Worm.Win32.Bagle.bc skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/whispers-voices.com/christine/spam/[From "Regions bank" <users-billing6@regions.com>][Date Wed, 16 Mar 2005 09:09:59 +0100]/UNNAMED/[From "Regions bank" <users-billing6@regions.com>][Date Wed, 16 Mar 2005 09:09:59 +0100]/UNNAMED/html Infected: Trojan-Spy.HTML.Bankfraud.cr skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/whispers-voices.com/christine/spam/[From "Regions bank" <users-billing6@regions.com>][Date Wed, 16 Mar 2005 09:09:59 +0100]/UNNAMED/[From "Regions bank" <users-billing6@regions.com>][Date Wed, 16 Mar 2005 09:09:59 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.cr skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/whispers-voices.com/christine/spam/[From "Regions bank" <users-billing6@regions.com>][Date Wed, 16 Mar 2005 09:09:59 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.cr skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/whispers-voices.com/christine/spam/[From Raul Fair <btklwxudxktm@yahoo.com>][Date Mon, 30 May 2005 14:58:55 +0100]/UNNAMED/[From "Christine.callahan" <christine.callahan@ae.ge.com>][Date Tue, 31 May 2005 15:49:47 +0000]/UNNAMED/[From "Christine.callahan" <christine.callahan@ae.ge.com>][Date Tue, 31 May 2005 15:49:47 +0000]/Price_new.zip/16_05_2005.exe Infected: Email-Worm.Win32.Bagle.bo skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/whispers-voices.com/christine/spam/[From Raul Fair <btklwxudxktm@yahoo.com>][Date Mon, 30 May 2005 14:58:55 +0100]/UNNAMED/[From "Christine.callahan" <christine.callahan@ae.ge.com>][Date Tue, 31 May 2005 15:49:47 +0000]/UNNAMED/[From "Christine.callahan" <christine.callahan@ae.ge.com>][Date Tue, 31 May 2005 15:49:47 +0000]/Price_new.zip Infected: Email-Worm.Win32.Bagle.bo skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/whispers-voices.com/christine/spam/[From Raul Fair <btklwxudxktm@yahoo.com>][Date Mon, 30 May 2005 14:58:55 +0100]/UNNAMED/[From "Christine.callahan" <christine.callahan@ae.ge.com>][Date Tue, 31 May 2005 15:49:47 +0000]/UNNAMED Infected: Email-Worm.Win32.Bagle.bo skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/whispers-voices.com/christine/spam/[From Raul Fair <btklwxudxktm@yahoo.com>][Date Mon, 30 May 2005 14:58:55 +0100]/UNNAMED Infected: Email-Worm.Win32.Bagle.bo skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/whispers-voices.com/christine/spam/[From Dave Cole <pcahnwjlqjwm@yahoo.com>][Date Mon, 20 Jun 2005 22:38:17 +0400]/UNNAMED/[From "Christine" <christine@whiffen.net>][Date Sun, 26 Jun 2005 18:23:54 -0500]/UNNAMED/[From "Christine" <christine@whiffen.net>][Date Sun, 26 Jun 2005 18:23:54 -0500]/In_park.zip/f22-013.exe Infected: Email-Worm.Win32.Bagle.bq skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/whispers-voices.com/christine/spam/[From Dave Cole <pcahnwjlqjwm@yahoo.com>][Date Mon, 20 Jun 2005 22:38:17 +0400]/UNNAMED/[From "Christine" <christine@whiffen.net>][Date Sun, 26 Jun 2005 18:23:54 -0500]/UNNAMED/[From "Christine" <christine@whiffen.net>][Date Sun, 26 Jun 2005 18:23:54 -0500]/In_park.zip Infected: Email-Worm.Win32.Bagle.bq skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/whispers-voices.com/christine/spam/[From Dave Cole <pcahnwjlqjwm@yahoo.com>][Date Mon, 20 Jun 2005 22:38:17 +0400]/UNNAMED/[From "Christine" <christine@whiffen.net>][Date Sun, 26 Jun 2005 18:23:54 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.bq skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/whispers-voices.com/christine/spam/[From Dave Cole <pcahnwjlqjwm@yahoo.com>][Date Mon, 20 Jun 2005 22:38:17 +0400]/UNNAMED Infected: Email-Worm.Win32.Bagle.bq skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/whispers-voices.com/christine/spam/[From "Christine" <christine@whihk.com.hk>][Date Fri, 12 Aug 2005 02:30:24 -0700]/UNNAMED/UNNAMED/[From "Christine" <christine@whihk.com.hk>][Date Fri, 12 Aug 2005 02:30:24 -0700]/Increase_in_the_tax.zip/Taxes.exe Infected: Email-Worm.Win32.Bagle.cc skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/whispers-voices.com/christine/spam/[From "Christine" <christine@whihk.com.hk>][Date Fri, 12 Aug 2005 02:30:24 -0700]/UNNAMED/UNNAMED/[From "Christine" <christine@whihk.com.hk>][Date Fri, 12 Aug 2005 02:30:24 -0700]/Increase_in_the_tax.zip Infected: Email-Worm.Win32.Bagle.cc skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/whispers-voices.com/christine/spam/[From "Christine" <christine@whihk.com.hk>][Date Fri, 12 Aug 2005 02:30:24 -0700]/UNNAMED/UNNAMED Infected: Email-Worm.Win32.Bagle.cc skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/whispers-voices.com/christine/spam/[From "Christine" <christine@whihk.com.hk>][Date Fri, 12 Aug 2005 02:30:24 -0700]/UNNAMED Infected: Email-Worm.Win32.Bagle.cc skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed/./mail/whispers-voices.com/christine/spam Infected: Email-Worm.Win32.Bagle.cc skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz/packed Infected: Email-Worm.Win32.Bagle.cc skipped
G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz GZIP: infected - 78 skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP10\A0000206.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP10\A0000207.ocx Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP10\A0000208.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP10\A0000209.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP10\A0000210.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP10\A0000211.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP10\A0000212.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP10\A0000213.cat Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP10\A0000214.inf Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP10\A0000215.ver Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP10\A0000216.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP10\A0000217.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP10\A0000218.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP10\A0000219.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP10\A0000220.ver Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP10\A0000221.inf Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP10\A0000222.cat Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP10\A0000223.ocx Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP10\A0000224.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP10\A0000225.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP10\A0000226.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP10\A0000227.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP10\A0000228.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP10\A0000229.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP10\A0000230.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP10\A0000231.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP10\A0000232.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP11\A0000239.sys Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP11\A0000240.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP11\A0000241.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP11\A0000242.cat Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP11\A0000243.inf Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP11\A0000244.ver Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP11\A0000245.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP11\A0000246.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP11\A0000247.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP11\A0000248.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP11\A0000249.ver Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP11\A0000250.inf Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP11\A0000251.cat Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP11\A0000252.sys Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP11\A0000253.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP11\A0000254.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP11\A0000255.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP11\A0000256.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP11\A0000257.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP12\A0000267.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP12\A0000268.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP12\A0000269.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP12\A0000270.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP12\A0000271.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP12\A0000272.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP12\A0000273.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP12\A0000274.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP12\A0000275.ver Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP12\A0000276.ver Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP12\A0000277.cat Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP12\A0000278.cat Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP12\A0000279.inf Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP12\A0000280.inf Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP12\A0000281.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP12\A0000282.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP12\A0000283.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP12\A0000284.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP12\A0000285.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP12\A0000286.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP12\A0000287.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP13\A0000294.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP13\A0000295.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP13\A0000296.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP13\A0000297.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP13\A0000298.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP13\A0000299.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP13\A0000300.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP13\A0000301.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP13\A0000302.ver Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP13\A0000303.inf Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP13\A0000304.cat Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP13\A0000305.cat Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP13\A0000306.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP13\A0000307.ver Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP13\A0000308.inf Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP13\A0000309.cat Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP13\A0000310.cat Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP13\A0000311.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP13\A0000312.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP13\A0000313.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP13\A0000314.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP13\A0000315.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP13\A0000316.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP14\A0000323.ver Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP14\A0000324.inf Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP14\A0000325.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP14\A0000326.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP14\A0000327.cat Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP14\A0000328.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP14\A0000329.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP14\A0000330.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP14\A0000331.cnv Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000378.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000379.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000380.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000381.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000382.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000383.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000384.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000385.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000386.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000387.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000388.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000389.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000390.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000391.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000392.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000393.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000394.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000395.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000396.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000397.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000398.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000399.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000400.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000401.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000402.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000403.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000404.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000405.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000406.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000407.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000408.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000409.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000410.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000411.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000412.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000413.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000414.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000415.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000416.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000417.cat Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000418.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000419.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000420.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000421.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000422.cat Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000423.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000424.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000425.inf Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000426.inf Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000427.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000428.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000429.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000430.ver Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000431.ver Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000432.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000433.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000434.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000435.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP15\A0000436.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP16\A0000443.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP16\A0000444.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP16\A0000445.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP16\A0000446.cat Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP16\A0000447.inf Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP16\A0000448.ver Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP16\A0000449.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP16\A0000450.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP16\A0000451.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP16\A0000452.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP16\A0000453.ver Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP16\A0000454.inf Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP16\A0000455.cat Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP16\A0000456.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP16\A0000457.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP16\A0000458.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP16\A0000459.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP16\A0000460.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP16\A0000461.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000498.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000499.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000500.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000501.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000502.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000503.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000504.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000505.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000506.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000507.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000508.tsp Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000509.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000510.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000511.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000512.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000513.ver Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000514.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000515.TSP Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000516.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000517.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000518.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000519.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000520.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000521.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000522.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000523.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000524.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000525.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000526.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000527.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000528.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000529.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000530.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000531.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000532.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000533.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000534.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000535.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000536.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000537.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000538.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000539.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000540.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000541.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000542.cat Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000543.cat Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000544.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000545.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000546.inf Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000547.inf Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000548.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000549.ver Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP17\A0000550.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP18\A0000557.ver Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP18\A0000558.inf Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP18\A0000559.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP18\A0000560.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP18\A0000561.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP18\A0000562.cat Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP18\A0000563.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP18\A0000564.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP18\A0000565.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP18\A0000566.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP18\A0000567.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP18\A0000569.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP18\A0000571.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP18\A0000572.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP18\A0000573.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP18\A0000574.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP18\A0000575.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP18\A0000576.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP18\A0000577.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP18\A0000590.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP18\A0000591.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP9\A0000176.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP9\A0000177.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP9\A0000178.sys Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP9\A0000179.cat Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP9\A0000180.inf Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP9\A0000181.ver Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP9\A0000182.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP9\A0000183.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP9\A0000184.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP9\A0000185.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP9\A0000186.ver Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP9\A0000187.inf Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP9\A0000188.cat Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP9\A0000189.sys Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP9\A0000190.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP9\A0000191.exe Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP9\A0000192.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP9\A0000193.dll Object is locked skipped
G:\System Volume Information\_restore{715BE304-9F08-4F7C-90D5-38351AE07DA1}\RP9\A0000194.exe Object is locked skipped

Scan process completed.
Meestho is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 07-09-2007, 08:50 AM   #6 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 23,228
OS: N/A


Re: Virtumonde removal
Open notepad and copy/paste the text in the quotebox below into it:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (
"C:\Program Files\Winamp\Skins\32326.exe"
"G:\Christine\whispers - back-up\backup-whispers-voices.com-9-5-2005.tar.gz"
) do (
del /a/f %%g >nul 2>&1
if exist %%g echo.%%g>>"%temp%\log.txt"
)

for %%g in (
"C:\Program Files\ddm"
C:\Qoobox
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!
nircmd wait 7000
del %0
Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run

Post back to tell me what it says
__________________
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 07-09-2007, 09:13 AM   #7 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 22
OS: Windows Xp


Re: Virtumonde removal
It opened a black box saying :

"Deleted successfully"
Meestho is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 07-09-2007, 09:50 AM   #8 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 23,228
OS: N/A


Re: Virtumonde removal
Of the stuff Kaspersky found, C:\System Volume Information\ is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, we shall be reseting/clearing the cache in a little while


----------------------


Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

  1. CLEAR & RESET SYSTEM RESTORE'S CACHE - (System Volume Information folder)
    Go to Start → Run → type control sysdm.cpl,,4 & press Enter
    • Tick on the checkbox - Turn off System Restore on all drives
    • Click Apply
    Turn it back 'On' by unticking the same checkbox & click OK


  2. DISABLE THE VIEWING OF SYSTEM FILES
    From Windows Explorer, go to Tools>Folder Options> View tab.
    • Untick - Show hidden files and folder
    • Tick - Hide file extensions for known types
    • Tick - Hide protected operating system files
    Click Yes to confirm & then click OK


  3. SECURING INTERNET EXPLORER
    From within Internet Explorer click on the Tools menu and then click on Internet Options.
    • Select the Security tab
      • Click once on the Internet icon so it becomes highlighted.
      • Select Custom Level .
        • Change 'Download signed ActiveX controls' to Prompt
        • Change 'Download unsigned ActiveX controls' to Disable
        • Change 'Initialize and script ActiveX controls not marked as safe' to Disable
        • Change 'Installation of desktop items' to Prompt
        • Change 'Launching programs and files in an IFRAME' to Prompt
        • Change 'Navigate sub-frames across different domains' to Prompt
        • When all these changes have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Select OK to exit the Internet Properties page.


  4. ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources → http://www.bleepingcomputer.com/forums/topict405.html

    It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


  5. FIREWALL
    Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here → http://www.bleepingcomputer.com/forums/tutorial60.html


  6. Microsoft Windows Updatehttp://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


  7. SPYBOT - SEARCH & DESTROY
    Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial43.html

  8. AD-AWARE
    Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial48.html


  9. SPYWAREBLASTER
    SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.

    Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial49.html


  10. IE-SPYAD
    IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here http://www.spywarewarrior.com/uiuc/resource.htm

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.
  • http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

  • http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.

  • http://toolbar.google.com/ - Google Toolbar - Get the free google toolbar to help stop pop up windows.

  • http://cleanup.stevengould.org/ - CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

  • http://www.winpatrol.com/ -Winpatrol - Download and install the free version of Winpatrol.
    A tutorial for this product is located here: http://www.winpatrol.com/features.html

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 07-09-2007, 10:02 AM   #9 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 22
OS: Windows Xp


Re: Virtumonde removal
Thank you for your help!

I couldn't find the system restore where you indicated (I'm running Windows 2000, maybe it would explain it?).

I'm already using Firefox as my only browser and (as stated in the first post) AVG as a virus scan (updates everyday, runs everyday on automatic schedule).

I'll take a look at the firewalls, have my windows updates set on automatic, already use (and update) ad-aware, with spybot as a back-up.

Once again, thank you for your help, and have a great day.
Meestho is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 07-09-2007, 10:13 AM   #10 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 23,228
OS: N/A


Re: Virtumonde removal
Please tell me what's in Drive G
__________________
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 07-09-2007, 10:30 AM   #11 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 22
OS: Windows Xp


Re: Virtumonde removal
Drive G is an external USB hard drive that contains all stored data (mp3s, pictures, documents, etc).

I think what showed up on the Kapersky scan was from a back-up I made from a website I used to have. I made a full back-up of the site just before the host went belly-up and never really checked what was in the archive.
Meestho is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 07-09-2007, 10:38 AM   #12 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 23,228
OS: N/A


Re: Virtumonde removal
That explains it. Those G:\System Volume Information files were created when you plugged it into an XP/Vista machine
__________________
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 05:02 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84