Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page How to remove Email-Worm.Win32.Rays
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 2 of 3 1 2 3
 
LinkBack Thread Tools
Old 10-17-2007, 11:55 PM   #21 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 366
OS: xp


Re: How to remove Email-Worm.Win32.Rays
Hi Ried,
Below is the report:

comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50;Archive contains infected objects;Moved.;
sa50.exe;C:\Documents and Settings\Administrator\Desktop\SA50;Win32.HLLM.Wukill;Deleted.;
Admin.exe;C:\Documents and Settings\Administrator\Desktop\SA50\Admin;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\Admin\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\Admin;Archive contains infected objects;Moved.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\Admin\Staff Matters\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\Admin\Staff Matters;Archive contains infected objects;Moved.;
Staff Matters.exe;C:\Documents and Settings\Administrator\Desktop\SA50\Admin\Staff Matters;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\Admin\Staff Matters\Leave Roster\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\Admin\Staff Matters\Leave Roster;Archive contains infected objects;Moved.;
Leave Roster.exe;C:\Documents and Settings\Administrator\Desktop\SA50\Admin\Staff Matters\Leave Roster;Win32.HLLM.Wukill;Deleted.;
2007.exe;C:\Documents and Settings\Administrator\Desktop\SA50\Admin\Staff Matters\Leave Roster\2007;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\Admin\Staff Matters\Leave Roster\2007\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\Admin\Staff Matters\Leave Roster\2007;Archive contains infected objects;Moved.;
Auction.exe;C:\Documents and Settings\Administrator\Desktop\SA50\Auction;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\Auction\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\Auction;Archive contains infected objects;Moved.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may;Archive contains infected objects;Moved.;
may.exe;C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may;Win32.HLLM.Wukill;Deleted.;
Auction3A.exe;C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\Auction3A;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\Auction3A\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\Auction3A;Archive contains infected objects;Moved.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\Database\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\Database;Archive contains infected objects;Moved.;
Database.exe;C:\Documents and Settings\Administrator\Desktop\SA50\Database;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data;Archive contains infected objects;Moved.;
WTWY Data.exe;C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\Lucy & Jenny\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\Lucy & Jenny;Archive contains infected objects;Moved.;
Lucy & Jenny.exe;C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\Lucy & Jenny;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\Lucy & Jenny\Title Master\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\Lucy & Jenny\Title Master;Archive contains infected objects;Moved.;
Title Master.exe;C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\Lucy & Jenny\Title Master;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\Thian\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\Thian;Archive contains infected objects;Moved.;
Thian.exe;C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\Thian;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\Thian\New folder (Thian)\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\Thian\New folder (Thian);Archive contains infected objects;Moved.;
New folder (Thian).exe;C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\Thian\New folder (Thian);Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency;Archive contains infected objects;Moved.;
EstateAgency.exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender;Archive contains infected objects;Moved.;
Sale by Tender.exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender;Win32.HLLM.Wukill;Deleted.;
0291.exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0291;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0291\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0291;Archive contains infected objects;Moved.;
0291(2).exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0291\0291(2);Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0291\0291(2)\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0291\0291(2);Archive contains infected objects;Moved.;
0299.exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0299;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0299\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0299;Archive contains infected objects;Moved.;
0311.exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0311;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0311\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0311;Archive contains infected objects;Moved.;
0316.exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0316;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0316\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0316;Archive contains infected objects;Moved.;
0392.exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0392;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0392\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0392;Archive contains infected objects;Moved.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\Meeting\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\Meeting;Archive contains infected objects;Moved.;
Meeting.exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\Meeting;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\New Folder (2)\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\New Folder (2);Archive contains infected objects;Moved.;
New Folder (2).exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\New Folder (2);Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\Performances\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\Performances;Archive contains infected objects;Moved.;
Performances.exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\Performances;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\photo frames\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\photo frames;Archive contains infected objects;Moved.;
photo frames.exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\photo frames;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\template\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\template;Archive contains infected objects;Moved.;
template.exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\template;Win32.HLLM.Wukill;Deleted.;


Thanks
ahjin is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 10-18-2007, 12:06 AM   #22 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,562
OS: WinXP and Vista


Re: How to remove Email-Worm.Win32.Rays
Now reboot and run a new scan at Kaspersky--be sure to set it to 'Extended' scan.

To make it easier on you, here are the instructions again:

Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.



  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-18-2007, 12:16 AM   #23 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 366
OS: xp


Re: How to remove Email-Worm.Win32.Rays
This pc is connected to a LAN, perhaps some other pcs here also infected by the same worm. Is it possible that this pc will be infected while it is scanning and other people (with pcs that are infected as well) connected to it and open files in this pc?
ahjin is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-18-2007, 12:22 AM   #24 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,562
OS: WinXP and Vista


Re: How to remove Email-Worm.Win32.Rays
Yes, that's possible. How many computers are networked to this one?
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-18-2007, 12:23 AM   #25 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 366
OS: xp


Re: How to remove Email-Worm.Win32.Rays
16-17
ahjin is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-18-2007, 12:26 AM   #26 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,562
OS: WinXP and Vista


Re: How to remove Email-Worm.Win32.Rays


Let's just see what Kaspersky has to say for now.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-18-2007, 12:29 AM   #27 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 366
OS: xp


Re: How to remove Email-Worm.Win32.Rays
ok.
Some pcs here is running window 98, can you recommend a good but free av?
While I am waiting for the Kaspersky, I can scan 1 or 2 suspected pc.
ahjin is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-18-2007, 12:34 AM   #28 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,562
OS: WinXP and Vista


Re: How to remove Email-Worm.Win32.Rays
Off the top of my head, I believe Avast! is Windows 98 compatible.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-18-2007, 12:37 AM   #29 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 366
OS: xp


Re: How to remove Email-Worm.Win32.Rays
ok, I will try.
Thanks.
ahjin is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-18-2007, 02:19 AM   #30 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 366
OS: xp


Re: How to remove Email-Worm.Win32.Rays
The report is:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, October 18, 2007 4:04:20 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/10/2007
Kaspersky Anti-Virus database records: 437601
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 152254
Number of viruses found: 2
Number of infected objects: 62
Number of suspicious objects: 0
Duration of the scan process: 01:44:45

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\Auction Letters\Auction Letters.exe Infected: Email-Worm.Win32.Rays skipped
C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\Auction Letters\comment.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\Auction Letters\HCourt.doc Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\Auction3A\6258.doc Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\Auction3A\Auction3A.exe Infected: Email-Worm.Win32.Rays skipped
C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\Auction3A\comment.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\comment.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\may.exe Infected: Email-Worm.Win32.Rays skipped
C:\Documents and Settings\Administrator\Desktop\SA50\comment.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\comment.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\Thian\comment.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\Thian\Listings 2005.xls Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\Thian\Thian.exe Infected: Email-Worm.Win32.Rays skipped
C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\WTWY Data.exe Infected: Email-Worm.Win32.Rays skipped
C:\Documents and Settings\Administrator\Desktop\SA50\sa50.exe Infected: Email-Worm.Win32.Rays skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\com09999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\com19999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\com29999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\com39999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\com49999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\com59999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\com69999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\com79999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\com89999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comm0999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comm1999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comm2999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comm3999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comm4999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comm5999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comm6999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comm7999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comm8999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comm9999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comme099.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comme199.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comme299.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comme399.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comme499.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comme599.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comme699.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comme799.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comme899.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comme999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\commen09.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\commen19.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\commen29.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\commen39.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\commen49.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\commen59.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\commen69.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\commen79.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\commen89.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\commen99.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comment.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comment0.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comment1.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comment2.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comment3.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comment4.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comment5.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comment6.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comment7.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comment8.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comment9.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007101820071019\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFF388.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\UserData\index.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Inetpub\wwwroot\db\desktop.ini Object is locked skipped
C:\Inetpub\wwwroot\db\_vti_pvt\botinfs.cnf Object is locked skipped
C:\Inetpub\wwwroot\db\_vti_pvt\bots.cnf Object is locked skipped
C:\Inetpub\wwwroot\db\_vti_pvt\deptodoc.btr Object is locked skipped
C:\Inetpub\wwwroot\db\_vti_pvt\doctodep.btr Object is locked skipped
C:\Inetpub\wwwroot\db\_vti_pvt\fpdbw.ico Object is locked skipped
C:\Inetpub\wwwroot\db\_vti_pvt\linkinfo.btr Object is locked skipped
C:\Inetpub\wwwroot\db\_vti_pvt\service.cnf Object is locked skipped
C:\Inetpub\wwwroot\db\_vti_pvt\service.lck Object is locked skipped
C:\Inetpub\wwwroot\db\_vti_pvt\services.cnf Object is locked skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\ibdata1 Object is locked skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\ib_logfile0 Object is locked skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\ib_logfile1 Object is locked skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\SA60.err Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{31D962E8-A45E-4785-A914-AA4D17BA125D}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\Logfiles\W3SVC1\ex071018.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ib12 Object is locked skipped
C:\WINDOWS\Temp\ib13 Object is locked skipped
C:\WINDOWS\Temp\ib14 Object is locked skipped
C:\WINDOWS\Temp\ib15 Object is locked skipped
C:\WINDOWS\Temp\ib16 Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
ahjin is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-18-2007, 06:09 AM   #31 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,562
OS: WinXP and Vista


Re: How to remove Email-Worm.Win32.Rays
These have returned.

Quote:
C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\Auction Letters\Auction Letters.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\Auction Letters\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\Auction3A\Auction3A.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\Auction3A\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\may.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\Thian\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\Thian\Thian.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\WTWY Data.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\sa50.exe ------>Email-Worm.Win32.Rays
Can you find out if anyone accessed these documents between the time DrWeb moved them, and running this Kaspersky scan?
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-18-2007, 06:39 AM   #32 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 366
OS: xp


Re: How to remove Email-Worm.Win32.Rays
Yes. I suspected at least 2 pcs who were accessing those files at that time.
They are running window 98, I do not know which AV software is best and effective in removing this worm.
Can you please advise on this?
By the way, do you think that I can clean the worm with Karpersky trial version (scan in Safe Mode)?
If yes, I may want to scan all the pcs in the LAN at the same time. What do you think?
ahjin is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-18-2007, 07:56 AM   #33 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,562
OS: WinXP and Vista


Re: How to remove Email-Worm.Win32.Rays
Use DrWeb on all those systems, even 98

Use the same settings as last time and if you find that DrWeb moved something that was needed, you can locate the moved file in the DrWeb Quarantine and move it back to the folder where it belongs.

If you have any doubts, post them here and I'll give you a hand with them.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-18-2007, 10:01 AM   #34 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 366
OS: xp


Re: How to remove Email-Worm.Win32.Rays
You had instructed me to scan with DrWeb twice. So, I follow steps of the 2nd scan?
I have 1 more question here, you say "you can locate the moved file in the DrWeb Quarantine and move it back to the folder where it belongs.", if I move back the infected file from DrWeb Quarantine, isn't that it will get infected again?
ahjin is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-18-2007, 10:34 AM   #35 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,562
OS: WinXP and Vista


Re: How to remove Email-Worm.Win32.Rays
Yes--use the second set of instructions for running DrWeb.

We wouldn't want to move back infected files, I'm more concerned that DrWeb will move a legit .exe as it's been known to be quite aggressive and take out files from legit programs. (as an example, an .exe belonging to an onboard Anti Virus program)
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-19-2007, 12:20 AM   #36 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 366
OS: xp


Re: How to remove Email-Worm.Win32.Rays
Hi Ried,
Today is a busy day for my company, I am not able to perform any scan on any pc while everybody is busy with their works.
I will bring 1 pc back to my house and scan tonight. I will post the report after the scan.
Thanks
ahjin is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-19-2007, 09:56 PM   #37 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 366
OS: xp


Re: How to remove Email-Worm.Win32.Rays
Hello Ried,

Below is the reports of DrWeb and Kaspersky online scanner (After I scan the pc with DrWeb):


Report of DrWeb:

comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50;Archive contains infected objects;Moved.;
sa50.exe;C:\Documents and Settings\Administrator\Desktop\SA50;Win32.HLLM.Wukill;Deleted.;
Admin.exe;C:\Documents and Settings\Administrator\Desktop\SA50\Admin;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\Admin\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\Admin;Archive contains infected objects;Moved.;
CIMB-161007.exe;C:\Documents and Settings\Administrator\Desktop\SA50\Admin\CIMB-161007;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\Admin\CIMB-161007\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\Admin\CIMB-161007;Archive contains infected objects;Moved.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\Admin\Staff Matters\Leave Roster\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\Admin\Staff Matters\Leave Roster;Archive contains infected objects;Moved.;
Leave Roster.exe;C:\Documents and Settings\Administrator\Desktop\SA50\Admin\Staff Matters\Leave Roster;Win32.HLLM.Wukill;Deleted.;
2007.exe;C:\Documents and Settings\Administrator\Desktop\SA50\Admin\Staff Matters\Leave Roster\2007;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\Admin\Staff Matters\Leave Roster\2007\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\Admin\Staff Matters\Leave Roster\2007;Archive contains infected objects;Moved.;
Auction.exe;C:\Documents and Settings\Administrator\Desktop\SA50\Auction;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\Auction\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\Auction;Archive contains infected objects;Moved.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may;Archive contains infected objects;Moved.;
may.exe;C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may;Win32.HLLM.Wukill;Deleted.;
Auction Letters.exe;C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\Auction Letters;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\Auction Letters\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\Auction Letters;Archive contains infected objects;Moved.;
Auction3A.exe;C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\Auction3A;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\Auction3A\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\Auction3A;Archive contains infected objects;Moved.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data;Archive contains infected objects;Moved.;
WTWY Data.exe;C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\Thian\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\Thian;Archive contains infected objects;Moved.;
Thian.exe;C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\Thian;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency;Archive contains infected objects;Moved.;
EstateAgency.exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender;Archive contains infected objects;Moved.;
Sale by Tender.exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender;Win32.HLLM.Wukill;Deleted.;
0292.exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0292;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0292\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0292;Archive contains infected objects;Moved.;
0292(6).exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0292\0292(6);Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0292\0292(6)\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0292\0292(6);Archive contains infected objects;Moved.;
0294.exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0294;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0294\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0294;Archive contains infected objects;Moved.;
0316.exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0316;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0316\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0316;Archive contains infected objects;Moved.;
0357.exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0357;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0357\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0357;Archive contains infected objects;Moved.;
0357(3).exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0357\0357(3);Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0357\0357(3)\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0357\0357(3);Archive contains infected objects;Moved.;
0375.exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0375;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0375\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0375;Archive contains infected objects;Moved.;
0399.exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0399;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0399\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0399;Archive contains infected objects;Moved.;
0400.exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0400;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0400\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0400;Archive contains infected objects;Moved.;
0403.exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0403;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0403\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0403;Archive contains infected objects;Moved.;
0404.exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0404;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0404\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0404;Archive contains infected objects;Moved.;
0405.exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0405;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0405\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0405;Archive contains infected objects;Moved.;
0405.exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0405\0405;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0405\0405\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0405\0405;Archive contains infected objects;Moved.;
0406.exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0406;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0406\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0406;Archive contains infected objects;Moved.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\photo frames\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\photo frames;Archive contains infected objects;Moved.;
photo frames.exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\photo frames;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\Tender File (0110 to 0198)\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\Tender File (0110 to 0198);Archive contains infected objects;Moved.;
Tender File (0110 to 0198).exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\Tender File (0110 to 0198);Win32.HLLM.Wukill;Deleted.;
0118.exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\Tender File (0110 to 0198)\0118;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\Tender File (0110 to 0198)\0118\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\Tender File (0110 to 0198)\0118;Archive contains infected objects;Moved.;
0118(5).exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\Tender File (0110 to 0198)\0118\0118(5);Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\Tender File (0110 to 0198)\0118\0118(5)\commen;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\Tender File (0110 to 0198)\0118\0118(5);Archive contains infected objects;Moved.;
0405.exe;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\Tender File (0110 to 0198)\0405;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\Tender File (0110 to 0198)\0405\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\Tender File (0110 to 0198)\0405;Archive contains infected objects;Moved.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\Library\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\Library;Archive contains infected objects;Moved.;
Library.exe;C:\Documents and Settings\Administrator\Desktop\SA50\Library;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\Valuation\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\Valuation;Archive contains infected objects;Moved.;
Valuation.exe;C:\Documents and Settings\Administrator\Desktop\SA50\Valuation;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\Valuation\VALUATION REPORTS\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\Valuation\VALUATION REPORTS;Archive contains infected objects;Moved.;
VALUATION REPORTS.exe;C:\Documents and Settings\Administrator\Desktop\SA50\Valuation\VALUATION REPORTS;Win32.HLLM.Wukill;Deleted.;
32150-32199.exe;C:\Documents and Settings\Administrator\Desktop\SA50\Valuation\VALUATION REPORTS\32150-32199;Win32.HLLM.Wukill;Deleted.;
comment.htt\vbscript.1;C:\Documents and Settings\Administrator\Desktop\SA50\Valuation\VALUATION REPORTS\32150-32199\comment.htt;Trojan.AppActXComp;;
comment.htt;C:\Documents and Settings\Administrator\Desktop\SA50\Valuation\VALUATION REPORTS\32150-32199;Archive contains infected objects;Moved.;


Report of KaKapersky Online Scanner:


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, October 20, 2007 11:51:29 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/10/2007
Kaspersky Anti-Virus database records: 441296
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 152548
Number of viruses found: 1
Number of infected objects: 81
Number of suspicious objects: 0
Duration of the scan process: 01:44:23

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\09999999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\19999999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\29999999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\39999999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\49999999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\59999999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\69999999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\79999999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\89999999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\99999999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\c0999999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\c1999999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\c2999999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\c3999999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\c4999999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\c5999999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\c6999999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\c7999999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\c8999999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\c9999999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\co099999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\co199999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\co299999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\co399999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\co499999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\co599999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\co699999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\co799999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\co899999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\co999999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\com09999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\com19999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\com29999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\com39999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\com49999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\com59999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\com69999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\com79999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\com89999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\com99999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comm0999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comm1999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comm2999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comm3999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comm4999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comm5999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comm6999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comm7999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comm8999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comm9999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comme099.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comme199.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comme299.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comme399.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comme499.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comme599.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comme699.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comme799.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comme899.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comme999.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\commen09.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\commen19.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\commen29.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\commen39.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\commen49.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\commen59.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\commen69.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\commen79.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\commen89.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\commen99.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comment.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comment0.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comment1.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comment2.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comment3.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comment4.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comment5.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comment6.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comment7.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comment8.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\comment9.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007102020071021\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF9467.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Inetpub\wwwroot\db\desktop.ini Object is locked skipped
C:\Inetpub\wwwroot\db\_vti_pvt\botinfs.cnf Object is locked skipped
C:\Inetpub\wwwroot\db\_vti_pvt\bots.cnf Object is locked skipped
C:\Inetpub\wwwroot\db\_vti_pvt\deptodoc.btr Object is locked skipped
C:\Inetpub\wwwroot\db\_vti_pvt\doctodep.btr Object is locked skipped
C:\Inetpub\wwwroot\db\_vti_pvt\fpdbw.ico Object is locked skipped
C:\Inetpub\wwwroot\db\_vti_pvt\linkinfo.btr Object is locked skipped
C:\Inetpub\wwwroot\db\_vti_pvt\service.cnf Object is locked skipped
C:\Inetpub\wwwroot\db\_vti_pvt\service.lck Object is locked skipped
C:\Inetpub\wwwroot\db\_vti_pvt\services.cnf Object is locked skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\ibdata1 Object is locked skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\ib_logfile0 Object is locked skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\ib_logfile1 Object is locked skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\SA60.err Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ib12 Object is locked skipped
C:\WINDOWS\Temp\ib13 Object is locked skipped
C:\WINDOWS\Temp\ib14 Object is locked skipped
C:\WINDOWS\Temp\ib15 Object is locked skipped
C:\WINDOWS\Temp\ib16 Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.



Is my pc clean?
ahjin is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-19-2007, 10:04 PM   #38 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,562
OS: WinXP and Vista


Re: How to remove Email-Worm.Win32.Rays
According to this latest Kaspersky scan, yes. It is only reporting all the deleted items in the DrWeb Quarantine.

If your programs are working properly, you can go ahead and empty that Quarantine folder.

I take it you found this same infection on the 98 PC?
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-19-2007, 11:58 PM   #39 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 366
OS: xp


Re: How to remove Email-Worm.Win32.Rays
Yes, the same infection on the 98 pc which I scanned yesterday (I manage to scan 1 only).
How do I empty the Quarantine folder of DrWeb?Just delete all the files in the folder?
ahjin is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-19-2007, 11:59 PM   #40 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 366
OS: xp


Re: How to remove Email-Worm.Win32.Rays
Does it mean that the pc is clean after I empty the Quarantine folder?
ahjin is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 2 of 3 1 2 3

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 05:06 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85