1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Worm.vb.ee? Nasty little sucker. Tried everything.

Discussion in 'Malware and Virus Removal Archive' started by thechalkboard, 2006/07/14.

Thread Status:
Not open for further replies.
Page 2 of 2
  1. 2006/07/18
    thechalkboard

    thechalkboard Inactive Thread Starter

    Joined:
    2006/07/14
    Messages:
    15
    Likes Received:
    0
    Here we go.....

    WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

    If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

    »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
    Internet Explorer Version: 6.0.2900.2180

    »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

    Checking %SystemDrive% folder...

    Checking %ProgramFilesDir% folder...

    Checking %WinDir% folder...

    Checking %System% folder...
    PEC2 8/18/2001 5:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
    PTech 4/10/2006 1:00:34 PM 555824 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
    aspack 7/6/2006 6:21:48 PM 6757792 C:\WINDOWS\SYSTEM32\MRT.exe
    aspack 8/4/2004 1:56:38 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
    Umonitor 8/4/2004 1:56:46 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
    winsync 8/18/2001 5:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

    Checking %System%\Drivers folder and sub-folders...
    PTech 8/3/2004 11:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

    Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


    Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
    7/17/2006 5:21:12 PM S 2048 C:\WINDOWS\bootstat.dat
    7/17/2006 8:00:30 PM H 54156 C:\WINDOWS\QTFont.qfn
    7/17/2006 5:21:16 PM S 64 C:\WINDOWS\CSC\00000001
    7/14/2006 10:40:42 PM S 64 C:\WINDOWS\CSC\00000002
    7/7/2006 9:05:58 PM S 64 C:\WINDOWS\CSC\csc1.tmp
    6/15/2006 8:20:16 AM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\be3cd03b66506e8a65846df9858bba1d\BIT482C.tmp
    7/17/2006 5:22:06 PM H 51624 C:\WINDOWS\system32\vsconfig.xml
    7/9/2006 12:10:44 AM H 4212 C:\WINDOWS\system32\zllictbl.dat
    6/22/2006 4:18:30 AM S 13309 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat
    5/29/2006 9:16:00 AM S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916281.cat
    6/1/2006 1:28:56 PM S 11043 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat
    7/18/2006 1:26:18 PM H 1024 C:\WINDOWS\system32\config\default.LOG
    7/17/2006 5:24:18 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
    7/18/2006 1:18:34 PM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
    7/18/2006 1:31:16 PM H 24576 C:\WINDOWS\system32\config\software.LOG
    7/18/2006 1:19:06 PM H 1024 C:\WINDOWS\system32\config\system.LOG
    7/14/2006 11:57:10 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
    6/28/2006 8:44:12 PM S 558 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
    6/28/2006 8:44:12 PM S 144 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
    7/15/2006 10:18:20 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\d49dd5f1-f3ce-432b-8b48-b6545462a2eb
    7/15/2006 10:18:20 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
    5/31/2006 8:06:06 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\e3852a8c-6023-4d86-8e40-aa8c1ff6ce7d
    5/31/2006 8:06:06 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
    7/17/2006 5:21:30 PM H 6 C:\WINDOWS\Tasks\SA.DAT

    Checking for CPL files...
    Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
    Microsoft Corporation 8/4/2004 1:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
    Microsoft Corporation 8/4/2004 1:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
    Microsoft Corporation 8/4/2004 1:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
    Microsoft Corporation 8/4/2004 1:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
    Microsoft Corporation 8/4/2004 1:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
    TOSHIBA Corp. 2/19/2002 1:30:08 PM 434176 C:\WINDOWS\SYSTEM32\HWSETUP.CPL
    Microsoft Corporation 8/4/2004 1:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
    Microsoft Corporation 8/4/2004 1:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
    Microsoft Corporation 8/4/2004 1:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
    Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
    Sun Microsystems, Inc. 11/10/2005 2:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
    Microsoft Corporation 8/18/2001 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
    Microsoft Corporation 8/4/2004 1:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
    Microsoft Corporation 8/18/2001 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
    Microsoft Corporation 8/4/2004 1:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
    Microsoft Corporation 8/4/2004 1:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
    Microsoft Corporation 8/18/2001 5:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
    Microsoft Corporation 8/4/2004 1:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
    Microsoft Corporation 8/4/2004 1:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
    Apple Computer, Inc. 4/4/1996 3:11:00 AM R 340480 C:\WINDOWS\SYSTEM32\QTW32.CPL
    Microsoft Corporation 8/4/2004 1:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
    Microsoft Corporation 8/18/2001 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
    Microsoft Corporation 8/4/2004 1:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
    TOSHIBA Corporation 3/19/2002 8:34:04 PM 876544 C:\WINDOWS\SYSTEM32\TPWRSAVE.CPL
    Microsoft Corporation 8/4/2004 1:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
    Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
    YAMAHA CORPORATION 6/27/2003 10:03:50 AM 249856 C:\WINDOWS\SYSTEM32\yacxgc.cpl
    Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

    »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

    Checking files in %ALLUSERSPROFILE%\Startup folder...
    4/15/2002 6:35:38 PM 249856 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\00THotkey.exe
    3/25/2006 9:21:04 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    4/16/2002 4:54:52 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
    7/13/2006 6:13:08 PM 1908 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk

    Checking files in %ALLUSERSPROFILE%\Application Data folder...
    4/16/2002 9:42:44 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
    7/15/2006 7:58:56 AM 0 C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
    6/14/2006 10:36:36 PM 1380 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

    Checking files in %USERPROFILE%\Startup folder...
    4/16/2002 4:54:52 PM HS 84 C:\Documents and Settings\Odyssey\Start Menu\Programs\Startup\desktop.ini
    6/28/2006 8:07:46 AM 1538 C:\Documents and Settings\Odyssey\Start Menu\Programs\Startup\LimeWire On Startup.lnk

    Checking files in %USERPROFILE%\Application Data folder...
    3/25/2006 9:18:24 PM 873 C:\Documents and Settings\Odyssey\Application Data\AdobeDLM.log
    4/16/2002 9:42:44 AM HS 62 C:\Documents and Settings\Odyssey\Application Data\desktop.ini
    3/25/2006 9:18:24 PM 0 C:\Documents and Settings\Odyssey\Application Data\dm.ini

    »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    SV1 =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
    {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZLAVShExt
    {D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
    Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ZLAVShExt
    {D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
    {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
    = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
     
    thechalkboard,
    #21
  2. 2006/07/19
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Nothing found in that log file either. You're good to go.

    Now that you have regained control of your machine, lets keep it clean. Please follow the links below to ensure the highest possible level of protection against any further invasions. The links and the apps are some of the most highly regarded apps in the field of security/protection & detection. Run AdAware & Spybot at least once a week, depending on your surfing habits.
    Spybot Search & Destroy v1.4
    Ad-Aware SE Free v1.06r

    With AdAware and Spybot: DL, install then check for updates, then scan, repair/remove/quarantine anything found. Reboot before next scan with whichever app is next.

    SpywareBlaster will prevent known ActiveX installs, by setting killbits into the registry.
    With Spyware Blaster, just DL, check for updates, enable Internet Explorer protection, and your done! I don't recommend using 'Restricted Sites' protection in SpywareBlaster nor the 'Immunize' feature in Spybot, you can get far greater coverage with IE-SPYADs, listed below.

    To avoid known malware infested sites from loading in IE install IE-SPY ADS.
    And MVPS Hosts File will provide another layer of protection.

    And to prevent unknown applications from being installed on your machine install WinPatrol v10.0.10.

    Another thing I would suggest, is to install SiteAdvisor. It gives sites a few different 'ratings' and while not fool proof, a good additional layer of information about many sites.

    Tutorials for all can be found on my site as well.

    Confused about which apps are good or not? Read about Rogue/Approved Anti Security apps

    And just because you have security apps installed, they are useless unless updated regularly. Keep track of updates for ALL your security needs here:
    Calendar of Updates

    Subscribe to update alerts for all the above security apps here.

    You can also see my own ongoing security testing with all the above apps proving how securely you can safe with them installed.
    TeMerc Test Box Forum

    Happy surfing!
    Tom :D
     
    TeMerc,
    #22


  3. to hide this advert.

  4. 2006/07/19
    thechalkboard

    thechalkboard Inactive Thread Starter

    Joined:
    2006/07/14
    Messages:
    15
    Likes Received:
    0
    All Clean!!!!!

    Thank you so much for your help. I did register with your site and I plan on making a donation. I can imagine how much it would have cost me to send my computer out for repair!@%**&@!? You truly are a guardian angel. Thank you so much!
    Ashley
     
    thechalkboard,
    #23
  5. 2006/07/19
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Glad to have been of service.
     
    TeMerc,
    #24
Page 2 of 2
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...