1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Virus Warnings In Windows Security Trojans, Worms, Hijack

Discussion in 'Malware and Virus Removal Archive' started by Gideon, 2010/04/15.

Page 5 of 5
  1. 2010/06/30
    Gideon

    Gideon Inactive Thread Starter

    Joined:
    2006/08/23
    Messages:
    175
    Likes Received:
    0
    Ok I think I got it right this time.


    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Wednesday, June 30, 2010
    Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Wednesday, June 30, 2010 13:04:25
    Records in database: 4262748
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    K:\
    L:\
    V:\
    W:\
    X:\
    Y:\
    Z:\

    Scan statistics:
    Objects scanned: 163630
    Threats found: 9
    Infected objects found: 14
    Suspicious objects found: 0
    Scan duration: 05:11:36


    File name / Threat / Threats count
    C:\WINDOWS\system32\winlogon.exe/C:\WINDOWS\system32\winlogon.exe Infected: Trojan-Downloader.Win32.Small.aply 1
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B4000E.VBN Infected: Packed.Win32.PolyCrypt.b 1
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN Infected: Trojan-Downloader.Win32.Agent.axqv 1
    C:\Documents and Settings\Gideon\Application Data\Sun\Java\Deployment\cache\6.0\19\76786953-7d2faa3c Infected: Exploit.Java.Agent.ar 1
    C:\Documents and Settings\Gideon\Application Data\Sun\Java\Deployment\cache\6.0\19\76786953-7d2faa3c Infected: Exploit.Java.Agent.as 1
    C:\Documents and Settings\Gideon\Application Data\Sun\Java\Deployment\cache\6.0\34\1aa46a62-3b206021 Infected: Trojan-Downloader.Java.Agent.fe 3
    C:\Documents and Settings\Gideon\Desktop\Bullet Proof FTP Server SETUP.exe Infected: not-a-virus:Server-FTP.Win32.BulletProof.231 1
    C:\Program Files\Bullet Proof FTP Server\bpftpserver.exe Infected: not-a-virus:Server-FTP.Win32.BulletProof.231 1
    C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP653\A0156304.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ao 1
    C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP664\A0157438.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ao 1
    C:\System Volume Information\_restore{96027AD5-E722-4EFD-AF04-950681CE3C7D}\RP3\A0000170.exe Infected: Trojan.Win32.Patched.aa 1
    C:\WINDOWS\system32\winlogon.exe Infected: Trojan-Downloader.Win32.Small.aply 1

    Selected area has been scanned.
     
    Gideon,
    #81
  2. 2010/06/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    How is your computer doing at the moment?
    I suspect, that winlogon.exe "thingy" may be just false positive.

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL

:Services

:Reg

:Files
C:\Documents and Settings\Gideon\Application Data\Sun\Java\Deployment\cache\6.0\19
C:\Documents and Settings\Gideon\Application Data\Sun\Java\Deployment\cache\6.0\34

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
    broni,
    #82


  3. to hide this advert.

  4. 2010/07/09
    Gideon

    Gideon Inactive Thread Starter

    Joined:
    2006/08/23
    Messages:
    175
    Likes Received:
    0
    Hey broni I'm back. I have been in the hospital for a lil bit because of an accident. I am completing your last instructions now. The computer is doing pretty good. A couple of weird things here and there but over all It's doing pretty good.
     
    Gideon,
    #83
  5. 2010/07/09
    Gideon

    Gideon Inactive Thread Starter

    Joined:
    2006/08/23
    Messages:
    175
    Likes Received:
    0
    Ok, when I try to run fix it I get a message saying Cannot create file C:\WINDOWS\System32\drivers\ect\hosts.

    Should I still reboot and do a quick scan?
     
    Gideon,
    #84
  6. 2010/07/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'm very sorry to hear about your hospital visit :(

    As for the "hosts" message, remove [resethosts] line from my fix and run the script.
     
    broni,
    #85
  7. 2010/07/11
    Gideon

    Gideon Inactive Thread Starter

    Joined:
    2006/08/23
    Messages:
    175
    Likes Received:
    0
    Ok I will get on this in the morning. I will have more time at home so we should be able to get this done a little quicker.
     
    Gideon,
    #86
  8. 2010/07/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok :)
     
    broni,
    #87
  9. 2010/07/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I hope, you're doing OK after your accident? :)
     
    broni,
    #88
  10. 2010/07/23
    Gideon

    Gideon Inactive Thread Starter

    Joined:
    2006/08/23
    Messages:
    175
    Likes Received:
    0
    I'm doing pretty good I had to go back again. I will carry out your last instructions today.
     
    Gideon,
    #89
  11. 2010/07/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok :)
     
    broni,
    #90
  12. 2010/07/26
    Gideon

    Gideon Inactive Thread Starter

    Joined:
    2006/08/23
    Messages:
    175
    Likes Received:
    0
    Ok Broni I competed the last step however after the scan the message asks me if I want to reboot when I select yes it the pc doesn't reboot. Should I complete a quick scan?
     
    Gideon,
    #91
  13. 2010/07/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Restart computer manually.
    Please, post "Quick scan" log and let me know how is your computer doing overall?
     
    broni,
    #92
Page 5 of 5

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...