1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

[Please check Kaspersky Online Scanner Report]

Discussion in 'Malware and Virus Removal Archive' started by keith 1000, 2008/03/17.

  1. 2008/03/17
    keith 1000

    keith 1000 Inactive Thread Starter

    Joined:
    2006/10/23
    Messages:
    72
    Likes Received:
    0
    hi geri
    thanks again for cleaning up my system, i was kind of suprised when you closed my last thread (with a little attitude about downloading lol) without letting me add a couple extra comments.
    1. you questioned a file C:\Windows\system32\ActiveToolBand.dll and we didn't do anything about it
    2. this is the first time i ever handed in a HJT report with out removing anything, unless the combo fix removed some stuff
    3. otherwise all we really removed was a couple files which i downloaded, so was i really infected with a virus or just had a couple infected files?
    please a couple answers

    thanks keith 1000

    P.S. if you don't mind after you went through my system, i was at a friends who swears on NORTON. and swore his system was clean!! well i got him to do a kaspersky online scan and he was shocked at the results, and also did a norton scan again after and it came up clean, but the online scan definatly NOT.
    well hes not really computer savy and would rather not open a account on this site so i told him i would help..
    could you please look at this report for me\him and let me no if things need to be deleted or if there ok (says norton) i've read alot of stuff where people are calling some of these scan (false\positive) results where the files are clean but scanning infected.
    so here is the scan for him and again thanks for helping me again and again

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Friday, March 14, 2008 11:52:27 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 15/03/2008
    Kaspersky Anti-Virus database records: 630642
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\
    G:\
    H:\
    I:\
    J:\

    Scan Statistics:
    Total number of scanned objects: 68602
    Number of viruses found: 4
    Number of infected objects: 11
    Number of suspicious objects: 0
    Duration of the scan process: 00:57:27

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\ccSubSDK\submissions.idx Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\volatile.DAT Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{34F56AF2-034B-4509-9679-999C4AB1800C}.DAT Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{3DCFDD92-B7DB-4296-852E-AC2A4D0275FB}.DAT Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{627218B8-F7D7-4948-9B6E-7495D7A71C5D}.DAT Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{A33C020E-A65D-4A83-8D18-4F111A2976E3}.DAT Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-03-14_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{6742A1F1-5EDF-497D-873F-3C44ED9DD643}.ldb Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{6742A1F1-5EDF-497D-873F-3C44ED9DD643}.sds Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\15EA0CB5.TMP Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\C9969563.TMP Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Trevor Midgley\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-6ba4c05a.zip/vmain.class Infected: Exploit.Java.Gimsh.a skipped
    C:\Documents and Settings\Trevor Midgley\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-6ba4c05a.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\Trevor Midgley\Application Data\Symantec\NPMDataStore\CIMStore.xml Object is locked skipped
    C:\Documents and Settings\Trevor Midgley\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Trevor Midgley\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Trevor Midgley\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Trevor Midgley\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Trevor Midgley\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\Trevor Midgley\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Trevor Midgley\ntuser.dat Object is locked skipped
    C:\Documents and Settings\Trevor Midgley\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
    C:\Program Files\Nero\Nero8\Nero BackItUp\BIU1.txt Object is locked skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\tracking.log Object is locked skipped
    C:\System Volume Information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP287\A0027009.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
    C:\System Volume Information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP287\A0027009.exe 7-Zip: infected - 1 skipped
    C:\System Volume Information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP288\A0028187.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
    C:\System Volume Information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP288\A0028187.exe 7-Zip: infected - 1 skipped
    C:\System Volume Information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP289\A0028377.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
    C:\System Volume Information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP289\A0028377.exe 7-Zip: infected - 1 skipped
    C:\System Volume Information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP324\A0032171.exe Infected: Backdoor.Win32.Bifrose.ayb skipped
    C:\System Volume Information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP325\A0032240.exe Infected: Backdoor.Win32.Bifrose.ayb skipped
    C:\System Volume Information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP326\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt Object is locked skipped
    C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{3DF66C93-FE0D-490F-8575-63D2BAB268CF}.crmlog Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{B71F6278-1E91-445B-9B5D-FF2F88B2F8D0}.bin Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\KCMDNIns.exe Infected: Trojan.Win32.Inject.aed skipped
    C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\temp\JET88C7.tmp Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.
     
    keith 1000,
    #1
  2. 2008/03/17
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Please observe Posting Rules #3 - Meaningful Subject - I have adjusted your title.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2008/03/17
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    keith 1000
    That tool bar is OK.

    You don't understand ?, the files were infected so infected your machine. there is no difference.

    Tammy warned you about P2P, TeMerc didn't which kind of surprises me, I did and your responce...
    as far as p2p software i do, do some downloading i know its never safe but it is the chance we take all of us billions of people,

    And it's you Billions of people that help spread infections, This comment told me that you don't plan on stopping to use P2P file sharing, you know the risks so you can take the chances and the consequences, and one of those consequences is not getting help from me to clean up what you do purposely to infect yourself.

    Now your friends computer.

    His Java Deployment cache is infected, he needs to empty the cache.

    His system restore points are infected, needs to turn off system restore and then reboot, then go back and turn back on system restore.

    That is all that Kaspersky is showing, though that may not be all that is wrong.

    Geri
     
    Geri,
    #3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...