1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Possible BackWeb and/or Conficker Malware

Discussion in 'Malware and Virus Removal Archive' started by madison, 2010/07/03.

Page 2 of 2
  1. 2010/07/09
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    I will need for you to do an on-line scan before I can clear you :).

    Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on the Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
    crunchie,
    #21
  2. 2010/07/10
    madison

    madison Inactive Thread Starter

    Joined:
    2010/02/13
    Messages:
    21
    Likes Received:
    0
    Crunchie,

    I can't get to the "Acceptance" step on Kapersky. It says we need the Java Framework version 1.5 or later. I disabled AVG and have tried to take the steps at the Java website to get whatever we need but it is all pretty confusing to me. Appears there are multiple types/versions/applications of Java available. I checked the Control Panel and here is what shows there:

    Java DB 10.5.3.0
    Java (TM) 6 Update 20
    Java (TM) SE Development Kit 6 Update 20

    Any suggestions?

    I did find the below shown log in the Java Console:

    Java Plug-in 1.6.0_20
    Using JRE version 1.6.0_20-b02 Java HotSpot(TM) Client VM
    User home directory = C:\Documents and Settings\Owner
    ----------------------------------------------------
    c: clear console window
    f: finalize objects on finalization queue
    g: garbage collect
    h: display this help message
    l: dump classloader list
    m: print memory usage
    o: trigger logging
    q: hide console
    r: reload policy configuration
    s: dump system and deployment properties
    t: dump thread list
    v: dump thread stack
    x: clear classloader cache
    0-5: set trace level to <n>
    ----------------------------------------------------


    java.lang.SecurityException: trusted loader attempted to load sandboxed resource from http://www.kaspersky.com/kos/eng/partner/default/
    at com.sun.deploy.security.CPCallbackHandler$ParentCallback.check(Unknown Source)
    at com.sun.deploy.security.CPCallbackHandler$ParentCallback.access$1400(Unknown Source)
    at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.checkResource(Unknown Source)
    at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    Exception: java.lang.SecurityException: trusted loader attempted to load sandboxed resource from http://www.kaspersky.com/kos/eng/partner/default/
    java.lang.SecurityException: trusted loader attempted to load sandboxed resource from http://www.kaspersky.com/kos/eng/partner/default/
    at com.sun.deploy.security.CPCallbackHandler$ParentCallback.check(Unknown Source)
    at com.sun.deploy.security.CPCallbackHandler$ParentCallback.access$1400(Unknown Source)
    at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.checkResource(Unknown Source)
    at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    Exception: java.lang.SecurityException: trusted loader attempted to load sandboxed resource from http://www.kaspersky.com/kos/eng/partner/default/
    java.lang.SecurityException: trusted loader attempted to load sandboxed resource from http://www.java.com/jsp_utils/
    at com.sun.deploy.security.CPCallbackHandler$ParentCallback.check(Unknown Source)
    at com.sun.deploy.security.CPCallbackHandler$ParentCallback.access$1400(Unknown Source)
    at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.checkResource(Unknown Source)
    at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    Exception: java.lang.SecurityException: trusted loader attempted to load sandboxed resource from http://www.java.com/jsp_utils/
    java.lang.SecurityException: trusted loader attempted to load sandboxed resource from http://www.java.com/jsp_utils/
    at com.sun.deploy.security.CPCallbackHandler$ParentCallback.check(Unknown Source)
    at com.sun.deploy.security.CPCallbackHandler$ParentCallback.access$1400(Unknown Source)
    at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.checkResource(Unknown Source)
    at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    Exception: java.lang.SecurityException: trusted loader attempted to load sandboxed resource from http://www.java.com/jsp_utils/
    java.lang.SecurityException: trusted loader attempted to load sandboxed resource from http://www.java.com/applet/TestVM2.jar
    at com.sun.deploy.security.CPCallbackHandler$ParentCallback.check(Unknown Source)
    at com.sun.deploy.security.CPCallbackHandler$ParentCallback.access$1400(Unknown Source)
    at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader.checkResource(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader.getResource(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
    at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    Exception: java.lang.SecurityException: trusted loader attempted to load sandboxed resource from http://www.java.com/applet/TestVM2.jar
    java.lang.SecurityException: trusted loader attempted to load sandboxed resource from http://www.java.com/jsp_utils/
    at com.sun.deploy.security.CPCallbackHandler$ParentCallback.check(Unknown Source)
    at com.sun.deploy.security.CPCallbackHandler$ParentCallback.access$1400(Unknown Source)
    at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.checkResource(Unknown Source)
    at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    Exception: java.lang.SecurityException: trusted loader attempted to load sandboxed resource from http://www.java.com/jsp_utils/
    java.lang.SecurityException: trusted loader attempted to load sandboxed resource from http://www.java.com/jsp_utils/
    at com.sun.deploy.security.CPCallbackHandler$ParentCallback.check(Unknown Source)
    at com.sun.deploy.security.CPCallbackHandler$ParentCallback.access$1400(Unknown Source)
    at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.checkResource(Unknown Source)
    at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    Exception: java.lang.SecurityException: trusted loader attempted to load sandboxed resource from http://www.java.com/jsp_utils/
    java.lang.SecurityException: trusted loader attempted to load sandboxed resource from http://www.java.com/applet/TestVM2.jar
    at com.sun.deploy.security.CPCallbackHandler$ParentCallback.check(Unknown Source)
    at com.sun.deploy.security.CPCallbackHandler$ParentCallback.access$1400(Unknown Source)
    at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader.checkResource(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader.getResource(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
    at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    Exception: java.lang.SecurityException: trusted loader attempted to load sandboxed resource from http://www.java.com/applet/TestVM2.jar
    java.lang.SecurityException: trusted loader attempted to load sandboxed resource from http://www.java.com/jsp_utils/
    at com.sun.deploy.security.CPCallbackHandler$ParentCallback.check(Unknown Source)
    at com.sun.deploy.security.CPCallbackHandler$ParentCallback.access$1400(Unknown Source)
    at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.checkResource(Unknown Source)
    at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    Exception: java.lang.SecurityException: trusted loader attempted to load sandboxed resource from http://www.java.com/jsp_utils/
    java.lang.SecurityException: trusted loader attempted to load sandboxed resource from http://www.java.com/jsp_utils/
    at com.sun.deploy.security.CPCallbackHandler$ParentCallback.check(Unknown Source)
    at com.sun.deploy.security.CPCallbackHandler$ParentCallback.access$1400(Unknown Source)
    at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.checkResource(Unknown Source)
    at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    Exception: java.lang.SecurityException: trusted loader attempted to load sandboxed resource from http://www.java.com/jsp_utils/
    java.lang.SecurityException: trusted loader attempted to load sandboxed resource from http://www.java.com/applet/TestVM2.jar
    at com.sun.deploy.security.CPCallbackHandler$ParentCallback.check(Unknown Source)
    at com.sun.deploy.security.CPCallbackHandler$ParentCallback.access$1400(Unknown Source)
    at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader.checkResource(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath$JarLoader.getResource(Unknown Source)
    at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
    at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    Exception: java.lang.SecurityException: trusted loader attempted to load sandboxed resource from http://www.java.com/applet/TestVM2.jar
     
    madison,
    #22


  3. to hide this advert.

  4. 2010/07/11
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    It should work as your java is up-to-date.

    Try this one instead;

    Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
    • You will need to use Internet Explorer to complete this scan.
    • You will need to temporarily Disable your current Anti-virus program.
    • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
    • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

    NOTE: If you are unable to complete the ESET scan, please try another from the list below:

     
    crunchie,
    #23
  5. 2010/07/11
    madison

    madison Inactive Thread Starter

    Joined:
    2010/02/13
    Messages:
    21
    Likes Received:
    0
    Crunchie,

    Here is the ESET Scanner Log:

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=5f430abd4d0ae24289a0b85bb2b1d245
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-07-11 06:35:38
    # local_time=2010-07-11 02:35:38 (-0500, Eastern Daylight Time)
    # country= "United States "
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=1024 16777191 100 0 5475265 5475265 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=123463
    # found=10
    # cleaned=0
    # scan_time=3512
    C:\hp\recovery\wizard\fscommand\AppRecoveryLink_ret.exe probably a variant of Win32/Spy.Agent trojan 00000000000000000000000000000000 I
    C:\hp\recovery\wizard\fscommand\CDLogic_ret.exe probably a variant of Win32/Spy.Agent trojan 00000000000000000000000000000000 I
    C:\hp\recovery\wizard\fscommand\CreatorLink_ret.exe probably a variant of Win32/Spy.Agent trojan 00000000000000000000000000000000 I
    C:\hp\recovery\wizard\fscommand\RestoreLink_ret.exe probably a variant of Win32/Spy.Agent trojan 00000000000000000000000000000000 I
    C:\hp\recovery\wizard\fscommand\RTCDLink_ret.exe probably a variant of Win32/Spy.Agent trojan 00000000000000000000000000000000 I
    C:\hp\recovery\wizard\fscommand\RunLink_ret.exe probably a variant of Win32/Spy.Agent trojan 00000000000000000000000000000000 I
    C:\hp\recovery\wizard\fscommand\SysRecoveryLink_ret.exe probably a variant of Win32/Spy.Agent trojan 00000000000000000000000000000000 I
    C:\hp\recovery\wizard\fscommand\WizardLink_ret.exe probably a variant of Win32/Spy.Agent trojan 00000000000000000000000000000000 I
    C:\Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\runner.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
    C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
     
    madison,
    #24
  6. 2010/07/11
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    Please run ESET again but this time have it remove what it finds.

    Please report back the results.
     
    crunchie,
    #25
  7. 2010/07/11
    madison

    madison Inactive Thread Starter

    Joined:
    2010/02/13
    Messages:
    21
    Likes Received:
    0
    Crunchie,

    Here is the ESET logfile: (Posted below that is the scan result)

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=5f430abd4d0ae24289a0b85bb2b1d245
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-07-11 06:35:38
    # local_time=2010-07-11 02:35:38 (-0500, Eastern Daylight Time)
    # country= "United States "
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=1024 16777191 100 0 5475265 5475265 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=123463
    # found=10
    # cleaned=0
    # scan_time=3512
    C:\hp\recovery\wizard\fscommand\AppRecoveryLink_ret.exe probably a variant of Win32/Spy.Agent trojan 00000000000000000000000000000000 I
    C:\hp\recovery\wizard\fscommand\CDLogic_ret.exe probably a variant of Win32/Spy.Agent trojan 00000000000000000000000000000000 I
    C:\hp\recovery\wizard\fscommand\CreatorLink_ret.exe probably a variant of Win32/Spy.Agent trojan 00000000000000000000000000000000 I
    C:\hp\recovery\wizard\fscommand\RestoreLink_ret.exe probably a variant of Win32/Spy.Agent trojan 00000000000000000000000000000000 I
    C:\hp\recovery\wizard\fscommand\RTCDLink_ret.exe probably a variant of Win32/Spy.Agent trojan 00000000000000000000000000000000 I
    C:\hp\recovery\wizard\fscommand\RunLink_ret.exe probably a variant of Win32/Spy.Agent trojan 00000000000000000000000000000000 I
    C:\hp\recovery\wizard\fscommand\SysRecoveryLink_ret.exe probably a variant of Win32/Spy.Agent trojan 00000000000000000000000000000000 I
    C:\hp\recovery\wizard\fscommand\WizardLink_ret.exe probably a variant of Win32/Spy.Agent trojan 00000000000000000000000000000000 I
    C:\Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\runner.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
    C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=5f430abd4d0ae24289a0b85bb2b1d245
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-07-11 10:21:54
    # local_time=2010-07-11 06:21:54 (-0500, Eastern Daylight Time)
    # country= "United States "
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=1024 16777191 100 0 5488727 5488727 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=123474
    # found=10
    # cleaned=10
    # scan_time=3626
    C:\hp\recovery\wizard\fscommand\AppRecoveryLink_ret.exe probably a variant of Win32/Spy.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\hp\recovery\wizard\fscommand\CDLogic_ret.exe probably a variant of Win32/Spy.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\hp\recovery\wizard\fscommand\CreatorLink_ret.exe probably a variant of Win32/Spy.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\hp\recovery\wizard\fscommand\RestoreLink_ret.exe probably a variant of Win32/Spy.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\hp\recovery\wizard\fscommand\RTCDLink_ret.exe probably a variant of Win32/Spy.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\hp\recovery\wizard\fscommand\RunLink_ret.exe probably a variant of Win32/Spy.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\hp\recovery\wizard\fscommand\SysRecoveryLink_ret.exe probably a variant of Win32/Spy.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\hp\recovery\wizard\fscommand\WizardLink_ret.exe probably a variant of Win32/Spy.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\runner.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


    ESET SCAN RESULT:

    C:\hp\recovery\wizard\fscommand\AppRecoveryLink_ret.exe probably a variant of Win32/Spy.Agent trojan cleaned by deleting - quarantined
    C:\hp\recovery\wizard\fscommand\CDLogic_ret.exe probably a variant of Win32/Spy.Agent trojan cleaned by deleting - quarantined
    C:\hp\recovery\wizard\fscommand\CreatorLink_ret.exe probably a variant of Win32/Spy.Agent trojan cleaned by deleting - quarantined
    C:\hp\recovery\wizard\fscommand\RestoreLink_ret.exe probably a variant of Win32/Spy.Agent trojan cleaned by deleting - quarantined
    C:\hp\recovery\wizard\fscommand\RTCDLink_ret.exe probably a variant of Win32/Spy.Agent trojan cleaned by deleting - quarantined
    C:\hp\recovery\wizard\fscommand\RunLink_ret.exe probably a variant of Win32/Spy.Agent trojan cleaned by deleting - quarantined
    C:\hp\recovery\wizard\fscommand\SysRecoveryLink_ret.exe probably a variant of Win32/Spy.Agent trojan cleaned by deleting - quarantined
    C:\hp\recovery\wizard\fscommand\WizardLink_ret.exe probably a variant of Win32/Spy.Agent trojan cleaned by deleting - quarantined
    C:\Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\runner.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined
    C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined
     
    madison,
    #26
  8. 2010/07/11
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    Looks good.

    Launch OTL and click on the Cleanup button. Follow the prompts.

    Anything else we can help with?
     
    crunchie,
    #27
  9. 2010/07/12
    madison

    madison Inactive Thread Starter

    Joined:
    2010/02/13
    Messages:
    21
    Likes Received:
    0
    Crunchie,

    We ran the OTL cleanup and I guess we are good to go now. It's great to have a computer this crisp and clean. Again, thanks for all your time and attention. You may now catch up on your sleep.
     
    madison,
    #28
  10. 2010/07/12
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    No worries :). Safe surfing.
     
    crunchie,
    #29
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...