Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

trojan.virtumonde/trojan.agent

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Re: trojan.virtumonde/trojan.agent

Unread postby Shaba » May 19th, 2008, 4:20 am

Hi

Looks better :)

Open HijackThis, click do a system scan only and checkmark these:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
O2 - BHO: (no name) - {D92321BF-3D8F-4F66-8716-5E5F84D0533F} - (no file)
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe

Close all windows including browser and press fix checked.

Reboot.

Delete if present:

c:/windows/homepage.html

Empty Recycle Bin.

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As... button (see red arrow below)
    Image
  • In the Save as... prompt, select Desktop
  • In the File name box, name the file KasScan-ddmmyy (or similar)
  • In the Save as type prompt, select Text file (see below)
    Image
  • Now click on the Save as Text button
  • Savethe file to your desktop.
  • Copy and paste that information in your next post.

Note: This scanner will work with Internet Explorer Only! Keep ALL other programs closed during the scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top
Advertisement
Register to Remove

Re: trojan.virtumonde/trojan.agent

Unread postby poisnivy13 » May 19th, 2008, 6:38 pm

whoa! lots going on:

kas scan:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 19, 2008 12:34:44 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/05/2008
Kaspersky Anti-Virus database records: 786008
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
F:\

Scan Statistics:
Total number of scanned objects: 79473
Number of viruses found: 28
Number of infected objects: 174
Number of suspicious objects: 40
Duration of the scan process: 02:03:00

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\Captain Andy's\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Captain Andy's\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Captain Andy's\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Captain Andy's\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\Captain Andy's\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\Captain Andy's\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Captain Andy's\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Captain Andy's\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Captain Andy's\Local Settings\Temp\JET57CF.tmp Object is locked skipped
C:\Documents and Settings\Captain Andy's\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Captain Andy's\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Captain Andy's\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\Log\CHANNEL.LOG Object is locked skipped
C:\Program Files\Intuit\QuickBooks Point of Sale 5.0\Update\Patch\Components\DownloadQB16\Pospatch\.update\.QBLock.lck Object is locked skipped
C:\Program Files\Spyware Doctor\NetworkLayer\InterfaceDLL.txt Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\default.htm.vir Infected: not-virus:Hoax.HTML.Secureinvites.b skipped
C:\QooBox\Quarantine\catchme2008-05-09_ 94502.60.zip/clbdriver.sys Infected: Rootkit.Win32.Agent.aii skipped
C:\QooBox\Quarantine\catchme2008-05-09_ 94502.60.zip/clbdll.dll Infected: Trojan-Downloader.Win32.Small.uzg skipped
C:\QooBox\Quarantine\catchme2008-05-09_ 94502.60.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP849\A0086376.sys Infected: Rootkit.Win32.Agent.aii skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP851\A0086484.exe Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP851\A0086486.exe Infected: not-a-virus:AdWare.Win32.AdBand.z skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP852\A0088700.old Infected: Trojan-Downloader.Win32.Small.ixt skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP853\A0089418.sys Infected: Trojan.Win32.Pakes.cwd skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP853\A0089419.exe Infected: Trojan.Win32.Agent.lke skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP853\A0089425.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP853\A0089425.exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP853\A0089425.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP856\A0089631.old Infected: Trojan-Downloader.Win32.Agent.nua skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP874\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7E0OMQJW\update[1].upd Infected: Trojan-Downloader.Win32.Small.uzg skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\Accounting\ED\DOCUMENTS\SPREADSHEETS\Boat Sales 2008\BOAT SALES - MAY 2008.xls Object is locked skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/13 May 2004 19:31 from L-Soft list server at FEAT (1.8e):Rejecte.eml/[From andy@capt-andys.com][Date Thu, 13 May 2004 09:45:34 -1000]/UNNAMED/your_website.pif Infected: Email-Worm.Win32.NetSky.d skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/13 May 2004 19:31 from L-Soft list server at FEAT (1.8e):Rejecte.eml/[From andy@capt-andys.com][Date Thu, 13 May 2004 09:45:34 -1000]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/13 May 2004 19:31 from L-Soft list server at FEAT (1.8e):Rejecte.eml Infected: Email-Worm.Win32.NetSky.d skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/16 Mar 2004 18:01 from Mail Delivery System:Mail delivery failed.eml/[From andy@capt-andys.com][Date Mon, 15 Mar 2004 22:19:47 -1000]/UNNAMED/document.pif Infected: Email-Worm.Win32.NetSky.d skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/16 Mar 2004 18:01 from Mail Delivery System:Mail delivery failed.eml/[From andy@capt-andys.com][Date Mon, 15 Mar 2004 22:19:47 -1000]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/16 Mar 2004 18:01 from Mail Delivery System:Mail delivery failed.eml Infected: Email-Worm.Win32.NetSky.d skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/03 Feb 2004 18:01 from postmaster@minerva.com.au:Delivery failur.eml/[From andy@capt-andys.com][Date Tue, 3 Feb 2004 04:40:08 -1000]/document.zip/document.txt .exe Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/03 Feb 2004 18:01 from postmaster@minerva.com.au:Delivery failur.eml/[From andy@capt-andys.com][Date Tue, 3 Feb 2004 04:40:08 -1000]/document.zip Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/03 Feb 2004 18:01 from postmaster@minerva.com.au:Delivery failur.eml Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/03 Feb 2004 00:15 from MAILER-DAEMON@maui.hawaiian.net:failure n.eml/[From andy@capt-andys.com][Date Mon, 2 Feb 2004 14:23:36 -1000]/UNNAMED/message.exe Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/03 Feb 2004 00:15 from MAILER-DAEMON@maui.hawaiian.net:failure n.eml/[From andy@capt-andys.com][Date Mon, 2 Feb 2004 14:23:36 -1000]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/03 Feb 2004 00:15 from MAILER-DAEMON@maui.hawaiian.net:failure n.eml Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/28 Jan 2004 18:02 from john@discountborders.org:Mail Transaction/data.zip/data.scr Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/28 Jan 2004 18:02 from john@discountborders.org:Mail Transaction/data.zip Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/28 Jan 2004 00:00 from MAILER-DAEMON@bsdpop.netcarrier.net:failu.eml/[From andy@capt-andys.com][Date Tue, 27 Jan 2004 14:01:40 -1000]/UNNAMED/text.pif Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/28 Jan 2004 00:00 from MAILER-DAEMON@bsdpop.netcarrier.net:failu.eml/[From andy@capt-andys.com][Date Tue, 27 Jan 2004 14:01:40 -1000]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/28 Jan 2004 00:00 from MAILER-DAEMON@bsdpop.netcarrier.net:failu.eml Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/22 Sep 2003 18:01 from MS Network Email System:Failure Report.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/09 Sep 2003 23:00 from jsaito:Re: G03-0724/051003RATES (1).xls.exe Infected: Email-Worm.Win32.Tanatos.b.dam2 skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/26 Jun 2003 20:00 from GOTANDA@law.villanova.edu:Re: Application/your_details.zip/details.pif Infected: Email-Worm.Win32.Sobig.e skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/26 Jun 2003 20:00 from GOTANDA@law.villanova.edu:Re: Application/your_details.zip Infected: Email-Worm.Win32.Sobig.e skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/26 Jun 2003 20:00 from postmaster@royalstate.com:Delivery Status/26 Jun 2003 19:52 from Andrew Evans:Re: Application/your_details.zip/details.pif Infected: Email-Worm.Win32.Sobig.e skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/26 Jun 2003 20:00 from postmaster@royalstate.com:Delivery Status/26 Jun 2003 19:52 from Andrew Evans:Re: Application/your_details.zip Infected: Email-Worm.Win32.Sobig.e skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/05 Jun 2003 23:15 from Enika Toth:rate request/3m.doc.scr Infected: Email-Worm.Win32.Tanatos.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/05 Jun 2003 19:30 from Tom Bartlett:Fw: cwt Wixom Senior Group/ACTIONST.WPD.scr Infected: Email-Worm.Win32.Tanatos.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/18 May 2003 22:30 from support@microsoft.com:Approved (Ref: 3844/password.pif Infected: Email-Worm.Win32.Sobig.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/14 Jan 2003 14:01 from real:So cool a flash,enjoy it.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/14 Jan 2003 14:01 from real:So cool a flash,enjoy it/Pyu.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/17 Aug 2002 00:31 from webmaster:New Roman.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/17 Aug 2002 00:31 from webmaster:New Roman/New.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 Aug 2002 01:33 from wel3REld:Hello,meeting notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 Aug 2002 01:33 from wel3REld:Hello,meeting notice/backup4.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/04 Aug 2002 07:01 from postgradstudy:Re:Andy,sos!.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/04 Aug 2002 07:01 from postgradstudy:Re:Andy,sos!/Nfor.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/05 Jul 2002 13:01 from postmaster:Undeliverable mail--"Privacy P/END.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/29 Jun 2002 06:01 from aslanbme:.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/29 Jun 2002 06:01 from aslanbme:/MTSDownloadSites.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/23 Jun 2002 18:01 from Hahaha:Snowhite and the Seven Dwarfs - Th/dwarf4you.exe Infected: Email-Worm.Win32.Hybris.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/14 Jun 2002 23:01 from Poppacarl:RealNetworks, Inc..rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/14 Jun 2002 23:01 from Poppacarl:RealNetworks, Inc./Inc..pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/22 May 2002 07:16 from Maui Jet Skis Unlimited:You can unload yo/conventional.exe Infected: Email-Worm.Win32.Magistr.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/13 May 2002 09:16 from dashiell:Hello,Andy,the Garden of Eden.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/13 May 2002 09:16 from dashiell:Hello,Andy,the Garden of Eden/a.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/13 May 2002 09:16 from tradewind:A very excite game/picacu.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/13 May 2002 06:17 from mkido:Of Service.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/13 May 2002 06:17 from mkido:Of Service/engines.scr Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/12 May 2002 18:16 from shamapua:Club Area to find profiles of yo.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/12 May 2002 18:16 from shamapua:Club Area to find profiles of yo/Dh.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/11 May 2002 20:16 from mirasharan:Hi,Andy,the Garden of Eden.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/11 May 2002 20:16 from mirasharan:Hi,Andy,the Garden of Eden/Fdhg.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 May 2002 16:17 from Robert:A new game/play.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 May 2002 16:17 from nautilus:Re:andy,look,my beautiful girl f.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 May 2002 16:17 from nautilus:Re:andy,look,my beautiful girl f/Setup.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 May 2002 16:17 from Phil:Re:some questions.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 May 2002 16:17 from Phil:Re:some questions/Pvmc.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 May 2002 15:16 from curtinmaritime:Look,my beautiful girl fri.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 May 2002 15:16 from curtinmaritime:Look,my beautiful girl fri/Ujx.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/09 May 2002 14:16 from artp:A WinXP patch.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/09 May 2002 14:16 from artp:A WinXP patch/Ol.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/09 May 2002 01:16 from panalberto:A WinXP patch.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/09 May 2002 01:16 from panalberto:A WinXP patch/WERE.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/08 May 2002 20:18 from sailing:W32.Klez.E removal tools/setup.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/07 May 2002 12:16 from dat:Questionnaire.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/07 May 2002 12:16 from dat:Questionnaire/src.scr Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/07 May 2002 00:16 from ismarine:Mar 29 2002 16.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/07 May 2002 00:16 from ismarine:Mar 29 2002 16/Mar 29.scr Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/06 May 2002 23:16 from carolynturpin1:A powful tool/Dm.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/30 Apr 2002 15:16 from fila_faco:Worm Klez.E immunity/Rx.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/30 Apr 2002 03:15 from ossipoff:Meeting notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/30 Apr 2002 03:15 from ossipoff:Meeting notice/En.scr Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/26 Apr 2002 07:16 from ayamamoto1:W32.Klez.E removal tools/install.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/26 Apr 2002 01:17 from rezentesc:A humour game/setup.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/26 Apr 2002 01:17 from postmaster:Undeliverable mail--"some ques/Fql.scr Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/25 Apr 2002 02:16 from kimos:Please try again.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/25 Apr 2002 02:16 from kimos:Please try again/Zph.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 20:16 from htf:Re:let's be friends.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 20:16 from htf:Re:let's be friends/Ukd.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 19:16 from pshoji:Sos!.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 19:16 from pshoji:Sos!/Si.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 16:16 from Malia:A special new game/picacu.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 16:16 from endofem:A excite game/snoopy.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 16:16 from soka:A excite game/picacu.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 12:16 from lcollier:Honey.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 12:16 from lcollier:Honey/Ezsd.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 12:16 from bremner3:A IE 6.0 patch/Gxoh.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 09:16 from senmatsunaga:Japanese girl VS playboy.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 09:16 from senmatsunaga:Japanese girl VS playboy/Mv.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/20 Apr 2002 06:18 from shooks:Congratulations.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/20 Apr 2002 06:18 from shooks:Congratulations/Rp.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/20 Apr 2002 06:18 from beherman:So cool a flash,enjoy it.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/20 Apr 2002 06:18 from beherman:So cool a flash,enjoy it/Hpc.scr Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/20 Apr 2002 03:16 from Mezes:A special new website/Glw.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/19 Apr 2002 12:16 from ROwen:Congratulations.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/19 Apr 2002 12:16 from ROwen:Congratulations/text.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/19 Apr 2002 09:16 from lauriejo:A new game/kitty.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/18 Apr 2002 01:16 from Kula Lynn:In the spirit of Act 168, the D/DRAFT.com Infected: Email-Worm.Win32.Magistr.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/04 Mar 2002 23:47 from Hahaha:Snowhite and the Seven Dwarfs - Th/sexy virgin.scr Infected: Email-Worm.Win32.Hybris.gen skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/27 Nov 2001 08:46 from George and Noel Walker:Re: Your new nephe/SEARCHURL.MP3.pif Infected: Email-Worm.Win32.BadtransII skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/13 Nov 2001 19:46 from Hahaha:Snowhite and the Seven Dwarfs - Th/midgets.scr Infected: Email-Worm.Win32.Hybris.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/11 Nov 2001 22:47 from maggie:Last week ended on such a good not/feeling.pif Infected: Email-Worm.Win32.Magistr.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/30 Sep 2001 06:48 from Hahaha:Snowhite and the Seven Dwarfs - Th/midgets.scr Infected: Email-Worm.Win32.Hybris.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/31 Aug 2001 21:48 from Candice Ahlstromer:luken lot map/luken lot map.doc.com Infected: Email-Worm.Win32.Sircam.c skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/30 Aug 2001 09:46 from Administrator:Microsoftpop3 guide/Microsoftpop3 guide.doc.bat Infected: Email-Worm.Win32.Sircam.c skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/30 Jul 2001 04:32 from Linda Estes:June 14/June 14.doc.pif Infected: Email-Worm.Win32.Sircam.c skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 Jul 2001 19:31 from Toni Marie Davis:Re: RE: hearing testimon/YOU_are_FAT!.TXT.pif Infected: Email-Worm.Win32.Badtrans.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/30 May 2001 05:31 from Edie Hafdahl:Homepage/homepage.HTML.vbs Infected: Email-Worm.VBS.Homepage skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/20 Apr 2001 08:30 from Hahaha:Snowhite and the Seven Dwarfs - Th/midgets.scr Infected: Email-Worm.Win32.Hybris.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Toni Kauahi:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Shelley Anthony:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Reservations:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Natalie:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Microsoft Schedule+ Free/Busy Connector (SE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Luchelle:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to LAURA ANN PRICE:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Kukuiula Store:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Kelly Kupo:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Jory Mata:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to JENNY FEE:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to fun:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Ed Philpot:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Dave Wooley:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Caroline:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:10 to Andy Evans:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:10 to Administrator:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst MailMSMaill: infected - 97, suspicious - 27 skipped
F:\Migrated Mail\Done\dave.pst/Personal Folders/Deleted Items/29 Jan 2004 18:01 from leo@roar.com:Server Report/document.zip/document.pif Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\Done\dave.pst/Personal Folders/Deleted Items/29 Jan 2004 18:01 from leo@roar.com:Server Report/document.zip Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\Done\dave.pst/Personal Folders/Deleted Items/29 Jan 2004 18:01 from brent@verizon.net:Error/document.zip/document.exe Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\Done\dave.pst/Personal Folders/Deleted Items/29 Jan 2004 18:01 from brent@verizon.net:Error/document.zip Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\Done\dave.pst MailMSMaill: infected - 4 skipped
F:\Migrated Mail\Done\ed.pst/Personal Folders/Deleted Items/14 Jan 2003 14:01 from napali:Honey.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\Done\ed.pst/Personal Folders/Deleted Items/14 Jan 2003 14:01 from napali:Honey/Xrhh.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\Done\ed.pst/Personal Folders/Deleted Items/06 Aug 2002 22:02 from Sgampon:W32.Klez.E removal tools/setup.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\Done\ed.pst/Personal Folders/Deleted Items/05 Aug 2002 21:06 from chantal:A good tool/Rxdt.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\Done\ed.pst/Personal Folders/Deleted Items/04 Dec 2001 20:47 from grallo@dellepro.com:Mom's Poems/Mom's Poems.doc.lnk Infected: Email-Worm.Win32.Sircam.c skipped
F:\Migrated Mail\Done\ed.pst/Personal Folders/Deleted Items/19 Jun 2001 18:30 from Caroline Shaffer:Homepage/homepage.HTML.vbs Infected: Email-Worm.VBS.Homepage skipped
F:\Migrated Mail\Done\ed.pst MailMSMaill: infected - 5, suspicious - 1 skipped
F:\Migrated Mail\Done\fun.pst/Personal Folders/Deleted Items/14 May 2004 21:46 from junior@hotmail.com:Re: Mail Server/message_fun.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
F:\Migrated Mail\Done\fun.pst/Personal Folders/Deleted Items/14 May 2004 21:46 from junior@hotmail.com:Re: Mail Server/message_fun.zip Infected: Email-Worm.Win32.NetSky.q skipped
F:\Migrated Mail\Done\fun.pst/Personal Folders/Deleted Items/13 May 2004 13:46 from su@email.com:Re: List/my_numbers.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
F:\Migrated Mail\Done\fun.pst/Personal Folders/Deleted Items/13 May 2004 13:46 from su@email.com:Re: List/my_numbers.zip Infected: Email-Worm.Win32.NetSky.q skipped
F:\Migrated Mail\Done\fun.pst/Personal Folders/Inbox/24 Feb 2004 19:45 from john.henning@dwd.state.wi.us:Accident/textfile.zip/textfile.txt .pif Infected: Email-Worm.Win32.Mydoom.e skipped
F:\Migrated Mail\Done\fun.pst/Personal Folders/Inbox/24 Feb 2004 19:45 from john.henning@dwd.state.wi.us:Accident/textfile.zip Infected: Email-Worm.Win32.Mydoom.e skipped
F:\Migrated Mail\Done\fun.pst/Personal Folders/Sent Items/24 Feb 2004 21:30 to Kim Olivier:FW: Accident/textfile.zip/textfile.txt .pif Infected: Email-Worm.Win32.Mydoom.e skipped
F:\Migrated Mail\Done\fun.pst/Personal Folders/Sent Items/24 Feb 2004 21:30 to Kim Olivier:FW: Accident/textfile.zip Infected: Email-Worm.Win32.Mydoom.e skipped
F:\Migrated Mail\Done\fun.pst MailMSMaill: infected - 8 skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/06 Aug 2002 22:02 from llike:Introduction on ADSL.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/06 Aug 2002 22:02 from llike:Introduction on ADSL/Toolbar[1].bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/06 Aug 2002 09:04 from kuuipookauai:If bSync .rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/06 Aug 2002 09:04 from kuuipookauai:If bSync /Ilbcd.scr Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/06 Aug 2002 09:04 from desiree:NavFrm.SynchTopic(cd).rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/06 Aug 2002 09:04 from desiree:NavFrm.SynchTopic(cd)/kitty.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/06 Aug 2002 06:02 from Sgampon:Look,my beautiful girl friend.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/06 Aug 2002 06:02 from Sgampon:Look,my beautiful girl friend/style.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/06 Aug 2002 05:04 from moesrus1:Hello,eager to see you.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/06 Aug 2002 05:04 from moesrus1:Hello,eager to see you/ClothesWomen[1].pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/06 Aug 2002 05:04 from kyler:Marginheight.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/06 Aug 2002 05:04 from kyler:Marginheight/Liqfr.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/06 Aug 2002 01:02 from wshimabu:Re:jenny,sos!.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/06 Aug 2002 01:02 from wshimabu:Re:jenny,sos!/Cojec.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/04 Aug 2002 06:02 from jmata:Worm Klez.E immunity/font.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/03 Aug 2002 10:02 from desiree:Worm Klez.E immunity/we dont.scr Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/02 Aug 2002 09:02 from carmen_cavalotto:Introduction on ADSL.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/02 Aug 2002 09:02 from carmen_cavalotto:Introduction on ADSL/of your.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/02 Aug 2002 08:03 from gregjennydaniel:A WinXP patch.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/02 Aug 2002 08:03 from gregjennydaniel:A WinXP patch/Wmnmk.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/05 Dec 2001 22:47 from grallo@dellepro.com:This concerns an inci/This concerns an incident that happened on 03.doc.lnk Infected: Email-Worm.Win32.Sircam.c skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/19 Sep 2001 13:46 from Hahaha:Snowhite and the Seven Dwarfs - Th/sexy virgin.scr Infected: Email-Worm.Win32.Hybris.gen skipped
F:\Migrated Mail\Done\jenny.pst MailMSMaill: infected - 13, suspicious - 9 skipped
F:\Migrated Mail\Done\kim.pst/Personal Folders/Deleted Items/09 Apr 2004 23:45 from leonardp:Delayed file removal..rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\Done\kim.pst/Personal Folders/Deleted Items/30 Mar 2004 23:15 from skoeppen:Hello,ed,japanese girl VS playbo.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\Done\kim.pst/Personal Folders/Deleted Items/26 Mar 2004 23:45 from BCDC1414:Happy Lady Day.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\Done\kim.pst/Personal Folders/Deleted Items/27 Jun 2003 00:42 from Fun:FW: Movie/your_details.zip/details.pif Infected: Email-Worm.Win32.Sobig.e skipped
F:\Migrated Mail\Done\kim.pst/Personal Folders/Deleted Items/27 Jun 2003 00:42 from Fun:FW: Movie/your_details.zip Infected: Email-Worm.Win32.Sobig.e skipped
F:\Migrated Mail\Done\kim.pst/Personal Folders/Inbox/24 Feb 2004 21:30 from Fun:FW: Accident/textfile.zip/textfile.txt .pif Infected: Email-Worm.Win32.Mydoom.e skipped
F:\Migrated Mail\Done\kim.pst/Personal Folders/Inbox/24 Feb 2004 21:30 from Fun:FW: Accident/textfile.zip Infected: Email-Worm.Win32.Mydoom.e skipped
F:\Migrated Mail\Done\kim.pst MailMSMaill: infected - 4, suspicious - 3 skipped
F:\Migrated Mail\Done\laura.pst/Personal Folders/Deleted Items/13 Oct 2001 09:46 from Hahaha:Snowhite and the Seven Dwarfs - Th/dwarf4you.exe Infected: Email-Worm.Win32.Hybris.b skipped
F:\Migrated Mail\Done\laura.pst MailMSMaill: infected - 1 skipped
F:\Migrated Mail\Done\toni.pst/Personal Folders/Inbox/10 May 2004 20:46 from Valenciak:Re: Thank you!/Loves_money.hta Infected: Email-Worm.Win32.Bagle.z skipped
F:\Migrated Mail\Done\toni.pst MailMSMaill: infected - 1 skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:10 to Administrator:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:10 to Andy Evans:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Caroline:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Dave Wooley:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Ed Philpot:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to fun:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to JENNY FEE:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Jory Mata:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Kelly Kupo:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Kukuiula Store:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to LAURA ANN PRICE:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Luchelle:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Microsoft Schedule+ Free/Busy Connector (SE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Natalie:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Reservations:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Shelley Anthony:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Toni Kauahi:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst MailMSMaill: infected - 17 skipped
F:\Program Files\Exchsrvr\mdbdata\priv1.edb Object is locked skipped
F:\Program Files\Exchsrvr\mdbdata\priv1.stm Object is locked skipped
F:\Program Files\TapeWare\database\TW000028.023 Object is locked skipped
F:\Program Files\TapeWare\database\TW000028.F00 Object is locked skipped
F:\Program Files\TapeWare\database\TW000028.F03 Object is locked skipped
F:\Program Files\TapeWare\database\TW6XXINS.TWD Object is locked skipped
F:\Program Files\TapeWare\database\TW6XXMED.TWD Object is locked skipped
F:\Program Files\TapeWare\database\TW6XXOBJ.TWD Object is locked skipped
F:\Program Files\TapeWare\database\TW6XXPRP.TWD Object is locked skipped
F:\Program Files\TapeWare\TwTrace.Txt Object is locked skipped
F:\QBDATA\Zodiac.QBW Object is locked skipped
F:\QBDATA\Zodiac.QBW.TLG Object is locked skipped

Scan process completed.


hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:30 PM, on 5/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.napali.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: printcon.bat
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\PROGRA~1\iestuff\PLUGINS\npqtplugin3.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{62893D28-0F71-43DC-9500-4DA29213787F}: NameServer = 192.168.2.6
O18 - Protocol: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\WINDOWS\system32\QBPOSProtocol.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe

--
End of file - 6880 bytes


thank you!
melissa
poisnivy13
Regular Member
 
Posts: 16
Joined: May 1st, 2008, 4:38 pm
Top

Re: trojan.virtumonde/trojan.agent

Unread postby Shaba » May 20th, 2008, 8:06 am

Hi

Do you need these mail accounts?

F:\Migrated Mail\and\andy.pst
F:\Migrated Mail\Done\dave.pst
F:\Migrated Mail\Done\ed.pst
F:\Migrated Mail\Done\fun.pst
F:\Migrated Mail\Done\jenny.pst
F:\Migrated Mail\Done\kim.pst
F:\Migrated Mail\Done\laura.pst
F:\Migrated Mail\Done\toni.pst
F:\Misc\backup.pst
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: trojan.virtumonde/trojan.agent

Unread postby poisnivy13 » May 20th, 2008, 1:57 pm

i don't see why. i'll go through and delete what i can. i see that there's alot of old, bad stuff in there...
poisnivy13
Regular Member
 
Posts: 16
Joined: May 1st, 2008, 4:38 pm
Top

Re: trojan.virtumonde/trojan.agent

Unread postby Shaba » May 20th, 2008, 2:03 pm

Hi

OK :)

Empty this folder as well:

C:\QooBox\Quarantine\

Empty Recycle Bin.

And do this:

Please download ATF Cleaner by Atribune and save
it to desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit to close ATF-Cleaner.

Re-scan with kaspersky.

Post:

- a fresh HijackThis log
- kaspersky report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: trojan.virtumonde/trojan.agent

Unread postby poisnivy13 » May 22nd, 2008, 7:02 pm

aloha!

i've deleted some of the old email files but the ones left i need to go through and sort, some of them are wanted. will do that soon.

hijackthis log and kaspersky report following:


hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:30 PM, on 5/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.napali.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: printcon.bat
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\PROGRA~1\iestuff\PLUGINS\npqtplugin3.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{62893D28-0F71-43DC-9500-4DA29213787F}: NameServer = 192.168.2.6
O18 - Protocol: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\WINDOWS\system32\QBPOSProtocol.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe

--
End of file - 6897 bytes



kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 22, 2008 12:56:33 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/05/2008
Kaspersky Anti-Virus database records: 795933
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
F:\

Scan Statistics:
Total number of scanned objects: 79529
Number of viruses found: 26
Number of infected objects: 136
Number of suspicious objects: 27
Duration of the scan process: 01:57:54

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\Captain Andy's\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Captain Andy's\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Captain Andy's\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Captain Andy's\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\Captain Andy's\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\Captain Andy's\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Captain Andy's\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Captain Andy's\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Captain Andy's\Local Settings\History\History.IE5\MSHist012008052220080523\index.dat Object is locked skipped
C:\Documents and Settings\Captain Andy's\Local Settings\Temp\JETE9DE.tmp Object is locked skipped
C:\Documents and Settings\Captain Andy's\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Captain Andy's\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Captain Andy's\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Spyware Doctor\NetworkLayer\InterfaceDLL.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP849\A0086376.sys Infected: Rootkit.Win32.Agent.aii skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP851\A0086484.exe Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP851\A0086486.exe Infected: not-a-virus:AdWare.Win32.AdBand.z skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP852\A0088700.old Infected: Trojan-Downloader.Win32.Small.ixt skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP853\A0089418.sys Infected: Trojan.Win32.Pakes.cwd skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP853\A0089419.exe Infected: Trojan.Win32.Agent.lke skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP853\A0089425.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP853\A0089425.exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP853\A0089425.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP856\A0089631.old Infected: Trojan-Downloader.Win32.Agent.nua skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7E0OMQJW\update[1].upd Infected: Trojan-Downloader.Win32.Small.uzg skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\Accounting\ED\DOCUMENTS\SPREADSHEETS\Boat Sales 2008\BOAT SALES - MAY 2008.xls Object is locked skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/13 May 2004 19:31 from L-Soft list server at FEAT (1.8e):Rejecte.eml/[From andy@capt-andys.com][Date Thu, 13 May 2004 09:45:34 -1000]/UNNAMED/your_website.pif Infected: Email-Worm.Win32.NetSky.d skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/13 May 2004 19:31 from L-Soft list server at FEAT (1.8e):Rejecte.eml/[From andy@capt-andys.com][Date Thu, 13 May 2004 09:45:34 -1000]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/13 May 2004 19:31 from L-Soft list server at FEAT (1.8e):Rejecte.eml Infected: Email-Worm.Win32.NetSky.d skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/16 Mar 2004 18:01 from Mail Delivery System:Mail delivery failed.eml/[From andy@capt-andys.com][Date Mon, 15 Mar 2004 22:19:47 -1000]/UNNAMED/document.pif Infected: Email-Worm.Win32.NetSky.d skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/16 Mar 2004 18:01 from Mail Delivery System:Mail delivery failed.eml/[From andy@capt-andys.com][Date Mon, 15 Mar 2004 22:19:47 -1000]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/16 Mar 2004 18:01 from Mail Delivery System:Mail delivery failed.eml Infected: Email-Worm.Win32.NetSky.d skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/03 Feb 2004 18:01 from postmaster@minerva.com.au:Delivery failur.eml/[From andy@capt-andys.com][Date Tue, 3 Feb 2004 04:40:08 -1000]/document.zip/document.txt .exe Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/03 Feb 2004 18:01 from postmaster@minerva.com.au:Delivery failur.eml/[From andy@capt-andys.com][Date Tue, 3 Feb 2004 04:40:08 -1000]/document.zip Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/03 Feb 2004 18:01 from postmaster@minerva.com.au:Delivery failur.eml Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/03 Feb 2004 00:15 from MAILER-DAEMON@maui.hawaiian.net:failure n.eml/[From andy@capt-andys.com][Date Mon, 2 Feb 2004 14:23:36 -1000]/UNNAMED/message.exe Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/03 Feb 2004 00:15 from MAILER-DAEMON@maui.hawaiian.net:failure n.eml/[From andy@capt-andys.com][Date Mon, 2 Feb 2004 14:23:36 -1000]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/03 Feb 2004 00:15 from MAILER-DAEMON@maui.hawaiian.net:failure n.eml Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/28 Jan 2004 18:02 from john@discountborders.org:Mail Transaction/data.zip/data.scr Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/28 Jan 2004 18:02 from john@discountborders.org:Mail Transaction/data.zip Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/28 Jan 2004 00:00 from MAILER-DAEMON@bsdpop.netcarrier.net:failu.eml/[From andy@capt-andys.com][Date Tue, 27 Jan 2004 14:01:40 -1000]/UNNAMED/text.pif Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/28 Jan 2004 00:00 from MAILER-DAEMON@bsdpop.netcarrier.net:failu.eml/[From andy@capt-andys.com][Date Tue, 27 Jan 2004 14:01:40 -1000]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/28 Jan 2004 00:00 from MAILER-DAEMON@bsdpop.netcarrier.net:failu.eml Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/22 Sep 2003 18:01 from MS Network Email System:Failure Report.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/09 Sep 2003 23:00 from jsaito:Re: G03-0724/051003RATES (1).xls.exe Infected: Email-Worm.Win32.Tanatos.b.dam2 skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/26 Jun 2003 20:00 from GOTANDA@law.villanova.edu:Re: Application/your_details.zip/details.pif Infected: Email-Worm.Win32.Sobig.e skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/26 Jun 2003 20:00 from GOTANDA@law.villanova.edu:Re: Application/your_details.zip Infected: Email-Worm.Win32.Sobig.e skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/26 Jun 2003 20:00 from postmaster@royalstate.com:Delivery Status/26 Jun 2003 19:52 from Andrew Evans:Re: Application/your_details.zip/details.pif Infected: Email-Worm.Win32.Sobig.e skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/26 Jun 2003 20:00 from postmaster@royalstate.com:Delivery Status/26 Jun 2003 19:52 from Andrew Evans:Re: Application/your_details.zip Infected: Email-Worm.Win32.Sobig.e skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/05 Jun 2003 23:15 from Enika Toth:rate request/3m.doc.scr Infected: Email-Worm.Win32.Tanatos.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/05 Jun 2003 19:30 from Tom Bartlett:Fw: cwt Wixom Senior Group/ACTIONST.WPD.scr Infected: Email-Worm.Win32.Tanatos.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/18 May 2003 22:30 from support@microsoft.com:Approved (Ref: 3844/password.pif Infected: Email-Worm.Win32.Sobig.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/14 Jan 2003 14:01 from real:So cool a flash,enjoy it.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/14 Jan 2003 14:01 from real:So cool a flash,enjoy it/Pyu.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/17 Aug 2002 00:31 from webmaster:New Roman.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/17 Aug 2002 00:31 from webmaster:New Roman/New.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 Aug 2002 01:33 from wel3REld:Hello,meeting notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 Aug 2002 01:33 from wel3REld:Hello,meeting notice/backup4.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/04 Aug 2002 07:01 from postgradstudy:Re:Andy,sos!.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/04 Aug 2002 07:01 from postgradstudy:Re:Andy,sos!/Nfor.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/05 Jul 2002 13:01 from postmaster:Undeliverable mail--"Privacy P/END.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/29 Jun 2002 06:01 from aslanbme:.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/29 Jun 2002 06:01 from aslanbme:/MTSDownloadSites.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/23 Jun 2002 18:01 from Hahaha:Snowhite and the Seven Dwarfs - Th/dwarf4you.exe Infected: Email-Worm.Win32.Hybris.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/14 Jun 2002 23:01 from Poppacarl:RealNetworks, Inc..rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/14 Jun 2002 23:01 from Poppacarl:RealNetworks, Inc./Inc..pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/22 May 2002 07:16 from Maui Jet Skis Unlimited:You can unload yo/conventional.exe Infected: Email-Worm.Win32.Magistr.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/13 May 2002 09:16 from dashiell:Hello,Andy,the Garden of Eden.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/13 May 2002 09:16 from dashiell:Hello,Andy,the Garden of Eden/a.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/13 May 2002 09:16 from tradewind:A very excite game/picacu.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/13 May 2002 06:17 from mkido:Of Service.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/13 May 2002 06:17 from mkido:Of Service/engines.scr Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/12 May 2002 18:16 from shamapua:Club Area to find profiles of yo.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/12 May 2002 18:16 from shamapua:Club Area to find profiles of yo/Dh.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/11 May 2002 20:16 from mirasharan:Hi,Andy,the Garden of Eden.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/11 May 2002 20:16 from mirasharan:Hi,Andy,the Garden of Eden/Fdhg.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 May 2002 16:17 from Robert:A new game/play.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 May 2002 16:17 from nautilus:Re:andy,look,my beautiful girl f.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 May 2002 16:17 from nautilus:Re:andy,look,my beautiful girl f/Setup.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 May 2002 16:17 from Phil:Re:some questions.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 May 2002 16:17 from Phil:Re:some questions/Pvmc.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 May 2002 15:16 from curtinmaritime:Look,my beautiful girl fri.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 May 2002 15:16 from curtinmaritime:Look,my beautiful girl fri/Ujx.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/09 May 2002 14:16 from artp:A WinXP patch.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/09 May 2002 14:16 from artp:A WinXP patch/Ol.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/09 May 2002 01:16 from panalberto:A WinXP patch.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/09 May 2002 01:16 from panalberto:A WinXP patch/WERE.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/08 May 2002 20:18 from sailing:W32.Klez.E removal tools/setup.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/07 May 2002 12:16 from dat:Questionnaire.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/07 May 2002 12:16 from dat:Questionnaire/src.scr Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/07 May 2002 00:16 from ismarine:Mar 29 2002 16.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/07 May 2002 00:16 from ismarine:Mar 29 2002 16/Mar 29.scr Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/06 May 2002 23:16 from carolynturpin1:A powful tool/Dm.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/30 Apr 2002 15:16 from fila_faco:Worm Klez.E immunity/Rx.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/30 Apr 2002 03:15 from ossipoff:Meeting notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/30 Apr 2002 03:15 from ossipoff:Meeting notice/En.scr Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/26 Apr 2002 07:16 from ayamamoto1:W32.Klez.E removal tools/install.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/26 Apr 2002 01:17 from rezentesc:A humour game/setup.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/26 Apr 2002 01:17 from postmaster:Undeliverable mail--"some ques/Fql.scr Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/25 Apr 2002 02:16 from kimos:Please try again.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/25 Apr 2002 02:16 from kimos:Please try again/Zph.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 20:16 from htf:Re:let's be friends.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 20:16 from htf:Re:let's be friends/Ukd.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 19:16 from pshoji:Sos!.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 19:16 from pshoji:Sos!/Si.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 16:16 from Malia:A special new game/picacu.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 16:16 from endofem:A excite game/snoopy.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 16:16 from soka:A excite game/picacu.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 12:16 from lcollier:Honey.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 12:16 from lcollier:Honey/Ezsd.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 12:16 from bremner3:A IE 6.0 patch/Gxoh.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 09:16 from senmatsunaga:Japanese girl VS playboy.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 09:16 from senmatsunaga:Japanese girl VS playboy/Mv.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/20 Apr 2002 06:18 from shooks:Congratulations.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/20 Apr 2002 06:18 from shooks:Congratulations/Rp.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/20 Apr 2002 06:18 from beherman:So cool a flash,enjoy it.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/20 Apr 2002 06:18 from beherman:So cool a flash,enjoy it/Hpc.scr Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/20 Apr 2002 03:16 from Mezes:A special new website/Glw.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/19 Apr 2002 12:16 from ROwen:Congratulations.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/19 Apr 2002 12:16 from ROwen:Congratulations/text.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/19 Apr 2002 09:16 from lauriejo:A new game/kitty.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/18 Apr 2002 01:16 from Kula Lynn:In the spirit of Act 168, the D/DRAFT.com Infected: Email-Worm.Win32.Magistr.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/04 Mar 2002 23:47 from Hahaha:Snowhite and the Seven Dwarfs - Th/sexy virgin.scr Infected: Email-Worm.Win32.Hybris.gen skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/27 Nov 2001 08:46 from George and Noel Walker:Re: Your new nephe/SEARCHURL.MP3.pif Infected: Email-Worm.Win32.BadtransII skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/13 Nov 2001 19:46 from Hahaha:Snowhite and the Seven Dwarfs - Th/midgets.scr Infected: Email-Worm.Win32.Hybris.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/11 Nov 2001 22:47 from maggie:Last week ended on such a good not/feeling.pif Infected: Email-Worm.Win32.Magistr.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/30 Sep 2001 06:48 from Hahaha:Snowhite and the Seven Dwarfs - Th/midgets.scr Infected: Email-Worm.Win32.Hybris.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/31 Aug 2001 21:48 from Candice Ahlstromer:luken lot map/luken lot map.doc.com Infected: Email-Worm.Win32.Sircam.c skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/30 Aug 2001 09:46 from Administrator:Microsoftpop3 guide/Microsoftpop3 guide.doc.bat Infected: Email-Worm.Win32.Sircam.c skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/30 Jul 2001 04:32 from Linda Estes:June 14/June 14.doc.pif Infected: Email-Worm.Win32.Sircam.c skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 Jul 2001 19:31 from Toni Marie Davis:Re: RE: hearing testimon/YOU_are_FAT!.TXT.pif Infected: Email-Worm.Win32.Badtrans.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/30 May 2001 05:31 from Edie Hafdahl:Homepage/homepage.HTML.vbs Infected: Email-Worm.VBS.Homepage skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/20 Apr 2001 08:30 from Hahaha:Snowhite and the Seven Dwarfs - Th/midgets.scr Infected: Email-Worm.Win32.Hybris.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Toni Kauahi:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Shelley Anthony:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Reservations:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Natalie:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Microsoft Schedule+ Free/Busy Connector (SE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Luchelle:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to LAURA ANN PRICE:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Kukuiula Store:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Kelly Kupo:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Jory Mata:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to JENNY FEE:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to fun:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Ed Philpot:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Dave Wooley:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Caroline:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:10 to Andy Evans:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:10 to Administrator:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst MailMSMaill: infected - 97, suspicious - 27 skipped
F:\Migrated Mail\Done\fun.pst/Personal Folders/Deleted Items/14 May 2004 21:46 from junior@hotmail.com:Re: Mail Server/message_fun.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
F:\Migrated Mail\Done\fun.pst/Personal Folders/Deleted Items/14 May 2004 21:46 from junior@hotmail.com:Re: Mail Server/message_fun.zip Infected: Email-Worm.Win32.NetSky.q skipped
F:\Migrated Mail\Done\fun.pst/Personal Folders/Deleted Items/13 May 2004 13:46 from su@email.com:Re: List/my_numbers.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
F:\Migrated Mail\Done\fun.pst/Personal Folders/Deleted Items/13 May 2004 13:46 from su@email.com:Re: List/my_numbers.zip Infected: Email-Worm.Win32.NetSky.q skipped
F:\Migrated Mail\Done\fun.pst/Personal Folders/Inbox/24 Feb 2004 19:45 from john.henning@dwd.state.wi.us:Accident/textfile.zip/textfile.txt .pif Infected: Email-Worm.Win32.Mydoom.e skipped
F:\Migrated Mail\Done\fun.pst/Personal Folders/Inbox/24 Feb 2004 19:45 from john.henning@dwd.state.wi.us:Accident/textfile.zip Infected: Email-Worm.Win32.Mydoom.e skipped
F:\Migrated Mail\Done\fun.pst/Personal Folders/Sent Items/24 Feb 2004 21:30 to Kim Olivier:FW: Accident/textfile.zip/textfile.txt .pif Infected: Email-Worm.Win32.Mydoom.e skipped
F:\Migrated Mail\Done\fun.pst/Personal Folders/Sent Items/24 Feb 2004 21:30 to Kim Olivier:FW: Accident/textfile.zip Infected: Email-Worm.Win32.Mydoom.e skipped
F:\Migrated Mail\Done\fun.pst MailMSMaill: infected - 8 skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:10 to Administrator:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:10 to Andy Evans:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Caroline:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Dave Wooley:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Ed Philpot:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to fun:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to JENNY FEE:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Jory Mata:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Kelly Kupo:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Kukuiula Store:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to LAURA ANN PRICE:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Luchelle:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Microsoft Schedule+ Free/Busy Connector (SE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Natalie:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Reservations:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Shelley Anthony:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Toni Kauahi:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst MailMSMaill: infected - 17 skipped
F:\Program Files\Exchsrvr\mdbdata\priv1.edb Object is locked skipped
F:\Program Files\Exchsrvr\mdbdata\priv1.stm Object is locked skipped
F:\Program Files\TapeWare\database\TW000028.023 Object is locked skipped
F:\Program Files\TapeWare\database\TW000028.F00 Object is locked skipped
F:\Program Files\TapeWare\database\TW000028.F03 Object is locked skipped
F:\Program Files\TapeWare\database\TW6XXINS.TWD Object is locked skipped
F:\Program Files\TapeWare\database\TW6XXMED.TWD Object is locked skipped
F:\Program Files\TapeWare\database\TW6XXOBJ.TWD Object is locked skipped
F:\Program Files\TapeWare\database\TW6XXPRP.TWD Object is locked skipped
F:\Program Files\TapeWare\TwTrace.Txt Object is locked skipped
F:\QBDATA\Cap2003.QBW Object is locked skipped
F:\QBDATA\Cap2003.QBW.TLG Object is locked skipped

Scan process completed.


thank you!!
melissa
poisnivy13
Regular Member
 
Posts: 16
Joined: May 1st, 2008, 4:38 pm
Top

Re: trojan.virtumonde/trojan.agent

Unread postby Shaba » May 23rd, 2008, 5:17 am

Hi

That's OK :)

We are almost there.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: Select all
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7E0OMQJW\update[1].upd

  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: trojan.virtumonde/trojan.agent

Unread postby poisnivy13 » May 23rd, 2008, 2:20 pm

aloha!

results from moveit:

< C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7E0OMQJW\update[1].upd >
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7E0OMQJW\update[1].upd moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05232008_081925

thank you!
melissa
poisnivy13
Regular Member
 
Posts: 16
Joined: May 1st, 2008, 4:38 pm
Top

Re: trojan.virtumonde/trojan.agent

Unread postby Shaba » May 24th, 2008, 4:33 am

Hi

That looks good :)

Any problems left?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: trojan.virtumonde/trojan.agent

Unread postby poisnivy13 » May 26th, 2008, 4:13 am

everything looks good to me! thank you so much!
send me a message if you find yourself on kauai and i'll set you up with some sight-seeing trips!

mahalo
melissa
poisnivy13
Regular Member
 
Posts: 16
Joined: May 1st, 2008, 4:38 pm
Top

Re: trojan.virtumonde/trojan.agent

Unread postby Shaba » May 26th, 2008, 5:44 am

Hi

I will :)

Just one thing left.

Please click Start > Run and type in: services.msc
Click OK
In the Services window find: VundoFix Service (VundoFixSvc)
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK

Now, go to Start > Run, and copy/paste the following into the Open box:
sc delete VundoFixSvc
Click: OK

Reboot.

Post back a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: trojan.virtumonde/trojan.agent

Unread postby poisnivy13 » May 26th, 2008, 3:37 pm

ooh almost there!

hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:34 AM, on 5/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.napali.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: printcon.bat
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\PROGRA~1\iestuff\PLUGINS\npqtplugin3.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{62893D28-0F71-43DC-9500-4DA29213787F}: NameServer = 192.168.2.6
O18 - Protocol: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\WINDOWS\system32\QBPOSProtocol.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6638 bytes


thank you!
m
poisnivy13
Regular Member
 
Posts: 16
Joined: May 1st, 2008, 4:38 pm
Top

Re: trojan.virtumonde/trojan.agent

Unread postby Shaba » May 27th, 2008, 9:10 am

Hi

That looks good :)

Any problems left?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: trojan.virtumonde/trojan.agent

Unread postby poisnivy13 » May 27th, 2008, 3:25 pm

i think we're good! thank you so much!
poisnivy13
Regular Member
 
Posts: 16
Joined: May 1st, 2008, 4:38 pm
Top

Re: trojan.virtumonde/trojan.agent

Unread postby Shaba » May 28th, 2008, 9:39 am

Hi

Then you're clean!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.
  • Scroll down to where it saysThe Java SE Runtime Environment (JRE) allows end-users to run Java applications..
  • Click the Download button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

Now lets uninstall ComboFix:

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

Next we remove all used tools.

Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

  • Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and re-enable system restore here:

    Windows XP System Restore Guide

Re-enable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

    Malwarebytes' Anti-Malware Setup Guide

    Malwarebytes' Anti-Malware Scanning Guide

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.

    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:

    Instructions for Spybot S & D

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
  • Comodo BOCLEAN <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean! :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top
Advertisement
Register to Remove
PreviousNext
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 129 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index