Virus: Packed.Monder and trojans: Downloader.Zlob.ANTY and SHeur2.ARBS

View previous topic View next topic Go down

Re: Virus: Packed.Monder and trojans: Downloader.Zlob.ANTY and SHeur2.ARBS

Post by Koriander on Tue Jul 28, 2009 9:26 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-27 12:35 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-01-18 137216]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-17 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-17 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-22 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-25 1948440]
"AVGIDS"="c:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" [2009-02-26 1579528]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-11-17 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-25 10:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [2009-02-26 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-07-25 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-07-25 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-07-25 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-07-25 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-07-25 298776]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-07-25 1368952]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe [2009-02-26 5576712]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [2009-02-26 563720]
R2 ComodoBackupService;ComodoBackupService;c:\program files\Comodo\BackUp\CmdBkSvc.exe [2009-06-06 1023488]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-07-25 29208]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys [2009-02-26 121352]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys [2009-02-26 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys [2009-02-26 27232]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-07-25 29208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-07-28 c:\windows\Tasks\User_Feed_Synchronization-{60DEF766-08B7-4C4F-B5E9-562B13BD6EC7}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

2009-07-28 c:\windows\Tasks\User_Feed_Synchronization-{9E7CD024-AE9D-4426-A89F-BA3A119A6AFC}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

2009-07-28 c:\windows\Tasks\User_Feed_Synchronization-{C7899E23-2FC5-49C6-971C-389E42CD9F71}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\vcca8g3j.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Personal\bin\np_prsnl.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
.

**************************************************************************

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-28 23:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(248)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\searchindexer.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2009-07-28 23:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-28 21:20
ComboFix2.txt 2009-07-27 23:24

Pre-Run: 258 832 523 264 bytes free
Post-Run: 258 788 446 208 bytes free

357 --- E O F --- 2009-07-28 20:10

Koriander
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2009-07-22
OS : Windows XP Pro 2002 SP3

View user profile

Back to top Go down

Re: Virus: Packed.Monder and trojans: Downloader.Zlob.ANTY and SHeur2.ARBS

Post by Belahzur on Wed Jul 29, 2009 5:46 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Virus: Packed.Monder and trojans: Downloader.Zlob.ANTY and SHeur2.ARBS

Post by Koriander on Wed Jul 29, 2009 6:13 pm

Since I didn't really had any problems before I don't experience any difference. Is there any way I could check if everything is ok? Like running a full scan with AVG? Or is nortons on-line scanner better?

Koriander
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2009-07-22
OS : Windows XP Pro 2002 SP3

View user profile

Back to top Go down

Re: Virus: Packed.Monder and trojans: Downloader.Zlob.ANTY and SHeur2.ARBS

Post by Origin on Wed Jul 29, 2009 6:48 pm

I would recommend installing Avira free edition, its a way better AV then AVG:

[You must be registered and logged in to see this link.]

You can do a full scan with the AV and if it catches something post it back here, also can you do another Malwarebytes scan and post the log back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: Virus: Packed.Monder and trojans: Downloader.Zlob.ANTY and SHeur2.ARBS

Post by Koriander on Wed Jul 29, 2009 7:16 pm

I did a quick scan with Malwarebytes. I will now install your recommended AVan do a full scan with it.

Malwarebytes log file:

Malwarebytes' Anti-Malware 1.39
Database version: 2504
Windows 5.1.2600 Service Pack 3

2009-07-29 21:14:08
mbam-log-2009-07-29 (21-13-57).txt

Scan type: Quick Scan
Objects scanned: 99482
Time elapsed: 6 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Admin\Desktop\avenger.exe (Trojan.Agnet) -> No action taken.

Koriander
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2009-07-22
OS : Windows XP Pro 2002 SP3

View user profile

Back to top Go down

Re: Virus: Packed.Monder and trojans: Downloader.Zlob.ANTY and SHeur2.ARBS

Post by Origin on Wed Jul 29, 2009 8:11 pm

Everything looks clean, that was a false positive, it was a program we use to detect rootkits Wink


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: Virus: Packed.Monder and trojans: Downloader.Zlob.ANTY and SHeur2.ARBS

Post by Koriander on Wed Jul 29, 2009 9:07 pm

Avira found these threats:

#1

Information from Avira database:
Virus: TR/Dropper.Gen
Date discovered: 19/06/2007
Type: Trojan
Subtype: Dropper
In the wild: Yes
Reported Infections: Low
Distribution Potential: Low
Damage Potential: Low
Static file: No
Engine version: 7.04.00.34

#2
object: svchost
detection: DR/Agent.cqva

No details could be found in Avira database

Log report:



Avira AntiVir Personal
Report file date: den 29 juli 2009 21:42

Scanning for 1577820 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Admin
Computer name : KLAS

Version information:
BUILD.DAT : 9.0.0.403 17961 Bytes 6/3/2009 17:05:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 5/11/2009 08:14:47
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 09:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 11:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 19:35:15
ANTIVIR2.VDF : 7.1.4.253 1779200 Bytes 7/19/2009 19:37:24
ANTIVIR3.VDF : 7.1.5.47 350720 Bytes 7/29/2009 19:37:56
Engineversion : 8.2.0.234
AEVDF.DLL : 8.1.1.1 106868 Bytes 4/30/2009 10:52:04
AEscript.DLL : 8.1.2.21 450939 Bytes 7/29/2009 19:39:27
AESCN.DLL : 8.1.2.4 127348 Bytes 7/29/2009 19:39:17
AERDL.DLL : 8.1.2.4 430452 Bytes 7/29/2009 19:39:13
AEPACK.DLL : 8.1.3.18 401783 Bytes 5/27/2009 15:07:20
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/29/2009 19:39:02
AEHEUR.DLL : 8.1.0.147 1884536 Bytes 7/29/2009 19:39:00
AEHELP.DLL : 8.1.5.3 233846 Bytes 7/29/2009 19:38:22
AEGEN.DLL : 8.1.1.51 352629 Bytes 7/29/2009 19:38:12
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 13:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 7/29/2009 19:38:05
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 09:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 14:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 09:19:48

Configuration settings for the scan:
Jobname.............................: Manual Selection
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\PROFILES\folder.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+JOKE,+PCK,+SPR,

Start of the scan: den 29 juli 2009 21:42

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'WindowsSearch.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'NvMixerTray.exe' - '1' Module(s) have been scanned
Scan process 'nvraidservice.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
Scan process 'tcpsvcs.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'inetinfo.exe' - '1' Module(s) have been scanned
Scan process 'CmdBkSvc.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '54' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\Klas Karis\My Documents\Downloads\setup.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
Begin scan in 'D:\'
D:\Backup\Documents and Settings\Klas Karis\Local Settings\Temp\svchost.exe
[DETECTION] Contains recognition pattern of the DR/Agent.cqva dropper
D:\Backup\Documents and Settings\Klas Karis\Local Settings\Temporary Internet Files\Content.IE5\0HOYRLBA\svchost[1].exe
[DETECTION] Contains recognition pattern of the DR/Agent.cqva dropper
D:\Backup\Documents and Settings\Klas Karis\My Documents\Downloads\setup.exe
[DETECTION] Is the TR/Dropper.Gen Trojan

Beginning disinfection:
C:\Documents and Settings\Klas Karis\My Documents\Downloads\setup.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4ae4ba41.qua'!
D:\Backup\Documents and Settings\Klas Karis\Local Settings\Temp\svchost.exe
[DETECTION] Contains recognition pattern of the DR/Agent.cqva dropper
[NOTE] The file was moved to '4ad3ba53.qua'!
D:\Backup\Documents and Settings\Klas Karis\Local Settings\Temporary Internet Files\Content.IE5\0HOYRLBA\svchost[1].exe
[DETECTION] Contains recognition pattern of the DR/Agent.cqva dropper
[NOTE] The file was moved to '4bbe5094.qua'!
D:\Backup\Documents and Settings\Klas Karis\My Documents\Downloads\setup.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4ae4ba42.qua'!


End of the scan: den 29 juli 2009 23:06
Used time: 1:00:07 Hour(s)

The scan has been done completely.

21401 Scanned directories
459905 Files were scanned
4 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
4 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
459899 Files not concerned
4090 Archives were scanned
2 Warnings
6 Notes

Koriander
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2009-07-22
OS : Windows XP Pro 2002 SP3

View user profile

Back to top Go down

Re: Virus: Packed.Monder and trojans: Downloader.Zlob.ANTY and SHeur2.ARBS

Post by Belahzur on Thu Jul 30, 2009 6:46 pm

Hello.
The files found were deleted.

How is it now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Virus: Packed.Monder and trojans: Downloader.Zlob.ANTY and SHeur2.ARBS

Post by Koriander on Thu Jul 30, 2009 6:49 pm

Nothing, I suppose. If Avira did it's job I think it's clean. No warnings or anything since like two days ago or something.

Koriander
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2009-07-22
OS : Windows XP Pro 2002 SP3

View user profile

Back to top Go down

Re: Virus: Packed.Monder and trojans: Downloader.Zlob.ANTY and SHeur2.ARBS

Post by Koriander on Thu Jul 30, 2009 6:57 pm

So if I'm good (but even if I'm not Cheesy Grin (sparkly ) I really appreciated your help and everything! Now I don't to need to bike to my university to check my bank accounts and stuff Smile
THANKS GP!

Koriander
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2009-07-22
OS : Windows XP Pro 2002 SP3

View user profile

Back to top Go down

Re: Virus: Packed.Monder and trojans: Downloader.Zlob.ANTY and SHeur2.ARBS

Post by Origin on Fri Jul 31, 2009 3:35 pm

Glad we could help Wink

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum