[tdarron]

Quote:

Originally Posted by Kenny94

Your computer has a lot files and games that's why.

Touche.

Anyway, I just got 31 hits of the vundo.gen trojan and one hit of the crypt.xpack.gen trojan, I have both currently quarantined right now. Damn, I thought we had it.

Edit: Scan isnt done just yet, but I should have a log soon.

[Kenny94]

Ok.... I look at them in the AM my time in SC

[tdarron]

Looks like the majority of it is in my system restore points. So I should clear my system restore right? And I have it all in quarantine at the moment.

Avira AntiVir Personal
Report file date: Sunday, March 08, 2009 21:02

Scanning for 1288155 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: FETAL

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 13:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 12:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 17:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 12:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 16:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 18:30:48
ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 3/3/2009 18:30:54
ANTIVIR3.VDF : 7.1.2.135 157696 Bytes 3/7/2009 18:30:55
Engineversion : 8.2.0.105
AEVDF.DLL : 8.1.1.0 106868 Bytes 3/8/2009 18:31:14
AESCRIPT.DLL : 8.1.1.57 356729 Bytes 3/8/2009 18:31:13
AESCN.DLL : 8.1.1.8 127346 Bytes 3/8/2009 18:31:11
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 18:58:38
AEPACK.DLL : 8.1.3.10 397686 Bytes 3/8/2009 18:31:10
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 3/8/2009 18:31:08
AEHEUR.DLL : 8.1.0.104 1634679 Bytes 3/8/2009 18:31:07
AEHELP.DLL : 8.1.2.2 119158 Bytes 3/8/2009 18:31:01
AEGEN.DLL : 8.1.1.25 336243 Bytes 3/8/2009 18:31:00
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 15:05:56
AECORE.DLL : 8.1.6.6 176501 Bytes 3/8/2009 18:30:56
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 15:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 13:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 14:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 17:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 16:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 13:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 17:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 22:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 17:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 17:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 18:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 18:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Sunday, March 08, 2009 21:02

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'KbdDrv.exe' - '1' Module(s) have been scanned
Scan process 'WinCinemaMgr.exe' - '1' Module(s) have been scanned
Scan process 'DTProAgent.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'Steam.exe' - '1' Module(s) have been scanned
Scan process 'CTSched.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'WMP54Gv4.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'fbserver.exe' - '1' Module(s) have been scanned
Scan process 'WLService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'nTuneService.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'fbguard.exe' - '1' Module(s) have been scanned
Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HdThemeEnabler.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
49 processes with 49 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '62' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Qoobox\Quarantine\C\WINDOWS\system32\bigatake.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a1b7ac5.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\cpvhzk.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a2a7ad2.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\doguvuvo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a1b7ad5.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\dwxflg.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a2c7ae2.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ewxqao.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a2c7ae5.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\fgwndo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a2b7ad7.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\fifugiku.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a1a7add.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\hexhot.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a2c7adb.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ioeydz.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a197ae8.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jasamohu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a277adc.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\kuvapovi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a2a7af3.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\misahavu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a277ae9.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\mpywpr.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a2d7af3.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\papamesu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a247ae6.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\puwula.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a2b7afc.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\rijikoyi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a1e7af2.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\rolirefu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a207aff.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\scbzpc.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a167af6.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\sihiyadu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a1c7afe.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\sodimafe.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a187b06.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\sujibiwi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a1e7b0e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\terirunu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a267b01.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\vidinesa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a187b17.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\visegobu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a277b19.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wahewozi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a1c7b15.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wikufalu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a1f7b1f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\xyfwqe.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a1a7b30.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yarewipe.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a267b1a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yijeziye.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a1e7b24.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yrtnll.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a287b30.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\zerunuwa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a267b26.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP212\A0027438.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49e47b3c.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP291\A0038004.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49e47c6c.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP291\A0039025.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.145152 back-door program
[NOTE] The file was moved to '49e47c86.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP322\A0044790.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.145152 back-door program
[NOTE] The file was moved to '49e47cf6.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP325\A0045058.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49e47d2e.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP325\A0045060.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49e47d31.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP325\A0045062.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49e47d33.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP325\A0045064.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49e47d36.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP325\A0045066.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49e47d38.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP325\A0045068.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49e47d3b.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP325\A0045070.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49e47d3d.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP325\A0045073.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49e47d40.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP325\A0045075.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49e47d42.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP325\A0045077.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49e47d44.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP325\A0045079.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49e47d46.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP325\A0045080.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '49e47d5a.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP325\A0045081.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49e47d5c.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP325\A0045082.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49e47d5e.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP325\A0045083.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49e47d60.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP325\A0045084.dll
[DETECTION] Is the TR/Killav.28714 Trojan
[NOTE] The file was moved to '49e47d69.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP325\A0045085.sys
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49e47d6b.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP325\A0045086.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49e47d6d.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP325\A0045089.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49e47d6f.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP325\A0045097.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49e47d71.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP325\A0045098.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49e47d73.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP325\A0045099.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49e47d75.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP325\A0045100.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49e47d77.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP325\A0045101.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49e47d78.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP325\A0045102.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49e47d7a.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP325\A0045103.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49e47d7c.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP325\A0045104.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49e47d7e.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP325\A0045143.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49e47d81.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP329\A0045529.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47d9d.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP329\A0045530.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47da0.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP329\A0045531.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47da2.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP329\A0045532.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47da4.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP329\A0045533.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47da6.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP329\A0045534.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47da7.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP329\A0045535.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47da9.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP329\A0045536.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47dab.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP329\A0045537.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47dac.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP329\A0045538.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47dae.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP329\A0045539.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47daf.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP329\A0045540.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47db1.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP329\A0045541.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47db3.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP329\A0045542.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47db4.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP329\A0045543.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47db6.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP329\A0045544.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47db7.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP329\A0045545.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47db9.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP329\A0045546.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47dba.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP329\A0045547.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47dbc.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP329\A0045548.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47dbe.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP329\A0045549.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47dbf.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP329\A0045550.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47dc1.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP329\A0045551.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47dc3.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP329\A0045552.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47dc4.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP329\A0045553.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47dc6.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP329\A0045554.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47dc7.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP329\A0045555.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47dc9.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP329\A0045556.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47dca.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP330\A0045654.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47dce.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP330\A0045655.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47dd2.qua'!
C:\System Volume Information\_restore{67294B9F-3ED0-4C0A-A0DE-22A20FD61EA3}\RP330\A0045656.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49e47dd3.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: Sunday, March 08, 2009 22:37
Used time: 1:34:38 Hour(s)

The scan has been done completely.

18137 Scanning directories
463032 Files were scanned
94 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
94 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
462934 Files not concerned
8384 Archives were scanned
4 Warnings
94 Notes

[Kenny94]

Quote:

Looks like the majority of it is in my system restore points. So I should clear my system restore right? And I have it all in quarantine at the moment.

Yes it is and the "C:\Qoobox" is ComboFix. So, we are clean....

Some final items:

*Follow these steps to uninstall Combofix and tools used in the removal of malware*
* Click *START* then *RUN*
* Now type *Combofix /u* in the runbox and click *OK*. Note the *space* between the *X* and the *U*, it needs to be there.

• Make sure you have an Internet Connection.
• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Click on the CleanUp! button
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
• Click Yes to begin the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

To SET A NEW RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
5. Click the "More Options" Tab.
6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Graphics for doing this are in the following links if you need them.
How to Create a Restore Point.
How to use Cleanmgr.

======================================

Here is some useful information on keeping your computer clean:

1. Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update.
2. Here are two great Preventive programs

:

1. SpywareBlaster protects you from malicious ActiveX controls and cookies. Make sure and check for updates twice a month.
2. Surf Safe with McAfee's SiteAdisor. SiteAdisor will work with Internet Explorer and Mozilla Firefox. SiteAdisor is a browser plugin that assigns a safety rating to domains listed in your search engine. SiteAdvisor uses the following color codes to indicate the safety level of each site.

1. Red for Warning
2. Yellow for Use Caution
3. Green for Safe
4. Grey for Unknown

Here are the link to install SiteAdisor in Internet Explorer and Firefox



Now you should Clean up your PC


Here are some additional links for you to check out to help you with your computer security.

How did I get infected in the first place.

Secunia software inspector & update checker

Good free tools and advice on how to tighten your security settings.



You can mark your thread "Solved" from the Mark Solved button.

[tdarron]

I ran the ComboFix /u so can I now delete it from my desktop? It also gave a warning about the name of it having a - in it.

[tdarron]

And is it a problem that I still have the files in quarantine after I ran the combofix /u?

And sorry about the double post.

[Kenny94]

You can empty/clean out your quarantine files. Drag ComboFix icon into the Recycle Bin

[Kenny94]

Also, Verify the C:\Qoobox and C:\ComboFix/Combo-Fix.exe folders were removed, as well as the C:\ComboFix.txt file. If not delete them...

There in your C: Drive or try Combo-Fix /u as well

[tdarron]

Awesome, I did everything as you asked and everything is cleaned out, another scan said I am clean. So! Thank you much kenny, really appreciate it. I hope I wasnt to much of a trouble to work with. Thanks again.

/solved

[Kenny94]

Quote:

Originally Posted by tdarron

Awesome, I did everything as you asked and everything is cleaned out, another scan said I am clean. So! Thank you much kenny, really appreciate it. I hope I wasnt to much of a trouble to work with. Thanks again.

/solved

It was great to work with tdarronI. I wish more would reply in a timely manner.