new win32 virus? malware?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

kame_sanjo

Thread Starter
Joined
Jul 27, 2005
Messages
178
i keep getting mcafee saying "prey.exe" got infected by the "new win32" virus and could not be cleaned. that happened twice. even after i deleted the file. next, which just happened was in my X drive's system volume information. the file was in a restor folder but the system volume information folder is empty AND my access is denied into it.
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
* Click here to download HJTsetup.exe.
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

kame_sanjo

Thread Starter
Joined
Jul 27, 2005
Messages
178
Logfile of HijackThis v1.99.1
Scan saved at 1:27:36 AM, on 7/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
g:\program files\mcafee.com\agent\mcdetect.exe
g:\PROGRA~1\mcafee.com\vso\mcshield.exe
g:\PROGRA~1\mcafee.com\agent\mctskshd.exe
G:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
G:\WINDOWS\System32\nvsvc32.exe
G:\WINDOWS\system32\ZoneLabs\vsmon.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\SOUNDMAN.EXE
G:\WINDOWS\system32\RunDLL32.exe
G:\Program Files\QuickTime\qttask.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\Program Files\DAEMON Tools\daemon.exe
G:\Program Files\Common Files\AOL\1150349600\ee\AOLSoftware.exe
G:\Program Files\PowerISO\SCDEmuApp.exe
G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
G:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
G:\Program Files\Razer\Copperhead\razerhid.exe
G:\Program Files\McAfee.com\VSO\mcvsshld.exe
G:\Program Files\McAfee.com\VSO\oasclnt.exe
G:\PROGRA~1\mcafee.com\agent\mcagent.exe
g:\progra~1\mcafee.com\vso\mcvsescn.exe
G:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\Program Files\Razer\Copperhead\razertra.exe
G:\Program Files\Razer\Copperhead\razerofa.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - g:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] G:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "G:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HostManager] G:\Program Files\Common Files\AOL\1150349600\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] G:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SCDEmuApp.exe] G:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [razer] G:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [VSOCheckTask] "G:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] G:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] G:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] g:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] G:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "G:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/08e5215c85dc3c4f0905/netzip/RdxIE601.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - G:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - G:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - G:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - g:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - g:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - g:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - G:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - G:\Program Files\SiSoftware\SiSoftware Sandra Pro Business 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - G:\Program Files\SiSoftware\SiSoftware Sandra Pro Business 2007\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Download the trial version of Ewido Anti-spyware from HERE and save that file to your desktop. When the trial period expires, it becomes freeware with reduced functions but still worth keeping.


  • Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run Ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
  • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
  • Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

Close Ewido Anti-Spyware, DO NOT run a scan yet. We will do that later in Safe Mode.


  • Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
    IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
  • Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • Ewido will now begin the scanning process. Be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close Ewido and reboot your system back into Normal Mode.


Run ActiveScan online virus scan: here

When the scan is finished, save the results from the scan!


Come back here and post a new Hijack This log along with the logs from the Ewido and Panda scans.
 

kame_sanjo

Thread Starter
Joined
Jul 27, 2005
Messages
178
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:50:25 PM 7/18/2006

+ Scan result:



G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Local Settings\Temp\Cookies\brandon [email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Local Settings\Temp\Cookies\brandon [email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Local Settings\Temp\Cookies\brandon [email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Local Settings\Temp\Cookies\brandon [email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Local Settings\Temp\Cookies\brandon [email protected][2].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Local Settings\Temp\Cookies\brandon [email protected][2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Local Settings\Temp\Cookies\brandon [email protected][1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Local Settings\Temp\Cookies\brandon [email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Local Settings\Temp\Cookies\brandon [email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Local Settings\Temp\Cookies\brandon [email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Realtracker : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Local Settings\Temp\Cookies\brandon [email protected][1].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Local Settings\Temp\Cookies\brandon [email protected][2].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Local Settings\Temp\Cookies\brandon [email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Local Settings\Temp\Cookies\brandon [email protected][2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Local Settings\Temp\Cookies\brandon [email protected][1].txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
G:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


::Report end
 

kame_sanjo

Thread Starter
Joined
Jul 27, 2005
Messages
178
Incident Status Location

Adware:adware/savenow Not disinfected g:\program files\VVSN
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt
Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Brandon Holland\Cookies\brandon [email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Brandon Holland\Local Settings\Temp\Cookies\brandon [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Brandon Holland\Local Settings\Temp\Cookies\brandon [email protected][2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Brandon Holland\Local Settings\Temp\Cookies\brandon [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Brandon Holland\Local Settings\Temp\Cookies\brandon [email protected][2].txt
 

kame_sanjo

Thread Starter
Joined
Jul 27, 2005
Messages
178
that last one is from activescan... no viruses found.

dont know what that was, but i guess its gone for now. thanks for the help
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top