Holy .. nice virus program .. norton couldnt even find these
BKDR_DELF.BZ
BKDR_DELF.BZ
BKDR_DELF.BZ
BKDR_SUB7.21F
BKDR_SUB7.21F
BKDR_DELF.BF
BKDR_DELF.BZ
JS_SEEKER.E1
JS_SEEKER.E1
TROJ_JUSTIN.A
Ok thank you for helping me get rid of that shiz!!!.. heres a long list of what ever it just ran on my comp
-==============================================
StartupList report, 1/31/2003, 5:10:36 PM
StartupList version: 1.51
Started from : F:\Program Files\Lurk\StartupList.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\System32\rundll32.exe
F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
F:\Program Files\Microsoft Hardware\Keyboard\type32.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Tweak-XP\blads.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\AIM95\aim.exe
F:\Program Files\Executive Software\DiskeeperServer\DKService.exe
F:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
F:\WINDOWS\System32\RUNDLL32.exe
F:\WINDOWS\System32\RUNDLL32.exe
F:\WINDOWS\System32\rundll32.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Lurk\StartupList.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[F:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Gamma Loader.exe.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = F:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
New.net Startup = rundll32 F:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
ATIPTA = F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
GhostStartTrayApp = F:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
TkBellExe = F:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ATI Launchpad = "F:\Program Files\ATI Multimedia\main\launchpd.exe"
BlockAds = C:\Program Files\Tweak-XP\blads.exe
MSMSGS = "F:\Program Files\Messenger\msmsgs.exe" /background
media_stub = C:\Program Files\ebkrdr\stub.exe
AIM = F:\Program Files\AIM95\aim.exe -cnetwait.odl
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - (no file) - {00000000-0000-0000-0000-000000000000}
(no name) - F:\WINDOWS\System32\TPS108.dll (file missing) - {0000026A-8230-4DD4-BE4F-6889D1E74167}
(no name) - F:\WINDOWS\System32\F1.dll - {00000EF1-34E3-4633-87C6-1AA7A44296DA}
(no name) - F:\PROGRA~1\COMMON~1\MSIETS\msiets.dll - {0A68C5A2-64AE-4415-88A2-6542304A4745}
(no name) - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll - {206E52E0-D52E-11D4-AD54-0000E86C26F6}
(no name) - F:\Program Files\NewDotNet\newdotnet4_50.dll - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
Natural Language Navigation - F:\WINDOWS\System\BHO001.DLL - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF}
(no name) - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - F:\PROGRA~1\BARGAI~1\bin\apuc.dll - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1}
(no name) - F:\WINDOWS\System32\msiein.dll - {D6E66235-7AA6-44ED-A06C-6F2033B1D993}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Mephbot.job
Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job
--------------------------------------------------
Enumerating Download Program Files:
[HS_live Control]
InProcServer32 = F:\WINDOWS\System32\HS_live.ocx
CODEBASE =
http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
[QuickTime Object]
InProcServer32 = F:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE =
http://www.apple.com/qtactivex/qtplugin.cab
[Video Class]
InProcServer32 = F:\WINDOWS\Downloaded Program Files\videox.dll
CODEBASE =
http://stream10k.redhotnetworks.com/cabs/videox.cab
[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE =
http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
[RdxIE Class]
InProcServer32 = F:\WINDOWS\Downloaded Program Files\RdxIE.dll
CODEBASE =
http://207.188.7.150/30e6d7b61d9471872822/netzip/RdxIE6.cab
[HouseCall Control]
InProcServer32 = F:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE =
http://a840.g.akamai.net/7/840/537/2003012801/housecall.antivirus.com/housecall/xscan53.cab
[{9656B666-992F-4D74-8588-8CA69E97D90C}]
CODEBASE =
http://www.commonname.com/en/oneclick/uninstbb.cab
[Update Class]
InProcServer32 = F:\WINDOWS\System32\iuctl.dll
CODEBASE =
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37581.8187152778
[eConn Class]
InProcServer32 = F:\WINDOWS\Downloaded Program Files\eConnect.dll
CODEBASE =
http://econnect.libereco.net/econnect.cab
[Shockwave Flash Object]
InProcServer32 = F:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE =
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #4: F:\Program Files\NewDotNet\newdotnet4_50.dll
Protocol #1: F:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL
Protocol #2: F:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL
Protocol #8: F:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL
Protocol #9: F:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL
--------------------------------------------------
End of report, 6,869 bytes
Report generated in 0.191 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only