Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Enginebuilder on April 19, 2007, 08:21:28 AM
-
Here's a logfile from the Kaspersky Online Scanner:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, April 19, 2007 2:01:20 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 19/04/2007
Kaspersky Anti-Virus database records: 281781
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 73782
Number of viruses found: 2
Number of infected objects: 9 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:20:09
Infected Object Name / Virus Name / Last Action
C:\Program Files\Avast Antivirus\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Avast Antivirus\DATA\Avast4.db Object is locked skipped
C:\Program Files\Avast Antivirus\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Avast Antivirus\DATA\report\Resident protection.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3BE1A432-9DE0-41A2-BD6F-5FFFA4D191B7}\RP18\A0002068.exe Infected: Trojan.Win32.Obfuscated.fk skipped
C:\System Volume Information\_restore{3BE1A432-9DE0-41A2-BD6F-5FFFA4D191B7}\RP26\change.log Object is locked skipped
D:\Documents and Settings\All Users\Application Data\Bolt Locks Dumb Grid\Mailfunk.exe Infected: Trojan.Win32.Obfuscated.en skipped
D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
D:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\Satellite\Application Data\Mozilla\Firefox\Profiles\gknufr36.default\cert8.db Object is locked skipped
D:\Documents and Settings\Satellite\Application Data\Mozilla\Firefox\Profiles\gknufr36.default\formhistory.dat Object is locked skipped
D:\Documents and Settings\Satellite\Application Data\Mozilla\Firefox\Profiles\gknufr36.default\history.dat Object is locked skipped
D:\Documents and Settings\Satellite\Application Data\Mozilla\Firefox\Profiles\gknufr36.default\key3.db Object is locked skipped
D:\Documents and Settings\Satellite\Application Data\Mozilla\Firefox\Profiles\gknufr36.default\parent.lock Object is locked skipped
D:\Documents and Settings\Satellite\Application Data\Mozilla\Firefox\Profiles\gknufr36.default\search.sqlite Object is locked skipped
D:\Documents and Settings\Satellite\Application Data\Mozilla\Firefox\Profiles\gknufr36.default\urlclassifier2.sqlite Object is locked skipped
D:\Documents and Settings\Satellite\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\Satellite\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\Satellite\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\Satellite\Local Settings\Application Data\Mozilla\Firefox\Profiles\gknufr36.default\Cache\_CACHE_001_ Object is locked skipped
D:\Documents and Settings\Satellite\Local Settings\Application Data\Mozilla\Firefox\Profiles\gknufr36.default\Cache\_CACHE_002_ Object is locked skipped
D:\Documents and Settings\Satellite\Local Settings\Application Data\Mozilla\Firefox\Profiles\gknufr36.default\Cache\_CACHE_003_ Object is locked skipped
D:\Documents and Settings\Satellite\Local Settings\Application Data\Mozilla\Firefox\Profiles\gknufr36.default\Cache\_CACHE_MAP_ Object is locked skipped
D:\Documents and Settings\Satellite\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Satellite\Local Settings\Temp\bis5C.exe Infected: Trojan.Win32.Obfuscated.en skipped
D:\Documents and Settings\Satellite\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Satellite\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\Satellite\NTUSER.DAT.LOG Object is locked skipped
D:\Documents and Settings\Satellite\UserData\index.dat Object is locked skipped
D:\RECYCLER\S-1-5-21-1715567821-1708537768-839522115-1003\Dd29.exe/data.rar/DlPlugin-Moz/buddy.exe Infected: Trojan.Win32.Obfuscated.fk skipped
D:\RECYCLER\S-1-5-21-1715567821-1708537768-839522115-1003\Dd29.exe/data.rar Infected: Trojan.Win32.Obfuscated.fk skipped
D:\RECYCLER\S-1-5-21-1715567821-1708537768-839522115-1003\Dd29.exe RarSFX: infected - 2 skipped
D:\RECYCLER\S-1-5-21-1715567821-1708537768-839522115-1003\Dd37\GridSupportGrey.exe Infected: Trojan.Win32.Obfuscated.en skipped
D:\RECYCLER\S-1-5-21-1715567821-1708537768-839522115-1003\Dd37\mode creative ford.exe Infected: Trojan.Win32.Obfuscated.en skipped
D:\RECYCLER\S-1-5-21-1715567821-1708537768-839522115-1003\Dd37\ryfqodbg.exe Infected: Trojan.Win32.Obfuscated.en skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{3BE1A432-9DE0-41A2-BD6F-5FFFA4D191B7}\RP26\change.log Object is locked skipped
D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
D:\WINDOWS\SchedLgU.Txt Object is locked skipped
D:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
D:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
D:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
D:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
D:\WINDOWS\Sti_Trace.log Object is locked skipped
D:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
D:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
D:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\default Object is locked skipped
D:\WINDOWS\system32\config\default.LOG Object is locked skipped
D:\WINDOWS\system32\config\SAM Object is locked skipped
D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\SECURITY Object is locked skipped
D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
D:\WINDOWS\system32\config\software Object is locked skipped
D:\WINDOWS\system32\config\software.LOG Object is locked skipped
D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\system Object is locked skipped
D:\WINDOWS\system32\config\system.LOG Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
D:\WINDOWS\Temp\Perflib_Perfdata_170.dat Object is locked skipped
D:\WINDOWS\wiadebug.log Object is locked skipped
D:\WINDOWS\wiaservc.log Object is locked skipped
D:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{3BE1A432-9DE0-41A2-BD6F-5FFFA4D191B7}\RP27\change.log Object is locked skipped
Scan process completed.
_______________________________________________________________________________________
Now I just need to know how to safely get rid of this (these?) viruii.
Any help would be greatly appreciated.
For the record, I have been using Zone Alarm Security suite, apparently for no good reason.
-
I'd suggest to submit the samples (if you still have them) to virus@avast.com for further analysis.
BTW According to the "virus" name Kaspersky detected them under, they all seem to be the same...
Thanks
Vlk