Author Topic: Viruses in system32 folder  (Read 53016 times)

0 Members and 1 Guest are viewing this topic.

Steven6767

  • Guest
Viruses in system32 folder
« on: April 14, 2007, 05:10:17 AM »
Again like the topic below me for some reason the viruses started appearing again, the viruses that it notifies me about are all different, update235435345.exe, update756344225.exe ect, and they are all located in the system32 folder. I went into the the same folder that it says they are located but i cant find the files anywhere ??? I have no idea were all of these files are coming from. Anyone know whats wrong?

mauserme

  • Guest
Re: Viruses in system32 folder
« Reply #1 on: April 14, 2007, 05:25:46 AM »
Hi Steven6767,

Let's take a closer look at your system.

Download Deckard's System Scanner (DSS) to your Desktop.
  • Close all applications and windows.
  • Double-click on DSS.exe to run it, and follow the prompts.
  • The scan may take a minute. When the scan is complete, a text file will open - Main.txt
Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the  Deckard's System Scanner  to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the  main.txt from the C:\Deckard\System Scanner folder into your next reply.




Steven6767

  • Guest
Re: Viruses in system32 folder
« Reply #2 on: April 14, 2007, 05:47:34 AM »
Ok here it is.




Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\ie_updater.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\clcl3.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mine\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\System32\tmp8C.tmp.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {B6F1A4CB-DADD-4D0C-BDFC-E945647302C1} - C:\wmplayer.dll
O2 - BHO: (no name) - {cb97713c-658a-43a7-8d4f-bffdc4eb9bea} - C:\WINDOWS\system32\din700.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\wvvtsr.dll",setvm
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\opmkjh.dll",realset
O4 - HKLM\..\Run: [Intel system tool] C:\WINDOWS\System32\svehost.exe
O4 - HKLM\..\Run: [clcl3] C:\WINDOWS\System32\clcl3.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MS_update_0612_KB74062.exe
O4 - Global Startup: MS_update_0704_KB74073.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O20 - Winlogon Notify: din700 - C:\WINDOWS\System32\din700.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\System32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
O23 - Service: avast! Antivirus - Unknown owner - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
O23 - Service: avast! Mail Scanner - ALWIL Software - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
O23 - Service: avast! Web Scanner - ALWIL Software - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: ieupdater2 (Microsoft IEUpdater2) - Unknown owner - C:\ie_updater.exe /start
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe


-- Files created between 2007-03-13 and 2007-04-13 -----------------------------

2008-11-27 18:14:34     56832 -----n--- C:\WINDOWS\System32\iyvu9_32.dll
2008-11-27 18:14:34    143872 -----n--- C:\WINDOWS\System32\iacenc.dll
2007-04-13 09:45:28         0 d-------- C:\Program Files\IObit
2007-04-13 08:58:21    445440 --a------ C:\wmplayer.dll
2007-04-13 08:57:29     21504 --a------ C:\WINDOWS\System32\jlwadhujvocys.dll<JLWADH~1.DLL>
2007-04-13 08:56:10     16221 --a------ C:\ie_updater.exe<IE_UPD~1.EXE>
2007-04-12 06:44:17    200704 --a------ C:\WINDOWS\System32\teulKit.dll
2007-04-12 06:44:17         0 d-------- C:\Program Files\Netscape
2007-04-12 06:44:16         0 d-------- C:\Program Files\Playnet
2007-04-12 06:41:43         0 d-------- C:\Program Files\CRS
2007-04-11 07:44:41         0 d-------- C:\Documents and Settings\mine\Application Data\SlySoft
2007-04-11 07:43:32         0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-04-08 09:44:50         0 d-------- C:\Documents and Settings\mine\Application Data\Azureus
2007-04-07 11:42:13         0 d-------- C:\Documents and Settings\mine\Application Data\SystemRequirementsLab<SYSTEM~1>
2007-04-07 11:42:09         0 d-------- C:\WINDOWS\Sun
2007-04-07 11:42:09         0 d-------- C:\Documents and Settings\mine\Application Data\Sun
2007-04-07 11:41:12         0 d-------- C:\Program Files\Java
2007-04-07 11:41:05    204288 --a------ C:\WINDOWS\System32\clcl3.exe
2007-04-07 11:40:55     73728 --a------ C:\WINDOWS\System32\svehost.exe
2007-04-07 11:39:50         0 d-------- C:\Program Files\Common Files\Java
2007-04-07 11:39:24       671 --a------ C:\WINDOWS\mozver.dat
2007-04-06 13:36:17    646392 --a------ C:\WINDOWS\System32\drivers\sptd.sys
2007-04-04 08:46:38         0 d-------- C:\Documents and Settings\mine\Application Data\Talkback
2007-04-04 08:46:07         0 --a------ C:\WINDOWS\nsreg.dat
2007-04-04 07:13:06      8192 --a------ C:\WINDOWS\System32\kbdkor.dll
2007-04-04 07:13:06      8704 --a------ C:\WINDOWS\System32\kbdjpn.dll
2007-04-04 07:13:06      6144 --a------ C:\WINDOWS\System32\kbd106.dll
2007-04-04 07:13:06      5632 --a------ C:\WINDOWS\System32\kbd103.dll
2007-04-04 07:13:06      6144 --a------ C:\WINDOWS\System32\kbd101c.dll
2007-04-04 07:13:06      6144 --a------ C:\WINDOWS\System32\kbd101b.dll
2007-04-03 12:33:34     19275 --a------ C:\WINDOWS\System32\din700.dll
2007-04-03 02:53:57     22584 --a------ C:\WINDOWS\System32\drivers\PnkBstrK.sys
2007-04-03 02:53:53     99904 --a------ C:\WINDOWS\System32\PnkBstrB.exe
2007-04-03 02:53:47     63040 --a------ C:\WINDOWS\System32\PnkBstrA.exe
2007-04-03 02:53:47         0 d-------- C:\WINDOWS\System32\LogFiles
2007-04-02 06:46:46         0 d-------- C:\Program Files\SystemRequirementsLab<SYSTEM~1>
2007-03-28 09:18:09         0 d-------- C:\Documents and Settings\mine\Application Data\Lavasoft
2007-03-28 09:17:59         0 d-------- C:\Program Files\Lavasoft
2007-03-26 10:26:35         0 d-------- C:\WINDOWS\LastGood
2007-03-25 04:31:51         0 d-------- C:\WINDOWS\System32\appmgmt
2007-03-21 20:27:47         0 d-------- C:\Documents and Settings\mine\Application Data\Xfire
2007-03-21 20:27:46         0 d---s---- C:\Program Files\Xfire



mauserme

  • Guest
Re: Viruses in system32 folder
« Reply #3 on: April 14, 2007, 08:39:35 AM »
I see several things going on right now.  We can start here:

Open avast! antivirus and click the chest icon.  Highlight User Files and add these files to the chest

C:\ie_updater.exe

C:\wmplayer.dll

C:\WINDOWS\system32\din700.dll

C:\WINDOWS\System32\svehost.exe


Then download CleanUp.  Install and run it to clean your temporary files.



Next, Download SDFix and save it to your desktop.
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose "Extract All",
Open the extracted folder and double click "RunThis.bat" to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log.


I notice that you shortened your initial DSS log.  This time please break the log into pieces and use multiple posts so we can see the entire thing.


Now install Java Version 6 Update 1.  After installation and reboot (if called for) open Add/Remove Programs and uninstall any version of Java prior to 6.1

Finally, if these files are still present please check them at
Virus Total
and post the results

C:\WINDOWS\system32\clcl3.exe

C:\WINDOWS\wvvtsr.dll

C:\WINDOWS\opmkjh.dll


Do you have a third party firewall?  Its usually obvious in the hjt log but with some of the log missing I need to ask.  And what is you operating system?

« Last Edit: April 14, 2007, 08:54:01 AM by mauserme »

Steven6767

  • Guest
Re: Viruses in system32 folder
« Reply #4 on: April 14, 2007, 06:13:08 PM »
Ok, I did everything except the download the SDFix because I found somehthing else thats kind of weird. I went into windows in my c drive then went into temp, there was a folder there _avast4_ i went into and theres a file there trzC.tmp and i scan it and it says its a virus so i move it to the chest, and when i go back to it it comes up with trzD.tmp and it just keeps going to each letter. Oh and then it just stopped at f and then went to trz10.tmp. Any one got any ideas ???

Steven6767

  • Guest
Re: Viruses in system32 folder
« Reply #5 on: April 14, 2007, 06:15:25 PM »
No i don't have a fire wall, ill get the rest of the log so you can see it all.

Steven6767

  • Guest
Re: Viruses in system32 folder
« Reply #6 on: April 14, 2007, 06:17:36 PM »
-- Registry Dump ---------------------------------------------------------------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"SoundService"="rundll32.exe \"C:\\WINDOWS\\wvvtsr.dll\",setvm"
"BootService"="rundll32.exe \"C:\\WINDOWS\\opmkjh.dll\",realset"
"Intel system tool"="C:\\WINDOWS\\System32\\svehost.exe"
"clcl3"="C:\\WINDOWS\\System32\\clcl3.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Windows update loader"="C:\\Windows\\xpupdate.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"Wallpaper"=""

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\system]
"Wallpaper"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
"ForceActiveDesktopOn"=dword:00000001

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
"ForceActiveDesktopOn"=dword:00000001

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\din700
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\partnershipreg

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService   REG_MULTI_SZ      Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService   REG_MULTI_SZ      DnsCache\0\0
rpcss   REG_MULTI_SZ      RpcSs\0\0
imgsvc   REG_MULTI_SZ      StiSvc\0\0
termsvcs   REG_MULTI_SZ      TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-04-14 at 00:17:06 ---------


Steven6767

  • Guest
Re: Viruses in system32 folder
« Reply #7 on: April 14, 2007, 06:52:32 PM »
Ok here's the SDFix report.

SDFix: Version 1.78

Run by mine - Sat 04/14/2007 -  0:42:32.87

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\mine\Desktop\SDFix

Safe Mode:
Checking Services:

Name:
Microsoft IEUpdater2
ntldr.sys

ImagePath:
C:\ie_updater.exe /start
\??\C:\ntldr.sys

Microsoft IEUpdater2 - Deleted
ntldr.sys - Deleted

Killing PID 216 'smss.exe'
Killing PID 288 'winlogon.exe'

ndis.sys Infected!

Patched File copied to Backups Folder
Attempting to replace ndis.sys with original version...

Original ndis.sys Restored

mauserme

  • Guest
Re: Viruses in system32 folder
« Reply #8 on: April 14, 2007, 07:28:46 PM »
Was anything detected by Virus Total on these files?

C:\WINDOWS\system32\clcl3.exe

C:\WINDOWS\wvvtsr.dll

C:\WINDOWS\opmkjh.dll

If detections were made please post the results, or confirm that nothing was found.

Download the free version of AVG Antispyware, install it, update, but don't scan yet

http://free.grisoft.com/doc/5390/lng/us/tpl/v5#avg-anti-spyware-free

Then download Comodo Free Firewall and install it.  Block anything you are unsure of that is requesting internet access

http://www.filehippo.com/download_comodo/

Now do a Complete System Scan with AVG AntiSpyware.  When the scan is complete click Save Scan Report and post the contents in your next response along with a fresh hijackthis log (run hijackthis after AVG).

Steven6767

  • Guest
Re: Viruses in system32 folder
« Reply #9 on: April 14, 2007, 09:14:15 PM »
I forgot to get Virus Total but the warnings have seemed to stop for a long while actually, i've left my computer on and no virus popups have came yet.

mauserme

  • Guest
Re: Viruses in system32 folder
« Reply #10 on: April 14, 2007, 09:30:13 PM »
That's because SDFix removed some of the worst things, but you're not completely clean yet. 

Please follow through with the steps I posted above.  After the AVG Antispyware (make sure you don't get AVG AntiVirus by mistake) we will probably need to fix a few things in hijckthis and then maybe be done.

Steven6767

  • Guest
Re: Viruses in system32 folder
« Reply #11 on: April 15, 2007, 04:04:34 AM »
Ok, when I went to Virus Total, I was trying to send them clcl3.exe but when I would send it through msn hotmail it says I can't send this file becuase it has a virus on it. But when I scan it with avast but it says it's clean. Oh and I can't find the other 2 wvvtsr.dll and opmkjh.dll files.

Steven6767

  • Guest
Re: Viruses in system32 folder
« Reply #12 on: April 15, 2007, 04:10:50 AM »
Oh and is it ok if I delete the SDFix folder? Or should I keep it just incase?

mauserme

  • Guest
Re: Viruses in system32 folder
« Reply #13 on: April 15, 2007, 04:35:10 AM »
OK - in the Control Panel open Folder Options and click the View tab.  Make sure:

>  Show Hidden Files and Foldres is checked

>  Hide extension for known files types is not checked

>  Hide protected operating system files is not checked

Don't try to email the files.  Instead, go to the Virus Total web site and use the Browse button at the top to navigate to the file.  Then click send.  You will need to do this with each file individually (click on the image below to enlarge it).

Let's keep the SDFix folder for now.

Steven6767

  • Guest
Re: Viruses in system32 folder
« Reply #14 on: April 15, 2007, 04:50:58 AM »
Ok virus total for clcl3.exe says

AhnLab-V3   2007.4.14.0   04.13.2007   no virus found
AntiVir   7.3.1.52   04.14.2007   TR/Clickr.LD
Authentium   4.93.8   04.14.2007   W32/Downloader2.ALD
Avast   4.7.936.0   04.14.2007   no virus found
AVG   7.5.0.447   04.15.2007   no virus found
BitDefender   7.2   04.15.2007   Trojan.Downloader.Agent.ES
CAT-QuickHeal   9.00   04.14.2007   TrojanDownloader.Agent.es
ClamAV   devel-20070312   04.15.2007   no virus found
DrWeb   4.33   04.14.2007   no virus found
eSafe   7.0.15.0   04.12.2007   Win32.Agent.es
eTrust-Vet   30.7.3567   04.14.2007   no virus found
Ewido   4.0   04.14.2007   Downloader.Agent.es
FileAdvisor   1   04.15.2007   no virus found
Fortinet   2.85.0.0   04.14.2007   Clickr.LD!tr
F-Prot   4.3.2.48   04.13.2007   W32/Downloader2.ALD
AhnLab-V3   2007.4.14.0   04.13.2007   no virus found
AntiVir   7.3.1.52   04.14.2007   TR/Clickr.LD
Authentium   4.93.8   04.14.2007   W32/Downloader2.ALD
Avast   4.7.936.0   04.14.2007   no virus found
AVG   7.5.0.447   04.15.2007   no virus found
BitDefender   7.2   04.15.2007   Trojan.Downloader.Agent.ES
CAT-QuickHeal   9.00   04.14.2007   TrojanDownloader.Agent.es
ClamAV   devel-20070312   04.15.2007   no virus found
DrWeb   4.33   04.14.2007   no virus found
eSafe   7.0.15.0   04.12.2007   Win32.Agent.es
eTrust-Vet   30.7.3567   04.14.2007   no virus found
Ewido   4.0   04.14.2007   Downloader.Agent.es
FileAdvisor   1   04.15.2007   no virus found
Fortinet   2.85.0.0   04.14.2007   Clickr.LD!tr
F-Prot   4.3.2.48   04.13.2007   W32/Downloader2.ALD