Trojan- please help - Free Antivirus Forum

Trojan- please help

BullGuard Antivirus Forum > Bullguard zone > BullGuard Trial users > Trojan- please help

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

gauravsharma
New Member

Date Joined Aug 2007
Total Posts : 2

Posted 8-31-2007 9:16 (GMT +1)

Here are the contents of the log file as per the instructions given here - http://www.bullguard.com/forum/14/Before-posting-a-log_43561.html

___________________________________________________________

BullGuard Scan Report
Scan Profile: "My Computer"
___________________________________________________________

----[ System Info ]------------

OS Version: Microsoft Windows XP Professional - Service Pack 2 (Build 2600) [1 * x86 CPUs]
Physical memory: 120 MB
System up-time: 0 days, 01 hours, 03 minutes, 06 seconds
BullGuard up-time: 0 days, 01 hours, 02 minutes, 08 seconds
TopLayer Version: 7, 0, 0, 1
FileSpy5 Version: N/A
BdFileSpy Version: 3.2.0.52 built by: WinDDK
BsFileScan Version: 7, 0, 0, 19
Reconn Version: 1.1.0.5 built by: WinDDK
MailProxy Version: 7, 0, 0, 9
AntiVirus Version: 7, 0, 0, 27

----[ Scan Parameters ]------------

Folders to scan:
C:\
D:\
E:\

Excluded folders:
None

Files to scan:
None

Scan type:
[o] Scan all files
[ ] Scan program files only
[ ] Scan custom extensions:

[X] Exclude user extensions: lnk

[X] Scan boot sectors
[X] Scan packed files
[X] Scan archives
[X] Scan emails
[X] Scan running processes
[X] Scan registry
[X] Scan IE cookies
[X] Enable heuristic detection

[ ] Scan default action
___________________________________________________________

Scan Statistics
___________________________________________________________

Scan started: Friday, August 31, 2007 23:09:30
Scan duration: 0 days, 00 hours, 51 minutes, 59 seconds
Completion status: Successful

Total files scanned: 152983
Total files skipped: 25
Identified viruses: 10
Scan speed: 49.05 files/sec

Files skipped:
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [Open Failed]
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [Open Failed]
C:\Documents and Settings\LocalService\NTUSER.DAT [Open Failed]
C:\Documents and Settings\LocalService\ntuser.dat.LOG [Open Failed]
C:\Documents and Settings\mYPc\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [Open Failed]
C:\Documents and Settings\mYPc\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [Open Failed]
C:\Documents and Settings\mYPc\NTUSER.DAT [Open Failed]
C:\Documents and Settings\mYPc\ntuser.dat.LOG [Open Failed]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [Open Failed]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [Open Failed]
C:\Documents and Settings\NetworkService\NTUSER.DAT [Open Failed]
C:\Documents and Settings\NetworkService\ntuser.dat.LOG [Open Failed]
C:\System Volume Information\MountPointManagerRemoteDatabase [Open Failed]
C:\WINDOWS\system32\config\default [Open Failed]
C:\WINDOWS\system32\config\default.LOG [Open Failed]
C:\WINDOWS\system32\config\SAM [Open Failed]
C:\WINDOWS\system32\config\SAM.LOG [Open Failed]
C:\WINDOWS\system32\config\SECURITY [Open Failed]
C:\WINDOWS\system32\config\SECURITY.LOG [Open Failed]
C:\WINDOWS\system32\config\software [Open Failed]
C:\WINDOWS\system32\config\software.LOG [Open Failed]
C:\WINDOWS\system32\config\system [Open Failed]
C:\WINDOWS\system32\config\system.LOG [Open Failed]
D:\System Volume Information\MountPointManagerRemoteDatabase [Open Failed]
E:\System Volume Information\MountPointManagerRemoteDatabase [Open Failed]

___________________________________________________________

Infected Files
___________________________________________________________

----[ Infected Files ]------------

Malware: MemScan:Trojan.Dropper.Agent.BON
C:\Documents and Settings\mYPc\Application Data\tmp1.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp7.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp9.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmpA.tmp.exe
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\09UJC9U3\ffa_dn
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\GBY1I3G5\ffa_dn
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\ULJBJCNV\ffa_dn
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\W8HZ40G3\ffa_dn

Malware: MemScan:Trojan.Fotomoto.A
C:\Documents and Settings\mYPc\Application Data\tmp3.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp5.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp8.tmp.exe
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\W8HZ40G3\barsik

Malware: MemScan:Trojan.Juan.V
C:\Documents and Settings\mYPc\Application Data\tmp13.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp1A.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp22.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp4.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp6.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmpB.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmpF.tmp.exe
C:\Documents and Settings\mYPc\Local Settings\Temp\tmp3.tmp.dll
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\09UJC9U3\nauj
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\8LUNOXAZ\nauj
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\8LUNOXAZ\nauj
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\ULJBJCNV\nauj
C:\WINDOWS\system32\tmp13.tmp.dll
C:\WINDOWS\system32\tmp1A.tmp.dll
C:\WINDOWS\system32\tmp22.tmp.dll
C:\WINDOWS\system32\tmp3.tmp.dll
C:\WINDOWS\system32\tmp4.tmp.dll
C:\WINDOWS\system32\tmp5.tmp.dll
C:\WINDOWS\system32\tmp6.tmp.dll
C:\WINDOWS\system32\tmpB.tmp.dll
C:\WINDOWS\system32\tmpC.tmp.dll

Malware: Trojan.Agent.ABKH
C:\WINDOWS\system32\hggfffg.dll
C:\WINDOWS\system32\TmEncryptTemp.002=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.004=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.005=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.007=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.008=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.009=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.011=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.016=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.017=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.018=>(Quarantine-4)

Malware: Trojan.Downloader.ConHook.BE
C:\WINDOWS\system32\htmmos.dll
C:\WINDOWS\system32\TmEncryptTemp.000=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.003=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.006=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.010=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.012=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.013=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.014=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.019=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.020=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.021=>(Quarantine-4)

Malware: Trojan.Downloader.Winfixer.O
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\0IM5J8U5\WinAntiSpyware2007FreeInstall.cab=>WinAntiSpyware2007FreeInstall.exe
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\0IM5J8U5\WinAntiVirusPro2007FreeInstall.cab=>(Quarantine-4)=>UWA7P_0001_N91M0809NetInstaller.exe

Malware: Trojan.Fotomoto.A
C:\WINDOWS\system32\TmEncryptTemp.001=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.015=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.022=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.023=>(Quarantine-4)

Malware: Trojan.Juan.V
C:\WINDOWS\system32\tmp2.tmp.dll

Malware: Trojan.Vundo.DMR
C:\WINDOWS\efcbby.dll

Malware: Trojan.Vundo.DMS
C:\WINDOWS\xxyyvs.dll

___________________________________________________________

Results after ROUND 0
___________________________________________________________

Scan started: Friday, August 31, 2007 22:17:31
Scan duration: 0 days, 00 hours, 51 minutes, 59 seconds
Infections solved: 0
Infections left: 64
Viruses left: 10

----[ Files Still Infected ]------------

Malware: MemScan:Trojan.Dropper.Agent.BON
C:\Documents and Settings\mYPc\Application Data\tmp1.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp7.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp9.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmpA.tmp.exe
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\09UJC9U3\ffa_dn
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\GBY1I3G5\ffa_dn
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\ULJBJCNV\ffa_dn
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\W8HZ40G3\ffa_dn

Malware: MemScan:Trojan.Fotomoto.A
C:\Documents and Settings\mYPc\Application Data\tmp3.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp5.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp8.tmp.exe
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\W8HZ40G3\barsik

Malware: MemScan:Trojan.Juan.V
C:\Documents and Settings\mYPc\Application Data\tmp13.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp1A.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp22.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp4.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp6.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmpB.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmpF.tmp.exe
C:\Documents and Settings\mYPc\Local Settings\Temp\tmp3.tmp.dll
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\09UJC9U3\nauj
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\8LUNOXAZ\nauj
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\8LUNOXAZ\nauj
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\ULJBJCNV\nauj
C:\WINDOWS\system32\tmp13.tmp.dll
C:\WINDOWS\system32\tmp1A.tmp.dll
C:\WINDOWS\system32\tmp22.tmp.dll
C:\WINDOWS\system32\tmp3.tmp.dll
C:\WINDOWS\system32\tmp4.tmp.dll
C:\WINDOWS\system32\tmp5.tmp.dll
C:\WINDOWS\system32\tmp6.tmp.dll
C:\WINDOWS\system32\tmpB.tmp.dll
C:\WINDOWS\system32\tmpC.tmp.dll

Malware: Trojan.Agent.ABKH
C:\WINDOWS\system32\hggfffg.dll
C:\WINDOWS\system32\TmEncryptTemp.002=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.004=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.005=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.007=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.008=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.009=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.011=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.016=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.017=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.018=>(Quarantine-4)

Malware: Trojan.Downloader.ConHook.BE
C:\WINDOWS\system32\htmmos.dll
C:\WINDOWS\system32\TmEncryptTemp.000=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.003=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.006=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.010=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.012=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.013=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.014=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.019=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.020=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.021=>(Quarantine-4)

Malware: Trojan.Downloader.Winfixer.O
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\0IM5J8U5\WinAntiSpyware2007FreeInstall.cab=>WinAntiSpyware2007FreeInstall.exe
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\0IM5J8U5\WinAntiVirusPro2007FreeInstall.cab=>(Quarantine-4)=>UWA7P_0001_N91M0809NetInstaller.exe

Malware: Trojan.Fotomoto.A
C:\WINDOWS\system32\TmEncryptTemp.001=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.015=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.022=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.023=>(Quarantine-4)

Malware: Trojan.Juan.V
C:\WINDOWS\system32\tmp2.tmp.dll

Malware: Trojan.Vundo.DMR
C:\WINDOWS\efcbby.dll

Malware: Trojan.Vundo.DMS
C:\WINDOWS\xxyyvs.dll

___________________________________________________________

Results after ROUND 1
___________________________________________________________

Scan started: Friday, August 31, 2007 23:09:53
Scan duration: 0 days, 00 hours, 00 minutes, 49 seconds
Infections solved: 12
Infections left: 52
Viruses left: 8

----[ Files Solved ]------------

Malware: MemScan:Trojan.Juan.V
Status: Disinfected
C:\Documents and Settings\mYPc\Local Settings\Temp\tmp3.tmp.dll
C:\WINDOWS\system32\tmp13.tmp.dll
C:\WINDOWS\system32\tmp1A.tmp.dll
C:\WINDOWS\system32\tmp22.tmp.dll
C:\WINDOWS\system32\tmp3.tmp.dll
C:\WINDOWS\system32\tmp4.tmp.dll
C:\WINDOWS\system32\tmp5.tmp.dll
C:\WINDOWS\system32\tmp6.tmp.dll
C:\WINDOWS\system32\tmpB.tmp.dll
C:\WINDOWS\system32\tmpC.tmp.dll

Malware: Trojan.Juan.V
Status: Disinfected
C:\WINDOWS\system32\tmp2.tmp.dll

Malware: Trojan.Vundo.DMS
Status: Disinfected
C:\WINDOWS\xxyyvs.dll

----[ Files Still Infected ]------------

Malware: MemScan:Trojan.Dropper.Agent.BON
Status: Disinfect Failed
C:\Documents and Settings\mYPc\Application Data\tmp1.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp7.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp9.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmpA.tmp.exe
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\09UJC9U3\ffa_dn
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\GBY1I3G5\ffa_dn
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\ULJBJCNV\ffa_dn
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\W8HZ40G3\ffa_dn

Malware: MemScan:Trojan.Fotomoto.A
Status: Disinfect Failed
C:\Documents and Settings\mYPc\Application Data\tmp3.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp5.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp8.tmp.exe
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\W8HZ40G3\barsik

Malware: MemScan:Trojan.Juan.V
Status: Disinfect Failed
C:\Documents and Settings\mYPc\Application Data\tmp13.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp1A.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp22.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp4.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp6.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmpB.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmpF.tmp.exe
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\09UJC9U3\nauj
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\8LUNOXAZ\nauj
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\8LUNOXAZ\nauj
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\ULJBJCNV\nauj

Malware: Trojan.Agent.ABKH
Status: Disinfect Failed
C:\WINDOWS\system32\hggfffg.dll
C:\WINDOWS\system32\TmEncryptTemp.002=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.004=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.005=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.007=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.008=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.009=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.011=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.016=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.017=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.018=>(Quarantine-4)

Malware: Trojan.Downloader.ConHook.BE
Status: Disinfect Failed
C:\WINDOWS\system32\htmmos.dll
C:\WINDOWS\system32\TmEncryptTemp.000=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.003=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.006=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.010=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.012=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.013=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.014=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.019=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.020=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.021=>(Quarantine-4)

Malware: Trojan.Downloader.Winfixer.O
Status: Disinfect Failed
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\0IM5J8U5\WinAntiSpyware2007FreeInstall.cab=>WinAntiSpyware2007FreeInstall.exe
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\0IM5J8U5\WinAntiVirusPro2007FreeInstall.cab=>(Quarantine-4)=>UWA7P_0001_N91M0809NetInstaller.exe

Malware: Trojan.Fotomoto.A
Status: Disinfect Failed
C:\WINDOWS\system32\TmEncryptTemp.001=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.015=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.022=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.023=>(Quarantine-4)

Malware: Trojan.Vundo.DMR
Status: Disinfect Failed
C:\WINDOWS\efcbby.dll

___________________________________________________________

Results after ROUND 2
___________________________________________________________

Scan started: Friday, August 31, 2007 23:11:01
Scan duration: 0 days, 00 hours, 00 minutes, 30 seconds
Infections solved: 48
Infections left: 4
Viruses left: 3

----[ Files Solved ]------------

Malware: MemScan:Trojan.Dropper.Agent.BON
Status: Moved To Quarantine
C:\Documents and Settings\mYPc\Application Data\tmp1.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp7.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp9.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmpA.tmp.exe
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\09UJC9U3\ffa_dn
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\GBY1I3G5\ffa_dn
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\ULJBJCNV\ffa_dn
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\W8HZ40G3\ffa_dn

Malware: MemScan:Trojan.Fotomoto.A
Status: Moved To Quarantine
C:\Documents and Settings\mYPc\Application Data\tmp3.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp5.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp8.tmp.exe
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\W8HZ40G3\barsik

Malware: MemScan:Trojan.Juan.V
Status: Moved To Quarantine
C:\Documents and Settings\mYPc\Application Data\tmp13.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp1A.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp22.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp4.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmp6.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmpB.tmp.exe
C:\Documents and Settings\mYPc\Application Data\tmpF.tmp.exe
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\09UJC9U3\nauj
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\8LUNOXAZ\nauj
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\8LUNOXAZ\nauj
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\ULJBJCNV\nauj

Malware: Trojan.Agent.ABKH
Status: Moved To Quarantine
C:\WINDOWS\system32\TmEncryptTemp.002=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.004=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.005=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.007=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.008=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.009=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.011=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.016=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.017=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.018=>(Quarantine-4)

Malware: Trojan.Downloader.ConHook.BE
Status: Moved To Quarantine
C:\WINDOWS\system32\TmEncryptTemp.000=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.003=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.006=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.010=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.012=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.013=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.014=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.019=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.020=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.021=>(Quarantine-4)

Malware: Trojan.Fotomoto.A
Status: Moved To Quarantine
C:\WINDOWS\system32\TmEncryptTemp.001=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.015=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.022=>(Quarantine-4)
C:\WINDOWS\system32\TmEncryptTemp.023=>(Quarantine-4)

Malware: Trojan.Vundo.DMR
Status: Moved To Quarantine
C:\WINDOWS\efcbby.dll

----[ Files Still Infected ]------------

Malware: Trojan.Agent.ABKH
Status: Failed moving to quarantine
C:\WINDOWS\system32\hggfffg.dll

Malware: Trojan.Downloader.ConHook.BE
Status: Failed moving to quarantine
C:\WINDOWS\system32\htmmos.dll

Malware: Trojan.Downloader.Winfixer.O
Status: Failed moving to quarantine
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\0IM5J8U5\WinAntiSpyware2007FreeInstall.cab=>WinAntiSpyware2007FreeInstall.exe
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\0IM5J8U5\WinAntiVirusPro2007FreeInstall.cab=>(Quarantine-4)=>UWA7P_0001_N91M0809NetInstaller.exe

___________________________________________________________

Results after ROUND 3
___________________________________________________________

Scan started: Friday, August 31, 2007 23:11:50
Scan duration: 0 days, 00 hours, 00 minutes, 00 seconds
Infections solved: 0
Infections left: 4
Viruses left: 3

----[ Files Still Infected ]------------

Malware: Trojan.Agent.ABKH
Status: Deletion Failed
C:\WINDOWS\system32\hggfffg.dll

Malware: Trojan.Downloader.ConHook.BE
Status: Deletion Failed
C:\WINDOWS\system32\htmmos.dll

Malware: Trojan.Downloader.Winfixer.O
Status: Deletion Failed
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\0IM5J8U5\WinAntiSpyware2007FreeInstall.cab=>WinAntiSpyware2007FreeInstall.exe
C:\Documents and Settings\mYPc\Local Settings\Temporary Internet Files\Content.IE5\0IM5J8U5\WinAntiVirusPro2007FreeInstall.cab=>(Quarantine-4)=>UWA7P_0001_N91M0809NetInstaller.exe

gauravsharma
New Member

Date Joined Aug 2007
Total Posts : 2

Posted 8-31-2007 9:50 (GMT +1)

I am unable to delete these files in any way -

C:\WINDOWS\system32\htmmos.dll
C:\WINDOWS\system32\hggfffg.dll

I tried to delete them in safe mode also, but was unable to do so.

Please help!

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 9-1-2007 7:43 (GMT +1)

Hi gauravsharma scool

Click here - ->> Before posting a log

After You have run the scan tools -

Reboot normally

Post Hijackthis log along with AVG Anti-Spyware log, C: Rootlog TXT, C: combofix txt in this topic

Do NOT post your problem in someone elses thread.

Start a new topic so that it may receive proper attention.

Member of - Alliance of Security Analysis Professionals

Forum Information

Currently it is Tuesday, December 02, 2008 1:57 PM (GMT +1)
There are a total of 64.503 posts in 15.908 threads.
In the last 3 days there were 18 new threads and 104 reply posts. View Active Threads