Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Friday 29.8.2025 / 09:35
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > wife's computer acting up (help niobis)
Show topics
 
Forums
Forums
wife's computer acting up (help NIOBIS)
  Jump to:
 
Posted Message
Page:< Previous12
exodus125
Junior Member
_ 		28. November 2006 @ 18:04 _ Link to this message    Send private message to this user   
ok, but it was funny.
[ + quote]
If it's stuck, force it; if it breaks, it needed replacing anyways.

This message has been edited since posting. Last time this message was edited on 29. November 2006 @ 03:58
exodus125
Junior Member
_ 		28. November 2006 @ 18:31 _ Link to this message    Send private message to this user   
ok seriously,,,

i ran a kabersky check on my home computer, and now im getting a bunch of other stuff,,,,this is ridiculous,,,im slicing my computers throat!

here is the report:

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_2152711346_851968_72259 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{4AB22436-A57C-4174-8220-A7A111D6078D}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\Boom\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Application Data\Microsoft\Messenger\exodus125@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Application Data\Microsoft\Messenger\exodus125@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Application Data\Microsoft\Messenger\exodus125@hotmail.com\SharingMetadata\Working\database_E880_4FF1_804F_C4B2\dfsr.db Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Application Data\Microsoft\Messenger\exodus125@hotmail.com\SharingMetadata\Working\database_E880_4FF1_804F_C4B2\fsr.log Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Application Data\Microsoft\Messenger\exodus125@hotmail.com\SharingMetadata\Working\database_E880_4FF1_804F_C4B2\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Application Data\Microsoft\Messenger\exodus125@hotmail.com\SharingMetadata\Working\database_E880_4FF1_804F_C4B2\tmp.edb Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Application Data\Microsoft\Windows Live Contacts\exodus125@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Application Data\Microsoft\Windows Live Contacts\exodus125@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\History\History.IE5\MSHist012006112820061129\index.dat Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Temp\ mon010.log Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Temp\~DF7813.tmp Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Temp\~DF781E.tmp Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Temp\~DF8930.tmp Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Temp\~DF8940.tmp Object is locked skipped
C:\Documents and Settings\Boom\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Boom\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Boom\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Met\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Met\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\northwnd.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\northwnd.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\pubs.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\pubs_log.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\MshConf\scoffset.bin.incr Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A4927DCB-FB28-4077-AE7D-6EBCF55404BE}\RP1\A0000025.dll Infected: not-virus:Hoax.Win32.Renos.gg skipped
C:\System Volume Information\_restore{A4927DCB-FB28-4077-AE7D-6EBCF55404BE}\RP2\A0000554.dll Infected: Trojan-Downloader.Win32.Zlob.aoi skipped
C:\System Volume Information\_restore{A4927DCB-FB28-4077-AE7D-6EBCF55404BE}\RP2\A0000555.exe Infected: Trojan-Downloader.Win32.Zlob.bai skipped
C:\System Volume Information\_restore{A4927DCB-FB28-4077-AE7D-6EBCF55404BE}\RP2\A0000560.exe Infected: Trojan-Downloader.Win32.Zlob.azl skipped
C:\System Volume Information\_restore{A4927DCB-FB28-4077-AE7D-6EBCF55404BE}\RP2\A0000561.exe Infected: Trojan-Downloader.Win32.Zlob.azm skipped
C:\System Volume Information\_restore{A4927DCB-FB28-4077-AE7D-6EBCF55404BE}\RP2\A0000564.exe Infected: Trojan-Downloader.Win32.Zlob.bai skipped
C:\System Volume Information\_restore{A4927DCB-FB28-4077-AE7D-6EBCF55404BE}\RP22\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{5D627473-E4EA-4484-B662-86501E256E34}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_adc.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
[ + quote]
If it's stuck, force it; if it breaks, it needed replacing anyways.
Niobis
Senior Member
_ 		28. November 2006 @ 18:52 _ Link to this message    Send private message to this user   
@janrocks, thanks! :)

Quote:
Does it get you when a junior comes and argues with a tried and tested method to kill these nasties?...
Only a manual "seek and destroy" is good enough to be really sure.
Nah, not really. :) I just hope CiDaemon realizes that HijackThis will show us so much more. Not only do I need to know what infections might be present, I also need to know what anti-programs are running on a computer so I know what has and has not been ran. Also need to see those anti-programs so I don't request they download almost the same program. For example: if some on is running SpySweeper, I wouldn't want to request they download AVGAS unless absolutely necessary.

Even more. :) I also need to know if the user is running a firewall or anti-virus. Is Java up-to-date? Is Windows up-to-date?

It's just HijackThis log can tell you so much about a system, and to clean the computer, one needs to know these things.


@exodus125,

Don't get too mad mate. :) There's nothing to worry about. The infection(Zlob) is only in the System Restore folder. It isn't escaping to become active. Clean the System Restore folder by simply turning if off and back on.

Right click My Computer > Properties > System Restore tab > check "Turn off System Restore".
Click Apply, then OK.
Restart and turn System Restore back on.

Edit: also, exodus125, if I could ask you a favor, please edit out that spam you received via email...thank you. :)
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related

This message has been edited since posting. Last time this message was edited on 28. November 2006 @ 18:54
Advertisement
_ 		__
 
_
CiDaemon
Member
_ 		29. November 2006 @ 18:33 _ Link to this message    Send private message to this user   
Okay, Okay, I give up! Stop making fun of me ;( .

I agree that HjT will be much better to use... as long as you have someone who can read and decypher process lists, running services, and regestry entries in order to find something that does not belong. Hooray for the 1% solution!

And since when am I a "newbie"??!!
[ + quote]
Brilliant!

This message has been edited since posting. Last time this message was edited on 29. November 2006 @ 18:35
 
Page:< Previous12
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > wife's computer acting up (help niobis)
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork