Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Monday 10.3.2025 / 03:11
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > need help
Show topics
 
Forums
Forums
Need help
  Jump to:
 
Posted Message
xaznboitx
Senior Member
_ 		9. January 2008 @ 05:39 _ Link to this message    Send private message to this user   
Scanning Report
09 January 2008 04:04:49 - 04:15:33

Computer name: YOUR-8925166B39
Scanning type: Perform full computer check
Target: C:\ D:\ + system + rootkits
Result: 3 malware found
*** Scanning aborted by user ***

Trojan-Downloader.Win32.Agent.bnm (virus)

* C:\WINDOWS\system32\mstscex.0ll Action: FAILED
* C:\WINDOWS\system32\oleauth32.0ll Action: FAILED
* C:\WINDOWS\system32\drivers\kcp.0ys Action: FAILED

Statistics
Scanned:

* Files: 23410
* Not scanned: 13

Result:

* Viruses: 3
* Spyware: 0
* Suspicious items: 0
* Riskware: 0

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* Quarantined: 0
* Failed: 3

Boot Sectors:

* Scanned: 1
* Infected: 0
* Suspicious items: 0
* Disinfected: 0

Files not scanned:

* Cannot open file (click here for more info) C:\HIBERFIL.SYS
* Cannot open file (click here for more info) C:\PAGEFILE.SYS
* Cannot open file (click here for more info) C:\WINDOWS\TEMP\AVP1F8.TMP
* Cannot open file (click here for more info) C:\WINDOWS\TEMP\FLA1F1.TMP
* Cannot open file (click here for more info) C:\WINDOWS\TEMP\PERFLIB_PERFDATA_83C.DAT
* Cannot open a file in archive C:\WINDOWS\SYSTEM32\BIOS1.ROM
* Cannot open file (click here for more info) C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* Cannot open file (click here for more info) C:\WINDOWS\SYSTEM32\CONFIG\SAM
* Cannot open file (click here for more info) C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* Cannot open file (click here for more info) C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* Cannot open file (click here for more info) C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
* Cannot open file (click here for more info) C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
* Cannot open file (click here for more info) C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{7598CE4E-AFD0-4A9D-8BD3-A0F4C6CFC60C}.BIN

Options
Definitions version:

* Viruses: 2008-01-09_01
* Spyware: 2008-01-09_01

Scanning Engines:

* F-Secure AVP: 7.00.171, 2008-01-09
* F-Secure Libra: 2.04.01, 2008-01-09
* F-Secure Orion: 1.02.37, 2008-01-09
* F-Secure Draco: 1.00.35, 2007-11-28
* F-Secure BlackLight: 1.00.64

Scanning options:

* Scan all files
* Scan inside archives

Actions:

* Viruses: Ask after scan
* Spyware: Ask after scan
* Show suspicious items after a full computer check

Error information
"Cannot open file" error occurred:
The "Cannot open file" error message means that the scanner was unable to open a file and that this file was not scanned. You can normally ignore this error message as there are many reasons for this message that do not imply a security threat, including:

* The file was a system file. System files are protected by the operation system by design. You can ignore this message in this case.
* You do not have permission to read the file. To scan the file, log in with a user account with sufficient permissions (for example the computer's administrator account) and rescan.
* The file was in use by an application when the scan was performed. To scan this file, close all applications and rescan.








Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:36:31 AM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\AIM\AIM Pro\aimpro.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsus.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.0.0.0.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1199750174859
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1199751401250
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 5916 bytes
[ + quote]
echoreply
Member
_ 		10. January 2008 @ 21:21 _ Link to this message    Send private message to this user   
try a online scan here;

ESET online scanner:

http://www.eset.com/onlinescan/

uses Internet Explorer only
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan unwanted applications"
when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt
[ + quote]
http://www.virusvault.us/
xaznboitx
Senior Member
_ 		14. January 2008 @ 16:12 _ Link to this message    Send private message to this user   
# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2790 (20080114)
# vers_arch_module=1.061 (20080110)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=89984b3a350a8d4daf7e177fdb3790ed
# end=finished
# remove_checked=true
# unwanted_checked=false
# utc_time=2008-01-14 11:01:51
# local_time=2008-01-14 03:01:51 (-0800, Pacific Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=368023
# found=1
# scan_time=5607
C:\WINDOWS\system32\drivers\kcp.0ys Win32/Agent.NHJ trojan (unable to clean - deleted) 00000000000000000000000000000000
[ + quote]
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > need help
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork