The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

Infected with Serious Trojan (Win32:Trojan-gen {Other}), Need help!!!

Posted 6/5/2008 4:07 AM
#62651
User avatar

Eclipse86 Member

Date Joined Nov 2016
Total Posts: 1
Hey guys, so I recently got one of my files infected with a Trojan (used Avast Antivirus to scan). Similar to the one in this thread
https://forumserver.twoplustwo.com/showthread.php?t=216676

it infected the file "c:\poker\noiq poker\_setuppoker[1].exe"


Here is the message I received from Avast after performing a full system scan:


Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Poker\NoIQ Poker\_SetupPoker.exe" file




I was unable to repair the file, so I opted to delete it instead.



After that I restarted my computer and re-scanned and nothing else was infected.

My questions are, is the virus/trojan still lurking on my computer but just hasnt infected anything else yet?

If so is there a way I can get rid of it?

I'm getting really scared about this and is extremely scared to open any of my poker accounts for fear of my passwords getting stolen.

All help is appreciated.

Also I downloaded HiJackThis and ran a scan, here is the log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:30 PM, on 6/4/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2715683108-1705201158-197556394-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6513 bytes



If someone could decipher this log file and let me know if theres anything wrong with it/if im still infected, and what I could do that would be great. As im sorta going a bit paranoid here.


I also ran the Online Virus Scanner with Kaspersky and here are the results:

KASPERSKY ONLINE SCANNER REPORT
Wednesday, June 04, 2008 11:36:15 PM
Operating System: Microsoft Windows Vista, Service Pack 1 (Build 6001)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/06/2008
Kaspersky Anti-Virus database records: 830149
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 77542
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 00:16:59

Infected Object Name Virus Name Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files (x86)\PostgreSQL\8.3\data\pg_log\postgresql-2008-06-04_214141.log Object is locked skipped
C:\ProgramData\comodo\common\db\sigsdb.db Object is locked skipped
C:\ProgramData\comodo\Firewall Pro\cfplogdb.sdb Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0. dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1. dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\GatherLogs\SystemIndex\SystemIndex.32.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\GatherLogs\SystemIndex\SystemIndex.32.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 005.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 006.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 007.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 008.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 009.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 00A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 00B.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 00B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 00B.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 00C.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 00D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 00E.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 00F.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 010.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 011.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 012.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 013.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 015.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 016.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 017.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 018.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 01A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 01B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 01D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 01F.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 021.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX .000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\SystemIndex.Ntfy7.gth r Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsv c\Ntf75CA.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsv c\Ntf75CB.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-073608.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Messenger \mkc_cm@hotmail.com\SharingMetadata\Logs\Dfsr00005 .log Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Messenger \mkc_cm@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Messenger \mkc_cm@hotmail.com\SharingMetadata\Working\databa se_2C88_696A_8869_340C\dfsr.db Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Messenger \mkc_cm@hotmail.com\SharingMetadata\Working\databa se_2C88_696A_8869_340C\fsr.log Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Messenger \mkc_cm@hotmail.com\SharingMetadata\Working\databa se_2C88_696A_8869_340C\fsrtmp.log Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Messenger \mkc_cm@hotmail.com\SharingMetadata\Working\databa se_2C88_696A_8869_340C\tmp.edb Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\E xplorer\thumbcache_1024.db Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\E xplorer\thumbcache_256.db Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\E xplorer\thumbcache_32.db Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\E xplorer\thumbcache_96.db Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\E xplorer\thumbcache_idx.db Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\E xplorer\thumbcache_sr.db Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\H istory\History.IE5\index.dat Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\H istory\History.IE5\MSHist012008060420080605\index. dat Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\T emporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\U srClass.dat Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\U srClass.dat.LOG1 Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\U srClass.dat.LOG2 Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\U srClass.dat{2b85fc56-2189-11dd-9ec9-00044b0a02db}.TM.blf Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\U srClass.dat{2b85fc56-2189-11dd-9ec9-00044b0a02db}.TMContainer00000000000000000001.regt rans-ms Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows\U srClass.dat{2b85fc56-2189-11dd-9ec9-00044b0a02db}.TMContainer00000000000000000002.regt rans-ms Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows Defender\FileTracker\{7FEE989B-D4AD-4699-B186-128C47CCA473} Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows Live Contacts\mkc_cm@hotmail.com\real\members.stg Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows Live Contacts\mkc_cm@hotmail.com\shadow\members.stg Object is locked skipped
C:\Users\Carlton\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Carlton\AppData\Local\Mozilla\Firefox\Pro files\9lz8ui7s.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\Carlton\AppData\Local\Mozilla\Firefox\Pro files\9lz8ui7s.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\Carlton\AppData\Local\Mozilla\Firefox\Pro files\9lz8ui7s.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\Carlton\AppData\Local\Mozilla\Firefox\Pro files\9lz8ui7s.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\Carlton\AppData\Local\Temp\~DF26F5.tmp Object is locked skipped
C:\Users\Carlton\AppData\Local\Temp\~DF27D5.tmp Object is locked skipped
C:\Users\Carlton\AppData\Local\Temp\~DF2D47.tmp Object is locked skipped
C:\Users\Carlton\AppData\Local\Temp\~DF4EDD.tmp Object is locked skipped
C:\Users\Carlton\AppData\Roaming\Microsoft\Windows \Cookies\index.dat Object is locked skipped
C:\Users\Carlton\AppData\Roaming\Mozilla\Firefox\P rofiles\9lz8ui7s.default\cert8.db Object is locked skipped
C:\Users\Carlton\AppData\Roaming\Mozilla\Firefox\P rofiles\9lz8ui7s.default\formhistory.dat Object is locked skipped
C:\Users\Carlton\AppData\Roaming\Mozilla\Firefox\P rofiles\9lz8ui7s.default\history.dat Object is locked skipped
C:\Users\Carlton\AppData\Roaming\Mozilla\Firefox\P rofiles\9lz8ui7s.default\key3.db Object is locked skipped
C:\Users\Carlton\AppData\Roaming\Mozilla\Firefox\P rofiles\9lz8ui7s.default\parent.lock Object is locked skipped
C:\Users\Carlton\AppData\Roaming\Mozilla\Firefox\P rofiles\9lz8ui7s.default\search.sqlite Object is locked skipped
C:\Users\Carlton\AppData\Roaming\Mozilla\Firefox\P rofiles\9lz8ui7s.default\urlclassifier2.sqlite Object is locked skipped
C:\Users\Carlton\AppData\Roaming\Mozilla\Firefox\P rofiles\9lz8ui7s.default\webappsstore.sqlite Object is locked skipped
C:\Users\Carlton\NTUSER.DAT Object is locked skipped
C:\Users\Carlton\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Carlton\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Carlton\NTUSER.DAT{1484be71-6a85-11db-b53d-88eb28f23ee5}.TM.blf Object is locked skipped
C:\Users\Carlton\NTUSER.DAT{1484be71-6a85-11db-b53d-88eb28f23ee5}.TMContainer00000000000000000001.regt rans-ms Object is locked skipped
C:\Users\Carlton\NTUSER.DAT{1484be71-6a85-11db-b53d-88eb28f23ee5}.TMContainer00000000000000000002.regt rans-ms Object is locked skipped
C:\Users\postgres\AppData\Local\Microsoft\Windows\ UsrClass.dat Object is locked skipped
C:\Users\postgres\AppData\Local\Microsoft\Windows\ UsrClass.dat.LOG1 Object is locked skipped
C:\Users\postgres\AppData\Local\Microsoft\Windows\ UsrClass.dat.LOG2 Object is locked skipped
C:\Users\postgres\AppData\Local\Microsoft\Windows\ UsrClass.dat{0857977b-2da3-11dd-a9ae-00044b0a02da}.TM.blf Object is locked skipped
C:\Users\postgres\AppData\Local\Microsoft\Windows\ UsrClass.dat{0857977b-2da3-11dd-a9ae-00044b0a02da}.TMContainer00000000000000000001.regt rans-ms Object is locked skipped
C:\Users\postgres\AppData\Local\Microsoft\Windows\ UsrClass.dat{0857977b-2da3-11dd-a9ae-00044b0a02da}.TMContainer00000000000000000002.regt rans-ms Object is locked skipped
C:\Users\postgres\NTUSER.DAT Object is locked skipped
C:\Users\postgres\ntuser.dat.LOG1 Object is locked skipped
C:\Users\postgres\ntuser.dat.LOG2 Object is locked skipped
C:\Users\postgres\NTUSER.DAT{08579777-2da3-11dd-a9ae-00044b0a02da}.TM.blf Object is locked skipped
C:\Users\postgres\NTUSER.DAT{08579777-2da3-11dd-a9ae-00044b0a02da}.TMContainer00000000000000000001.regt rans-ms Object is locked skipped
C:\Users\postgres\NTUSER.DAT{08579777-2da3-11dd-a9ae-00044b0a02da}.TMContainer00000000000000000002.regt rans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat .LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat .LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT {1484be69-6a85-11db-b53d-88eb28f23ee5}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT {1484be69-6a85-11db-b53d-88eb28f23ee5}.TMContainer00000000000000000001.regt rans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT {1484be69-6a85-11db-b53d-88eb28f23ee5}.TMContainer00000000000000000002.regt rans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.d at.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.d at.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT{1484be65-6a85-11db-b53d-88eb28f23ee5}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT{1484be65-6a85-11db-b53d-88eb28f23ee5}.TMContainer00000000000000000001.regt rans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT{1484be65-6a85-11db-b53d-88eb28f23ee5}.TMContainer00000000000000000002.regt rans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
Scan process completed.



As you can see there are a bunch of locked files that didn't get scanned by Kaspersky. Could this be the result of the Trojan?[url][/url][url]
Posted 7/13/2008 12:20 AM
#63518
User avatar

Dragan Member

Date Joined Nov 2016
Total Posts: 7
Just use demand a scan on turning on pc option or smth like that and if it finds anything use option '6' (move all to virus chest) that is like quarantine and when u turn on ur pc he will be in virus chest and it won't be able to run/execute it self from there and just delete him.
Posted 7/13/2008 12:27 AM
#63519
User avatar

Dragan Member

Date Joined Nov 2016
Total Posts: 7
Umm btw i just saw program u have called 'spybot seach & destroy'
That is virus bundled with that program...it isn't actually a AV.U got window pop-ups before right ?It said u have some viruses yada yada...but it prompts a user to download it as they are sure it is AV for removing viruses but it is virus it self and that how he downloads arbitary files and other malicious software programs.Maybe that's how u got Trojan-gen (other).
Once i tested vundrop virus (vundo family virus) and he downloaded trojan-gen(other)...that trojan is probably downloaded by other virus.
Just use a demand a scan when turning on pc option and use option '6' as wroten above.Good luck
Posted 7/17/2008 8:57 PM
#63744
User avatar

xPreatorianx Member

Date Joined Nov 2016
Total Posts: 3
Sorry Did not read the rules Like I should have done!
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, August 8, 2022, 10:14 AM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
18 Guest(s), 0 Registered Member(s) are currently online.