3% thru scan and it's already found 5 virus's .... will take hours at this rate. Will leave it to do it's thing and get back to you later with the result.
Newbie
3% thru scan and it's already found 5 virus's .... will take hours at this rate. Will leave it to do it's thing and get back to you later with the result.
Newbie
agh! This is getting beyond a joke... kaspersky scan below... have removed infected files, rebooted and they don't appear to be back. Rescnaning now.
KASPERSKY ON-LINE SCANNER REPORT
Sunday, February 19, 2006 11:32:59 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 18/02/2006
Kaspersky Anti-Virus database records: 177358
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
G:\
H:\
I:\
J:\
Scan Statistics
Total number of scanned objects 197242
Number of viruses found 14
Number of infected objects 45
Number of suspicious objects 0
Duration of the scan process 02:52:17
Infected Object Name Virus Name Last Action
C:\Documents and Settings\Owner\Desktop\dragonbluexpss.exe/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\Documents and Settings\Owner\Desktop\dragonbluexpss.exe WiseSFX: infected - 1 skipped
C:\Documents and Settings\Owner\Desktop\XviD.exe/stream/data0002 Infected: Trojan.Win32.Zapchast skipped
C:\Documents and Settings\Owner\Desktop\XviD.exe/stream/data0003/data0002 Infected: Trojan-Downloader.Win32.IstBar.er skipped
C:\Documents and Settings\Owner\Desktop\XviD.exe/stream/data0003 Infected: Trojan-Downloader.Win32.IstBar.er skipped
C:\Documents and Settings\Owner\Desktop\XviD.exe/stream Infected: Trojan-Downloader.Win32.IstBar.er skipped
C:\Documents and Settings\Owner\Desktop\XviD.exe NSIS: infected - 4 skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\6B0N4HU1\foto[1].js Infected: Trojan-Downloader.JS.Zapchast.b skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\U1MJ09OD\foto[1].js Infected: Trojan-Downloader.JS.Zapchast.b skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\Z6HGHJRN\index[2].htm Infected: Trojan-Clicker.JS.Agent.d skipped
C:\Documents and Settings\Owner\My Documents\DeusXv3.00\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
C:\Documents and Settings\Owner\My Documents\DeusXv3.00\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\Owner\My Documents\My eBooks\MiRC.v6.16.WinALL.Incl.Keygen-NGEN\ngnm616a\ngnm616\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\Owner\My Documents\My eBooks\MiRC.v6.16.WinALL.Incl.Keygen-NGEN\ngnm616a\ngnm616\mirc616.exe mIRC: infected - 1 skipped
C:\Documents and Settings\Owner\My Documents\My eBooks\MiRC.v6.16.WinALL.Incl.Keygen-NGEN\ngnm616a\ngnm616.rar/mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\Owner\My Documents\My eBooks\MiRC.v6.16.WinALL.Incl.Keygen-NGEN\ngnm616a\ngnm616.rar/mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\Owner\My Documents\My eBooks\MiRC.v6.16.WinALL.Incl.Keygen-NGEN\ngnm616a\ngnm616.rar RAR: infected - 2 skipped
C:\Documents and Settings\Owner\My Documents\My eBooks\MiRC.v6.16.WinALL.Incl.Keygen-NGEN\ngnm616a.zip/ngnm616.rar/mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\Owner\My Documents\My eBooks\MiRC.v6.16.WinALL.Incl.Keygen-NGEN\ngnm616a.zip/ngnm616.rar/mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\Owner\My Documents\My eBooks\MiRC.v6.16.WinALL.Incl.Keygen-NGEN\ngnm616a.zip/ngnm616.rar Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\Owner\My Documents\My eBooks\MiRC.v6.16.WinALL.Incl.Keygen-NGEN\ngnm616a.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Owner\My Documents\My eBooks\MiRC.v6.16.WinALL.Incl.Keygen-NGEN.rar/ngnm616a.zip/ngnm616.rar/mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\Owner\My Documents\My eBooks\MiRC.v6.16.WinALL.Incl.Keygen-NGEN.rar/ngnm616a.zip/ngnm616.rar/mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\Owner\My Documents\My eBooks\MiRC.v6.16.WinALL.Incl.Keygen-NGEN.rar/ngnm616a.zip/ngnm616.rar Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\Owner\My Documents\My eBooks\MiRC.v6.16.WinALL.Incl.Keygen-NGEN.rar/ngnm616a.zip Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\Owner\My Documents\My eBooks\MiRC.v6.16.WinALL.Incl.Keygen-NGEN.rar RAR: infected - 4 skipped
C:\Documents and Settings\Owner\My Documents\wares\Chat & Messengers\DeusX Script\DX_v3.00\DeusXv3.00\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
C:\Documents and Settings\Owner\My Documents\wares\Chat & Messengers\DeusX Script\DX_v3.00.zip/DeusXv3.00/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
C:\Documents and Settings\Owner\My Documents\wares\Chat & Messengers\DeusX Script\DX_v3.00.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\My Documents\wares\Chat & Messengers\Mirc 6-16\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\Owner\My Documents\wares\Chat & Messengers\Mirc 6-16\mirc616.exe mIRC: infected - 1 skipped
C:\Documents and Settings\Owner\My Documents\wares\Download Progs\setup_ares.exe/data0037/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
C:\Documents and Settings\Owner\My Documents\wares\Download Progs\setup_ares.exe/data0037/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g skipped
C:\Documents and Settings\Owner\My Documents\wares\Download Progs\setup_ares.exe/data0037/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Documents and Settings\Owner\My Documents\wares\Download Progs\setup_ares.exe/data0037/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Documents and Settings\Owner\My Documents\wares\Download Progs\setup_ares.exe/data0037/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Documents and Settings\Owner\My Documents\wares\Download Progs\setup_ares.exe/data0037 Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Documents and Settings\Owner\My Documents\wares\Download Progs\setup_ares.exe/data0038 Infected: not-a-virus:AdWare.Win32.NavExcel.i skipped
C:\Documents and Settings\Owner\My Documents\wares\Download Progs\setup_ares.exe NSIS: infected - 7 skipped
C:\Documents and Settings\Owner\My Documents\wares\vnc-3.3.7-x86_win32.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
C:\Documents and Settings\Owner\My Documents\wares\vnc-3.3.7-x86_win32.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
C:\Documents and Settings\Owner\My Documents\wares\vnc-3.3.7-x86_win32.exe/data0004 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
C:\Documents and Settings\Owner\My Documents\wares\vnc-3.3.7-x86_win32.exe Inno: infected - 3 skipped
C:\WINDOWS\system32\jarihdi\csrss.exe Infected: Trojan-Spy.Win32.VB.lo skipped
C:\WINDOWS\system32\jarihdi\smss.exe Infected: Trojan-Spy.Win32.VB.lo skipped
Last edited by Neamh; 19-02-2006 at 04:53 AM.
Newbie
all clean nowManual clean up got the last of it, last kasp scan clean.
Thanks again Vincent!
Senior Member (Canada)
As stated, the 192.168.0.254 entry appears to be your router IP access point and should be OK.the destruction manual for the router is on its way today so I'll get that 192.168.0.254 line fixed up
The following tool is very similar to Cleanmgr.exe ,and does a lot more.
Download and run the freeware system optimization and privacy tool:
CCleaner (Crap Cleaner)
http://www.ccleaner.com/ccdownload.asp
It removes unnecessary junk from your computer allowing it to run more efficiently and securely.
You may get more optimal cleaning if you run it in SAFEMODE – while rebooting and at the beep keep tapping the F8 key.
Once installed, you will notice an Online Help link at the bottom left. An Updates checking link is provided at the bottom right. When first run in its DEFAULT opening setup – Cleaner Settings (Windows TAB is selected) :
- Uncheck ‘Cookies’ option (advisable)
- Click the ‘Analyse’ button.
- Thereafter, click ‘Run Cleaner’ after you have reviewed what it proposes to clean.
You might also want to run this scan as well:
Place a shortcut to Panda ActiveScan on your desktop.
Run the Panda ActiveScan shortcut.
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post a Panda log back here, if anything is reported.
