Malware & Critical System Alert - Niobis, I Require Help Please

lol, I just seen your thread and I was loading the page to edit my post to answer your question, then I seen your post.

Don't worry about. Windows' firewall isn't running, well, it can't run, for some reason...not sure why. Just go ahead and install the firewall you chose. Shouldn't have any conflicts since it "can't" be run.

 

Just got up so here is my report from Kaspersky.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, December 03, 2006 7:30:15 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 3/12/2006
Kaspersky Anti-Virus database records: 233742
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 126427
Number of viruses found: 1
Number of infected objects: 4 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:02:20

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Jessa\Application Data\Mozilla\Firefox\Profiles\dvcnrmjk.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jessa\Application Data\Mozilla\Firefox\Profiles\dvcnrmjk.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Jessa\Application Data\Mozilla\Firefox\Profiles\dvcnrmjk.default\history.dat Object is locked skipped
C:\Documents and Settings\Jessa\Application Data\Mozilla\Firefox\Profiles\dvcnrmjk.default\key3.db Object is locked skipped
C:\Documents and Settings\Jessa\Application Data\Mozilla\Firefox\Profiles\dvcnrmjk.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jessa\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jessa\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jessa\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jessa\Local Settings\Application Data\Mozilla\Firefox\Profiles\dvcnrmjk.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jessa\Local Settings\Application Data\Mozilla\Firefox\Profiles\dvcnrmjk.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jessa\Local Settings\Application Data\Mozilla\Firefox\Profiles\dvcnrmjk.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jessa\Local Settings\Application Data\Mozilla\Firefox\Profiles\dvcnrmjk.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jessa\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jessa\Local Settings\Temp\~DF77F4.tmp Object is locked skipped
C:\Documents and Settings\Jessa\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jessa\My Documents\Downloaded Files\d-f2ede1.exe/run.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.bbj skipped
C:\Documents and Settings\Jessa\My Documents\Downloaded Files\d-f2ede1.exe/run.exe/stream Infected: Trojan-Downloader.Win32.Zlob.bbj skipped
C:\Documents and Settings\Jessa\My Documents\Downloaded Files\d-f2ede1.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.bbj skipped
C:\Documents and Settings\Jessa\My Documents\Downloaded Files\d-f2ede1.exe ZIP: infected - 3 skipped
C:\Documents and Settings\Jessa\ntuser.dat Object is locked skipped
C:\Documents and Settings\Jessa\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\L0000181.FCS Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\F-Secure Internet Security\Common\admin.pub Object is locked skipped
C:\Program Files\F-Secure Internet Security\Common\policy.bpf Object is locked skipped
C:\Program Files\F-Secure Internet Security\Common\policy.ipf Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{771610D3-3BE3-4CD4-992B-8B334212095C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Doesn't look very harmful. Is it?

I am re-evaluating my time situation, I am seriously considering learning, and thanks for your offer of teaching. I will keep you posted.

What do you think of the report?

 

Delete this file:
C:\Documents and Settings\Jessa\My Documents\Downloaded Files\d-f2ede1.exe


Be fine after that.

 

Thanks, I thought so, I deleted this file. Intersting thing happened to me. I downloaded AVG free Antivirus software, and after installation it said the program was installed but with 1 error (something to do with the device not being present). Then when I clicked the OK button (there was no other choice at that point), my system kept rebooting on its own.
I rebooted in Safe mode, removed AVG and all was fine (except that windows would give me the error that I have just recovered from a critical system failure- this error did not appear on a 2nd reboot).

Is this because I had another anti-virus pgm on the system (F-secure). Do I have totally remove the F-secure to install AVG, or do you think during the download something may have gotten corrupted?

I tried this twice with the same result.

 

YES! You can only have one AV with real-time protection running at any time. You could probably keep both, but turn off the real-time protection of one.

In this case, I don't think F-Secure and AVG can co-exist on a computer.

 

I did turn F-secure entirely off, but no luck. So perhaps the physical presence of F-secure may have been the root cause of this problem. My renewal comes on Jan 7th, so its time for me to change over.

I seem to be reading all your posts i other sections. I am already in learning mode.

 

Yeah, you'll need to remove F-Secure before installing AVG.

Good to hear. Maybe when you learn some you can help out around here. Any questions or comments, PM me.