1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need help with W32.Myzor.FK@yf virus

Discussion in 'Windows - Virus and spyware problems' started by Jaytan716, Sep 26, 2006.

  1. Jaytan716

    Jaytan716 Member

    Joined:
    Sep 26, 2006
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    11
    Yeah sorry about posting the BD log. I think it must have finally gone through on its own, because I'd given up on it and figured I'd get it to you by email.

    Yesh, I had deleted the quarantined files in Norton when you'd previously suggested it, and even just deleted the folder itself in c:\Program Files\Norton. Here's the subsequent HijackThis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:59:03 AM, on 10/1/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mmaweekly.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125901926\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [Podbridge Service] C:\Program Files\PodBridge\Podbridge Service.exe
    O4 - HKCU\..\Run: [Podbridge Launcher] C:\Program Files\PodBridge\PBLauncher.exe
    O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
    O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www.snapfish.com/SnapfishOutlookImport.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://evite.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
    O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - https://ww2.lifescan.com/otdms/isetup.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.0.2041/bin/imvid.cab
    O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
    O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
    O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

     
  2. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,328
    Likes Received:
    0
    Trophy Points:
    66
    Please edit the BitDefender log out of the thread, it's too big to post.

    I'm assuming you uninstalled Norton before you deleted the Program Files\Norton folder...?

    I'm sorry for all these online scans, but it's the best we got with these inactive files. Now that BitDefender deleted alot, let's see what's left.

    Go back and run Kaspersky one more time. Post the log.
     
  3. Jaytan716

    Jaytan716 Member

    Joined:
    Sep 26, 2006
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    11
    No, I haven't uninstalled Norton Antivirus 2002 yet. When you said this:

    Delete everything in Norton's quarantine from the menu or delete this folder:
    C:\Program Files\Norton AntiVirus\Quarantine

    I had already run Norton by that point and deleted items when it asked if I wanted to. Then, per your suggestion above, I went and found the Quarantine folder in this location and simply deleted it. Should I now uninstall Norton before running Kaspersky?

    No problem on all the online scans. Hey, I feel badly that you're having to reclarify yourself all these times and I'm not quite keeping up. I know it makes your already-generous volunteering that much more difficult.

    Will wait for your clarification before running Kaspersky.
     
  4. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,328
    Likes Received:
    0
    Trophy Points:
    66
    Ok, I thought in your last post that you said you deleted the Norton folder instead of Quarantine folder when you said:

    Sorry for the confusion. Do not uninstall Norton unless you want to.

    Before you run the Kaspersky scanner go here and download [bold]ATF Cleaner[/bold].

    Open AFT Cleaner.
    Check "Select All".
    Click "Empty Selected".
     
  5. Jaytan716

    Jaytan716 Member

    Joined:
    Sep 26, 2006
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    11
    Kapersky log:

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Monday, October 02, 2006 7:05:42 AM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.83.0
    Kaspersky Anti-Virus database last update: 2/10/2006
    Kaspersky Anti-Virus database records: 214933
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: standard
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    H:\

    Scan Statistics:
    Total number of scanned objects: 119090
    Number of viruses found: 19
    Number of infected objects: 71 / 0
    Number of suspicious objects: 4
    Duration of the scan process: 02:49:39

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\Jay Tan\Cookies\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/29 Jul 2003 04:14 to 'Cailin Yahoo':RE: If at first you don't su.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\archive.pst Mail MS Mail: suspicious - 1 skipped
    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-Mail/24 Sep 2004 12:29 from Davis Lockettl:meeting sunday at 05-00 - .rtf Infected: Exploit.HTML.Iframe.FileDownload skipped
    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-Mail/05 Jan 2006 18:35 from eBay:eBay Inc reminder: please update you.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/10 Oct 2004 09:04 from Smith Barney:SMITH BARNEY OFFICIAL UPDATE.rtf Infected: Trojan-Spy.HTML.Citifraud.ak skipped
    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/20 Oct 2004 08:52 from warniwf@suntrust.com:SunTrust Warning Inf.rtf Infected: Trojan-Spy.HTML.Sunfraud.k skipped
    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/12 Nov 2004 01:20 from Washington Mutual:WASHINGTON MUTUAL REMIN.rtf Infected: Trojan-Spy.HTML.Bankfraud.w skipped
    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/16 Nov 2004 23:54 from Citizens Bank:Citizens Bank alert - unaut.rtf Infected: Trojan-Spy.HTML.Citifraud.ai skipped
    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/21 Dec 2004 02:14 from Bank of the West:Bank of the West: please.eml Infected: Trojan-Spy.HTML.Bankfraud.aq skipped
    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/26 Dec 2004 19:40 from Support Access Dept:WEST Online Banking. .eml Infected: Trojan-Spy.HTML.Bankfraud.aq skipped
    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/21 Dec 2004 02:14 from Bank of the West:Bank of the West: please.eml Infected: Trojan-Spy.HTML.Bankfraud.aq skipped
    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/10 Feb 2005 00:33 from Washington Mutual:Washington Mutual: Urge.rtf Infected: Trojan-Spy.HTML.Wamufraud.bo skipped
    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/19 Jul 2005 13:01 from eBay:Urgent security notice [Wed, 20 Jul .rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/19 Jul 2005 14:34 from eBay Inc:eBay Inc: security update.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/07 Aug 2005 03:49 from eBay:eBay - Urgent Security Notification .rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/04 Sep 2005 16:07 from eBay:Important information: your account.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/22 Sep 2005 08:23 from eBay:Important information: your account.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/04 Oct 2005 17:04 from eBay Inc:eBay Inc: special announce [Tue,.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/14 Oct 2005 21:53 from eBay Inc:Urgent notification from billing.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/28 Oct 2005 22:08 from eBay:eBay: Confirm Your DetaiIs To Avoid .rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/12 Nov 2005 16:46 from eBay:eBay Inc: Security Update [Sat, 12 N.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Mail MS Mail: infected - 19 skipped
    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Jay Tan\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\Jay Tan\Local Settings\History\History.IE5\MSHist012006100120061002\index.dat Object is locked skipped
    C:\Documents and Settings\Jay Tan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Jay Tan\My Documents\The Rockford Files\IE\Fish\Forms\inbox.pst/Personal Folders/Inbox/Resumes/Asst Position/14 Dec 2001 00:54 from Devon Jackson:DEVON JACKSON resume/Resume/Resume Infected: Virus.MSWord.Melissa skipped
    C:\Documents and Settings\Jay Tan\My Documents\The Rockford Files\IE\Fish\Forms\inbox.pst/Personal Folders/Inbox/Resumes/Asst Position/14 Dec 2001 00:54 from Devon Jackson:DEVON JACKSON resume/Resume Infected: Virus.MSWord.Melissa skipped
    C:\Documents and Settings\Jay Tan\My Documents\The Rockford Files\IE\Fish\Forms\inbox.pst Mail MS Mail: infected - 2 skipped
    C:\Documents and Settings\Jay Tan\ntuser.dat Object is locked skipped
    C:\Documents and Settings\Jay Tan\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Jay Tan\UserData\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP3\change.log Object is locked skipped
    C:\WINDOWS\CSC\00000001 Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/29 Jul 2003 04:14 to 'Cailin Yahoo':RE: If at first you don't su.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\archive.pst Mail MS Mail: suspicious - 1 skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-Mail/24 Sep 2004 12:29 from Davis Lockettl:meeting sunday at 05-00 - .rtf Infected: Exploit.HTML.Iframe.FileDownload skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-Mail/13 Sep 2005 00:11 from Jman/newprice.zip/price.cpl Infected: Email-Worm.Win32.Bagle.ct skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-Mail/13 Sep 2005 00:11 from Jman/newprice.zip Infected: Email-Worm.Win32.Bagle.ct skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-Mail/26 Nov 2005 12:34 from PayPal Billing Center.:YOUR ACCOUNT LIMIT/PE-901-449-020.jpg.exe Infected: Trojan-Downloader.Win32.Small.bxp skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-Mail/28 Nov 2005 12:46 from PayPal Billing Center.:YOUR ACCOUNT LIMIT/PE-901-449-020.jpg.exe Infected: Trojan-Downloader.Win32.Small.byc skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-Mail/26 Dec 2005 20:07 from Jman:Katherine/Anne.zip Infected: Trojan-Downloader.Win32.Bagle.r skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-Mail/05 Jan 2006 18:35 from eBay:eBay Inc reminder: please update you.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/10 Oct 2004 09:04 from Smith Barney:SMITH BARNEY OFFICIAL UPDATE.rtf Infected: Trojan-Spy.HTML.Citifraud.ak skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/20 Oct 2004 08:52 from warniwf@suntrust.com:SunTrust Warning Inf.rtf Infected: Trojan-Spy.HTML.Sunfraud.k skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/12 Nov 2004 01:20 from Washington Mutual:WASHINGTON MUTUAL REMIN.rtf Infected: Trojan-Spy.HTML.Bankfraud.w skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/16 Nov 2004 23:54 from Citizens Bank:Citizens Bank alert - unaut.rtf Infected: Trojan-Spy.HTML.Citifraud.ai skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/30 Nov 2004 16:30 from shishpage@earthlink.net:Important/Data.zip/Data.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/30 Nov 2004 16:30 from shishpage@earthlink.net:Important/Data.zip Infected: Email-Worm.Win32.NetSky.aa skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/21 Dec 2004 02:14 from Bank of the West:Bank of the West: please.eml Infected: Trojan-Spy.HTML.Bankfraud.aq skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/26 Dec 2004 19:40 from Support Access Dept:WEST Online Banking. .eml Infected: Trojan-Spy.HTML.Bankfraud.aq skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/21 Dec 2004 02:14 from Bank of the West:Bank of the West: please.eml Infected: Trojan-Spy.HTML.Bankfraud.aq skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/10 Feb 2005 00:33 from Washington Mutual:Washington Mutual: Urge.rtf Infected: Trojan-Spy.HTML.Wamufraud.bo skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/03 Jun 2005 04:36 from Don Hightower:Finally!/pics.zip/pics.scr Infected: Trojan-Downloader.Win32.Small.axr skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/03 Jun 2005 04:36 from Don Hightower:Finally!/pics.zip Infected: Trojan-Downloader.Win32.Small.axr skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/03 Jun 2005 04:36 from Don Hightower:Finally!/pics.zip/pics.scr Infected: Trojan-Downloader.Win32.Small.axr skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/03 Jun 2005 04:36 from Don Hightower:Finally!/pics.zip Infected: Trojan-Downloader.Win32.Small.axr skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/15 Jun 2005 18:25 from administrator@tandynasty.com:*DETECTED* O/wdyxy.zip/wdyxy.htm .exe Infected: Net-Worm.Win32.Mytob.bi skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/15 Jun 2005 18:25 from administrator@tandynasty.com:*DETECTED* O/wdyxy.zip Infected: Net-Worm.Win32.Mytob.bi skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/19 Jul 2005 13:01 from eBay:Urgent security notice [Wed, 20 Jul .rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/19 Jul 2005 14:34 from eBay Inc:eBay Inc: security update.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/07 Aug 2005 03:49 from eBay:eBay - Urgent Security Notification .rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/13 Aug 2005 07:18 from Jman/The_taxation.zip/Taxes.exe Infected: Email-Worm.Win32.Bagle.cl skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/13 Aug 2005 07:18 from Jman/The_taxation.zip Infected: Email-Worm.Win32.Bagle.cl skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/04 Sep 2005 16:07 from eBay:Important information: your account.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/22 Sep 2005 08:23 from eBay:Important information: your account.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/04 Oct 2005 17:04 from eBay Inc:eBay Inc: special announce [Tue,.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/14 Oct 2005 21:53 from eBay Inc:Urgent notification from billing.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/28 Oct 2005 22:08 from eBay:eBay: Confirm Your DetaiIs To Avoid .rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/03 Nov 2005 16:14 from Jman/Business.zip/5.exe Infected: Email-Worm.Win32.Bagle.ek skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/03 Nov 2005 16:14 from Jman/Business.zip Infected: Email-Worm.Win32.Bagle.ek skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/12 Nov 2005 16:46 from eBay:eBay Inc: Security Update [Sat, 12 N.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Mail MS Mail: infected - 36 skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\My Documents\The Rockford Files\IE\Fish\Forms\inbox.pst/Personal Folders/Inbox/Resumes/Asst Position/14 Dec 2001 00:54 from Devon Jackson:DEVON JACKSON resume/Resume/Resume Infected: Virus.MSWord.Melissa skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\My Documents\The Rockford Files\IE\Fish\Forms\inbox.pst/Personal Folders/Inbox/Resumes/Asst Position/14 Dec 2001 00:54 from Devon Jackson:DEVON JACKSON resume/Resume Infected: Virus.MSWord.Melissa skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\My Documents\The Rockford Files\IE\Fish\Forms\inbox.pst Mail MS Mail: infected - 2 skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Shared\big city wg snuffy walden.zip/YSB_toolBar.exe/stream Infected: Trojan-Downloader.Win32.IstBar.no skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Shared\big city wg snuffy walden.zip/YSB_toolBar.exe Infected: Trojan-Downloader.Win32.IstBar.no skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Shared\big city wg snuffy walden.zip ZIP: infected - 2 skipped
    H:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP3\change.log Object is locked skipped
    H:\My Documents\The Rockford Files\IE\Fish\Forms\inbox.pst/Personal Folders/Inbox/Resumes/Asst Position/14 Dec 2001 00:54 from Devon Jackson:DEVON JACKSON resume/Resume/Resume Infected: Virus.MSWord.Melissa skipped
    H:\My Documents\The Rockford Files\IE\Fish\Forms\inbox.pst/Personal Folders/Inbox/Resumes/Asst Position/14 Dec 2001 00:54 from Devon Jackson:DEVON JACKSON resume/Resume Infected: Virus.MSWord.Melissa skipped
    H:\My Documents\The Rockford Files\IE\Fish\Forms\inbox.pst Mail MS Mail: infected - 2 skipped
    H:\My Documents\The Rockford Files\Brain Food\IE Outlook\backup.pst/Personal Folders/Inbox/02 Oct 2004 07:01 from CitiBank:Citibank: client's data verifica.rtf Infected: Trojan-Spy.HTML.Citifraud.ai skipped
    H:\My Documents\The Rockford Files\Brain Food\IE Outlook\backup.pst Mail MS Mail: infected - 1 skipped

    Scan process completed.
     
  6. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,328
    Likes Received:
    0
    Trophy Points:
    66
    Is this folder accessible? Or is it part of Outlook?

    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\[bold]archive.pst[/bold]

    Either way, delete these folders.

    Personal Folders/[bold]Junk E-Mail[/bold]
    Personal Folders/[bold]Junk Suspects[/bold]

    The inbox has infections too. Look through the last part of the log and delete what is necessary.
     
  7. Jaytan716

    Jaytan716 Member

    Joined:
    Sep 26, 2006
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    11
    Okay, I've emptied out the "Junk" and "Junk Suspects" folders, although had to do so by opening up Outlook and right clicking on the folders. Tried to find them in the C: drive library, but they're located as part of the .pst file. I'm also emptying out the trash in Outlook now as I type this.

    I also read carefully through the Kaspersky scan and deleted these items:
    H:\My Documents\The Rockford Files\IE\Fish\Forms\inbox.pst
    H:\My Documents\The Rockford Files\Brain Food\IE Outlook\backup.pst
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Shared\big city wg snuffy walden.zip
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\My Documents\The Rockford Files\IE\Fish\Forms\inbox.pst

    and located / deleted the email (via Outlook) listed here:
    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/29 Jul 2003 04:14 to 'Cailin Yahoo':RE: If at first you don't su.rtf

    All the other infected items seemed to be in "Junk" or "Junk Suspects," although I wasn't sure about how to access this guy:

    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\archive.pst Mail MS Mail: suspicious - 1 skipped.

    I'm pretty proud of myself for finding and deleting those bad boys. Wonder what I missed.

    Running another Kapinsky, since it'll go through the night anyway.

     
  8. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,328
    Likes Received:
    0
    Trophy Points:
    66
    Great job. Don't think you missed any. We'll see what Kaspersky logs, hopefully last scan. :)
     
  9. Jaytan716

    Jaytan716 Member

    Joined:
    Sep 26, 2006
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    11
    Enh, maybe not so good after all. . .


    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Tuesday, October 03, 2006 2:00:03 AM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.83.0
    Kaspersky Anti-Virus database last update: 3/10/2006
    Kaspersky Anti-Virus database records: 215246
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: standard
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    H:\

    Scan Statistics:
    Total number of scanned objects: 120083
    Number of viruses found: 19
    Number of infected objects: 51 / 0
    Number of suspicious objects: 2
    Duration of the scan process: 02:21:44

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\Jay Tan\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Jay Tan\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\Jay Tan\Local Settings\History\History.IE5\MSHist012006100220061003\index.dat Object is locked skipped
    C:\Documents and Settings\Jay Tan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Jay Tan\My Documents\The Rockford Files\IE\Fish\Forms\inbox.pst/Personal Folders/Inbox/Resumes/Asst Position/14 Dec 2001 00:54 from Devon Jackson:DEVON JACKSON resume/Resume/Resume Infected: Virus.MSWord.Melissa skipped
    C:\Documents and Settings\Jay Tan\My Documents\The Rockford Files\IE\Fish\Forms\inbox.pst/Personal Folders/Inbox/Resumes/Asst Position/14 Dec 2001 00:54 from Devon Jackson:DEVON JACKSON resume/Resume Infected: Virus.MSWord.Melissa skipped
    C:\Documents and Settings\Jay Tan\My Documents\The Rockford Files\IE\Fish\Forms\inbox.pst Mail MS Mail: infected - 2 skipped
    C:\Documents and Settings\Jay Tan\ntuser.dat Object is locked skipped
    C:\Documents and Settings\Jay Tan\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP3\change.log Object is locked skipped
    C:\WINDOWS\CSC\00000001 Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/29 Jul 2003 04:14 to 'Cailin Yahoo':RE: If at first you don't su.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\archive.pst Mail MS Mail: suspicious - 1 skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-Mail/24 Sep 2004 12:29 from Davis Lockettl:meeting sunday at 05-00 - .rtf Infected: Exploit.HTML.Iframe.FileDownload skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-Mail/13 Sep 2005 00:11 from Jman/newprice.zip/price.cpl Infected: Email-Worm.Win32.Bagle.ct skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-Mail/13 Sep 2005 00:11 from Jman/newprice.zip Infected: Email-Worm.Win32.Bagle.ct skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-Mail/26 Nov 2005 12:34 from PayPal Billing Center.:YOUR ACCOUNT LIMIT/PE-901-449-020.jpg.exe Infected: Trojan-Downloader.Win32.Small.bxp skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-Mail/28 Nov 2005 12:46 from PayPal Billing Center.:YOUR ACCOUNT LIMIT/PE-901-449-020.jpg.exe Infected: Trojan-Downloader.Win32.Small.byc skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-Mail/26 Dec 2005 20:07 from Jman:Katherine/Anne.zip Infected: Trojan-Downloader.Win32.Bagle.r skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-Mail/05 Jan 2006 18:35 from eBay:eBay Inc reminder: please update you.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/10 Oct 2004 09:04 from Smith Barney:SMITH BARNEY OFFICIAL UPDATE.rtf Infected: Trojan-Spy.HTML.Citifraud.ak skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/20 Oct 2004 08:52 from warniwf@suntrust.com:SunTrust Warning Inf.rtf Infected: Trojan-Spy.HTML.Sunfraud.k skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/12 Nov 2004 01:20 from Washington Mutual:WASHINGTON MUTUAL REMIN.rtf Infected: Trojan-Spy.HTML.Bankfraud.w skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/16 Nov 2004 23:54 from Citizens Bank:Citizens Bank alert - unaut.rtf Infected: Trojan-Spy.HTML.Citifraud.ai skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/30 Nov 2004 16:30 from shishpage@earthlink.net:Important/Data.zip/Data.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/30 Nov 2004 16:30 from shishpage@earthlink.net:Important/Data.zip Infected: Email-Worm.Win32.NetSky.aa skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/21 Dec 2004 02:14 from Bank of the West:Bank of the West: please.eml Infected: Trojan-Spy.HTML.Bankfraud.aq skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/26 Dec 2004 19:40 from Support Access Dept:WEST Online Banking. .eml Infected: Trojan-Spy.HTML.Bankfraud.aq skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/21 Dec 2004 02:14 from Bank of the West:Bank of the West: please.eml Infected: Trojan-Spy.HTML.Bankfraud.aq skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/10 Feb 2005 00:33 from Washington Mutual:Washington Mutual: Urge.rtf Infected: Trojan-Spy.HTML.Wamufraud.bo skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/03 Jun 2005 04:36 from Don Hightower:Finally!/pics.zip/pics.scr Infected: Trojan-Downloader.Win32.Small.axr skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/03 Jun 2005 04:36 from Don Hightower:Finally!/pics.zip Infected: Trojan-Downloader.Win32.Small.axr skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/03 Jun 2005 04:36 from Don Hightower:Finally!/pics.zip/pics.scr Infected: Trojan-Downloader.Win32.Small.axr skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/03 Jun 2005 04:36 from Don Hightower:Finally!/pics.zip Infected: Trojan-Downloader.Win32.Small.axr skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/15 Jun 2005 18:25 from administrator@tandynasty.com:*DETECTED* O/wdyxy.zip/wdyxy.htm .exe Infected: Net-Worm.Win32.Mytob.bi skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/15 Jun 2005 18:25 from administrator@tandynasty.com:*DETECTED* O/wdyxy.zip Infected: Net-Worm.Win32.Mytob.bi skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/19 Jul 2005 13:01 from eBay:Urgent security notice [Wed, 20 Jul .rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/19 Jul 2005 14:34 from eBay Inc:eBay Inc: security update.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/07 Aug 2005 03:49 from eBay:eBay - Urgent Security Notification .rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/13 Aug 2005 07:18 from Jman/The_taxation.zip/Taxes.exe Infected: Email-Worm.Win32.Bagle.cl skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/13 Aug 2005 07:18 from Jman/The_taxation.zip Infected: Email-Worm.Win32.Bagle.cl skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/04 Sep 2005 16:07 from eBay:Important information: your account.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/22 Sep 2005 08:23 from eBay:Important information: your account.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/04 Oct 2005 17:04 from eBay Inc:eBay Inc: special announce [Tue,.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/14 Oct 2005 21:53 from eBay Inc:Urgent notification from billing.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/28 Oct 2005 22:08 from eBay:eBay: Confirm Your DetaiIs To Avoid .rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/03 Nov 2005 16:14 from Jman/Business.zip/5.exe Infected: Email-Worm.Win32.Bagle.ek skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/03 Nov 2005 16:14 from Jman/Business.zip Infected: Email-Worm.Win32.Bagle.ek skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk Suspects/12 Nov 2005 16:46 from eBay:eBay Inc: Security Update [Sat, 12 N.rtf Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
    H:\Retrospect Backup\Backup of Drive C (C)\Documents and Settings\Jay Tan\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Mail MS Mail: infected - 36 skipped
    H:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP3\change.log Object is locked skipped
    H:\Recycled\Dh1.zip/YSB_toolBar.exe/stream Infected: Trojan-Downloader.Win32.IstBar.no skipped
    H:\Recycled\Dh1.zip/YSB_toolBar.exe Infected: Trojan-Downloader.Win32.IstBar.no skipped
    H:\Recycled\Dh1.zip ZIP: infected - 2 skipped
    H:\Recycled\Dh2.pst/Personal Folders/Inbox/Resumes/Asst Position/14 Dec 2001 00:54 from Devon Jackson:DEVON JACKSON resume/Resume/Resume Infected: Virus.MSWord.Melissa skipped
    H:\Recycled\Dh2.pst/Personal Folders/Inbox/Resumes/Asst Position/14 Dec 2001 00:54 from Devon Jackson:DEVON JACKSON resume/Resume Infected: Virus.MSWord.Melissa skipped
    H:\Recycled\Dh2.pst Mail MS Mail: infected - 2 skipped
    H:\Recycled\Dh4.pst/Personal Folders/Inbox/02 Oct 2004 07:01 from CitiBank:Citibank: client's data verifica.rtf Infected: Trojan-Spy.HTML.Citifraud.ai skipped
    H:\Recycled\Dh4.pst Mail MS Mail: infected - 1 skipped
    H:\Recycled\Dh7.pst/Personal Folders/Inbox/Resumes/Asst Position/14 Dec 2001 00:54 from Devon Jackson:DEVON JACKSON resume/Resume/Resume Infected: Virus.MSWord.Melissa skipped
    H:\Recycled\Dh7.pst/Personal Folders/Inbox/Resumes/Asst Position/14 Dec 2001 00:54 from Devon Jackson:DEVON JACKSON resume/Resume Infected: Virus.MSWord.Melissa skipped
    H:\Recycled\Dh7.pst Mail MS Mail: infected - 2 skipped

    Scan process completed.
     
  10. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,328
    Likes Received:
    0
    Trophy Points:
    66
    C:\Documents and Settings\Jay Tan\My Documents\The Rockford Files\IE\Fish\Forms\inbox.pst/Personal Folders/Inbox/Resumes/[bold]Asst Position[/bold]/

    I'm assuming this one is in the inbox...
    C:\Documents and Settings\Jay Tan\My Documents\The Rockford Files\IE\Fish\Forms\inbox.pst

    The other are backups. Delete the backup folder. You can create a new one when your clean.
     
  11. Jaytan716

    Jaytan716 Member

    Joined:
    Sep 26, 2006
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    11
    Yep, guess I missed that one. Deleted.

    C:\Documents and Settings\Jay Tan\My Documents\The Rockford Files\IE\Fish\Forms\inbox.pst

    Also tried to delete:
    H:\Retrospect Backup\Backup of Drive C

    but I got this message early:
    Cannot delete 002-6630810-6349666[1].: Cannot find the specified file.

    Make sure you specify the correct path and file name.

    How do I get around messages like that? I should be deleting "Backup of Drive C," correct?

    Meanwhile, I'll run Kaspersky again and make sure we got it.
     
  12. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,328
    Likes Received:
    0
    Trophy Points:
    66
    I'm not sure. The only files that are infected are the Outlook files. So you could just delete the Outlook folder from the backups.

    Not really a need for Kaspersky again, but it's up to you.
     
  13. Jaytan716

    Jaytan716 Member

    Joined:
    Sep 26, 2006
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    11
    Well, I've deleted the Outlook folder from the backup, and of course deleted the emails and emptied the junk / junk suspects via Outlook (located on the C: drive). Computer did freeze the first time I used it this evening, but so far so good.

    I'm backing up C: drive onto the H: drive, so we'll see if that update makes a difference. I've also got some new DVD copying software that I'm going to load into the C: drive, so we'll see how these things turn out.

    Or do you still think that we should format the drive and reload Windows?
     
  14. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,328
    Likes Received:
    0
    Trophy Points:
    66
    Nah, I would wait on a format. All the viruses listed in any of the online logs were either in mail or quarantined from mail. I think we got all of them, but I sure you will recieve more. I recommend you getting an antivirus with an email scanner to stop those emails from reaching you.

    Any more problems let me know.

    Good luck. :)
     
  15. Jaytan716

    Jaytan716 Member

    Joined:
    Sep 26, 2006
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    11
    After a few days of giving it a test run, it seems like I'm still getting freeze-ups. The computer in general is much slower than usual, on startup as well as if I have several internet explorer windows (no more than I used to have before we started extracting viruses) open. This is usually when it freezes up. In fact, there hasn't been a day that it hasn't frozen up. Normally, it will go for awhile (1-2 hours?) without freezing, but if I leave it alone and without activity, guaranteed I'll come back to it frozen.

    Any thoughts or suggestions on this? I've defragged the C: drive and H: drive, but that hasn't made any difference.

    Hate to (pardon the pun) bug you again. Not sure which direction to go from here.
     
  16. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,328
    Likes Received:
    0
    Trophy Points:
    66
    Hmm, I think it's best(and safer) if you just save what you need and reformat.
     
  17. Jaytan716

    Jaytan716 Member

    Joined:
    Sep 26, 2006
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    11
    I've searched through some threads and it seems like reformatting is pretty straightforward, but I thought I'd double-check first.

    1. Since I've got all that I want to save on the external H: drive (just did a backup) I should be good to go. I guess I'll have to upload all the software (MS Office, Final Draft, Roxio Easy Media Creator 8) back onto the C: hard drive after I reformat it, but since i have those installation CDs, I'm good to go, right?

    2. Looks like the only CDs that apply to Windows or Dell that came with this computer is the Windows XP Pro Reinstallation CD and Dell's Tools CD - "for reinstalling Dell-Installed software." So just stick the Windows CD in the tray, restart, and boot up from the CD? Is it that easy / will it be self-explanitory by then? I'm not selling my computer anytime soon, so I'm not worried about other people accessing my data.

    3. Should I disconnect the external H: drive when I do this reformat? If I needed to reformat the H: drive as well, would I just move the stuff to the C: drive, reformat the H: drive, and then move the stuff back from the C: drive to the H: drive again? Does that sound like the logical way of doing this?

    Thanks.

    3.
     
  18. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,328
    Likes Received:
    0
    Trophy Points:
    66
    Yes, to all questions. :)

    Did you get an erasing program or just going to use DOS?
     
  19. Jaytan716

    Jaytan716 Member

    Joined:
    Sep 26, 2006
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    11
    Probably just going to use Dos. I didn't read too much on erasing programs. The whole thing is pretty intimidating, for obvious reasons, but once I actually go through with this, probably not til the weekend, I might take a second look at erasing programs.

    Any suggestions or other things to consider?
     
  20. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,328
    Likes Received:
    0
    Trophy Points:
    66
    If you use DOS, perform 2(or more) erases.
     

Share This Page