|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
||||
|
||||
w32.kelvir.a
My norton antivirus 05 keeps saying "virus deleted" to a virus called w32.kelvir.a. the problem is that it constantly pops up. I cannot get rid of it. It keeps coming back. What do I do?? I've done what the symantec security response site told me but I still can't get rid of it! Help me plz. Its getting very annoying.
|
#2
|
||||
|
||||
Hi hp-p00nst3r, lets see what is running on your PC. Go here and download the latest version of Hijack This. Unzip it and click on scan. Most of the files listed will be harmless and/or required so do not make any changes, just click on Save Log, copy it and post it back in this thread.
Transferring to the Cyber Safety Forum. |
#3
|
||||
|
||||
Here is the log
Logfile of HijackThis v1.99.1 Scan saved at 8:54:10 PM, on 10/03/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspn et_admin.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\FireDaemon\FireDaemon.exe C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\wrapper.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\jre\bin\java.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe c:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe E:\HLServer\hlds.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Sophos\AutoUpdate\ALMon.exe C:\Program Files\FlashGet\flashget.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HijackThis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com...ll/xscan60.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex...te/sdkinst.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: FireDaemon Service: HLDS (HLDS) - Sublime Solutions Pty Ltd - C:\Program Files\FireDaemon\FireDaemon.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Maya 6 PLE Documentation Server (mple6docserver) - Unknown owner - C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\Wrapper.conf (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: siregsrv - Symantec, Peter Norton Group - C:\PROGRA~1\NORTON~1\SPEEDD~1\SIREGSRV.EXE O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Sophos AutoUpdate Service - Sophos plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe |
#4
|
||||
|
||||
A couple of questions. Did you install the FireDaemon Service hp-p00nst3r? What is E:\HLServer\hlds.exe?
I would like to see some more logs please. Go here and download and run Silent Runners.vbs. It generates a log, please post the information back in this thread. Download/Save this zipped file to your desktop http://skads.org/special/rkfiles.zip and unzip it to it's own folder. When you run the utility, it will generate a log listing suspicious files. This utility must be run in Safe Mode to work correctly. Boot into Safe Mode (restart your PC and tap F8 as it restarts) and doubleclick on RKFILES.BAT to run it. It will take quite a while (10 minutes or more so be patient). When it has finished a text file will open, save the log and post it in this thread. Do not attempt to delete any files, wait for me to check them. Still in Safe Run, run Hijack This again, save the log, reboot and post the new log. |
#5
|
||||
|
||||
yes I did in fact install a firedaemon service HLDS. It is a Half-Life Dedicated Server, a game server.
the log from the rkfiles.bat program C:\Documents and Settings\Poon\My Documents\P00nstaz Stuff\Apps\rkfiles PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. Files Found in system Folder............ ------------------------ C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAQAAAAAwGpEc213 C:\WINDOWS\system32\DivX.dll: PEC2 C:\WINDOWS\system32\MFC42.PDB: dwProvSpec2 C:\WINDOWS\system32\MFC42D.PDB: dwProvSpec2 C:\WINDOWS\system32\MFCD42D.PDB: dwProvSpec2 C:\WINDOWS\system32\MFCN42D.PDB: dwProvSpec2 C:\WINDOWS\system32\MFCO42D.PDB: dwProvSpec2 Files Found in all users startup Folder............ ------------------------ Files Found in all users windows Folder............ ------------------------ C:\WINDOWS\daemon.dll: UPX! C:\WINDOWS\RMAgentOutput.dll: UPX! C:\WINDOWS\tsc.exe: UPX! C:\WINDOWS\vsapi32.dll: UPX!t4 Finished bye Here is the log from another hijackthis Logfile of HijackThis v1.99.1 Scan saved at 4:35:54 PM, on 11/03/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Windows NT\Pinball\PINBALL.EXE C:\Program Files\HijackThis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com...ll/xscan60.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex...te/sdkinst.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: FireDaemon Service: HLDS (HLDS) - Sublime Solutions Pty Ltd - C:\Program Files\FireDaemon\FireDaemon.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Maya 6 PLE Documentation Server (mple6docserver) - Unknown owner - C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\Wrapper.conf (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: siregsrv - Symantec, Peter Norton Group - C:\PROGRA~1\NORTON~1\SPEEDD~1\SIREGSRV.EXE O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Sophos AutoUpdate Service - Sophos plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe one more thing: everytime i start up my comp Sophos AV keep saying its deleting the virus. kelvirA and B. and theres hundreds of messages about that. The virus keeps comign! I hope this will shed some light on why this is happening. Thank you for your help. |
#6
|
||||
|
||||
I cannot see a problem in your logs. Can you post a Sophos log please. Perhaps if we can see which files it is detecting, we might be able to find the files.
|
#7
|
||||
|
||||
the sophos log is way too long. i've looked at it. I starts from when i nstalled it to find a virus. It deleted a vrius lol Troj/borobt.gen. 2 days later the kelvir virus came. everytime i turn on the comp it'd say kelvir virus deleted. but i did see something weird in the log. It says some files in the temp folder could not be accessed. Every single file it detects as kelvir is located in C:\WINDOWS\Temp as tmp<something>.tmp
Heres a portion of the log: 20050312 054750 The on-access driver failed to perform a user action on file \Device\HarddiskVolume1\WINDOWS\TEMP\tmpC2.tmp. 20050312 055750 The on-access driver failed to perform a user action on file \Device\HarddiskVolume1\WINDOWS\TEMP\tmpC2.tmp. 20050312 055750 Scanning "C:\WINDOWS\Temp\tmpC2.tmp" returned SAVI error 0xa0040210: The file could not be accessed. 20050312 055750 Scanning "C:\WINDOWS\Temp\tmpC2.tmp" returned SAVI error 0xa0040210: The file could not be accessed. 20050312 055750 Scanning "C:\WINDOWS\Temp\tmpC2.tmp" returned SAVI error 0xa0040210: The file could not be accessed. 20050312 055750 Scanning "C:\WINDOWS\Temp\tmpC2.tmp" returned SAVI error 0xa0040210: The file could not be accessed. 20050312 060750 The on-access driver failed to perform a user action on file \Device\HarddiskVolume1\WINDOWS\TEMP\tmpD3.tmp I also scanned my comp with NAV2005. It detected a adware called Adware.CDT. Norton itself could not delete it. When i tried to do it myself, i could not find the registry keys it modified. Last night I scanned for viruses using NAV and Sophos respectively in safe mode. NAV detected 5 viruses, all kelvir. Sophos did not find any. As I kept using the comp, virus came back AGAIN. Sometimes when i turn on the comp, i cant even access the start menu, everytime i move my mouse down there my mouse pointer turns into an hourglass. when nrton comes out with virus deleted the start menu is accessilbe again. Last edited by hp-p00nst3r; March 12th, 2005 at 08:01 PM. |
#9
|
||||
|
||||
the files were deleted, but its still coming.
I had to run it in safe mode becuase in normal mode the program wouldnt respond. during normal mode when i scan the temp folding with norton, the scan hangs at MSVCP71.dll Last edited by hp-p00nst3r; March 13th, 2005 at 03:37 AM. |
#10
|
||||
|
||||
Are you online when you are running the removal tools? If so, download any updates, disconnect and run them again. Have you run the Trend Micro Damage cleanup Template? If so, try downloading the latest pattern file and running it again but make sure you are offline when you do this.
|
#11
|
||||
|
||||
all the removal tools are up to date.
i've run the trend micro thing, i dl'ed the sysclean one since im not a trend micro customer. it'd scan a bunch of stuff and when the dos window opens up, a bunch of errors come up saying it couldnt access some of the files. there were a lotta of those errors. then it hanged at one of the files at the temp folder. it didn't move for a long time, so i cancelled the operation. |
#12
|
||||
|
||||
i tried sysclean again, but this time in safe mode
heres the log for it: 2005-03-12, 22:31:50, Auto-clean mode specified. 2005-03-12, 22:31:50, Running scanner "C:\Documents and Settings\Poon\My Documents\P00nstaz Stuff\Apps\sysclean\TSC.BIN"... 2005-03-12, 22:33:29, Scanner "C:\Documents and Settings\Poon\My Documents\P00nstaz Stuff\Apps\sysclean\TSC.BIN" has finished running. 2005-03-12, 22:33:29, TSC Log: 2005-03-12, 22:35:39, An error occurred while scanning file "C:\Documents and Settings\LocalService\NTUSER.DAT": Access is denied. 2005-03-12, 22:35:39, An error occurred while scanning file "C:\Documents and Settings\LocalService\ntuser.dat.LOG": Access is denied. 2005-03-12, 22:35:39, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied. 2005-03-12, 22:35:39, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied. 2005-03-12, 22:35:39, An error was detected on "C:\Documents and Settings\Mom & Dad\*.*": Access is denied. 2005-03-12, 22:35:39, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT": Access is denied. 2005-03-12, 22:35:39, An error occurred while scanning file "C:\Documents and Settings\NetworkService\ntuser.dat.LOG": Access is denied. 2005-03-12, 22:35:39, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied. 2005-03-12, 22:35:40, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied. 2005-03-12, 22:35:40, An error occurred while scanning file "C:\Documents and Settings\Poon\NTUSER.DAT": Access is denied. 2005-03-12, 22:35:40, An error occurred while scanning file "C:\Documents and Settings\Poon\ntuser.dat.LOG": Access is denied. 2005-03-12, 22:35:59, An error occurred while scanning file "C:\Documents and Settings\Poon\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied. 2005-03-12, 22:35:59, An error occurred while scanning file "C:\Documents and Settings\Poon\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied. 2005-03-12, 23:15:43, Could not set file for reading on "C:\RECYCLER\NPROTECT\00315051.TXT": Access is denied. 2005-03-12, 23:15:43, Could not set file for reading on "C:\RECYCLER\NPROTECT\00315052.TXT": Access is denied. 2005-03-12, 23:15:43, Could not set file for reading on "C:\RECYCLER\NPROTECT\00315053.TXT": Access is denied. 2005-03-12, 23:16:13, Could not set file for reading on "C:\RECYCLER\NPROTECT\00317574.MOZ": Access is denied. 2005-03-12, 23:16:13, Could not set file for reading on "C:\RECYCLER\NPROTECT\00317584.MOZ": Access is denied. 2005-03-12, 23:16:13, Could not set file for reading on "C:\RECYCLER\NPROTECT\00317587.MOZ": Access is denied. 2005-03-12, 23:16:13, Could not set file for reading on "C:\RECYCLER\NPROTECT\00317589.MOZ": Access is denied. 2005-03-12, 23:16:13, Could not set file for reading on "C:\RECYCLER\NPROTECT\00317590.MOZ": Access is denied. 2005-03-12, 23:16:26, Could not set file for reading on "C:\RECYCLER\NPROTECT\00318437.LNK": Access is denied. 2005-03-12, 23:16:26, Could not set file for reading on "C:\RECYCLER\NPROTECT\00318438.LNK": Access is denied. 2005-03-12, 23:16:26, Could not set file for reading on "C:\RECYCLER\NPROTECT\00318452.LNK": Access is denied. 2005-03-12, 23:16:26, Could not set file for reading on "C:\RECYCLER\NPROTECT\00318453.LNK": Access is denied. 2005-03-12, 23:18:01, An error was detected on "C:\System Volume Information\*.*": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\ACRORD32.EXE-13285B88.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-013EA364.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\AD-AWARE.EXE-2ED3360E.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\AGENTSVR.EXE-002E45AB.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\AIM.EXE-061FD532.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\ALCOHOL.EXE-23D345C3.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\ALMON.EXE-0ED3E27C.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\ALUPDATE.EXE-38DF4AFD.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\ATI2EVXX.EXE-19D16EB9.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\AUPDATE.EXE-2253CB60.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\AUTORUN.EXE-055703AF.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\AUTORUN.EXE-3684E09A.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\BATTLEFIELD_1942_INCREMEN TAL_-1B7FD5D2.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\BATTLEFIELD_1942_PATCH_V1 .6.1-002C44A4.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\BF1942.EXE-20253D28.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\BF1942_NOCD_LOADER.EXE-2E375CE7.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\BLACKSCREEN.EXE-18447873.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\CACLS.EXE-25504E4A.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\CCAPP.EXE-1207B2A5.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\CCLEANER.EXE-0BCE437C.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\CCLGVIEW.EXE-084E7031.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\CCSETUP117.EXE-0F700959.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\CFGWIZ.EXE-17240409.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\CKA.EXE-0842EF2D.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\CLI.EXE-20D5A08B.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\CLONECDTRAY.EXE-1E92F8D7.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\CODMP.EXE-2798D94C.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\CODUOSP.EXE-18229366.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\CSRSS.EXE-12B63473.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\DAEMON.EXE-19CAC371.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\DAEMONTOOLSV3.47.EXE-01B8E344.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\FIREFOX.EXE-28641590.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\FLASHGET.EXE-0B8880BB.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\FLASHGOT.EXE-0166B28E.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\HH.EXE-2D1A70B3.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-29A03A76.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-2AF68D7A.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\HL.EXE-28A0F17E.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\HLDS.EXE-3470D92A.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\HLSW.EXE-0005D400.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\HPZENG09.EXE-21FF5F4F.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\HPZSTC09.EXE-3AFDDA16.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\IKERNEL.EXE-078AA887.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\IRALRSHL.EXE-0CF0BBE1.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\ITOUCH.EXE-0DDF2B56.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\LAUNCHER.EXE-054C7C8A.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\LUALL.EXE-30AC8E48.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\LUCOMS~1.EXE-02DB5950.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\MATRIX.EXE-19D65BE2.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\MIRC.EXE-0661EC22.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\MSGPLUS.EXE-38B1CE07.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIMN.EXE-38BA891D.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\MSMSGS.EXE-2B6052DE.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\MSNMSGR.EXE-366A1A81.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\NAVSTUB.EXE-0C1B3317.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\NAVW32.EXE-24F56911.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\NAVW32.EXE-25047607.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\NDETECT.EXE-16E64095.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\NF.EXE-10E0296E.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\NMAIN.EXE-2BA406E0.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\NSWCFG.EXE-2CF94E55.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\OBC.EXE-2E42DAAF.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\OPSCAN.EXE-1D42E8EC.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\OSA9.EXE-27CD7DB8.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\PINBALL.EXE-1233165F.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\QDCSFS.EXE-1BE93C49.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\QTTASK.EXE-342507FB.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\READER_SL.EXE-3614FA6E.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\RSVP.EXE-04E70CF3.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-12E27DD0.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-14BFE4E6.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-188DF14E.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-19DD028A.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-1B3538BE.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2576181F.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2CD85FD3.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2E42CC5F.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-341DD2A4.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-356812D3.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNONCE.EXE-2803F297.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\SAVMAIN.EXE-039DEA8B.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\SAVPROGRESS.EXE-05ADB090.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-01258076.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-1B83E575.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-39639817.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\SG.EXE-32933AD6.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\SGBFMPATCHV0.1TOV0.1B.EXE-1A9E9C41.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\SNDMON.EXE-0A6C21A2.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\SPIDER.EXE-2D998CA6.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\STARGATEBFMV0.1PUBLICCLIE NTFU-01FEBA51.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\STEAM.EXE-08093C6F.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\STEAM.EXE-3A35EC78.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\SYMUNDO.EXE-0E475A78.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\SYNCOR.EXE-08E7996C.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCLEAN.COM-206260CA.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCLEAN.EXE-0DA62C00.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\TSC.BIN-0922CAC9.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\TW_IM_2004.EXE-2B4917C4.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\VENTRILO-2.2.0-WINDOWS-I386.E-04B6A948.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\VSCANTM.BIN-0C44DC9F.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\WDFMGR.EXE-2CF4013B.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\WINDOC.EXE-2B7257C0.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\WINLOGON.EXE-32C57D49.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\WINRAR.EXE-39C6DAD9.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\WINWORD.EXE-10D55173.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\WISPTIS.EXE-0C21B942.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEF9D.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\~E5D141.TMP-05B42746.pf": Access is denied. 2005-03-12, 23:20:15, Could not set file for reading on "C:\WINDOWS\Prefetch\~E5D141.TMP-0BE3B61A.pf": Access is denied. 2005-03-12, 23:21:14, An error occurred while scanning file "C:\WINDOWS\system32\config\default": Access is denied. 2005-03-12, 23:21:14, An error occurred while scanning file "C:\WINDOWS\system32\config\default.LOG": Access is denied. 2005-03-12, 23:21:14, An error occurred while scanning file |
#13
|
||||
|
||||
i couldnt fit the rest of the log so here it is
"C:\WINDOWS\system32\config\SAM": Access is denied. 2005-03-12, 23:21:14, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM.LOG": Access is denied. 2005-03-12, 23:21:14, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY": Access is denied. 2005-03-12, 23:21:14, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY.LOG": Access is denied. 2005-03-12, 23:21:14, An error occurred while scanning file "C:\WINDOWS\system32\config\software": Access is denied. 2005-03-12, 23:21:14, An error occurred while scanning file "C:\WINDOWS\system32\config\software.LOG": Access is denied. 2005-03-12, 23:21:15, An error occurred while scanning file "C:\WINDOWS\system32\config\system": Access is denied. 2005-03-12, 23:21:15, An error occurred while scanning file "C:\WINDOWS\system32\config\system.LOG": Access is denied. 2005-03-12, 23:21:43, An error occurred while scanning file "C:\WINDOWS\system32\drivers\atapi.sys": Access is denied. 2005-03-12, 23:22:04, Running scanner "C:\Documents and Settings\Poon\My Documents\P00nstaz Stuff\Apps\sysclean\VSCANTM.BIN"... 2005-03-13, 00:01:42, Files Detected: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 3/12/2005 16:10:16 VSAPI Engine Version : 7.000-1004 VSCANTM Version : 1.1-1001 Virus Pattern Version : 488 (93409 Patterns) (2005/03/11) (248800) Command Line: C:\Documents and Settings\Poon\My Documents\P00nstaz Stuff\Apps\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Poon\My Documents\P00nstaz Stuff\Apps\sysclean Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 3/12/2005 23:22:05 VSAPI Engine Version : 7.000-1004 VSCANTM Version : 1.1-1001 Virus Pattern Version : 488 (93409 Patterns) (2005/03/11) (248800) Command Line: C:\Documents and Settings\Poon\My Documents\P00nstaz Stuff\Apps\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Poon\My Documents\P00nstaz Stuff\Apps\sysclean C:\WINDOWS\Temp\tmp96.tmp [WORM_KELVIR.A] C:\WINDOWS\Temp\tmpDA.tmp [WORM_KELVIR.A] 105570 files have been read. 105570 files have been checked. 86477 files have been scanned. 186093 files have been scanned. (including files in archived) 2 files containing viruses. Found 2 viruses totally. Maybe 0 viruses totally. Stop At : 3/13/2005 00:01:42 ---------*---------*---------*---------*---------*---------*---------*---------* 2005-03-13, 00:01:43, Files Clean: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 3/12/2005 16:10:16 VSAPI Engine Version : 7.000-1004 VSCANTM Version : 1.1-1001 Virus Pattern Version : 488 (93409 Patterns) (2005/03/11) (248800) Command Line: C:\Documents and Settings\Poon\My Documents\P00nstaz Stuff\Apps\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Poon\My Documents\P00nstaz Stuff\Apps\sysclean Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 3/12/2005 23:22:05 VSAPI Engine Version : 7.000-1004 VSCANTM Version : 1.1-1001 Virus Pattern Version : 488 (93409 Patterns) (2005/03/11) (248800) Command Line: C:\Documents and Settings\Poon\My Documents\P00nstaz Stuff\Apps\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Poon\My Documents\P00nstaz Stuff\Apps\sysclean Success Clean [ WORM_KELVIR.A]( 1) from C:\WINDOWS\Temp\tmp96.tmp Success Clean [ WORM_KELVIR.A]( 1) from C:\WINDOWS\Temp\tmpDA.tmp 105570 files have been read. 105570 files have been checked. 86477 files have been scanned. 186093 files have been scanned. (including files in archived) 2 files containing viruses. Found 2 viruses totally. Maybe 0 viruses totally. Stop At : 3/13/2005 00:01:42 39 minutes 37 seconds (2376.91 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2005-03-13, 00:01:43, Clean Fail: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 3/12/2005 16:10:16 VSAPI Engine Version : 7.000-1004 VSCANTM Version : 1.1-1001 Virus Pattern Version : 488 (93409 Patterns) (2005/03/11) (248800) Command Line: C:\Documents and Settings\Poon\My Documents\P00nstaz Stuff\Apps\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Poon\My Documents\P00nstaz Stuff\Apps\sysclean Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 3/12/2005 23:22:05 VSAPI Engine Version : 7.000-1004 VSCANTM Version : 1.1-1001 Virus Pattern Version : 488 (93409 Patterns) (2005/03/11) (248800) Command Line: C:\Documents and Settings\Poon\My Documents\P00nstaz Stuff\Apps\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Poon\My Documents\P00nstaz Stuff\Apps\sysclean 105570 files have been read. 105570 files have been checked. 86477 files have been scanned. 186093 files have been scanned. (including files in archived) 2 files containing viruses. Found 2 viruses totally. Maybe 0 viruses totally. Stop At : 3/13/2005 00:01:42 39 minutes 37 seconds (2376.91 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2005-03-13, 00:01:43, Scanner "C:\Documents and Settings\Poon\My Documents\P00nstaz Stuff\Apps\sysclean\VSCANTM.BIN" has finished running. 2005-03-13, 00:02:39, Could not set file for reading on "E:\RECYCLER\NPROTECT\NPROTECT.LOG": Access is denied. 2005-03-13, 00:02:39, An error was detected on "E:\System Volume Information\*.*": Access is denied. 2005-03-13, 00:02:39, Running scanner "C:\Documents and Settings\Poon\My Documents\P00nstaz Stuff\Apps\sysclean\VSCANTM.BIN"... 2005-03-13, 00:02:55, Files Detected: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 3/13/2005 00:02:40 VSAPI Engine Version : 7.000-1004 VSCANTM Version : 1.1-1001 Virus Pattern Version : 488 (93409 Patterns) (2005/03/11) (248800) Command Line: C:\Documents and Settings\Poon\My Documents\P00nstaz Stuff\Apps\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\Documents and Settings\Poon\My Documents\P00nstaz Stuff\Apps\sysclean 4050 files have been read. 4050 files have been checked. 2965 files have been scanned. 2965 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 3/13/2005 00:02:55 ---------*---------*---------*---------*---------*---------*---------*---------* 2005-03-13, 00:02:55, Files Clean: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 3/13/2005 00:02:40 VSAPI Engine Version : 7.000-1004 VSCANTM Version : 1.1-1001 Virus Pattern Version : 488 (93409 Patterns) (2005/03/11) (248800) Command Line: C:\Documents and Settings\Poon\My Documents\P00nstaz Stuff\Apps\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\Documents and Settings\Poon\My Documents\P00nstaz Stuff\Apps\sysclean 4050 files have been read. 4050 files have been checked. 2965 files have been scanned. 2965 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 3/13/2005 00:02:55 15 seconds (15.33 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2005-03-13, 00:02:55, Clean Fail: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 3/13/2005 00:02:40 VSAPI Engine Version : 7.000-1004 VSCANTM Version : 1.1-1001 Virus Pattern Version : 488 (93409 Patterns) (2005/03/11) (248800) Command Line: C:\Documents and Settings\Poon\My Documents\P00nstaz Stuff\Apps\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\Documents and Settings\Poon\My Documents\P00nstaz Stuff\Apps\sysclean 4050 files have been read. 4050 files have been checked. 2965 files have been scanned. 2965 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 3/13/2005 00:02:55 15 seconds (15.33 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2005-03-13, 00:02:55, Scanner "C:\Documents and Settings\Poon\My Documents\P00nstaz Stuff\Apps\sysclean\VSCANTM.BIN" has finished running. |
#14
|
||||
|
||||
I have uploaded a file to this post. Unzip it to your Desktop and doublelclick on Cleanup.bat to run it. A DOS prompt will open, OK all the prompts (Y and enter) then reboot.
|
#15
|
||||
|
||||
Ah I didnt see your posts when I posted. It looks like the Trend Micro utility may have fixed the problem. What happens when you reboot now?
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
W32.Kelvir | Tainted | Malware Removal | 0 | October 21st, 2006 12:57 PM |
W32.Kelvir.AH | leoleoleoleo | Malware Removal | 1 | April 23rd, 2005 07:50 AM |
All times are GMT +1. The time now is 10:30 AM.