sgbrown68
Honorary Members-
Posts
25 -
Joined
-
Last visited
Reputation
0 Neutral-
Status: Disinfected (events: 6) 1/17/2013 8:49:10 PM Disinfected Trojan program HEUR:Exploit.Java.CVE-2012-1723.gen C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\35\7f9ae8a3-2b63f6d3 High 1/17/2013 8:49:10 PM Disinfected Trojan program Exploit.Java.CVE-2012-1723.cv C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\35\7f9ae8a3-2b63f6d3/KheVa/KheVc.class High 1/17/2013 8:49:10 PM Disinfected Trojan program Exploit.Java.CVE-2012-1723.cv C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\35\7f9ae8a3-2b63f6d3/KheVa/KheVe.class High 1/17/2013 8:49:10 PM Disinfected Trojan program Exploit.Java.CVE-2012-1723.cv C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\35\7f9ae8a3-2b63f6d3/KheVa/KheVd.class High 1/17/2013 8:49:10 PM Disinfected Trojan program Exploit.Java.CVE-2012-1723.cv C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\35\7f9ae8a3-2b63f6d3/KheVa/KheVa.class High 1/17/2013 8:49:10 PM Disinfected Trojan program Exploit.Java.CVE-2012-1723.cv C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\35\7f9ae8a3-2b63f6d3/KheVa/KheVb.class High Status: Deleted (events: 2) 1/17/2013 8:50:08 PM Deleted Trojan program HEUR:Exploit.Java.CVE-2012-0507.gen C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\52\61d70074-68001ee9 High 1/17/2013 8:50:14 PM Deleted Trojan program HEUR:Exploit.Java.CVE-2012-4681.gen C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\28\3682889c-79afcfb3 High
-
well, good news, i was able to run another quick scan successfully after reboot. perhaps the problem was the windows just needed to be updated, but we'll see what happens going forward. at any rate, i'd be grateful for any feedback you may have and i'll run a few more scans periodically throughout the day -- i usually do at least one full mwarebytes scan per day. i'll let you know if i run into any further irregularities. i deeply appreciate all of your assistance in this matter. best, s
-
Farbar Service Scanner Version: 16-01-2013 Ran by Steve (administrator) on 17-01-2013 at 11:30:18 Running from "C:\Documents and Settings\Steve\My Documents\Downloads" Microsoft Windows XP Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Google IP is offline Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll [2008-06-03 09:01] - [2008-06-03 09:01] - 0126976 ____A (Microsoft Corporation) C51DE19619D50CBD03708647ACA10E70 C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys [2008-07-28 06:53] - [2008-07-28 06:53] - 0361600 ____A (Microsoft Corporation) 367DE8E5F638C091F49273144274F629 C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll [2008-04-28 09:07] - [2008-04-28 09:07] - 0330752 ____A (Microsoft Corporation) 4F10A2FA76B5BD54CD68AFA94E8ADB39 C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll [2012-03-09 08:10] - [2009-08-06 18:23] - 0022744 ____A (Microsoft Corporation) 02E4055488047729B333F99D93877038 C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll [2008-07-07 15:23] - [2008-07-07 15:23] - 0253952 ____A (Microsoft Corporation) F17F6226BDC0CD5F0BEF0DAF84D29BEC C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll [2009-02-09 05:56] - [2009-02-09 05:56] - 0401408 ____A (Microsoft Corporation) 9222562D44021B988B9F9F62207FB6F2 C:\WINDOWS\system32\services.exe [2009-12-23 10:05] - [2009-12-23 10:05] - 0110592 ____A (Microsoft Corporation) C519E15665CD89A91AD383FCE3CB556A Extra List: ======= Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) 0x0700000004000000010000000200000003000000050000000600000007000000 IpSec Tag value is correct. **** End of log ****
-
ok, just for the heck of it, i ran mwarbytes chameleon. the dos box popped up and started doing it's thing. after a few minutes, got the "encountered error/needs to close box". i clicked "don't send" when it asked if i wanted to send a report. then chameleon opened up regular mwarbytes to do a quick scan. this one was completed successfully, so i don't know what that means. at any rate, here's the FSS log: Farbar Service Scanner Version: 16-01-2013 Ran by Steve (administrator) on 17-01-2013 at 09:53:03 Running from "C:\Documents and Settings\Steve\My Documents\Downloads" Microsoft Windows XP Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Google IP is offline Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll [2008-06-03 09:01] - [2008-06-03 09:01] - 0126976 ____A (Microsoft Corporation) C51DE19619D50CBD03708647ACA10E70 C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys [2008-07-28 06:53] - [2008-07-28 06:53] - 0361600 ____A (Microsoft Corporation) 367DE8E5F638C091F49273144274F629 C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll [2008-04-28 09:07] - [2008-04-28 09:07] - 0330752 ____A (Microsoft Corporation) 4F10A2FA76B5BD54CD68AFA94E8ADB39 C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll [2012-03-09 08:10] - [2009-08-06 18:23] - 0022744 ____A (Microsoft Corporation) 02E4055488047729B333F99D93877038 C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll [2008-07-07 15:23] - [2008-07-07 15:23] - 0253952 ____A (Microsoft Corporation) F17F6226BDC0CD5F0BEF0DAF84D29BEC C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll [2009-02-09 05:56] - [2009-02-09 05:56] - 0401408 ____A (Microsoft Corporation) 9222562D44021B988B9F9F62207FB6F2 C:\WINDOWS\system32\services.exe [2009-12-23 10:05] - [2009-12-23 10:05] - 0110592 ____A (Microsoft Corporation) C519E15665CD89A91AD383FCE3CB556A Extra List: ======= Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) 0x0700000004000000010000000200000003000000050000000600000007000000 IpSec Tag value is correct. **** End of log ****
-
below is the most recent eset log.txt. just as an fyi, if this does turn out to be a false positive, i'm still having the issue with malwarebytes not completing the scan as mentioned in the first post. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=8 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6889 # api_version=3.0.2 # EOSSerial=424daba597ff2b46a958a63bd8f59bb5 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2013-01-16 10:26:13 # local_time=2013-01-16 05:26:13 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # scanned=40403 # found=2 # cleaned=2 # scan_time=1147 C:\Documents and Settings\Steve\My Documents\Downloads\iLividSetup.exe Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 2503638237A9469DCB691D06A5701C55C66644D3 C C:\Documents and Settings\Steve\My Documents\Downloads\MIRCSDM.exe a variant of Win32/SweetIM.C application (cleaned by deleting - quarantined) C798A07E7128C5421D5A594F59D10CB48647243D C # version=8 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6889 # api_version=3.0.2 # EOSSerial=424daba597ff2b46a958a63bd8f59bb5 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2013-01-17 02:12:45 # local_time=2013-01-17 09:12:45 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # scanned=38688 # found=0 # cleaned=0 # scan_time=1198
-
progman.exe URL: https://www.virustotal.com/file/d3445c943437ccc1c7762a68fec331a74e679e954c9ba5843d7cc02a23d829ee/analysis/1358428486/ proquota.exe URL: https://www.virustotal.com/file/8d1f9867e180184d6dead0cbef88de1ca739c2066f4648eb808a3301ac4c613b/analysis/1358428630/ proxycfg.exe URL: https://www.virustotal.com/file/7fd2eab9b4976edb7eea3eea4fec51527d4a37af6f8b909ef4bdfbd84cc8eb72/analysis/1358428744/ tftp.exe URL: https://www.virustotal.com/file/932fc000899ad207bc8657c9ec3a699dc6d2019618e85d942094b652e5c504f7/analysis/1358428828/