Jump to content

WinDefence


Pyrofyr
 Share

Recommended Posts

Having issues with the following:

Computer is running Windows 7 and Ubuntu dualboot. I've tried twice and delete on reboot failed both times.

Malwarebytes' Anti-Malware 1.42

Database version: 3345

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/11/2009 1:42:36 PM

mbam-log-2009-12-11 (13-42-36).txt

Scan type: Full Scan (C:\|I:\|S:\|)

Objects scanned: 268455

Time elapsed: 18 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 3

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windefence32 (Trojan.Kreeper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\windefence (Trojan.Kreeper) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\windefence (Trojan.Kreeper) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Frank\AppData\Roaming\WinDefence\windefence32.exe (Trojan.Kreeper) -> Quarantined and deleted successfully.

C:\Users\Frank\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.

C:\Users\Frank\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Frank\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

Read around and couldn't find much on this issue. I'm now posting from my Ubuntu partition and the only thing wrong with it is that apparently my mouse cursor isn't showing up although that might be attributed to something else.

Link to post
Share on other sites

I believe I am now clean (seems this forum doesn't have an edit button)

Avira AntiVir Personal
Report file date: Friday, December 11, 2009 14:57

Scanning for 1433500 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista 64 Bit
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : FRANK-PC

Version information:
BUILD.DAT : 9.0.0.415 21609 Bytes 11/8/2009 10:00:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 16:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 12:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 19:24:01
VBASE002.VDF : 7.10.1.1 2048 Bytes 11/19/2009 19:24:01
VBASE003.VDF : 7.10.1.2 2048 Bytes 11/19/2009 19:24:01
VBASE004.VDF : 7.10.1.3 2048 Bytes 11/19/2009 19:24:01
VBASE005.VDF : 7.10.1.4 2048 Bytes 11/19/2009 19:24:01
VBASE006.VDF : 7.10.1.5 2048 Bytes 11/19/2009 19:24:01
VBASE007.VDF : 7.10.1.6 2048 Bytes 11/19/2009 19:24:01
VBASE008.VDF : 7.10.1.7 2048 Bytes 11/19/2009 19:24:01
VBASE009.VDF : 7.10.1.8 2048 Bytes 11/19/2009 19:24:01
VBASE010.VDF : 7.10.1.9 2048 Bytes 11/19/2009 19:24:02
VBASE011.VDF : 7.10.1.10 2048 Bytes 11/19/2009 19:24:02
VBASE012.VDF : 7.10.1.11 2048 Bytes 11/19/2009 19:24:02
VBASE013.VDF : 7.10.1.79 209920 Bytes 11/25/2009 19:24:02
VBASE014.VDF : 7.10.1.128 197632 Bytes 11/30/2009 19:24:02
VBASE015.VDF : 7.10.1.178 195584 Bytes 12/7/2009 19:24:03
VBASE016.VDF : 7.10.1.179 2048 Bytes 12/7/2009 19:24:03
VBASE017.VDF : 7.10.1.180 2048 Bytes 12/7/2009 19:24:03
VBASE018.VDF : 7.10.1.181 2048 Bytes 12/7/2009 19:24:03
VBASE019.VDF : 7.10.1.182 2048 Bytes 12/7/2009 19:24:03
VBASE020.VDF : 7.10.1.183 2048 Bytes 12/7/2009 19:24:03
VBASE021.VDF : 7.10.1.184 2048 Bytes 12/7/2009 19:24:03
VBASE022.VDF : 7.10.1.185 2048 Bytes 12/7/2009 19:24:03
VBASE023.VDF : 7.10.1.186 2048 Bytes 12/7/2009 19:24:03
VBASE024.VDF : 7.10.1.187 2048 Bytes 12/7/2009 19:24:03
VBASE025.VDF : 7.10.1.188 2048 Bytes 12/7/2009 19:24:03
VBASE026.VDF : 7.10.1.189 2048 Bytes 12/7/2009 19:24:03
VBASE027.VDF : 7.10.1.190 2048 Bytes 12/7/2009 19:24:03
VBASE028.VDF : 7.10.1.191 2048 Bytes 12/7/2009 19:24:03
VBASE029.VDF : 7.10.1.192 2048 Bytes 12/7/2009 19:24:03
VBASE030.VDF : 7.10.1.193 2048 Bytes 12/7/2009 19:24:03
VBASE031.VDF : 7.10.1.219 179712 Bytes 12/11/2009 19:24:03
Engineversion : 8.2.1.108
AEVDF.DLL : 8.1.1.2 106867 Bytes 11/8/2009 12:38:52
AESCRIPT.DLL : 8.1.3.2 582010 Bytes 12/11/2009 19:24:08
AESCN.DLL : 8.1.3.0 127348 Bytes 12/11/2009 19:24:08
AESBX.DLL : 8.1.1.1 246132 Bytes 11/8/2009 12:38:44
AERDL.DLL : 8.1.3.4 479605 Bytes 12/11/2009 19:24:08
AEPACK.DLL : 8.2.0.3 422261 Bytes 11/8/2009 12:38:40
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 11/8/2009 12:38:38
AEHEUR.DLL : 8.1.0.186 2183544 Bytes 12/11/2009 19:24:07
AEHELP.DLL : 8.1.8.0 237942 Bytes 12/11/2009 19:24:04
AEGEN.DLL : 8.1.1.80 364917 Bytes 12/11/2009 19:24:04
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 12:38:26
AECORE.DLL : 8.1.9.1 180598 Bytes 12/11/2009 19:24:04
AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 12:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 20:14:02
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 20:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 17:25:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files (x86)\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, I:, S:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +SPR,

Start of the scan: Friday, December 11, 2009 14:57

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'update.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '0' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '0' Module(s) have been scanned
Scan process 'iPodService.exe' - '0' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '0' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '0' Module(s) have been scanned
Scan process 'Dock64.exe' - '0' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'ObjectDock.exe' - '1' Module(s) have been scanned
Scan process 'PowerMenu.exe' - '1' Module(s) have been scanned
Scan process 'DTProAgent.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'Steam.exe' - '1' Module(s) have been scanned
Scan process 'SimplifyMedia.exe' - '1' Module(s) have been scanned
Scan process 'RAVCpl64.exe' - '0' Module(s) have been scanned
Scan process 'ZuneLauncher.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '0' Module(s) have been scanned
Scan process 'dwm.exe' - '0' Module(s) have been scanned
Scan process 'taskhost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '0' Module(s) have been scanned
Scan process 'atieclxx.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'atiesrxx.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'winlogon.exe' - '0' Module(s) have been scanned
Scan process 'lsm.exe' - '0' Module(s) have been scanned
Scan process 'lsass.exe' - '0' Module(s) have been scanned
Scan process 'services.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'wininit.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'smss.exe' - '0' Module(s) have been scanned
18 processes with 18 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'I:\'
[INFO] No virus was found!
Boot sector 'S:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '20' files ).


Starting the file scan:

Begin scan in 'C:\' <win7>
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Users\Frank\Downloads\zaSetup_91_007_002_en.exe
[0] Archive type: ZIP SFX (self extracting)
--> SWITCHUNINST_44ZONE LABS.EXE
[1] Archive type: RSRC
--> WINDOWS6.0-KB929547-V2-X64.MSU
[1] Archive type: CAB (Microsoft)
--> Windows6.0-KB929547-v2-x64.cab
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'I:\'
Begin scan in 'S:\' <Storage>


End of the scan: Friday, December 11, 2009 15:26
Used time: 28:42 Minute(s)

The scan has been done completely.

31002 Scanned directories
444881 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
3 Files cannot be scanned
444878 Files not concerned
6428 Archives were scanned
4 Warnings
2 Notes

The warnings are bothering me, are they a problem? (Zone Alarm is going to be uninstalled soon since I just got Avira)

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.