F-Secure Online Scans finds infected malware

[musicshouldbefree101]

I'm not sure what this is, but I do a scan from time to time just for safety sake. The last time I did a scan it came up clean but this time when I used F-Secure Online Scan, it found 10 malware files. I know where all the files are but I don't know if they are really infected. Below are two scans. First the F-Secure Online Scan (shows 10 infected files), then a quick MalwareBytes Scan (which comes up clean). I am not sure if there is anything to this. Any help or advice would be greatly appreciated. Thanks.

Scanning Report

Tuesday, May 25, 2010 15:16:13 - 16:22:54

Computer name: DELL-D600

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\

10 malware found

Suspicious:W32/Malware!Gemini (virus)

* C:\PROGRAM FILES\ADOBE\PHOTOSHOP 6.0\SAMPLES\DROPLETS\PHOTOSHOP DROPLETS\AGED PHOTO.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\PROGRAM FILES\ADOBE\PHOTOSHOP 6.0\SAMPLES\DROPLETS\PHOTOSHOP DROPLETS\CONDITIONAL MODE CHANGE.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\PROGRAM FILES\ADOBE\PHOTOSHOP 6.0\SAMPLES\DROPLETS\PHOTOSHOP DROPLETS\CONSTRAIN TO 64 PIXELS.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\PROGRAM FILES\ADOBE\PHOTOSHOP 6.0\SAMPLES\DROPLETS\PHOTOSHOP DROPLETS\CONSTRAIN TO 300 PIXELS.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\PROGRAM FILES\ADOBE\PHOTOSHOP 6.0\SAMPLES\DROPLETS\PHOTOSHOP DROPLETS\DROP SHADOW FRAME.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\PROGRAM FILES\ADOBE\PHOTOSHOP 6.0\SAMPLES\DROPLETS\PHOTOSHOP DROPLETS\MAKE BUTTON.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\PROGRAM FILES\ADOBE\PHOTOSHOP 6.0\SAMPLES\DROPLETS\PHOTOSHOP DROPLETS\MAKE SEPIA TONE.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\PROGRAM FILES\ADOBE\PHOTOSHOP 6.0\SAMPLES\DROPLETS\PHOTOSHOP DROPLETS\SAVE AS JPEG MEDIUM.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\PROGRAM FILES\ADOBE\PHOTOSHOP 6.0\SAMPLES\DROPLETS\PHOTOSHOP DROPLETS\SAVE AS PHOTOSHOP PDF.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\PROGRAM FILES\ADOBE\PHOTOSHOP 6.0\REQUIRED\DROPLET TEMPLATE.EXE (Not cleaned & Submitted)

Statistics

Scanned:

* Files: 44157

* System: 2920

* Not scanned: 11

Actions:

* Disinfected: 0

* Renamed: 0

* Deleted: 0

* Not cleaned: 10

* Submitted: 10

Files not scanned:

* C:\PAGEFILE.SYS

* C:\WINDOWS\SYSTEM32\CONFIG\SAM

* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

* C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB

* C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB

* C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE

* C:\DOCUMENTS AND SETTINGS\DELL\LOCAL SETTINGS\TEMP\HSPERFDATA_DELL\2308

* C:\DOCUMENTS AND SETTINGS\DELL\LOCAL SETTINGS\TEMP\HSPERFDATA_DELL\4080

Options

Scanning engines:

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

* Use advanced heuristics

------------------------------------

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4143

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/25/2010 4:39:17 PM

mbam-log-2010-05-25 (16-39-17).txt

Scan type: Quick scan

Objects scanned: 114448

Time elapsed: 12 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[Maurice Naggar]

Hello,

It appears your topic has been overlooked.

I may suggest you do 1 or 2 scans at one or 2 of the following online scan sites.

Kaspersky Webscan Online Virus Scanner

ESET Online Scanner

Panda ActiveScan

Make sure you temporarily disable your antivirus program before starting a scan.

Re-enable the AV after scan is all done.

[musicshouldbefree101]

Hi Maurice,

Thanks for the reply. I really appreciate it.

I will do another couple of scans at the sites you've provided and post them as soon as I can.

[musicshouldbefree101]

I did a few more scans and here are the results. In the order - Panda Active Scan, ESET Online Scan (this one came up clean but I will attach a jpeg for this one) and Malwarebytes Scan.

I was surprised to see the avenger show up from the panda scan because those files were downloaded from this site for a previous cleaning.

Just some background info. I haven't had any issues with my computer. From the scans, I don't think I'm infected, but I'm not the expert. Any information you can provide me on the scans would be greatly appreciated. Again, thanks for your help.

Panda Active Scan

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2010-06-10 20:09:16

PROTECTIONS: 1

MALWARE: 1

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

AVG Anti-Virus Free 9.0 No Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

06162619 Trj/Banbra.GQU Virus/Trojan No 1 Yes No c:\documents and settings\dell\my documents\soft\!\avenger\avenger.exe

06162619 Trj/Banbra.GQU Virus/Trojan No 1 Yes No c:\documents and settings\dell\my documents\soft\!\avenger.zip[avenger.exe]

06162619 Trj/Banbra.GQU Virus/Trojan No 1 Yes No c:\documents and settings\dell\my documents\my videos\downloads\new folder\avenger.zip[avenger.exe]

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description

;===============================================================================

================================================================================

=

===================

215935 HIGH MS09-069

;===============================================================================

================================================================================

=

===================

Malawarebytes

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4187

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/10/2010 9:33:26 PM

mbam-log-2010-06-10 (21-33-26).txt

Scan type: Quick scan

Objects scanned: 114966

Time elapsed: 7 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[Maurice Naggar]

Delete the 3 occurences of Avenger. Avenger is not malware, but should only be used with the guidance of an expert.

Delete

c:\documents and settings\dell\my documents\soft\!\avenger\avenger.exe

c:\documents and settings\dell\my documents\soft\!\avenger.zip

c:\documents and settings\dell\my documents\my videos\downloads\new folder\avenger.zip

The MBAM scan found nothing & the ESET scan as well. Excellent results. You are good to go.

[musicshouldbefree101]

Hi Maurice,

I deleted all 3 avenger files as suggested. Thanks so much for all your help and time.

[Maurice Naggar]

You are welcome. Glad I could help a bit. Stay safe.