Jump to content

Simular to "The virus from Hell" continues


Recommended Posts

I'm starting this with the last post I put on original Thread.

See original Thread for whole story.

I went one step further on the "I'm infected - What do I do now?" article and found something interesting. Look at this:

Avira AntiVir Personal

Report file date: Monday, February 28, 2011 12:43

Scanning for 2443497 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows 7

Windows version : (plain) [6.1.7600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : ROBIN-PC

Version information:

BUILD.DAT : 10.0.0.611 31824 Bytes 1/14/2011 13:42:00

AVSCAN.EXE : 10.0.3.5 435368 Bytes 1/10/2011 19:23:31

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04

LUKE.DLL : 10.0.3.2 104296 Bytes 1/10/2011 19:23:40

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36

VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 19:23:50

VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 16:46:53

VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 16:46:53

VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 16:46:53

VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 16:46:54

VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 16:46:54

VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 16:46:54

VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 16:46:54

VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 16:46:54

VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 16:46:55

VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 16:46:55

VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 16:46:55

VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 16:46:57

VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 16:46:59

VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 16:47:00

VBASE016.VDF : 7.11.3.183 140288 Bytes 2/22/2011 16:47:02

VBASE017.VDF : 7.11.3.216 124416 Bytes 2/24/2011 16:47:04

VBASE018.VDF : 7.11.3.251 159232 Bytes 2/28/2011 16:47:06

VBASE019.VDF : 7.11.3.252 2048 Bytes 2/28/2011 16:47:07

VBASE020.VDF : 7.11.3.253 2048 Bytes 2/28/2011 16:47:07

VBASE021.VDF : 7.11.3.254 2048 Bytes 2/28/2011 16:47:07

VBASE022.VDF : 7.11.3.255 2048 Bytes 2/28/2011 16:47:07

VBASE023.VDF : 7.11.4.0 2048 Bytes 2/28/2011 16:47:07

VBASE024.VDF : 7.11.4.1 2048 Bytes 2/28/2011 16:47:08

VBASE025.VDF : 7.11.4.2 2048 Bytes 2/28/2011 16:47:08

VBASE026.VDF : 7.11.4.3 2048 Bytes 2/28/2011 16:47:08

VBASE027.VDF : 7.11.4.4 2048 Bytes 2/28/2011 16:47:08

VBASE028.VDF : 7.11.4.5 2048 Bytes 2/28/2011 16:47:08

VBASE029.VDF : 7.11.4.6 2048 Bytes 2/28/2011 16:47:09

VBASE030.VDF : 7.11.4.7 2048 Bytes 2/28/2011 16:47:09

VBASE031.VDF : 7.11.4.9 2048 Bytes 2/28/2011 16:47:09

Engineversion : 8.2.4.176

AEVDF.DLL : 8.1.2.1 106868 Bytes 1/10/2011 19:23:26

AESCRIPT.DLL : 8.1.3.55 1282426 Bytes 2/28/2011 16:47:46

AESCN.DLL : 8.1.7.2 127349 Bytes 1/10/2011 19:23:26

AESBX.DLL : 8.1.3.2 254324 Bytes 1/10/2011 19:23:26

AERDL.DLL : 8.1.9.2 635252 Bytes 1/10/2011 19:23:25

AEPACK.DLL : 8.2.4.10 520567 Bytes 2/28/2011 16:47:41

AEOFFICE.DLL : 8.1.1.16 205179 Bytes 2/28/2011 16:47:35

AEHEUR.DLL : 8.1.2.81 3314038 Bytes 2/28/2011 16:47:33

AEHELP.DLL : 8.1.16.1 246134 Bytes 2/28/2011 16:47:17

AEGEN.DLL : 8.1.5.2 397683 Bytes 2/28/2011 16:47:15

AEEMU.DLL : 8.1.3.0 393589 Bytes 1/10/2011 19:23:18

AECORE.DLL : 8.1.19.2 196983 Bytes 2/28/2011 16:47:13

AEBB.DLL : 8.1.1.0 53618 Bytes 1/10/2011 19:23:18

AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/10/2011 19:23:32

AVPREF.DLL : 10.0.0.0 44904 Bytes 1/10/2011 19:23:30

AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 19:27:13

AVREG.DLL : 10.0.3.2 53096 Bytes 1/10/2011 19:23:31

AVSCPLR.DLL : 10.0.3.2 84328 Bytes 1/10/2011 19:23:31

AVARKT.DLL : 10.0.22.6 231784 Bytes 1/10/2011 19:23:27

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/10/2011 19:23:28

SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 19:27:22

AVSMTP.DLL : 10.0.0.17 63848 Bytes 1/10/2011 19:23:31

NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 19:27:21

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20

RCTEXT.DLL : 10.0.58.0 97128 Bytes 1/10/2011 19:23:52

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: Monday, February 28, 2011 12:43

Starting search for hidden objects.

c:\program files\logmein\x86\lmiguardiansvc.exe

c:\program files\logmein\x86\lmiguardiansvc.exe

[NOTE] The process is not visible.

c:\program files\logmein\x86\lmiguardiansvc.exe

The scan of running processes will be started

Scan process 'svchost.exe' - '37' Module(s) have been scanned

Scan process 'vssvc.exe' - '55' Module(s) have been scanned

Scan process 'avscan.exe' - '84' Module(s) have been scanned

Scan process 'avscan.exe' - '37' Module(s) have been scanned

Scan process 'avcenter.exe' - '78' Module(s) have been scanned

Scan process 'NOTEPAD.EXE' - '34' Module(s) have been scanned

Scan process 'avgnt.exe' - '63' Module(s) have been scanned

Scan process 'sched.exe' - '57' Module(s) have been scanned

Scan process 'conhost.exe' - '25' Module(s) have been scanned

Scan process 'avshadow.exe' - '39' Module(s) have been scanned

Scan process 'avguard.exe' - '80' Module(s) have been scanned

Scan process 'plugin-container.exe' - '73' Module(s) have been scanned

Scan process 'MSASCui.exe' - '54' Module(s) have been scanned

Scan process 'svchost.exe' - '57' Module(s) have been scanned

Scan process 'mbamservice.exe' - '48' Module(s) have been scanned

Scan process 'firefox.exe' - '134' Module(s) have been scanned

Scan process 'svchost.exe' - '45' Module(s) have been scanned

Scan process 'wmpnetwk.exe' - '116' Module(s) have been scanned

Scan process 'svchost.exe' - '46' Module(s) have been scanned

Scan process 'SearchIndexer.exe' - '65' Module(s) have been scanned

Scan process 'dsc.exe' - '73' Module(s) have been scanned

Scan process 'Weather.exe' - '84' Module(s) have been scanned

Scan process 'mbamgui.exe' - '30' Module(s) have been scanned

Scan process 'sprtcmd.exe' - '101' Module(s) have been scanned

Scan process 'VerizonServicepoint.exe' - '89' Module(s) have been scanned

Scan process 'memcard.exe' - '41' Module(s) have been scanned

Scan process 'dlcxmon.exe' - '42' Module(s) have been scanned

Scan process 'AvastUI.exe' - '78' Module(s) have been scanned

Scan process 'LogMeInSystray.exe' - '65' Module(s) have been scanned

Scan process 'Explorer.EXE' - '216' Module(s) have been scanned

Scan process 'AWC.exe' - '94' Module(s) have been scanned

Scan process 'WLIDSvcM.exe' - '27' Module(s) have been scanned

Scan process 'Dwm.exe' - '44' Module(s) have been scanned

Scan process 'taskhost.exe' - '58' Module(s) have been scanned

Scan process 'taskeng.exe' - '36' Module(s) have been scanned

Scan process 'WLIDSVC.EXE' - '82' Module(s) have been scanned

Scan process 'svchost.exe' - '26' Module(s) have been scanned

Scan process 'svchost.exe' - '52' Module(s) have been scanned

Scan process 'STacSV.exe' - '42' Module(s) have been scanned

Scan process 'svchost.exe' - '71' Module(s) have been scanned

Scan process 'RoxWatch9.exe' - '64' Module(s) have been scanned

Scan process 'LogMeIn.exe' - '106' Module(s) have been scanned

Scan process 'RaMaint.exe' - '49' Module(s) have been scanned

Scan process 'LMIGuardianSvc.exe' - '38' Module(s) have been scanned

Scan process 'Verizon_IHAMessageCenter.exe' - '54' Module(s) have been scanned

Scan process 'dlcxcoms.exe' - '51' Module(s) have been scanned

Scan process 'svchost.exe' - '69' Module(s) have been scanned

Scan process 'spoolsv.exe' - '111' Module(s) have been scanned

Scan process 'AvastSvc.exe' - '103' Module(s) have been scanned

Scan process 'svchost.exe' - '83' Module(s) have been scanned

Scan process 'nvvsvc.exe' - '44' Module(s) have been scanned

Scan process 'svchost.exe' - '90' Module(s) have been scanned

Scan process 'svchost.exe' - '152' Module(s) have been scanned

Scan process 'svchost.exe' - '114' Module(s) have been scanned

Scan process 'svchost.exe' - '89' Module(s) have been scanned

Scan process 'svchost.exe' - '48' Module(s) have been scanned

Scan process 'nvvsvc.exe' - '29' Module(s) have been scanned

Scan process 'svchost.exe' - '59' Module(s) have been scanned

Scan process 'winlogon.exe' - '41' Module(s) have been scanned

Scan process 'lsm.exe' - '33' Module(s) have been scanned

Scan process 'lsass.exe' - '74' Module(s) have been scanned

Scan process 'services.exe' - '44' Module(s) have been scanned

Scan process 'csrss.exe' - '16' Module(s) have been scanned

Scan process 'wininit.exe' - '37' Module(s) have been scanned

Scan process 'csrss.exe' - '16' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '412' files ).

Starting the file scan:

Begin scan in 'C:\' <OS>

C:\Users\Robin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\78d32ff3-5fd2fc2c

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/Agent.AW Java virus

--> kilo/bottom.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.AW Java virus

--> kilo/perev.class

[DETECTION] Contains recognition pattern of the JAVA/OpenStream.F Java virus

--> utilits/nod_sucks.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.X.1 Java virus

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\28293fa0-5406d4d6

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/Agent.AW Java virus

--> kilo/bottom.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.AW Java virus

--> kilo/perev.class

[DETECTION] Contains recognition pattern of the JAVA/OpenStream.F Java virus

--> utilits/nod_sucks.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.X.1 Java virus

Begin scan in 'D:\' <RECOVERY>

Beginning disinfection:

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\28293fa0-5406d4d6

[DETECTION] Contains recognition pattern of the JAVA/Agent.X.1 Java virus

[NOTE] The file was moved to the quarantine directory under the name '482b5423.qua'.

C:\Users\Robin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\78d32ff3-5fd2fc2c

[DETECTION] Contains recognition pattern of the JAVA/Agent.X.1 Java virus

[NOTE] The file was moved to the quarantine directory under the name '50ee7b84.qua'.

End of the scan: Monday, February 28, 2011 13:58

Used time: 1:08:19 Hour(s)

The scan has been done completely.

31540 Scanned directories

658071 Files were scanned

6 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

2 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

658065 Files not concerned

4798 Archives were scanned

0 Warnings

2 Notes

766148 Objects were scanned with rootkit scan

2 Hidden objects were found

This makes me wonder if I should uninstall anything that has to do with Java???????????

What do you think about that idea??????????? Please advise.

Thanks,

South of the James

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.