Jump to content

Trojan'S- BHO, Agent, Vundo, Vundo H & Virtumonde


Suz

Recommended Posts

Hello,

Thanks in advance for your help. I support my family (sole support) by running online businesses and have been fighting with this since before Thanksgiving. I have not been able to work at all this week because of the hijacking of the browser constantly.

Just so you know, I also went to msconfig the other day and looked at everything in my start up I disabled everything on start up except AVG and this included for example the windows\system32\koyudave.dll and other entries like that but they just renamed themselves on reboot. I have not reset anything there back to default settings.

I have also tried several times to delete them on Hijack this but they come back again.

Here are the scans you have asked for:

Malwarebytes' Anti-Malware 1.31

Database version: 1496

Windows 5.1.2600 Service Pack 2

12/13/2008 8:14:03 PM

mbam-log-2008-12-13 (20-14-03).txt

Scan type: Quick Scan

Objects scanned: 47656

Time elapsed: 8 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cfd46f3e-47fa-4242-9399-eed98bf30ecf} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{cfd46f3e-47fa-4242-9399-eed98bf30ecf} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yapajugefa (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-12-13 23:10:29

PROTECTIONS: 1

MALWARE: 3

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

AVG Internet Security 8.0 Yes Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00472983 Adware/AntivirusPro2009 Adware No 0 Yes No C:\WINDOWS\system32\caupwib.dll

03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Documents and Settings\user\My Documents\My Downloads\smitRem.exe

03491464 W32/Patched.D Virus No 0 Yes No C:\WINDOWS\system32\dllcache\user32.dll

03491464 W32/Patched.D Virus Yes 0 Yes No C:\WINDOWS\system32\USER32.dll

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location #

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description #

;===============================================================================

================================================================================

=

===================

184380 MEDIUM MS08-002 #

184379 MEDIUM MS08-001 #

182048 HIGH MS07-069 #

182046 HIGH MS07-067 #

182043 HIGH MS07-064 #

179553 HIGH MS07-061 #

176382 HIGH MS07-057 #

176383 HIGH MS07-058 #

170907 HIGH MS07-046 #

170906 HIGH MS07-045 #

170904 HIGH MS07-043 #

164915 HIGH MS07-035 #

164913 HIGH MS07-033 #

164911 HIGH MS07-031 #

160623 HIGH MS07-027 #

157262 HIGH MS07-022 #

157261 HIGH MS07-021 #

157260 HIGH MS07-020 #

157259 HIGH MS07-019 #

156477 HIGH MS07-017 #

150253 HIGH MS07-016 #

150249 HIGH MS07-013 #

150248 HIGH MS07-012 #

150247 HIGH MS07-011 #

150243 HIGH MS07-008 #

150242 HIGH MS07-007 #

150241 MEDIUM MS07-006 #

141034 HIGH MS06-076 #

141033 MEDIUM MS06-075 #

137571 HIGH MS06-070 #

133387 MEDIUM MS06-065 #

133386 MEDIUM MS06-064 #

133385 MEDIUM MS06-063 #

133379 HIGH MS06-057 #

129977 MEDIUM MS06-053 #

129976 MEDIUM MS06-052 #

126093 HIGH MS06-051 #

126092 MEDIUM MS06-050 #

126087 HIGH MS06-046 #

126086 MEDIUM MS06-045 #

126082 HIGH MS06-041 #

126081 HIGH MS06-040 #

123421 HIGH MS06-036 #

123420 HIGH MS06-035 #

120825 MEDIUM MS06-032 #

120823 MEDIUM MS06-030 #

120818 HIGH MS06-025 #

120815 HIGH MS06-022 #

117384 MEDIUM MS06-018 #

114666 HIGH MS06-015 #

108744 MEDIUM MS06-008 #

108743 MEDIUM MS06-007 #

108742 MEDIUM MS06-006 #

104567 HIGH MS06-002 #

104237 HIGH MS06-001 #

96574 HIGH MS05-053 #

93395 HIGH MS05-051 #

93394 HIGH MS05-050 #

93454 MEDIUM MS05-049 #

;===============================================================================

================================================================================

=

===================

After disinfection:

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-12-13 23:13:39

PROTECTIONS: 1

MALWARE: 3

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

AVG Internet Security 8.0 Yes Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00472983 Adware/AntivirusPro2009 Adware No 0 Yes No C:\WINDOWS\system32\caupwib.dll

03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\Documents and Settings\user\My Documents\My Downloads\smitRem.exe

03491464 W32/Patched.D Virus No 0 Yes Yes C:\WINDOWS\system32\dllcache\user32.dll

03491464 W32/Patched.D Virus Yes 0 Yes Yes C:\WINDOWS\system32\USER32.dll

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location #

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description #

;===============================================================================

================================================================================

=

===================

184380 MEDIUM MS08-002 #

184379 MEDIUM MS08-001 #

182048 HIGH MS07-069 #

182046 HIGH MS07-067 #

182043 HIGH MS07-064 #

179553 HIGH MS07-061 #

176382 HIGH MS07-057 #

176383 HIGH MS07-058 #

170907 HIGH MS07-046 #

170906 HIGH MS07-045 #

170904 HIGH MS07-043 #

164915 HIGH MS07-035 #

164913 HIGH MS07-033 #

164911 HIGH MS07-031 #

160623 HIGH MS07-027 #

157262 HIGH MS07-022 #

157261 HIGH MS07-021 #

157260 HIGH MS07-020 #

157259 HIGH MS07-019 #

156477 HIGH MS07-017 #

150253 HIGH MS07-016 #

150249 HIGH MS07-013 #

150248 HIGH MS07-012 #

150247 HIGH MS07-011 #

150243 HIGH MS07-008 #

150242 HIGH MS07-007 #

150241 MEDIUM MS07-006 #

141034 HIGH MS06-076 #

141033 MEDIUM MS06-075 #

137571 HIGH MS06-070 #

133387 MEDIUM MS06-065 #

133386 MEDIUM MS06-064 #

133385 MEDIUM MS06-063 #

133379 HIGH MS06-057 #

129977 MEDIUM MS06-053 #

129976 MEDIUM MS06-052 #

126093 HIGH MS06-051 #

126092 MEDIUM MS06-050 #

126087 HIGH MS06-046 #

126086 MEDIUM MS06-045 #

126082 HIGH MS06-041 #

126081 HIGH MS06-040 #

123421 HIGH MS06-036 #

123420 HIGH MS06-035 #

120825 MEDIUM MS06-032 #

120823 MEDIUM MS06-030 #

120818 HIGH MS06-025 #

120815 HIGH MS06-022 #

117384 MEDIUM MS06-018 #

114666 HIGH MS06-015 #

108744 MEDIUM MS06-008 #

108743 MEDIUM MS06-007 #

108742 MEDIUM MS06-006 #

104567 HIGH MS06-002 #

104237 HIGH MS06-001 #

96574 HIGH MS05-053 #

93395 HIGH MS05-051 #

93394 HIGH MS05-050 #

93454 MEDIUM MS05-049 #

;===============================================================================

================================================================================

=

===================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:17:39 PM, on 12/13/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {cfd46f3e-47fa-4242-9399-eed98bf30ecf} - C:\WINDOWS\system32\molafabo.dll (file missing)

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [yapajugefa] Rundll32.exe "C:\WINDOWS\system32\koyudave.dll",s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll

O20 - AppInit_DLLs: C:\WINDOWS\system32\hoyesatu.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 5040

Link to post
Share on other sites

avg popped up with these additional threats:

TrojanShuer2.EVU

Trojan Generic and Gen12

Trojan Horse Downloader Gen

VundoB2, BJ, CJ, CF, CI, Virus Worm/Gen

The were in system volume, task manager, AVG files and other places. My IE explorer window keeps popping open under task running so I keep closing it under task manager. Don't know if to keep running spybot, malware bytes, panda and hijack this while I am waiting to keep trying to delete these??

Link to post
Share on other sites

Hi,

I did my own research on a few of the logs between all of the scans and I think I have deleted the trojans, etc. as my scans are looking clean to me except for the last panda scan showed adware and vulnerabilities and my browser hasn't been hijacked in the last couple of hours. I will post them here and if you would check them for me that would be great.

I will not bother you any further unless you feel I have not deleted them all.

I will check in once or twice a day and not hang out in here all day and bug you all. LOL=))

Malwarebytes' Anti-Malware 1.31

Database version: 1500

Windows 5.1.2600 Service Pack 2

12/15/2008 7:33:54 PM

mbam-log-2008-12-15 (19-33-54).txt

Scan type: Quick Scan

Objects scanned: 47518

Time elapsed: 7 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:37:10 PM, on 12/15/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 4753 bytes

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-12-15 20:06:30

PROTECTIONS: 1

MALWARE: 1

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

AVG Internet Security 8.0 Yes Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00472983 Adware/AntivirusPro2009 Adware No 0 Yes No C:\WINDOWS\system32\caupwib.dll

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description

;===============================================================================

================================================================================

=

===================

184380 MEDIUM MS08-002

184379 MEDIUM MS08-001

182048 HIGH MS07-069

182046 HIGH MS07-067

182043 HIGH MS07-064

179553 HIGH MS07-061

176382 HIGH MS07-057

176383 HIGH MS07-058

170907 HIGH MS07-046

170906 HIGH MS07-045

170904 HIGH MS07-043

164915 HIGH MS07-035

164913 HIGH MS07-033

164911 HIGH MS07-031

160623 HIGH MS07-027

157262 HIGH MS07-022

157261 HIGH MS07-021

157260 HIGH MS07-020

157259 HIGH MS07-019

156477 HIGH MS07-017

150253 HIGH MS07-016

150249 HIGH MS07-013

150248 HIGH MS07-012

150247 HIGH MS07-011

150243 HIGH MS07-008

150242 HIGH MS07-007

150241 MEDIUM MS07-006

141034 HIGH MS06-076

141033 MEDIUM MS06-075

137571 HIGH MS06-070

133387 MEDIUM MS06-065

133386 MEDIUM MS06-064

133385 MEDIUM MS06-063

133379 HIGH MS06-057

129977 MEDIUM MS06-053

129976 MEDIUM MS06-052

126093 HIGH MS06-051

126092 MEDIUM MS06-050

126087 HIGH MS06-046

126086 MEDIUM MS06-045

126082 HIGH MS06-041

126081 HIGH MS06-040

123421 HIGH MS06-036

123420 HIGH MS06-035

120825 MEDIUM MS06-032

120823 MEDIUM MS06-030

120818 HIGH MS06-025

120815 HIGH MS06-022

117384 MEDIUM MS06-018

114666 HIGH MS06-015

108744 MEDIUM MS06-008

108743 MEDIUM MS06-007

108742 MEDIUM MS06-006

104567 HIGH MS06-002

104237 HIGH MS06-001

96574 HIGH MS05-053

93395 HIGH MS05-051

93394 HIGH MS05-050

93454 MEDIUM MS05-049

;===============================================================================

================================================================================

=

===================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.