Computing.Net > Forums > Security and Virus > Aurora / VX2

Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

The Lounge

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Howtos

Site Search

Message Find

Data Recovery

About

Aurora / VX2

Reply to Message Icon
Original Message
Name: dasteve2
Date: June 11, 2005 at 17:41:16 Pacific
Subject: Aurora / VX2
OS: WinXP Home SP2
CPU/Ram: Pentium M 1.4 768
Comment:

I have been getting random pop-ups that say Aurora in the title bar. Ad-Aware says I have something called VX2 and even though it says it removes it, when I rescan it comes back. I tried the VX2 add-on for Ad-Aware and that does not detect the infection. Nothing I can find on the web has worked. Please Help!


Report Offensive Message For Removal


Response Number 1
Name: dasteve2
Date: June 11, 2005 at 17:43:49 Pacific
Subject: Aurora / VX2
Reply: (edit)

Oh yeah, here is the adaware log file


Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, June 11, 2005 8:35:50 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R49 31.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ImIServer IEPlugin(TAC index:5):35 total references
MRU List(TAC index:0):2 total references
Other(TAC index:5):2 total references
Possible Browser Hijack attempt(TAC index:3):13 total references
Roings(TAC index:8):1 total references
Tracking Cookie(TAC index:3):1 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):35 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


6-11-2005 8:35:50 PM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 1084
ThreadCreationTime : 6-11-2005 11:58:59 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1216
ThreadCreationTime : 6-11-2005 11:59:00 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1240
ThreadCreationTime : 6-11-2005 11:59:02 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1284
ThreadCreationTime : 6-11-2005 11:59:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1296
ThreadCreationTime : 6-11-2005 11:59:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1448
ThreadCreationTime : 6-11-2005 11:59:03 PM
BasePriority : Normal
FileVersion : 6.14.10.4114
ProductVersion : 6.14.10.4114.02
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1460
ThreadCreationTime : 6-11-2005 11:59:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1568
ThreadCreationTime : 6-11-2005 11:59:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1608
ThreadCreationTime : 6-11-2005 11:59:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [s24evmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1644
ThreadCreationTime : 6-11-2005 11:59:04 PM
BasePriority : Normal
FileVersion : 7, 1, 3, 0
ProductVersion : 7, 1, 3, 0
ProductName : Mobile Unit Support Service
CompanyName : Intel Corporation
FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.
InternalName : S24EvMon
LegalCopyright : Copyright © 2001 - 2004 Intel Corporation, 1997 - 2001 Symbol Technologies, Inc. Portions Copyright © MIT
OriginalFilename : S24EvMon.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1704
ThreadCreationTime : 6-11-2005 11:59:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1804
ThreadCreationTime : 6-11-2005 11:59:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [scardsvr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 356
ThreadCreationTime : 6-11-2005 11:59:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Smart Card Resource Management Server
InternalName : SCardSvr.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : SCardSvr.exe

#:14 [cvpnd.exe]
FilePath : C:\Program Files\Cisco Systems\VPN Client\
ProcessID : 456
ThreadCreationTime : 6-11-2005 11:59:05 PM
BasePriority : Normal
FileVersion : 4.0.5 (Rel)
ProductVersion : 4.0.5 (Rel)
ProductName : Cisco Systems VPN Client
CompanyName : Cisco Systems, Inc.
FileDescription : Cisco Systems VPN Client
InternalName : cvpnd
LegalCopyright : Copyright © 1998-2003 Cisco Systems, Inc.
OriginalFilename : CVPND.EXE

#:15 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 496
ThreadCreationTime : 6-11-2005 11:59:05 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:16 [nicconfigsvc.exe]
FilePath : C:\Program Files\Dell\NICCONFIGSVC\
ProcessID : 572
ThreadCreationTime : 6-11-2005 11:59:05 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : NicConfigSvc
CompanyName : Dell Inc.
FileDescription : Internal Network Card Power Management Service
InternalName : TestMFCAppWiz
LegalCopyright : Copyright (C) 2004 Dell Inc.
OriginalFilename : NicConfigSvc.EXE

#:17 [regsrvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 616
ThreadCreationTime : 6-11-2005 11:59:05 PM
BasePriority : Normal
FileVersion : 4, 1, 0, 0
ProductVersion : 4, 1, 0, 0
ProductName : RegSrvc Module
CompanyName : Intel Corporation
FileDescription : RegSrvc Module
InternalName : RegSrvc
LegalCopyright : Copyright © 2002 - 2004 Intel Corporation
OriginalFilename : RegSrvc.EXE

#:18 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 664
ThreadCreationTime : 6-11-2005 11:59:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:19 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 732
ThreadCreationTime : 6-11-2005 11:59:05 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:20 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 920
ThreadCreationTime : 6-11-2005 11:59:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:21 [wmiprvse.exe]
FilePath : C:\WINDOWS\System32\wbem\
ProcessID : 1124
ThreadCreationTime : 6-11-2005 11:59:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:22 [zcfgsvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1524
ThreadCreationTime : 6-12-2005 12:02:10 AM
BasePriority : Normal
FileVersion : 4, 1, 0, 53
ProductVersion : 4, 1, 0, 0
ProductName : ZeroCfgSvc Application
CompanyName : Intel Corporation
FileDescription : ZeroCfgSvc MFC Application
InternalName : ZeroCfgSvc
LegalCopyright : Copyright © 2002 - 2004 Intel Corporation
OriginalFilename : ZeroCfgSvc.EXE

#:23 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1812
ThreadCreationTime : 6-12-2005 12:02:11 AM
BasePriority : Normal
FileVersion : 6.14.10.4114
ProductVersion : 6.14.10.4114.02
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:24 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 836
ThreadCreationTime : 6-12-2005 12:02:11 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:25 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1180
ThreadCreationTime : 6-12-2005 12:02:12 AM
BasePriority : Normal
FileVersion : 0.1.0.3275
ProductVersion : 0.1.0.3275
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:26 [1xconfig.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 936
ThreadCreationTime : 6-12-2005 12:02:12 AM
BasePriority : Normal
FileVersion : 4, 1, 0, 3
ProductVersion : 4, 1, 0, 0
ProductName : 8021XConfig Module
CompanyName : Intel
FileDescription : 8021XConfig Module
InternalName : 8021XConfig
LegalCopyright : Copyright 2004
OriginalFilename : 1XConfig.EXE
Comments : Wrapper for MH. (Service COM)

#:27 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_02\bin\
ProcessID : 1048
ThreadCreationTime : 6-12-2005 12:02:12 AM
BasePriority : Normal


#:28 [statusclient.exe]
FilePath : C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\
ProcessID : 1200
ThreadCreationTime : 6-12-2005 12:02:12 AM
BasePriority : Normal
FileVersion : 00.00.13
ProductVersion : 00.00.13
ProductName : Hewlett-Packard T-TR Status Client
CompanyName : Hewlett-Packard
FileDescription : Hewlett-Packard T-TR Status Client
InternalName : StatusClient.exe
LegalCopyright : Copyright © 2002 Hewlett-Packard Company
LegalTrademarks : All Rights Reserved.
OriginalFilename : StatusClient.exe

#:29 [pronomgr.exe]
FilePath : C:\Program Files\Intel\NCS\PROSet\
ProcessID : 1492
ThreadCreationTime : 6-12-2005 12:02:12 AM
BasePriority : Normal
FileVersion : 7.1.3.1
ProductVersion : 7.1.3.1
ProductName : Intel(R) Network Configuration Services
CompanyName : Intel(R) Corporation
FileDescription : PRONotifyMgr Module
InternalName : PRONotifyMgr
LegalCopyright : Copyright(C) 2001-2004 Intel Corporation
OriginalFilename : PRONoMgr.exe

#:30 [pctspk.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1652
ThreadCreationTime : 6-12-2005 12:02:12 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : pctvoice Application
FileDescription : pctvoice MFC Application
InternalName : pctvoice
LegalCopyright : Copyright (C) 2001
OriginalFilename : pctvoice.EXE

#:31 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 1828
ThreadCreationTime : 6-12-2005 12:02:12 AM
BasePriority : Normal
FileVersion : 4.8.0.32
ProductVersion : 4.8.0.32
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:32 [dsentry.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1848
ThreadCreationTime : 6-12-2005 12:02:13 AM
BasePriority : Normal
FileVersion : 1, 0, 4, 0
ProductVersion : 1, 0, 4, 4
ProductName : Dell - DVDSentry
CompanyName : Dell - Advanced Desktop Engineering
FileDescription : DVDSentry
InternalName : DVDSentry
LegalCopyright : Copyright © 2002 Dell
OriginalFilename : DSentry.exe
Comments : DVDSentry launches your software DVD player when a DVD is inserted.

#:33 [quickset.exe]
FilePath : C:\Program Files\Dell\QuickSet\
ProcessID : 2064
ThreadCreationTime : 6-12-2005 12:02:13 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : QuickSet Application
FileDescription : QuickSet MFC Application
InternalName : direct
LegalCopyright : Copyright (C) 2001
OriginalFilename : direct.EXE

#:34 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 2100
ThreadCreationTime : 6-12-2005 12:02:13 AM
BasePriority : Normal
FileVersion : 6.14.10.5145
ProductVersion : 6.14.10.5145
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright (C) 1998-2005 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:35 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 2112
ThreadCreationTime : 6-12-2005 12:02:13 AM
BasePriority : Normal
FileVersion : 4.8.0.32
ProductVersion : 4.8.0.32
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:36 [vnzyun.exe]
FilePath : c:\windows\system32\
ProcessID : 2124
ThreadCreationTime : 6-12-2005 12:02:13 AM
BasePriority : Normal
FileVersion : 1, 1, 0, 3
ProductVersion : 0, 0, 7, 0

#:37 [apoint.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 2132
ThreadCreationTime : 6-12-2005 12:02:13 AM
BasePriority : Normal
FileVersion : 5.5.101.141
ProductVersion : 5.5.101.141
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright (C) 1999-2004 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe

#:38 [googledesktop.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 2180
ThreadCreationTime : 6-12-2005 12:02:13 AM
BasePriority : Normal


#:39 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2200
ThreadCreationTime : 6-12-2005 12:02:13 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:40 [apntex.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 2272
ThreadCreationTime : 6-12-2005 12:02:13 AM
BasePriority : Normal
FileVersion : 5.5.1.19
ProductVersion : 5.5.1.19
ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
LegalCopyright : Copyright (C) 1998-2004 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe

#:41 [javaw.exe]
FilePath : C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\
ProcessID : 2768
ThreadCreationTime : 6-12-2005 12:02:17 AM
BasePriority : Normal


#:42 [googledesktopindex.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 3324
ThreadCreationTime : 6-12-2005 12:02:37 AM
BasePriority : Normal


#:43 [googledesktopdisplay.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 3340
ThreadCreationTime : 6-12-2005 12:02:37 AM
BasePriority : Below Normal


#:44 [googledesktopcrawl.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 3352
ThreadCreationTime : 6-12-2005 12:02:37 AM
BasePriority : Normal


#:45 [firefox.exe]
FilePath : C:\PROGRA~1\MOZILL~1\
ProcessID : 4080
ThreadCreationTime : 6-12-2005 12:16:24 AM
BasePriority : Normal


#:46 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3224
ThreadCreationTime : 6-12-2005 12:17:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

VX2 Object Recognized!
Type : Process
Data : DrPMon.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright (C) 2005
OriginalFilename : DrPMon.dll


#:47 [wmiprvse.exe]
FilePath : C:\WINDOWS\System32\wbem\
ProcessID : 2360
ThreadCreationTime : 6-12-2005 12:35:14 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:48 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3596
ThreadCreationTime : 6-12-2005 12:35:39 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{01f44a8a-8c97-4325-a378-76e68dc4ab2e}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1c896551-8b92-4907-8c06-15db2d1f874a}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{d36f70b1-7df5-4fd4-a765-70ccc8f72cd7}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e2bf1bf3-1fdb-4c93-8874-0b09e71c594c}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f3155057-4c2c-4078-8576-50486693fd49}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.bottomframe

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.bottomframe.1

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.leftframe

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.leftframe.1

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupbrowser

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupbrowser.1

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupwindow

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupwindow.1

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{220959ea-b54c-4201-8df2-1cfac8b59fd7}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3e589169-86ad-44fe-b426-f0bf105d5582}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{6a288140-3e1c-4cd9-aac5-e20fdd4f5d64}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{7371ad3f-c419-4dc0-8e8a-e21fafad53e0}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{98b2ddba-6da2-4421-af2b-814e98f53649}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e4458b4a-6149-4450-84f2-864adb7e8c52}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{57add57b-173e-418a-8f70-17e5c9f2bcc9}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wbho.band

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wbho.band.1

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUI3d5OfSInst

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUC3n5trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUs3t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUs3t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUs3t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUs3t5icky4S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUC1o3d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUT3i5m7eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUD3s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AU3N5a7tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUP3D5om

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUT3h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUT3h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUM3o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUI3n5ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUI3n5ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUI3n5ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUB3D5om

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUE3v5nt

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUT3h5rshSBath

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUT3h5rshSysSInf

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUL3n5Title

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUC3u5rrentSMode

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUC3n5tFyl

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUI3g5noreS

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUL3a5stMotsSDay

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUL3a5stSSChckin

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUS3t5atusOfSInst

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{01f44a8a-8c97-4325-a378-76e68dc4ab2e}

Roings Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment : "Date"
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\intexp
Value : Date

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "Win Server Updt"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : Win Server Updt

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
TAC Rating : 3
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 55
Objects found so far: 56


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagewebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
TAC Rating : 3
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Barwebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
TAC Rating : 3
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistantwebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
TAC Rating : 3
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchCustomizeSearchwebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
TAC Rating : 3
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : CustomizeSearch
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Possible Browser Hijack attempt : S-1-5-21-343818398-1580818891-854245398-1004\Software\Microsoft\Internet Explorer\MainSearch Pagewebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
TAC Rating : 3
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Possible Browser Hijack attempt : S-1-5-21-343818398-1580818891-854245398-1004\Software\Microsoft\Internet Explorer\MainSearch Barwebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
TAC Rating : 3
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Possible Browser Hijack attempt : S-1-5-21-343818398-1580818891-854245398-1004\Software\Microsoft\Internet Explorer\SearchURLwebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "websearch.drsnsrch.com/q.cgi?q="
TAC Rating : 3
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\Software\Microsoft\Internet Explorer\SearchURL
Value :
Data : "websearch.drsnsrch.com/q.cgi?q="

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : DisplayName

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : URLInfoAbout

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : Publisher

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : HelpLink

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : Contact

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 13
Objects found so far: 69


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : steve@z1.adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:steve@z1.adserver.com/
Expires : 6-11-2006 8:31:14 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 70

Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

ImIServer IEPlugin Object Recognized!
Type : File
Data : systb.dll
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\WINDOWS\
FileVersion : 1, 0, 8, 1
ProductVersion : 1, 0, 8, 1
ProductName : wbho Module
FileDescription : wbho Module
InternalName : wbho
LegalCopyright : Copyright 2004
OriginalFilename : wbho.DLL


ImIServer IEPlugin Object Recognized!
Type : File
Data : tdtb.exe
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\WINDOWS\
FileVersion : 5.0.2001.10043
ProductVersion : 2001, 0, 0, 0
ProductName : MimarSinan Emissary, MimarSinan Charm Family
CompanyName : Mimar Sinan International
FileDescription : Emissary
InternalName : autonomy
LegalCopyright : Copyright © 1992-2000 Mimar Sinan International. All rights reserved.
OriginalFilename : autonomy.exe


Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 72

VX2 Object Recognized!
Type : File
Data : drpmon.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright (C) 2005
OriginalFilename : DrPMon.dll


Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 73

Disk Scan Result for C:\DOCUME~1\Steve\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 73


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 73

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-343818398-1580818891-854245398-1004\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\control\print\monitors\zepmon

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\control\print\monitors\zepmon

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

VX2 Object Recognized!
Type : Folder
TAC Rating : 10
Category : Malware
Comment : VX2
Object : C:\DOCUME~1\Steve\LOCALS~1\Temp\DrTemp

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : remove

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : Version

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : Date

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : bid

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\toolbar
Value : {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB}

ImIServer IEPlugin Object Recognized!
Type : File
Data : lu.dat
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\WINDOWS\

ImIServer IEPlugin Object Recognized!
Type : File
Data : redir.txt
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\WINDOWS\

ImIServer IEPlugin Object Recognized!
Type : File
Data : wupdt.exe
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\WINDOWS\

Other Object Recognized!
Type : File
Data : TDTB.EXE-0D7D8A8D.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\prefetch\

Other Object Recognized!
Type : File
Data : WUPDT.EXE-1E521B90.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\prefetch\

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 15
Objects found so far: 90

8:36:44 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:00:53.657
Objects scanned:65219
Objects identified:89
Objects ignored:0
New critical objects:89



Report Offensive Follow Up For Removal

Response Number 2
Name: jabuck
Date: June 11, 2005 at 21:01:09 Pacific
Subject: Aurora / VX2
Reply: (edit)

You should be able to get rid of nail.exe (aurora) by running ewide and nailfix.zip as suggested at this link Bleepingcomputer.com

Then go to the lavasoft site and download the vx2 cleaner,install it and run it.


Report Offensive Follow Up For Removal

Response Number 3
Name: Mike Piper
Date: June 11, 2005 at 22:12:24 Pacific
Subject: Aurora / VX2
Reply: (edit)

Have had the annoying Aurora Popup for a week now,and could not get rid of it.Tried to get Adaware to remove it,but it did not,tried to get spybot to remove it...it didn't work either.Symantec must not have been aware of it,or maybe they, like Mcafee,have been slacking off here.I put PC-cillin on My computer and it stopped it,and also recognized it as a buddy trojan.So if you are not sure it's a virus,let Me tell ya...it is a virus! Different forums I have seen and read suggest that it comes under different names in their files..it has the NAIL.EXE files as the main name ,but it is in more than one place or file and with a different code that varies from person to person..to find you run the task manager,then click on applications after you confirm its running in the general tab.but it has other attachments,such as party poker,popup 64,etc. PC-Cillin knocked it out,but it keeps trying to come back;unsuccesfully.


Report Offensive Follow Up For Removal

Response Number 4
Name: Abnormal
Date: June 12, 2005 at 07:28:44 Pacific
Subject: Aurora / VX2
Reply: (edit)

Aurora install source revealed
and 175 Megabytes of televisual terror.
Posted by paperghost

http://www.vitalsecurity.org/2005/06/aurora-install-source-revealed-and-175.html

Hijack prevention tips


Report Offensive Follow Up For Removal







Use following form to reply to current message: 

   Name: From My Computing.Net Settings
 E-Mail: From My Computing.Net Settings

Subject: Aurora / VX2

Comments:
            
         

 


  Homepage URL (*): 
Homepage Title (*): 
         Image URL:
 
Data Recovery Software



How often do you use Computing.Net?

Every Day
Once a Week
Once a Month
This Is My First Time!


View Results

Poll Finishes In 3 Days.
Discuss in The Lounge


How google works

data recovery

P4 Overclock Help

set command and xcopy

Automatic Logging Off

All Posts Awaiting Replies