Aurora / VX2

Computing.Net > Forums > Security and Virus > Aurora / VX2

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Aurora / VX2

Name: dasteve2
Date: June 11, 2005 at 17:41:16 Pacific
OS: WinXP Home SP2
CPU/Ram: Pentium M 1.4 768

Comment:

I have been getting random pop-ups that say Aurora in the title bar. Ad-Aware says I have something called VX2 and even though it says it removes it, when I rescan it comes back. I tried the VX2 add-on for Ad-Aware and that does not detect the infection. Nothing I can find on the web has worked. Please Help!

Sponsored Link

Ads by Google

Response Number 1

Name: dasteve2
Date: June 11, 2005 at 17:43:49 Pacific

Reply:

Oh yeah, here is the adaware log file

Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, June 11, 2005 8:35:50 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R49 31.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ImIServer IEPlugin(TAC index:5):35 total references
MRU List(TAC index:0):2 total references
Other(TAC index:5):2 total references
Possible Browser Hijack attempt(TAC index:3):13 total references
Roings(TAC index:8):1 total references
Tracking Cookie(TAC index:3):1 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):35 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

6-11-2005 8:35:50 PM - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 1084
ThreadCreationTime : 6-11-2005 11:58:59 PM
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1216
ThreadCreationTime : 6-11-2005 11:59:00 PM
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1240
ThreadCreationTime : 6-11-2005 11:59:02 PM
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1284
ThreadCreationTime : 6-11-2005 11:59:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1296
ThreadCreationTime : 6-11-2005 11:59:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1448
ThreadCreationTime : 6-11-2005 11:59:03 PM
BasePriority : Normal
FileVersion : 6.14.10.4114
ProductVersion : 6.14.10.4114.02
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.exe
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1460
ThreadCreationTime : 6-11-2005 11:59:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1568
ThreadCreationTime : 6-11-2005 11:59:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1608
ThreadCreationTime : 6-11-2005 11:59:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [s24evmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1644
ThreadCreationTime : 6-11-2005 11:59:04 PM
BasePriority : Normal
FileVersion : 7, 1, 3, 0
ProductVersion : 7, 1, 3, 0
ProductName : Mobile Unit Support Service
CompanyName : Intel Corporation
FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.
InternalName : S24EvMon
LegalCopyright : Copyright © 2001 - 2004 Intel Corporation, 1997 - 2001 Symbol Technologies, Inc. Portions Copyright © MIT
OriginalFilename : S24EvMon.exe
#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1704
ThreadCreationTime : 6-11-2005 11:59:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1804
ThreadCreationTime : 6-11-2005 11:59:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:13 [scardsvr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 356
ThreadCreationTime : 6-11-2005 11:59:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Smart Card Resource Management Server
InternalName : SCardSvr.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : SCardSvr.exe
#:14 [cvpnd.exe]
FilePath : C:\Program Files\Cisco Systems\VPN Client\
ProcessID : 456
ThreadCreationTime : 6-11-2005 11:59:05 PM
BasePriority : Normal
FileVersion : 4.0.5 (Rel)
ProductVersion : 4.0.5 (Rel)
ProductName : Cisco Systems VPN Client
CompanyName : Cisco Systems, Inc.
FileDescription : Cisco Systems VPN Client
InternalName : cvpnd
LegalCopyright : Copyright © 1998-2003 Cisco Systems, Inc.
OriginalFilename : CVPND.exe
#:15 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 496
ThreadCreationTime : 6-11-2005 11:59:05 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:16 [nicconfigsvc.exe]
FilePath : C:\Program Files\Dell\NICCONFIGSVC\
ProcessID : 572
ThreadCreationTime : 6-11-2005 11:59:05 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : NicConfigSvc
CompanyName : Dell Inc.
FileDescription : Internal Network Card Power Management Service
InternalName : TestMFCAppWiz
LegalCopyright : Copyright (C) 2004 Dell Inc.
OriginalFilename : NicConfigSvc.exe
#:17 [regsrvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 616
ThreadCreationTime : 6-11-2005 11:59:05 PM
BasePriority : Normal
FileVersion : 4, 1, 0, 0
ProductVersion : 4, 1, 0, 0
ProductName : RegSrvc Module
CompanyName : Intel Corporation
FileDescription : RegSrvc Module
InternalName : RegSrvc
LegalCopyright : Copyright © 2002 - 2004 Intel Corporation
OriginalFilename : RegSrvc.exe
#:18 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 664
ThreadCreationTime : 6-11-2005 11:59:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:19 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 732
ThreadCreationTime : 6-11-2005 11:59:05 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:20 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 920
ThreadCreationTime : 6-11-2005 11:59:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:21 [wmiprvse.exe]
FilePath : C:\WINDOWS\System32\wbem\
ProcessID : 1124
ThreadCreationTime : 6-11-2005 11:59:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe
#:22 [zcfgsvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1524
ThreadCreationTime : 6-12-2005 12:02:10 AM
BasePriority : Normal
FileVersion : 4, 1, 0, 53
ProductVersion : 4, 1, 0, 0
ProductName : ZeroCfgSvc Application
CompanyName : Intel Corporation
FileDescription : ZeroCfgSvc MFC Application
InternalName : ZeroCfgSvc
LegalCopyright : Copyright © 2002 - 2004 Intel Corporation
OriginalFilename : ZeroCfgSvc.exe
#:23 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1812
ThreadCreationTime : 6-12-2005 12:02:11 AM
BasePriority : Normal
FileVersion : 6.14.10.4114
ProductVersion : 6.14.10.4114.02
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.exe
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.exe
#:24 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 836
ThreadCreationTime : 6-12-2005 12:02:11 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.exe
#:25 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1180
ThreadCreationTime : 6-12-2005 12:02:12 AM
BasePriority : Normal
FileVersion : 0.1.0.3275
ProductVersion : 0.1.0.3275
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:26 [1xconfig.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 936
ThreadCreationTime : 6-12-2005 12:02:12 AM
BasePriority : Normal
FileVersion : 4, 1, 0, 3
ProductVersion : 4, 1, 0, 0
ProductName : 8021XConfig Module
CompanyName : Intel
FileDescription : 8021XConfig Module
InternalName : 8021XConfig
LegalCopyright : Copyright 2004
OriginalFilename : 1XConfig.exe
Comments : Wrapper for MH. (Service COM)
#:27 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_02\bin\
ProcessID : 1048
ThreadCreationTime : 6-12-2005 12:02:12 AM
BasePriority : Normal

#:28 [statusclient.exe]
FilePath : C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\
ProcessID : 1200
ThreadCreationTime : 6-12-2005 12:02:12 AM
BasePriority : Normal
FileVersion : 00.00.13
ProductVersion : 00.00.13
ProductName : Hewlett-Packard T-TR Status Client
CompanyName : Hewlett-Packard
FileDescription : Hewlett-Packard T-TR Status Client
InternalName : StatusClient.exe
LegalCopyright : Copyright © 2002 Hewlett-Packard Company
LegalTrademarks : All Rights Reserved.
OriginalFilename : StatusClient.exe
#:29 [pronomgr.exe]
FilePath : C:\Program Files\Intel\NCS\PROSet\
ProcessID : 1492
ThreadCreationTime : 6-12-2005 12:02:12 AM
BasePriority : Normal
FileVersion : 7.1.3.1
ProductVersion : 7.1.3.1
ProductName : Intel(R) Network Configuration Services
CompanyName : Intel(R) Corporation
FileDescription : PRONotifyMgr Module
InternalName : PRONotifyMgr
LegalCopyright : Copyright(C) 2001-2004 Intel Corporation
OriginalFilename : PRONoMgr.exe
#:30 [pctspk.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1652
ThreadCreationTime : 6-12-2005 12:02:12 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : pctvoice Application
FileDescription : pctvoice MFC Application
InternalName : pctvoice
LegalCopyright : Copyright (C) 2001
OriginalFilename : pctvoice.exe
#:31 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 1828
ThreadCreationTime : 6-12-2005 12:02:12 AM
BasePriority : Normal
FileVersion : 4.8.0.32
ProductVersion : 4.8.0.32
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:32 [dsentry.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1848
ThreadCreationTime : 6-12-2005 12:02:13 AM
BasePriority : Normal
FileVersion : 1, 0, 4, 0
ProductVersion : 1, 0, 4, 4
ProductName : Dell - DVDSentry
CompanyName : Dell - Advanced Desktop Engineering
FileDescription : DVDSentry
InternalName : DVDSentry
LegalCopyright : Copyright © 2002 Dell
OriginalFilename : DSentry.exe
Comments : DVDSentry launches your software DVD player when a DVD is inserted.
#:33 [quickset.exe]
FilePath : C:\Program Files\Dell\QuickSet\
ProcessID : 2064
ThreadCreationTime : 6-12-2005 12:02:13 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : QuickSet Application
FileDescription : QuickSet MFC Application
InternalName : direct
LegalCopyright : Copyright (C) 2001
OriginalFilename : direct.exe
#:34 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 2100
ThreadCreationTime : 6-12-2005 12:02:13 AM
BasePriority : Normal
FileVersion : 6.14.10.5145
ProductVersion : 6.14.10.5145
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright (C) 1998-2005 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe
#:35 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 2112
ThreadCreationTime : 6-12-2005 12:02:13 AM
BasePriority : Normal
FileVersion : 4.8.0.32
ProductVersion : 4.8.0.32
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:36 [vnzyun.exe]
FilePath : c:\windows\system32\
ProcessID : 2124
ThreadCreationTime : 6-12-2005 12:02:13 AM
BasePriority : Normal
FileVersion : 1, 1, 0, 3
ProductVersion : 0, 0, 7, 0
#:37 [apoint.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 2132
ThreadCreationTime : 6-12-2005 12:02:13 AM
BasePriority : Normal
FileVersion : 5.5.101.141
ProductVersion : 5.5.101.141
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright (C) 1999-2004 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe
#:38 [googledesktop.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 2180
ThreadCreationTime : 6-12-2005 12:02:13 AM
BasePriority : Normal

#:39 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2200
ThreadCreationTime : 6-12-2005 12:02:13 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.exe
#:40 [apntex.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 2272
ThreadCreationTime : 6-12-2005 12:02:13 AM
BasePriority : Normal
FileVersion : 5.5.1.19
ProductVersion : 5.5.1.19
ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
LegalCopyright : Copyright (C) 1998-2004 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe
#:41 [javaw.exe]
FilePath : C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\
ProcessID : 2768
ThreadCreationTime : 6-12-2005 12:02:17 AM
BasePriority : Normal

#:42 [googledesktopindex.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 3324
ThreadCreationTime : 6-12-2005 12:02:37 AM
BasePriority : Normal

#:43 [googledesktopdisplay.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 3340
ThreadCreationTime : 6-12-2005 12:02:37 AM
BasePriority : Below Normal

#:44 [googledesktopcrawl.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 3352
ThreadCreationTime : 6-12-2005 12:02:37 AM
BasePriority : Normal

#:45 [firefox.exe]
FilePath : C:\PROGRA~1\MOZILL~1\
ProcessID : 4080
ThreadCreationTime : 6-12-2005 12:16:24 AM
BasePriority : Normal

#:46 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3224
ThreadCreationTime : 6-12-2005 12:17:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
VX2 Object Recognized!
Type : Process
Data : DrPMon.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright (C) 2005
OriginalFilename : DrPMon.dll

#:47 [wmiprvse.exe]
FilePath : C:\WINDOWS\System32\wbem\
ProcessID : 2360
ThreadCreationTime : 6-12-2005 12:35:14 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe
#:48 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3596
ThreadCreationTime : 6-12-2005 12:35:39 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{01f44a8a-8c97-4325-a378-76e68dc4ab2e}
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1c896551-8b92-4907-8c06-15db2d1f874a}
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{d36f70b1-7df5-4fd4-a765-70ccc8f72cd7}
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e2bf1bf3-1fdb-4c93-8874-0b09e71c594c}
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f3155057-4c2c-4078-8576-50486693fd49}
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.bottomframe
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.bottomframe.1
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.leftframe
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.leftframe.1
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupbrowser
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupbrowser.1
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupwindow
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupwindow.1
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{220959ea-b54c-4201-8df2-1cfac8b59fd7}
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3e589169-86ad-44fe-b426-f0bf105d5582}
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{6a288140-3e1c-4cd9-aac5-e20fdd4f5d64}
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{7371ad3f-c419-4dc0-8e8a-e21fafad53e0}
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{98b2ddba-6da2-4421-af2b-814e98f53649}
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e4458b4a-6149-4450-84f2-864adb7e8c52}
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{57add57b-173e-418a-8f70-17e5c9f2bcc9}
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wbho.band
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wbho.band.1
VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUI3d5OfSInst
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUC3n5trMsgSDisp
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUs3t5icky1S
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUs3t5icky2S
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUs3t5icky3S
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUs3t5icky4S
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUC1o3d5eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUT3i5m7eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUD3s5tSSEnd
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AU3N5a7tionSCode
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUP3D5om
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUT3h5rshSCheckSIn
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUT3h5rshSMots
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUM3o5deSSync
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUI3n5ProgSCab
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUI3n5ProgSEx
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUI3n5ProgSLstest
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUB3D5om
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUE3v5nt
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUT3h5rshSBath
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUT3h5rshSysSInf
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUL3n5Title
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUC3u5rrentSMode
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUC3n5tFyl
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUI3g5noreS
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUL3a5stMotsSDay
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUL3a5stSSChckin
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\aurora
Value : AUS3t5atusOfSInst
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{01f44a8a-8c97-4325-a378-76e68dc4ab2e}
Roings Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment : "Date"
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\software\intexp
Value : Date
ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "Win Server Updt"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : Win Server Updt
Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
TAC Rating : 3
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 55
Objects found so far: 56

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagewebsearch.drsnsrch.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
TAC Rating : 3
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Barwebsearch.drsnsrch.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
TAC Rating : 3
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistantwebsearch.drsnsrch.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
TAC Rating : 3
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchCustomizeSearchwebsearch.drsnsrch.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
TAC Rating : 3
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : CustomizeSearch
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Possible Browser Hijack attempt : S-1-5-21-343818398-1580818891-854245398-1004\Software\Microsoft\Internet Explorer\MainSearch Pagewebsearch.drsnsrch.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
TAC Rating : 3
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Possible Browser Hijack attempt : S-1-5-21-343818398-1580818891-854245398-1004\Software\Microsoft\Internet Explorer\MainSearch Barwebsearch.drsnsrch.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
TAC Rating : 3
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Possible Browser Hijack attempt : S-1-5-21-343818398-1580818891-854245398-1004\Software\Microsoft\Internet Explorer\SearchURLwebsearch.drsnsrch.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "websearch.drsnsrch.com/q.cgi?q="
TAC Rating : 3
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1580818891-854245398-1004\Software\Microsoft\Internet Explorer\SearchURL
Value :
Data : "websearch.drsnsrch.com/q.cgi?q="
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : DisplayName
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : URLInfoAbout
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : Publisher
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : HelpLink
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : Contact
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 13
Objects found so far: 69

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : steve@z1.adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:steve@z1.adserver.com/
Expires : 6-11-2006 8:31:14 PM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 70
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ImIServer IEPlugin Object Recognized!
Type : File
Data : systb.dll
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\WINDOWS\
FileVersion : 1, 0, 8, 1
ProductVersion : 1, 0, 8, 1
ProductName : wbho Module
FileDescription : wbho Module
InternalName : wbho
LegalCopyright : Copyright 2004
OriginalFilename : wbho.DLL

ImIServer IEPlugin Object Recognized!
Type : File
Data : tdtb.exe
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\WINDOWS\
FileVersion : 5.0.2001.10043
ProductVersion : 2001, 0, 0, 0
ProductName : MimarSinan Emissary, MimarSinan Charm Family
CompanyName : Mimar Sinan International
FileDescription : Emissary
InternalName : autonomy
LegalCopyright : Copyright © 1992-2000 Mimar Sinan International. All rights reserved.
OriginalFilename : autonomy.exe

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 72
VX2 Object Recognized!
Type : File
Data : drpmon.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright (C) 2005
OriginalFilename : DrPMon.dll

Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 73
Disk Scan Result for C:\DOCUME~1\Steve\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 73

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 73
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-343818398-1580818891-854245398-1004\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\control\print\monitors\zepmon
VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\control\print\monitors\zepmon
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
VX2 Object Recognized!
Type : Folder
TAC Rating : 10
Category : Malware
Comment : VX2
Object : C:\DOCUME~1\Steve\LOCALS~1\Temp\DrTemp
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : remove
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : Version
ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : Date
ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : bid
ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\toolbar
Value : {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB}
ImIServer IEPlugin Object Recognized!
Type : File
Data : lu.dat
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\WINDOWS\
ImIServer IEPlugin Object Recognized!
Type : File
Data : redir.txt
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\WINDOWS\
ImIServer IEPlugin Object Recognized!
Type : File
Data : wupdt.exe
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\WINDOWS\
Other Object Recognized!
Type : File
Data : TDTB.EXE-0D7D8A8D.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\prefetch\
Other Object Recognized!
Type : File
Data : WUPDT.EXE-1E521B90.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\prefetch\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 15
Objects found so far: 90
8:36:44 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:00:53.657
Objects scanned:65219
Objects identified:89
Objects ignored:0
New critical objects:89

Response Number 2

Name: jabuck
Date: June 11, 2005 at 21:01:09 Pacific

Reply:

You should be able to get rid of nail.exe (aurora) by running ewide and nailfix.zip as suggested at this link Bleepingcomputer.com
Then go to the lavasoft site and download the vx2 cleaner,install it and run it.

Response Number 3

Name: Mike Piper
Date: June 11, 2005 at 22:12:24 Pacific

Reply:

Have had the annoying Aurora Popup for a week now,and could not get rid of it.Tried to get Adaware to remove it,but it did not,tried to get spybot to remove it...it didn't work either.Symantec must not have been aware of it,or maybe they, like Mcafee,have been slacking off here.I put PC-cillin on My computer and it stopped it,and also recognized it as a buddy trojan.So if you are not sure it's a virus,let Me tell ya...it is a virus! Different forums I have seen and read suggest that it comes under different names in their files..it has the NAIL.exe files as the main name ,but it is in more than one place or file and with a different code that varies from person to person..to find you run the task manager,then click on applications after you confirm its running in the general tab.but it has other attachments,such as party poker,popup 64,etc. PC-Cillin knocked it out,but it keeps trying to come back;unsuccesfully.

Response Number 4

Name: Abnormal
Date: June 12, 2005 at 07:28:44 Pacific

Reply:

Aurora install source revealed
and 175 Megabytes of televisual terror.
Posted by paperghost
http://www.vitalsecurity.org/2005/06/aurora-install-source-revealed-and-175.html
Hijack prevention tips

Sponsored Link

Ads by Google

	zerocfgsvc party poker spyware virus aurora
See More

Trojan Wont go away!

Security issue Outlook Ex...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Aurora / VX2

VX2 BetterInternet

Summary

www.computing.net/answers/security/vx2-betterinternet/11921.html

VX2 lookup CWS lookup removal

Summary

www.computing.net/answers/security/vx2-lookup-cws-lookup-removal/16810.html

VX2.Look2Me removal

Summary

www.computing.net/answers/security/vx2look2me-removal/15587.html

From the Geek Dictionary
Owned - Dominated, defeated, bested, beaten; usually in a humiliating manner. ...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 6 Days.
Discuss in The Lounge
Poll History

Recent Posts
Using wireless card

Monitor turnoff

disappearing Spider rummy

Links won't open

cut question

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE