Okay, so there is this new virus that apparently came out recently or something. **exmodul32.exe is that name and it's able to disable your anti-virus software so it can send out into about your computer, passwords and whatever else. I googled exmodul32.exe and there are barely any sites on it, mostly all in other languages. Has anyone found this thing running on their machines? Any help would be greatly appreciated. I would experiment around a little but i have very precious date stored on my PC now. It also turns itself on about every 10 mins, so after I end the .exe in task manager it comes back with a new name. Please help

Any number of viruses have the properties that you mention, and can rename themselves easily. Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed. Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor at this forum. Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

This is my hijack this log, it's the 22exmodul.exe and it's trying to send a lot of e-mails to random addresses. Please help! Logfile of HijackThis v1.99.1 Scan saved at 3:49:01 PM, on 5/4/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\CTHELPER.exe C:\WINDOWS\system32\RUNDLL32.exe C:\PROGRA~1\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\SpeedFan\speedfan.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\DOCUME~1\Sterling\LOCALS~1\Temp\22exmodul32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Sterling\My Documents\My Programs\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:5222 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode O4 - HKLM\..\Run: [CTHelper] CTHELPER.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\PROGRA~1\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe

We will need a few tools. Please download ATF-Cleaner to your desktop from this link http://www.atribune.org/content/view/19/2/ We will need it later in safe mode Download Ewido Security Suite then set it up this way Ewido Setup Instructions We will need this later in safe mode Reboot into safe mode by following these directions if you need them Safe Mode Run Hijack This from safe mode,close all windows except HT, place a check to the left of these items and press "fix checked": O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w Exit Hijack This While still in safe mode run Ewido and let it remove all that it finds. Run ATF-Cleaner from safe mode. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. From safe mode rin killbox. Double-click on Killbox.exe to run it. Put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time. C:\WINDOWS\system\smss.exe /w C:\WINDOWS\system\smss.exe Click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box. Reboot the computer Run this free online scan from Kaspersky http://kaspersky.com/kos/english/kavwebscan.html Click Accept When the updates are finished downloading, click Next, Scan Settings Under Scan using the following antivirus database:, select extended Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK Click My Computer and wait for the scan to finish Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop and post a copy of it here along with a new HT log.

hi, i have the same thing...i did all of the above and got the log from kasp, can someone help me ? here is a copy o-- KASPERSKY ON-LINE SCANNER REPORT Wednesday, June 07, 2006 1:43:14 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 7/06/2006 Kaspersky Anti-Virus database records: 198878 --------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ Scan Statistics: Total number of scanned objects: 53929 Number of viruses found: 19 Number of infected objects: 50 Number of suspicious objects: 0 Duration of the scan process: 00:49:38 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01263501.exe Infected: P2P-Worm.Win32.VB.dw skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11B814E1.exe Infected: P2P-Worm.Win32.VB.dw skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11CE2962.exe Infected: Trojan.Win32.EliteBar.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11D2535F.exe Infected: Trojan.Win32.Pakes skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15335B0B.exe Infected: Worm.Win32.VB.an skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28011543.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48FD4AB7.exe Infected: Trojan-Downloader.Win32.Small.bke skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49413C6B.exe Infected: Trojan-Downloader.Win32.Small.bke skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A303565.exe Infected: Trojan-Downloader.Win32.Small.bke skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\524A75E1.tmp/LMSetup2.exe Infected: not-a-virus:AdWare.Win32.MDH.e skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\524A75E1.tmp CAB: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\524A75E1.tmp CryptFF: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\532E7AE9.htm Infected: Trojan-Downloader.HTML.Agent.aq skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\533878DE.htm Infected: Trojan-Downloader.HTML.Agent.aq skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DCE0048.tmp Infected: Trojan-Dropper.Win32.Delf.vt skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\660F3623.htm Infected: Trojan-Downloader.HTML.Agent.aq skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\663059FF.htm Infected: Trojan-Downloader.HTML.Agent.aq skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66F26B6C.exe Infected: Worm.Win32.VB.an skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\67512D04.exe Infected: Worm.Win32.VB.an skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D81454D.exe Infected: P2P-Worm.Win32.VB.dw skipped C:\Documents and Settings\lior\Local Settings\Temp\upd.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped C:\System Volume Information\_restore{4D786D06-CD23-497E-AE1A-B0C7592A2F87}\RP114\A0014072.exe Infected: Trojan-Proxy.Win32.Horst.be skipped C:\System Volume Information\_restore{4D786D06-CD23-497E-AE1A-B0C7592A2F87}\RP114\A0014170.exe Infected: Trojan-Proxy.Win32.Horst.be skipped C:\System Volume Information\_restore{4D786D06-CD23-497E-AE1A-B0C7592A2F87}\RP114\A0014171.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped C:\winupd.bat Infected: Trojan.BAT.Zapchast skipped D:\program files\DRIVERS\119163.exe/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped D:\program files\DRIVERS\119163.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped D:\program files\DRIVERS\119163.exe WiseSFX: infected - 2 skipped D:\program files\DRIVERS\119163.exe WiseSFX Dropper: infected - 2 skipped D:\program files\DRIVERS\BSINSTALL.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped D:\program files\DRIVERS\BSINSTALL.exe WiseSFX: infected - 1 skipped D:\program files\DRIVERS\BSINSTALL.exe WiseSFX Dropper: infected - 1 skipped D:\program files\eMule\Incoming\PC GAME - Crack - CSI 3 Dimensions of Murder - CRACK NO CD + [TEST OK] + KEYGEN.zip/PC GAME - Crack - CSI 3 Dimensions of Murder - CRACK NO CD + [TEST OK] + KEYGEN/Crack.exe/setup.zip/5 Infected: not-a-virus:RiskTool.Win32.HideWindows skipped D:\program files\eMule\Incoming\PC GAME - Crack - CSI 3 Dimensions of Murder - CRACK NO CD + [TEST OK] + KEYGEN.zip/PC GAME - Crack - CSI 3 Dimensions of Murder - CRACK NO CD + [TEST OK] + KEYGEN/Crack.exe/setup.zip/8 Infected: Backdoor.Win32.Prorat.19.i skipped D:\program files\eMule\Incoming\PC GAME - Crack - CSI 3 Dimensions of Murder - CRACK NO CD + [TEST OK] + KEYGEN.zip/PC GAME - Crack - CSI 3 Dimensions of Murder - CRACK NO CD + [TEST OK] + KEYGEN/Crack.exe/setup.zip/9 Infected: Backdoor.Win32.Iroffer.b skipped D:\program files\eMule\Incoming\PC GAME - Crack - CSI 3 Dimensions of Murder - CRACK NO CD + [TEST OK] + KEYGEN.zip/PC GAME - Crack - CSI 3 Dimensions of Murder - CRACK NO CD + [TEST OK] + KEYGEN/Crack.exe/setup.zip/11 Infected: not-a-virus:Server-FTP.Win32.Serv-U.25.i skipped D:\program files\eMule\Incoming\PC GAME - Crack - CSI 3 Dimensions of Murder - CRACK NO CD + [TEST OK] + KEYGEN.zip/PC GAME - Crack - CSI 3 Dimensions of Murder - CRACK NO CD + [TEST OK] + KEYGEN/Crack.exe/setup.zip Infected: not-a-virus:Server-FTP.Win32.Serv-U.25.i skipped D:\program files\eMule\Incoming\PC GAME - Crack - CSI 3 Dimensions of Murder - CRACK NO CD + [TEST OK] + KEYGEN.zip/PC GAME - Crack - CSI 3 Dimensions of Murder - CRACK NO CD + [TEST OK] + KEYGEN/Crack.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.25.i skipped D:\program files\eMule\Incoming\PC GAME - Crack - CSI 3 Dimensions of Murder - CRACK NO CD + [TEST OK] + KEYGEN.zip ZIP: infected - 6 skipped D:\program files\live\PPLive TV\SynaLiveSetup.exe/stream/data0003 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped D:\program files\live\PPLive TV\SynaLiveSetup.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped D:\program files\live\PPLive TV\SynaLiveSetup.exe NSIS: infected - 2 skipped D:\program files\share\dnlds\PPLiveSetup1.1.0.7.exe/0001\F6\SynaLiveSetup.exe/stream/data0003 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped D:\program files\share\dnlds\PPLiveSetup1.1.0.7.exe/0001\F6\SynaLiveSetup.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped D:\program files\share\dnlds\PPLiveSetup1.1.0.7.exe/0001\F6\SynaLiveSetup.exe Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped D:\program files\share\dnlds\PPLiveSetup1.1.0.7.exe Tarma: infected - 3 skipped D:\program files\share\dnlds\PPLiveSetup1.1.0.7.exe UPX: infected - 3 skipped D:\program files\share\Installer\BSINSTALL.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped D:\program files\share\Installer\BSINSTALL.exe WiseSFX: infected - 1 skipped D:\program files\share\Installer\BSINSTALL.exe WiseSFX Dropper: infected - 1 skipped Scan process completed.

hi, i have the same thing...i did all of the above and got the log from kasp, can someone help me ? here is a copy o-- KASPERSKY ON-LINE SCANNER REPORT Wednesday, June 07, 2006 1:43:14 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 7/06/2006 Kaspersky Anti-Virus database records: 198878 --------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ Scan Statistics: Total number of scanned objects: 53929 Number of viruses found: 19 Number of infected objects: 50 Number of suspicious objects: 0 Duration of the scan process: 00:49:38 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01263501.exe Infected: P2P-Worm.Win32.VB.dw skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11B814E1.exe Infected: P2P-Worm.Win32.VB.dw skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11CE2962.exe Infected: Trojan.Win32.EliteBar.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11D2535F.exe Infected: Trojan.Win32.Pakes skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15335B0B.exe Infected: Worm.Win32.VB.an skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28011543.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48FD4AB7.exe Infected: Trojan-Downloader.Win32.Small.bke skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49413C6B.exe Infected: Trojan-Downloader.Win32.Small.bke skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A303565.exe Infected: Trojan-Downloader.Win32.Small.bke skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\524A75E1.tmp/LMSetup2.exe Infected: not-a-virus:AdWare.Win32.MDH.e skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\524A75E1.tmp CAB: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\524A75E1.tmp CryptFF: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\532E7AE9.htm Infected: Trojan-Downloader.HTML.Agent.aq skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\533878DE.htm Infected: Trojan-Downloader.HTML.Agent.aq skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DCE0048.tmp Infected: Trojan-Dropper.Win32.Delf.vt skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\660F3623.htm Infected: Trojan-Downloader.HTML.Agent.aq skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\663059FF.htm Infected: Trojan-Downloader.HTML.Agent.aq skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66F26B6C.exe Infected: Worm.Win32.VB.an skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\67512D04.exe Infected: Worm.Win32.VB.an skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D81454D.exe Infected: P2P-Worm.Win32.VB.dw skipped C:\Documents and Settings\lior\Local Settings\Temp\upd.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped C:\System Volume Information\_restore{4D786D06-CD23-497E-AE1A-B0C7592A2F87}\RP114\A0014072.exe Infected: Trojan-Proxy.Win32.Horst.be skipped C:\System Volume Information\_restore{4D786D06-CD23-497E-AE1A-B0C7592A2F87}\RP114\A0014170.exe Infected: Trojan-Proxy.Win32.Horst.be skipped C:\System Volume Information\_restore{4D786D06-CD23-497E-AE1A-B0C7592A2F87}\RP114\A0014171.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped C:\winupd.bat Infected: Trojan.BAT.Zapchast skipped D:\program files\DRIVERS\119163.exe/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped D:\program files\DRIVERS\119163.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped D:\program files\DRIVERS\119163.exe WiseSFX: infected - 2 skipped D:\program files\DRIVERS\119163.exe WiseSFX Dropper: infected - 2 skipped D:\program files\DRIVERS\BSINSTALL.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped D:\program files\DRIVERS\BSINSTALL.exe WiseSFX: infected - 1 skipped D:\program files\DRIVERS\BSINSTALL.exe WiseSFX Dropper: infected - 1 skipped D:\program files\eMule\Incoming\PC GAME - Crack - CSI 3 Dimensions of Murder - CRACK NO CD + [TEST OK] + KEYGEN.zip/PC GAME - Crack - CSI 3 Dimensions of Murder - CRACK NO CD + [TEST OK] + KEYGEN/Crack.exe/setup.zip/5 Infected: not-a-virus:RiskTool.Win32.HideWindows skipped D:\program files\eMule\Incoming\PC GAME - Crack - CSI 3 Dimensions of Murder - CRACK NO CD + [TEST OK] + KEYGEN.zip/PC GAME - Crack - CSI 3 Dimensions of Murder - CRACK NO CD + [TEST OK] + KEYGEN/Crack.exe/setup.zip/8 Infected: Backdoor.Win32.Prorat.19.i skipped D:\program files\eMule\Incoming\PC GAME - Crack - CSI 3 Dimensions of Murder - CRACK NO CD + [TEST OK] + KEYGEN.zip/PC GAME - Crack - CSI 3 Dimensions of Murder - CRACK NO CD + [TEST OK] + KEYGEN/Crack.exe/setup.zip/9 Infected: Backdoor.Win32.Iroffer.b skipped D:\program files\eMule\Incoming\PC GAME - Crack - CSI 3 Dimensions of Murder - CRACK NO CD + [TEST OK] + KEYGEN.zip/PC GAME - Crack - CSI 3 Dimensions of Murder - CRACK NO CD + [TEST OK] + KEYGEN/Crack.exe/setup.zip/11 Infected: not-a-virus:Server-FTP.Win32.Serv-U.25.i skipped D:\program files\eMule\Incoming\PC GAME - Crack - CSI 3 Dimensions of Murder - CRACK NO CD + [TEST OK] + KEYGEN.zip/PC GAME - Crack - CSI 3 Dimensions of Murder - CRACK NO CD + [TEST OK] + KEYGEN/Crack.exe/setup.zip Infected: not-a-virus:Server-FTP.Win32.Serv-U.25.i skipped D:\program files\eMule\Incoming\PC GAME - Crack - CSI 3 Dimensions of Murder - CRACK NO CD + [TEST OK] + KEYGEN.zip/PC GAME - Crack - CSI 3 Dimensions of Murder - CRACK NO CD + [TEST OK] + KEYGEN/Crack.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.25.i skipped D:\program files\eMule\Incoming\PC GAME - Crack - CSI 3 Dimensions of Murder - CRACK NO CD + [TEST OK] + KEYGEN.zip ZIP: infected - 6 skipped D:\program files\live\PPLive TV\SynaLiveSetup.exe/stream/data0003 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped D:\program files\live\PPLive TV\SynaLiveSetup.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped D:\program files\live\PPLive TV\SynaLiveSetup.exe NSIS: infected - 2 skipped D:\program files\share\dnlds\PPLiveSetup1.1.0.7.exe/0001\F6\SynaLiveSetup.exe/stream/data0003 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped D:\program files\share\dnlds\PPLiveSetup1.1.0.7.exe/0001\F6\SynaLiveSetup.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped D:\program files\share\dnlds\PPLiveSetup1.1.0.7.exe/0001\F6\SynaLiveSetup.exe Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped D:\program files\share\dnlds\PPLiveSetup1.1.0.7.exe Tarma: infected - 3 skipped D:\program files\share\dnlds\PPLiveSetup1.1.0.7.exe UPX: infected - 3 skipped D:\program files\share\Installer\BSINSTALL.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped D:\program files\share\Installer\BSINSTALL.exe WiseSFX: infected - 1 skipped D:\program files\share\Installer\BSINSTALL.exe WiseSFX Dropper: infected - 1 skipped Scan process completed.