Unable to access any antivirus websites

January 5, 2010 at 11:48:46
Specs: Windows XP
I am unable to access the Mcafee website or any other antivirus websites as when I try to do so, I get "The page cannot be displayed" screen. I think that its due to a virus but am not sure. Please let me know what I need to do to solve this problem.

See More: Unable to access any antivirus websites

Report •


#1
January 5, 2010 at 17:21:07
Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.


Report •

#2
January 11, 2010 at 01:24:46
Thanks for the reply.

Its very strange. I tried to open both the links to download Malwarebytes' Anti-Malware but I get "The page cannot be displayed" screen. What do I do now?



Report •

#3
January 11, 2010 at 19:12:38
Sounds like your host file has been compromised, these scan result smay take more that one post to get all the info to us.

Please download OTL from following site:

OTL by OldTimer

1. Save it to your desktop
2. Double click the OTL icon on your desktop.
3. Click the “scan all users” checkbox.
4. Push the “run scan” button.
5. Two reports will open, copy and paste them in a reply here:
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized


Report •

Related Solutions

#4
January 12, 2010 at 00:15:45
Hi tech 99,

It seems to be a Conficker A/B virus as I am unable to see the first & last image of the top row.

Also the second link does not open as I get the "The page cannot be displayed" screen.

What should be done now?


Report •

#5
January 12, 2010 at 00:40:34
Hi jabuck,

When I ran the scan first I got both the reports & pasted them in the reply but for some reason the page did not refresh & all the info was lost. So I had to login again to this site & run the scan again but this time I only got one report. Also when I checked the "Access protection log" of McAfee this is the message that was displayed :

Blocked by Access Protection rule ADMIN\Administrator C:\Documents and Settings\Administrator\Desktop\OTL.exe \REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Services\McAfeeFramework Common Standard Protection:Prevent modification of McAfee Common Management Agent files and settings Action blocked : Write

It seems that the "Extra.txt" report was blocked for some reason.

Below is the OTL.txt report:

OTL logfile created on: 1/12/2010 2:07:28 PM - Run 2
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 56.89 Gb Free Space | 72.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 78.13 Gb Total Space | 73.82 Gb Free Space | 94.49% Space Free | Partition Type: NTFS
Drive F: | 78.13 Gb Total Space | 78.06 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
Drive G: | 63.70 Gb Total Space | 63.62 Gb Free Space | 99.89% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADMIN
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/01/12 13:52:33 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/01/12 13:27:11 | 00,022,528 | ---- | M] () -- C:\WINDOWS\system32\XT-99F23.EXE
PRC - [2009/12/28 14:54:40 | 02,940,664 | ---- | M] (www.BitComet.com) -- C:\Program Files\BitComet\BitComet.exe
PRC - [2009/11/11 10:57:36 | 01,451,520 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009/10/27 09:26:36 | 00,657,408 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/10/27 09:15:44 | 00,132,608 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/10/27 09:15:02 | 00,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/09/01 18:15:55 | 01,515,963 | RHS- | M] () -- C:\WINDOWS\system32\XP-17501A7C.EXE
PRC - [2007/12/20 20:46:24 | 00,037,376 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2007/11/26 14:54:22 | 01,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007/11/26 14:54:12 | 01,554,728 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/11/26 14:54:02 | 01,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2007/04/19 10:56:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/02/22 20:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2007/02/22 20:50:00 | 00,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2007/02/22 20:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006/12/19 15:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2006/12/19 11:27:54 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/12/19 11:27:00 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/12/19 11:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2004/08/04 06:37:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 06:37:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2002/11/14 01:51:52 | 00,183,296 | ---- | M] () -- C:\WINDOWS\sbnet\ShowBehind.exe
PRC - [2001/11/27 08:10:00 | 00,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/01/12 13:52:33 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2009/07/12 01:12:06 | 00,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/11 19:41:02 | 00,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2006/10/27 00:48:42 | 02,210,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
MOD - [2006/10/27 00:48:34 | 00,955,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll
MOD - [2006/10/27 00:48:02 | 00,222,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
MOD - [2006/10/27 00:47:40 | 00,022,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveNew.dll
MOD - [2004/08/04 06:37:00 | 01,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 06:37:00 | 00,152,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2004/08/04 06:37:00 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009/12/13 01:43:44 | 00,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/10/27 09:26:36 | 00,657,408 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/11/26 14:54:12 | 01,554,728 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/09/17 09:36:18 | 00,800,040 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2007/06/27 18:04:00 | 00,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/04/19 10:56:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2007/02/22 20:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2007/02/22 20:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006/12/19 11:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/08/04 06:37:00 | 00,162,155 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\xpwho.dll -- (ikzidjudw)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009/10/06 11:52:50 | 00,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 11:52:34 | 00,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 11:52:34 | 00,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 11:52:34 | 00,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/08/31 15:45:06 | 00,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/12/11 14:54:20 | 04,959,232 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/26 09:26:12 | 00,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/08 09:56:06 | 12,260,352 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2007/11/26 14:54:12 | 00,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/11/26 14:54:12 | 00,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/11/26 14:54:02 | 00,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/04/19 10:56:00 | 03,988,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/03/08 05:21:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/02/22 20:50:00 | 00,170,408 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/11/30 08:50:00 | 00,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/30 08:50:00 | 00,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/30 08:50:00 | 00,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/30 08:50:00 | 00,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/30 08:50:00 | 00,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/11/27 16:33:54 | 00,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/11/27 16:33:50 | 00,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/10/18 16:31:38 | 00,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/07/01 22:39:40 | 00,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/12/27 00:39:10 | 00,033,792 | ---- | M] (Robert Schlabbach) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RMSPPPOE.SYS -- (RMSPPPOE) WAN Miniport (PPP over Ethernet Protocol)
DRV - [2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 06:37:00 | 00,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/04 06:37:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 23:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchgateway.net/search/


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-448539723-1844823847-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.searchgateway.net/search/
IE - HKU\S-1-5-21-448539723-1844823847-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-448539723-1844823847-839522115-500\S-1-5-21-448539723-1844823847-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [ShowBehind] C:\WINDOWS\sbnet\ShowBehind.exe ()
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [XP-17501A7C] C:\WINDOWS\system32\XP-17501A7C.EXE ()
O4 - HKU\S-1-5-21-448539723-1844823847-839522115-500..\Run: [Google Update] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-448539723-1844823847-839522115-500..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\¡¡¡¡¡¡.lnk = C:\WINDOWS\system32\XP-17501A7C.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-448539723-1844823847-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/... (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/Drive... (System Requirements Lab Class)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirement... (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/31 15:01:33 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b635ee1b-c9e5-11de-a989-00241d6d0140}\Shell - "" = AutoRun
O33 - MountPoints2\{b635ee1b-c9e5-11de-a989-00241d6d0140}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/01/12 13:52:33 | 00,544,256 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/01/11 14:00:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Pics for facebook
[2010/01/08 14:30:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Real
[2010/01/07 16:46:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TigerPlayer
[2010/01/07 16:45:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/01/07 16:45:20 | 00,000,000 | ---D | C] -- C:\Program Files\MpcStar
[2010/01/07 15:29:33 | 00,000,000 | ---D | C] -- C:\Program Files\BitComet
[2010/01/07 14:18:50 | 00,000,000 | ---D | C] -- C:\Downloads
[2010/01/03 16:21:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
[2010/01/03 15:55:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Rajkot
[2010/01/03 01:54:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/16 15:16:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Fonts
[2009/12/13 01:48:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/12/13 01:43:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/13 01:43:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/12/04 15:34:58 | 00,563,880 | ---- | C] (Google Inc.) -- C:\Program Files\ChromeSetup.exe
[2009/09/01 00:29:18 | 00,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll
[2009/09/01 00:29:17 | 00,077,824 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[2009/08/31 15:04:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/08/31 15:03:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010/01/12 14:08:36 | 00,000,782 | -HS- | M] () -- C:\WINDOWS\System32\tg_f367.inf
[2010/01/12 14:05:16 | 00,000,625 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\¡¡¡¡¡¡.lnk
[2010/01/12 13:52:33 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/01/12 13:48:07 | 00,002,404 | -HS- | M] () -- C:\WINDOWS\System32\sl_e4e3.inf
[2010/01/12 13:48:00 | 00,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/12 13:40:00 | 00,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1844823847-839522115-500UA.job
[2010/01/12 13:27:11 | 00,022,528 | ---- | M] () -- C:\WINDOWS\System32\XT-99F23.EXE
[2010/01/12 13:09:59 | 00,088,713 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/12 13:09:52 | 00,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/12 13:09:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/12 13:09:48 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/12 13:00:58 | 04,194,304 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/01/12 13:00:58 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/01/12 13:00:53 | 06,389,584 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/01/11 15:40:00 | 00,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1844823847-839522115-500Core.job
[2010/01/11 13:49:17 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/11 01:28:19 | 00,022,528 | -HS- | M] () -- C:\WINDOWS\System32\W-BT83.EXE
[2010/01/11 01:27:08 | 00,001,536 | -HS- | M] () -- C:\WINDOWS\System32\tg_f367.EDT
[2010/01/10 17:53:24 | 00,022,528 | ---- | M] () -- C:\WINDOWS\System32\XL-A4E16.EXE
[2010/01/10 17:29:58 | 00,014,575 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\The Junkman (1982) DVDRip[1]. MovieExtreme.torrent
[2010/01/10 17:09:02 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/08 14:05:03 | 00,069,232 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/07 16:45:59 | 00,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MpcStar.lnk
[2010/01/07 15:29:36 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitComet.lnk
[2010/01/07 15:29:11 | 06,472,504 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\bitcomet_setup.exe
[2010/01/07 13:39:49 | 00,022,528 | -HS- | M] () -- C:\WINDOWS\System32\W-BT82.EXE
[2010/01/05 15:45:48 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/03 01:55:27 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/12/22 15:30:41 | 00,022,016 | ---- | M] () -- C:\WINDOWS\System32\ZC-694C0.EXE
[2009/12/18 12:50:28 | 00,022,016 | -HS- | M] () -- C:\WINDOWS\System32\U-7T82.EXE
[2009/12/18 12:43:58 | 00,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/17 14:46:07 | 00,022,016 | ---- | M] () -- C:\WINDOWS\System32\ZR-7B7A3.EXE
[2009/12/16 14:40:16 | 00,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2009/12/14 00:37:35 | 00,022,016 | -HS- | M] () -- C:\WINDOWS\System32\123.EXE
[2009/12/13 15:47:53 | 00,022,016 | ---- | M] () -- C:\WINDOWS\System32\Z7-FC8AD.EXE
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/01/11 01:28:20 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\XT-99F23.EXE
[2010/01/11 01:28:19 | 00,022,528 | -HS- | C] () -- C:\WINDOWS\System32\W-BT83.EXE
[2010/01/10 17:29:56 | 00,014,575 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\The Junkman (1982) DVDRip[1]. MovieExtreme.torrent
[2010/01/07 16:45:59 | 00,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MpcStar.lnk
[2010/01/07 15:29:36 | 00,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitComet.lnk
[2010/01/07 15:29:02 | 06,472,504 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\bitcomet_setup.exe
[2010/01/07 13:39:50 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\XL-A4E16.EXE
[2010/01/07 13:39:49 | 00,022,528 | -HS- | C] () -- C:\WINDOWS\System32\W-BT82.EXE
[2010/01/03 01:55:27 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/12/18 12:50:28 | 00,022,016 | -HS- | C] () -- C:\WINDOWS\System32\U-7T82.EXE
[2009/12/18 12:50:28 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ZC-694C0.EXE
[2009/12/14 00:37:35 | 00,022,016 | -HS- | C] () -- C:\WINDOWS\System32\123.EXE
[2009/12/14 00:37:35 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ZR-7B7A3.EXE
[2009/11/13 15:32:58 | 00,000,025 | ---- | C] () -- C:\WINDOWS\GECKOS.INI
[2009/11/12 13:44:45 | 00,000,082 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2009/10/23 14:18:13 | 00,000,010 | ---- | C] () -- C:\WINDOWS\System32\a7.ini
[2009/09/05 20:51:07 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/05 20:04:32 | 00,000,082 | ---- | C] () -- C:\WINDOWS\TOONWORX.INI
[2009/09/05 19:21:12 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/01 17:38:08 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/09/01 17:38:08 | 00,000,025 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/09/01 00:29:21 | 12,260,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2009/09/01 00:29:21 | 00,025,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2009/09/01 00:29:21 | 00,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2009/08/31 15:36:45 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007/05/10 16:09:28 | 00,003,584 | ---- | C] () -- C:\WINDOWS\System32\CNCFLcNL.DLL
[2006/10/31 12:05:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/31 12:05:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/31 12:05:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/31 12:05:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/31 12:05:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/31 12:05:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/31 12:05:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/04 06:37:00 | 00,162,155 | RHS- | C] () -- C:\WINDOWS\System32\xpwho.dll
[2004/08/04 06:37:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 06:37:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
< End of report >


Report •

#6
January 12, 2010 at 04:54:45
Try the following FREE security tools:

Conficker Removal Tool 3


Report •

#7
January 12, 2010 at 16:38:40
Please go to Virus Total and upload the following files one at the time for analysis:


C:\WINDOWS\system32\XP-17501A7C.exe
C:\WINDOWS\System32\tg_f367.inf
C:\WINDOWS\System32\W-BT83.exe
C:\WINDOWS\System32\ZC-694C0.exe
C:\WINDOWS\System32\123.exe

Use the browse button at the site to find the file, once you find the file double click it and it should appear in the empty space to the left of the browse button> click "send file". If the file has already been analyzed click the reanalyze button t ohave it chaeked again.

Post the results in your reply.


Report •

#8
January 13, 2010 at 00:06:48
Hi,

I tried to go to Virus total but unfortunately I got :The page cannot be displayed". This is starting to worry me now.

Could you tell me how this virus got to my PC in the first place? I mostly download mp3 songs or games for my cell phone & nothing else. Could the virus have come from these downloads?

What else should I do?


Report •

#9
January 13, 2010 at 03:43:00
Try running the computer in safe mode with networking. To do this shut the comoputer down and wait 30 seconds. Restart the computer and start tapping F8 as soon as it begins to boot. When the option screen appears select "safe mode with networking" and follow the prompts.

Then try virus total again.


Report •

#10
January 14, 2010 at 04:00:16
I tried running the computer in safe mode with networking & went to the Virus total website.

I entered C:\WINDOWS\system32\XP-17501A7C.exe in the browse section & clicked "send file" & after some time while it was analyzing I got the same old screen that I get every time (page cannot be displayed). After that I was not able to open the Virus total website.

I tried to restart the PC again in safe mode but now I was not able to login to computing.net & got the same page cannot be displayed screen. Also the page loads very slowly. Is that supposed to happen in safe mode?

However I will try this once more tomorrow. Plese let me know if I doing something wrong.



Report •

#11
January 15, 2010 at 00:36:09
Hi jabuck,

Unfortunately I am unable to login to the internet with the safe mode with networking option. I was able to login yesterday for a short while in the safe mode. However I am able to use the internet with the normal mode.

Please advise what should I do next.


Report •

#12
January 18, 2010 at 00:30:17
Hi jabuck,

I was finally able to run the tests you told me to do:
Below are the results:


1)

C:\WINDOWS\system32\XP-17501A7C.exe

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.01.18 Trojan.Win32.FlyStudio!IK
AhnLab-V3 5.0.0.2 2010.01.16 Win-Trojan/Xema.variant
AntiVir 7.9.1.142 2010.01.17 TR/Dropper.Gen
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.16 W32/Nuj.A.gen!Eldorado
Avast 4.8.1351.0 2010.01.17 Win32:Malware-gen
AVG 9.0.0.730 2010.01.17 SHeur.CRQW
BitDefender 7.2 2010.01.18 Trojan.Spy.Agent.NXS
CAT-QuickHeal 10.00 2010.01.18 Trojan.Agent.ATV
ClamAV 0.94.1 2010.01.17 Trojan.Downloader-63956
Comodo 3621 2010.01.18 -
DrWeb 5.0.1.12222 2010.01.18 Trojan.DownLoad.46198
eSafe 7.0.17.0 2010.01.17 -
eTrust-Vet 35.2.7243 2010.01.18 -
F-Prot 4.5.1.85 2010.01.17 W32/Nuj.A.gen!Eldorado
F-Secure 9.0.15370.0 2010.01.18 Trojan-Dropper:W32/Peed.gen!A
Fortinet 4.0.14.0 2010.01.18 -
GData 19 2010.01.18 Trojan.Spy.Agent.NXS
Ikarus T3.1.1.80.0 2010.01.18 Trojan.Win32.FlyStudio
Jiangmin 13.0.900 2010.01.18 Trojan/Agent.awfr
K7AntiVirus 7.10.949 2010.01.16 Trojan-Downloader.Win32.VB.iow
Kaspersky 7.0.0.125 2010.01.18 Worm.Win32.FlyStudio.bf
McAfee 5864 2010.01.17 W32/Autorun.worm.dq.gen
McAfee+Artemis 5864 2010.01.17 W32/Autorun.worm.dq.gen
McAfee-GW-Edition 6.8.5 2010.01.17 Heuristic.LooksLike.Win32.Suspicious.I!81
Microsoft 1.5302 2010.01.18 TrojanDropper:Win32/Silly_P2P.B
NOD32 4781 2010.01.18 Win32/AutoRun.FlyStudio.Q
Norman 6.04.03 2010.01.17 W32/Obfuscated.H!genr
nProtect 2009.1.8.0 2010.01.18 -
Panda 10.0.2.2 2010.01.17 Adware/AccesMembre
PCTools 7.0.3.5 2010.01.18 Net-Worm.SillyFDC
Prevx 3.0 2010.01.18 -
Rising 22.31.00.04 2010.01.18 Worm.Win32.Autorun.eyr
Sophos 4.49.0 2010.01.18 Mal/EncPk-NB
Sunbelt 3.2.1858.2 2010.01.17 Trojan.Win32.Autorun.dm (v)
Symantec 20091.2.0.41 2010.01.18 W32.SillyFDC
TheHacker 6.5.0.6.154 2010.01.18 Trojan/Downloader.VB.iow
TrendMicro 9.120.0.1004 2010.01.18 WORM_FLYSTUDI.B
VBA32 3.12.12.1 2010.01.17 Worm.Win32.AutoRun.tbb
ViRobot 2010.1.18.2141 2010.01.18 Trojan.Win32.Downloader.1515963
VirusBuster 5.0.21.0 2010.01.17 -
Additional information
File size: 1515963 bytes
MD5...: cc025015674ed43ad6afc3522b27bf9e
SHA1..: d7d8ec0c74129e2bfb8711eccc81df426cbbf162
SHA256: 40049ea63906b4042e0d80b7f89b6d95617f45238e26edbfdb5f0ec031272f6f
ssdeep: 24576:jVxJ5S4vm3AbVK96SOa/WmfvHpexy2EZuiixo5GV/AaJHOUCe5BS2PZmTL
6:jVxJ5S4vmQsOmhp92EZgxKGAte5ZPZ2e

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x12f1
timedatestamp.....: 0x59bffa3 (Mon Dec 25 05:33:23 1972)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x51bc 0x6000 6.97 db29a01a2bb4f07746d2bc70efefd928
.rdata 0x7000 0xa4a 0x1000 3.58 777ac25ec7bba2eed5c97e65e8a812c4
.data 0x8000 0x1f58 0x2000 4.57 b779b5acda2dea008e0d7008b119cb45
.data 0xa000 0x1e000 0x1e000 6.87 1642e8c9bd556d2fda10619d68c9fdfb
.rsrc 0x28000 0x45b8 0x5000 3.31 648c3a5969b0f4793aef2b2434130798

( 2 imports )
> KERNEL32.dll: GetProcAddress, LoadLibraryA, CloseHandle, WriteFile, CreateDirectoryA, GetTempPathA, ReadFile, SetFilePointer, CreateFileA, GetModuleFileNameA, GetStringTypeA, LCMapStringW, LCMapStringA, HeapAlloc, HeapFree, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, RtlUnwind, GetCPInfo, GetACP, GetOEMCP, MultiByteToWideChar, GetStringTypeW
> USER32.dll: MessageBoxA, wsprintfA

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (62.9%)
Win32 Executable Generic (14.2%)
Win32 Dynamic Link Library (generic) (12.6%)
Clipper DOS Executable (3.3%)
Generic Win/DOS Executable (3.3%)
packers (Kaspersky): PE-Crypt.CF, PE-Crypt.CF, PE-Crypt.CF, PE-Crypt.CF, PE-Crypt.CF, PE-Crypt.CF, PE-Crypt.CF, PE-Crypt.CF, PE-Crypt.CF
packers (F-Prot): PE-Crypt.CF
packers (Authentium): PE-Crypt.CF
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

2)

C:\WINDOWS\System32\tg_f367.inf

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.01.18 -
AhnLab-V3 5.0.0.2 2010.01.16 -
AntiVir 7.9.1.142 2010.01.17 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.16 -
Avast 4.8.1351.0 2010.01.17 -
AVG 9.0.0.730 2010.01.17 -
BitDefender 7.2 2010.01.18 -
CAT-QuickHeal 10.00 2010.01.18 -
ClamAV 0.94.1 2010.01.17 -
Comodo 3621 2010.01.18 -
DrWeb 5.0.1.12222 2010.01.18 -
eSafe 7.0.17.0 2010.01.17 -
eTrust-Vet 35.2.7243 2010.01.18 -
F-Prot 4.5.1.85 2010.01.17 -
F-Secure 9.0.15370.0 2010.01.18 -
Fortinet 4.0.14.0 2010.01.18 -
GData 19 2010.01.18 -
Ikarus T3.1.1.80.0 2010.01.18 -
Jiangmin 13.0.900 2010.01.18 -
K7AntiVirus 7.10.949 2010.01.16 -
Kaspersky 7.0.0.125 2010.01.18 -
McAfee 5864 2010.01.17 -
McAfee+Artemis 5864 2010.01.17 -
McAfee-GW-Edition 6.8.5 2010.01.17 -
Microsoft 1.5302 2010.01.18 -
NOD32 4781 2010.01.18 -
Norman 6.04.03 2010.01.17 -
nProtect 2009.1.8.0 2010.01.18 -
Panda 10.0.2.2 2010.01.17 -
PCTools 7.0.3.5 2010.01.18 -
Prevx 3.0 2010.01.18 -
Rising 22.31.00.04 2010.01.18 -
Sophos 4.49.0 2010.01.18 -
Sunbelt 3.2.1858.2 2010.01.17 -
Symantec 20091.2.0.41 2010.01.18 -
TheHacker 6.5.0.6.154 2010.01.18 -
TrendMicro 9.120.0.1004 2010.01.18 -
VBA32 3.12.12.1 2010.01.17 -
ViRobot 2010.1.18.2141 2010.01.18 -
VirusBuster 5.0.21.0 2010.01.17 -
Additional information
File size: 692 bytes
MD5...: a08a5bb7077071f4dbed3968aeeded55
SHA1..: dd1076cdce6560eee34b7dfc65c5bd7b74429825
SHA256: 4c13b725175a1cd9289dc8e21b905e33cf242064ff1ddce30870f1d17ec14fc6
ssdeep: 12:fQSPEkynKQIRVrD6xCIr2WXihKmWIGIluQYWfXEovm90GoWS2B8YL1:fdEkjR
VX6xCIr20NfIRlYH2M08T8YZ

PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

trid..: Unknown!


3)

C:\WINDOWS\System32\W-BT83.exe

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.01.18 Trojan.Dloader!IK
AhnLab-V3 5.0.0.2 2010.01.16 -
AntiVir 7.9.1.142 2010.01.17 TR/Aesevin.B.1069
Antiy-AVL 2.0.3.7 2010.01.12 AdWare/Win32.FlyStudio
Authentium 5.2.0.5 2010.01.16 W32/Agent.CM.gen!Eldorado
Avast 4.8.1351.0 2010.01.17 -
AVG 9.0.0.730 2010.01.17 -
BitDefender 7.2 2010.01.18 Trojan.Flystudio.BI
CAT-QuickHeal 10.00 2010.01.18 (Suspicious) - DNAScan
ClamAV 0.94.1 2010.01.17 -
Comodo 3621 2010.01.18 UnclassifiedMalware
DrWeb 5.0.1.12222 2010.01.18 Trojan.Siggen.46522
eSafe 7.0.17.0 2010.01.17 -
eTrust-Vet 35.2.7243 2010.01.18 -
F-Prot 4.5.1.85 2010.01.17 W32/Agent.CM.gen!Eldorado
F-Secure 9.0.15370.0 2010.01.18 Trojan-Dropper:W32/Peed.gen!A
Fortinet 4.0.14.0 2010.01.18 PossibleThreat
GData 19 2010.01.18 Trojan.Flystudio.BI
Ikarus T3.1.1.80.0 2010.01.18 Trojan.Dloader
Jiangmin 13.0.900 2010.01.18 Heur:Adware/FlyStudio
K7AntiVirus 7.10.949 2010.01.16 not-a-virus:AdWare.Win32.FlyStudio.l
Kaspersky 7.0.0.125 2010.01.18 not-a-virus:AdWare.Win32.FlyStudio.l
McAfee 5864 2010.01.17 -
McAfee+Artemis 5864 2010.01.17 Artemis!05B77E8EDBD1
McAfee-GW-Edition 6.8.5 2010.01.17 Trojan.Aesevin.B.1069
Microsoft 1.5302 2010.01.18 Trojan:Win32/Aesevin.B
NOD32 4781 2010.01.18 a variant of Win32/Packed.FlyStudio
Norman 6.04.03 2010.01.17 -
nProtect 2009.1.8.0 2010.01.18 -
Panda 10.0.2.2 2010.01.17 Trj/CI.A
PCTools 7.0.3.5 2010.01.18 -
Prevx 3.0 2010.01.18 Medium Risk Malware
Rising 22.31.00.04 2010.01.18 Trojan.Win32.Generic.51F73BEF
Sophos 4.49.0 2010.01.18 Mal/EncPk-NB
Sunbelt 3.2.1858.2 2010.01.17 Trojan.Win32.Autorun.dm (v)
Symantec 20091.2.0.41 2010.01.18 -
TheHacker 6.5.0.6.154 2010.01.18 -
TrendMicro 9.120.0.1004 2010.01.18 Mal_Pai-15
VBA32 3.12.12.1 2010.01.17 AdWare.Win32.FlyStudio.l
ViRobot 2010.1.18.2141 2010.01.18 Adware.FlyStudio.22528.G
VirusBuster 5.0.21.0 2010.01.17 Trojan.Aesevin.Gen
Additional information
File size: 22528 bytes
MD5...: 05b77e8edbd10479e012d0043b55a7ff
SHA1..: 9591542a4d5e645715c53b3d15b9c5519f56ff8c
SHA256: 7b4c18e0bc5130a4e50fbe73ba08ee01c20d9bd7775abbd4e82ee1594bf65148
ssdeep: 384:Dq45HshHxqnWPkxOxfGLVwuD8CSVXMf+6LTvzYiQsjt:DqTMnWPkxOxkVPVS
VXMf+6HvzY9

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1344
timedatestamp.....: 0x59bffa3 (Mon Dec 25 05:33:23 1972)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x634 0x800 6.34 17b7393f4769f6f76fe621c9183c924b
.rdata 0x2000 0x194 0x200 3.64 684bd04c4e90ebb1ac24b9d56ab5240e
.data 0x3000 0x4600 0x4600 6.90 d219104d0d3b2f638f48131e48f561d6
.rsrc 0x8000 0x3a0 0x400 1.20 d457fd05357fdd73c9ccb50770524c7e

( 3 imports )
> USER32.dll: MessageBoxA
> KERNEL32.dll: FreeLibrary, lstrcatA, GetModuleFileNameA, ExitProcess, LoadLibraryA, GetProcAddress, lstrlenA
> ADVAPI32.dll: RegQueryValueExA, RegCloseKey, RegOpenKeyExA

( 0 exports )

RDS...: NSRL Reference Data Set
-
packers (Kaspersky): PE-Crypt.CF
packers (F-Prot): PE-Crypt.CF
packers (Authentium): PE-Crypt.CF
http://info.prevx.com/aboutprogramtext.asp?PX5=D28C3FF800903C6C580C009E05790000B2A8D6C7
pdfid.: -
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

trid..: Win32 Executable Generic (38.5%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)

4)
C:\WINDOWS\System32\ZC-694C0.exe

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.01.18 Trojan.Win32.FlyStudio!IK
AhnLab-V3 5.0.0.2 2010.01.16 -
AntiVir 7.9.1.142 2010.01.17 TR/Aesevin.B.20
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.16 W32/Agent.CM.gen!Eldorado
Avast 4.8.1351.0 2010.01.17 -
AVG 9.0.0.730 2010.01.17 Downloader.Small.GST
BitDefender 7.2 2010.01.18 -
CAT-QuickHeal 10.00 2010.01.18 Trojan.Aesevin.b
ClamAV 0.94.1 2010.01.17 -
Comodo 3621 2010.01.18 UnclassifiedMalware
DrWeb 5.0.1.12222 2010.01.18 Trojan.Siggen.37507
eSafe 7.0.17.0 2010.01.17 Win32.TrojanAesevin
eTrust-Vet 35.2.7243 2010.01.18 -
F-Prot 4.5.1.85 2010.01.17 W32/Agent.CM.gen!Eldorado
F-Secure 9.0.15370.0 2010.01.18 Trojan-Dropper:W32/Peed.gen!A
Fortinet 4.0.14.0 2010.01.18 PossibleThreat
GData 19 2010.01.18 -
Ikarus T3.1.1.80.0 2010.01.18 Trojan.Win32.FlyStudio
Jiangmin 13.0.900 2010.01.18 -
K7AntiVirus 7.10.949 2010.01.16 not-a-virus:AdWare.Win32.FlyStudio.l
Kaspersky 7.0.0.125 2010.01.18 not-a-virus:AdWare.Win32.FlyStudio.l
McAfee 5864 2010.01.17 potentially unwanted program Generic PUP
McAfee+Artemis 5864 2010.01.17 potentially unwanted program Generic PUP
McAfee-GW-Edition 6.8.5 2010.01.17 Trojan.Aesevin.B.20
Microsoft 1.5302 2010.01.18 Trojan:Win32/Aesevin.B
NOD32 4781 2010.01.18 Win32/FlyStudio.OCP
Norman 6.04.03 2010.01.17 -
nProtect 2009.1.8.0 2010.01.18 Trojan-Clicker/W32.FlyStudio.22016.T
Panda 10.0.2.2 2010.01.17 Trj/CI.A
PCTools 7.0.3.5 2010.01.18 -
Prevx 3.0 2010.01.18 Medium Risk Malware
Rising 22.31.00.04 2010.01.18 Trojan.Win32.Generic.51F401CF
Sophos 4.49.0 2010.01.18 Mal/EncPk-NB
Sunbelt 3.2.1858.2 2010.01.17 Trojan.Win32.Autorun.dm (v)
Symantec 20091.2.0.41 2010.01.18 -
TheHacker 6.5.0.6.154 2010.01.18 -
TrendMicro 9.120.0.1004 2010.01.18 Mal_Pai-15
VBA32 3.12.12.1 2010.01.17 AdWare.Win32.FlyStudio.l
ViRobot 2010.1.18.2141 2010.01.18 Adware.FlyStudio.22016.V
VirusBuster 5.0.21.0 2010.01.17 Trojan.Aesevin.Gen
Additional information
File size: 22016 bytes
MD5...: 5dd605a17f13e7852edcd366ffd8e370
SHA1..: a6f1c3e50f0e710b56700bcfcdccd62752df006d
SHA256: 89107d7fce5121ea5bdc1b22d4889c9855d2c083641df638ede360dd643d36ac
ssdeep: 384:4bl8hvqB8CHoEfwsVnBXIqo6aGsvvlVFDOfCaKLdu72e08mSdmM:4baS7HoE
RoHRTFOf3kufm

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1301
timedatestamp.....: 0x59bffa3 (Mon Dec 25 05:33:23 1972)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x634 0x800 6.21 bbc0959bcf459f8dc3aaa42b8c8d7df6
.rdata 0x2000 0x194 0x200 3.64 684bd04c4e90ebb1ac24b9d56ab5240e
.data 0x3000 0x4600 0x4600 6.99 58c8ae6dff5c6414eb5b6f8de7098bc6
.rsrc 0x8000 0x168 0x200 1.50 e56c39ad3e38f4afa09b39a7b1289644

( 3 imports )
> USER32.dll: MessageBoxA
> KERNEL32.dll: FreeLibrary, lstrcatA, GetModuleFileNameA, ExitProcess, LoadLibraryA, GetProcAddress, lstrlenA
> ADVAPI32.dll: RegQueryValueExA, RegCloseKey, RegOpenKeyExA

( 0 exports )

RDS...: NSRL Reference Data Set
-
packers (Kaspersky): PE-Crypt.CF
packers (F-Prot): PE-Crypt.CF
http://info.prevx.com/aboutprogramtext.asp?PX5=B8B249B00062ED5C569D00A8531FF4001D1EF3ED
pdfid.: -
packers (Authentium): PE-Crypt.CF
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

trid..: Win32 Executable Generic (38.5%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)

5)
C:\WINDOWS\System32\123.exe

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.01.18 Trojan.Dloader!IK
AhnLab-V3 5.0.0.2 2010.01.16 Win-Trojan/Aesevin.22016
AntiVir 7.9.1.142 2010.01.17 ADSPY/Agent.22016
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.16 W32/Agent.CM.gen!Eldorado
Avast 4.8.1351.0 2010.01.17 -
AVG 9.0.0.730 2010.01.17 Generic2_c.IJV
BitDefender 7.2 2010.01.18 Adware.Generic.99663
CAT-QuickHeal 10.00 2010.01.18 Trojan.Aesevin.b
ClamAV 0.94.1 2010.01.17 -
Comodo 3621 2010.01.18 UnclassifiedMalware
DrWeb 5.0.1.12222 2010.01.18 Trojan.Siggen.36640
eSafe 7.0.17.0 2010.01.17 -
eTrust-Vet 35.2.7243 2010.01.18 -
F-Prot 4.5.1.85 2010.01.17 W32/Agent.CM.gen!Eldorado
F-Secure 9.0.15370.0 2010.01.18 Trojan-Dropper:W32/Peed.gen!A
Fortinet 4.0.14.0 2010.01.18 Adware/FlyStudio
GData 19 2010.01.18 Adware.Generic.99663
Ikarus T3.1.1.80.0 2010.01.18 Trojan.Dloader
Jiangmin 13.0.900 2010.01.18 Heur:Adware/FlyStudio
K7AntiVirus 7.10.949 2010.01.16 not-a-virus:AdWare.Win32.FlyStudio.l
Kaspersky 7.0.0.125 2010.01.18 not-a-virus:AdWare.Win32.FlyStudio.l
McAfee 5864 2010.01.17 potentially unwanted program Adware-Flystudio
McAfee+Artemis 5864 2010.01.17 potentially unwanted program Artemis!4B3C9360065B
McAfee-GW-Edition 6.8.5 2010.01.17 Ad-Spyware.Agent.22016
Microsoft 1.5302 2010.01.18 Trojan:Win32/Aesevin.B
NOD32 4781 2010.01.18 Win32/FlyStudio.OBR
Norman 6.04.03 2010.01.17 -
nProtect 2009.1.8.0 2010.01.18 Trojan-Clicker/W32.FlyStudio.22016.P
Panda 10.0.2.2 2010.01.17 W32/FlyStudio.BP
PCTools 7.0.3.5 2010.01.18 -
Prevx 3.0 2010.01.18 High Risk Cloaked Malware
Rising 22.31.00.04 2010.01.18 -
Sophos 4.49.0 2010.01.18 Mal/EncPk-NB
Sunbelt 3.2.1858.2 2010.01.17 Trojan.Win32.Autorun.dm (v)
Symantec 20091.2.0.41 2010.01.18 -
TheHacker 6.5.0.6.154 2010.01.18 -
TrendMicro 9.120.0.1004 2010.01.18 Mal_Pai-15
VBA32 3.12.12.1 2010.01.17 AdWare.Win32.FlyStudio.l
ViRobot 2010.1.18.2141 2010.01.18 Adware.FlyStudio.22016.R
VirusBuster 5.0.21.0 2010.01.17 Trojan.Aesevin.X
Additional information
File size: 22016 bytes
MD5...: 4b3c9360065b0bdf6422b83d0653a2fe
SHA1..: 80cfb539a5eec4e752f83018d8f8a999c955c5b9
SHA256: 41048799cd1e05dffdcc0145ee61e162941178688b28fc0aa74f05719aa4debe
ssdeep: 384:yKchVypTRZreLGtqIGegk9xoc2wWhc+iT6jojSh+rCr14rKUfoGZLAJ:1QVc
cxx+x294T6ASh+rCr14rTnZLA

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1214
timedatestamp.....: 0x59bffa3 (Mon Dec 25 05:33:23 1972)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x634 0x800 6.35 f5769c1833366403dcb65cf45ed429b7
.rdata 0x2000 0x194 0x200 3.64 684bd04c4e90ebb1ac24b9d56ab5240e
.data 0x3000 0x4600 0x4600 6.90 b216d1c28b55c555c14a9941a552cca2
.rsrc 0x8000 0x1e0 0x200 2.15 2ed33a3e3c95ff2b7b3671de1ca98dc1

( 3 imports )
> USER32.dll: MessageBoxA
> KERNEL32.dll: FreeLibrary, lstrcatA, GetModuleFileNameA, ExitProcess, LoadLibraryA, GetProcAddress, lstrlenA
> ADVAPI32.dll: RegQueryValueExA, RegCloseKey, RegOpenKeyExA

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (38.5%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

packers (Kaspersky): PE-Crypt.CF
packers (F-Prot): PE-Crypt.CF
packers (Authentium): PE-Crypt.CF
http://info.prevx.com/aboutprogramtext.asp?PX5=978406AB00012AF056270095D2942000D7772C30


Seems like my PC is heavily infected. Please let me know what I need to do next.

Thanks & waiting for your reply.


Report •

#13
January 19, 2010 at 05:54:39
Please help me with this issue, I dont know what to do next. How do I get the virus out of my PC?

Report •

#14
January 26, 2010 at 05:25:15
Can anyone please help me on this?

Report •


Ask Question