winupgro.exe infected laptop

May 17, 2009 at 08:08:10
Specs: Windows XP Pro 2002 SP3
Hello,
My laptop has been infected with winupgro.exe. While searching these forums for a solution I realised probably the only one was combofix. So I downloaded it (renamed it), unistalled my norton internet security and ran it. The link to the resulted log is the following:

http://www.mediafire.com/?mmdmzejy3zm

Is there anything else I should do?


See More: winupgro.exe infected laptop

Report •


#1
May 17, 2009 at 08:14:13
You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

As per Author of combo-fix.

Download Kaspersky AVP tool:
http://devbuilds.kaspersky-labs.com...
Once you download and start the tool select all the objects to be scanned and hit Scan

Post screen shot/log of detected (detected window). Fix what gets detected with kaspersky AVP tool.


Report •

#2
May 17, 2009 at 15:40:56
Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan.Win32.Agent.yxd File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\Adobe\Manager.exe.vir//PE_Patch.UPX//UPX
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auu File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\drivers\winupgro.exe.vir
deleted: virus Email-Worm.Win32.Bagle.of File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\drivers\downld\171609.exe.vir
deleted: virus Email-Worm.Win32.Bagle.of File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\drivers\downld\333906.exe.vir
deleted: virus Email-Worm.Win32.Bagle.of File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\drivers\downld\625765.exe.vir
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\data.oct.vir
deleted: virus Email-Worm.Win32.Bagle.of File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\flec006.exe.vir
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\1 Cool Menu FX Tool - Flash 1.4 (Cracked).zip.vir/key_generator.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\101 White Light Energy Tarot Spreads 1.0.zip.vir/run.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\4Team Tasks Widget 1.00.0039.zip.vir/install.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Abacus 2.0.zip.vir/key_gen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\ACDSee 10 Photo Manager 10.0 Build 238.zip.vir/serial.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Advanced Email Parser Lite 1.26 With Crack.zip.vir/setup.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Age of Mythology - The Dragon's Lair scenario.zip.vir/keygen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\American Gangster Nokia 176x208.zip.vir/run.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Animated 3d Aquarium screensaver 1.zip.vir/key_gen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Arena Wars v1.2.1 patch.zip.vir/key_gen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\AtomDVD 3.1 (Serial).zip.vir/install_patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Auto Girl Screen Saver 1.0.zip.vir/install_crack.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\AutoCount 2006 1.1.3 (Crack).zip.vir/keygen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\AutoFlowchart 1.01.zip.vir/setup.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\AVG.Plus.Firewall.Edition.7.1.375a690+Serial.zip.vir/key_gen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\BackupSW 3.0.zip.vir/install_patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\BarGenie 9.2.zip.vir/run.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Binary Clock Widget 1.0.zip.vir/key_gen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Blokt Icon Set 02.zip.vir/install_patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Boldchat Operator Client .NET 4.81.2594.23733.zip.vir/install_crack.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\BulletProof JDesignerPro 5.0.zip.vir/keygen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Calendar 50 People to Tasks With Excel 1.1.zip.vir/key_gen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\CallWave Internet Answering Machine 3.09.10 (Serial).zip.vir/keygen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Camp Organizer Deluxe 3.0.zip.vir/serial.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\CapeTools QuantTools XL 2.zip.vir/install_patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Case Converter 1.1.zip.vir/install.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Chameleon menu Flash SWF Object 1.0 (KeyGen).zip.vir/install_patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\ClearImage PDF417 5.5.5.zip.vir/keygen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\CompTIA A+ Practice Tests by Study Hall 4.2 Key.zip.vir/install_patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Contacts2Distribute 1.0.zip.vir/run.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Cool Temporal Effect.zip.vir/key_generator.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\CypherZIP 1.0.0 [Cracked].zip.vir/serial.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\D-Softs DB Compare 2.03.zip.vir/patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Daily Shifts and Tasks for 25 Employees 3.7.zip.vir/keygen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Danzania - Land of Wonder Screensaver 1.0.zip.vir/install_crack.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Database Icon Set 2008.1.zip.vir/install_patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\dbExpress driver for Oracle 3.20 (Cracked).zip.vir/run.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\DBPix 2.0.0.8.zip.vir/keygen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Dimenes 1.5 RF Serial.zip.vir/run.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Directory Classifier 2.2 (Key+Serial).zip.vir/setup.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\DropClock 1.0.1.zip.vir/install_crack.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Easy 3D Objects 1.0.zip.vir/key_gen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Ecamm R2D2 Droid Chirp.zip.vir/key_generator.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\EKOS MP3 Minimizer 3.0.2 [Key].zip.vir/install_crack.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Elfima Pastel 1.0.6 [Serial].zip.vir/install_crack.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Free Web Image Zoom 1.0.zip.vir/run.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\FreeScan Cleaner 1.0.zip.vir/install_patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Fund Prices Downloader (Belgium Edition) 1.1.1.zip.vir/key_gen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\G-Sector 1.0.zip.vir/install_crack.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\GDS 2000 PRO 1.06.zip.vir/install_patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\GentleMouse 2.0 With Crack.zip.vir/install_patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\GetAnonymous Pro 2.2.zip.vir/run.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\HighSpeed Port Scanner 1.0.zip.vir/install_patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Houdini 1.3 (Crack).zip.vir/serial.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Hpgl2CAD 3.0 Cracked.zip.vir/patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Icon Searcher 3.21 With Crack.zip.vir/key_gen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\IE Password Recovery 1.0.zip.vir/key_gen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\IntraVnews 1.2.2187.20200.zip.vir/run.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\JPowered Image Viewer 4.7 Patch.zip.vir/serial.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Label Flow - Label Maker Software 3.4.zip.vir/run.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\LingvoSoft Dictionary 2008 English - Bulgarian 4.1.29.zip.vir/patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\LingvoSoft English-Finnish Talking Dictionary (W) 3.1.41.zip.vir/patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\LinPlug RM IV 4.1.1.zip.vir/install_crack.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\MaxiToolbar Pro 1.4.4.zip.vir/run.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\MessagePal 1.6.3.zip.vir/crac.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\MTP ExpeDat 1.8-10.zip.vir/serial.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\My Remote Files 2.2.1.zip.vir/keygen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\MyLife Smart Organizer Suite 5 8.8.zip.vir/install_patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\NaturePainter Digital Canvas 1.2.zip.vir/install_crack.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Nervous breakdown 1.0.zip.vir/install.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Otter 1.zip.vir/patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\PacketTrap PT360 Tool Suite 2.2.5459.0.zip.vir/install_crack.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\ParetoLogic Data Recovery 1.0.zip.vir/serial.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Password Generator Vista Gadget 1.0.0.0.zip.vir/key_gen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\PCX Plugin 0.9.3.0.zip.vir/setup.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\PDF To Image Converter SDK-COM-Library Component 2.zip.vir/install.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Phantom Surfer 1.4.zip.vir/patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Photo Print Pilot 1.zip.vir/serial.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Pianos 1.0.zip.vir/key_gen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Pilot Online Training Solution AUG.2006.zip.vir/run.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\PixBuilder Studio 1.31.zip.vir/setup.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Privacy and Registry Cleaner 1.2.zip.vir/key_gen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Process Spy 1.5.zip.vir/key_gen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Project Calculator 1.1.0.0.zip.vir/install_crack.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\QPS PDF to TEXT 1.0.zip.vir/keygen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\RecentJobs 2.0 (Cracked).zip.vir/patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\RecoveryFix for Excel 4.05.01.zip.vir/install_patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Rename Files Master 1.0.zip.vir/key_generator.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Reports-Lab 1.10.zip.vir/setup.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Right Encoding Firefox Add-on 0.2.2.zip.vir/install_patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Rom Law 6.1a.38.zip.vir/serial.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\RssMaker 0.1.zip.vir/install_crack.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\SannySoft Perl Editor Lite 2006 [Cracked].zip.vir/patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Scrabble (Pocket PC) 1.0.zip.vir/run.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Secret Explorer 4.0.zip.vir/serial.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\SFX Machine RT for Windows 1.07.zip.vir/setup.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\ShellDispenser 8.4.17.zip.vir/install_patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Skinnyr widget 1.0.0.zip.vir/serial.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\SocketTools Scripting Edition 6.00.6000.zip.vir/patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\SoftAmbulance 4 Outlook Express 1.24.zip.vir/run.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Sonar 2.0.56.zip.vir/key_gen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Sophos.Antivirus.v5.2.4.Multilingual.Win2Kxp2k3.Retail-Arn.zip.vir/install_crack.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Space Fly Screensaver 2.2.zip.vir/setup.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\SpartacusFilter for Exchange Server 1.0.11.zip.vir/keygen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Split and Tile Image Splitter 2.07d.zip.vir/patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\SQL Delta 4.1 Rel 1.2 (With Crack).zip.vir/install_patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Subliminal Messages Organizer 1.0.zip.vir/install_patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Super Pop and Drop.zip.vir/crac.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\SWF-AVI-GIF Converter 1.02.zip.vir/install_patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\SWiSHmax 2.0 Build 2008.08.12.zip.vir/patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Symantec.Norton.Ghost.Version.10.keygen.Working.Nov2005.zip.vir/crac.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\t2h 1.0.10.zip.vir/key_gen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Tanks Evolution 1.0.zip.vir/keygen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\TerrainCAD 1.1.zip.vir/patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\TextCrypto 1.zip.vir/serial.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\The PerlXL 1.0.zip.vir/install_patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\TimeCalc Classic 2.02.zip.vir/patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\TraderXL Pro 6.1.15.zip.vir/install_crack.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Tune4Win M4P Converter 1.03.zip.vir/keygen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\UltraLott Texas 1.1.8.zip.vir/setup.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Unreal Tournament 2004 Soria Model.zip.vir/install_crack.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\US Department of Homeland Insecurity Idiocy Level 0.1.2.3.2-zomg.zip.vir/key_gen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\UserMonitor 1.7.zip.vir/run.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Utopia Chat System 8.1.zip.vir/patch.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\Variable Framerate Rx 1.8.11.19.zip.vir/key_generator.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\VDAFS TO DXF Converter & Viewer 1.4.zip.vir/keygen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\VentaFax Business 6.1.52.137.zip.vir/key_generator.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\WatchDog II.zip.vir/key_generator.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auy File: D:\Qoobox\Quarantine\D\Documents and Settings\Eliethel\Application Data\m\shared\WorkoutGenerator 5.0 (With Crack).zip.vir/keygen.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.auu File: D:\Qoobox\Quarantine\D\Program Files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe.vir
deleted: virus Email-Worm.Win32.Bagle.of File: D:\Qoobox\Quarantine\D\WINDOWS\system32\mdelk.exe.vir
deleted: virus Email-Worm.Win32.Bagle.of File: D:\Qoobox\Quarantine\D\WINDOWS\system32\wintems.exe.vir
deleted: Trojan program Trojan.Win32.Agent.bptr File: D:\Qoobox\Quarantine\D\WINDOWS\system32\drivers\down\328921.exe.vir

Report •

#3
May 17, 2009 at 15:43:10
The above are the detected problems Kaspersky AVP tool found and fixed, nothing else was detected.

Report •

Related Solutions

#4
May 17, 2009 at 15:55:48
Although winupgro doesn't start on processes anymore (is it cleaned?), when I restart my laptop it freezes at startup and I get a black screen with a blinking cursor and I must turn it off and boot again to start Windows. Also I cannot start into Safe Mode. Anything else I should do?

Report •

#5
May 17, 2009 at 17:00:31
All of it was from quarantined file of combofix. Follow these steps please:

Can you please post your AVZ log:

1) To create the logfile, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

2) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

3) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator

You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

begin
ExecuteStdScr(3);
RebootWindows(true);
end.

Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and paste the link here.

Image Tutorial


Report •

#6
May 17, 2009 at 18:21:06
The link to my virusinfo_syscure is:
http://rapidshare.com/files/2342167...

Report •

#7
May 17, 2009 at 18:53:06
1) Your AVZ log seems clean. Can you upload d:\windows\HideWin.exe to rapidshare.com and private message me download link.

2) Install, update and run full scan with Malwarebytes' Anti-Malware. Attach malwarebyte full scan log, but Please Don't fix anything yet, until the log is reviewed.


Report •

#8
May 17, 2009 at 19:04:41
I was able to start into Safe Mode and I didn't get the frozen black screen again. I am running now a full scan with Malwarebytes' Anti-Malware as you told me and will post log as soon as it's ready. Also I sent you the HideWin.exe with p.m.

Report •

#9
May 17, 2009 at 19:08:49
Are you in safe mode or regular? Where did you run AVZ script and combofix in safe mode or regular?

Report •

#10
May 18, 2009 at 00:49:56
Both in regular. When I ran combofix I coudn't go into Safe Mode. Malwarebyte finished (in regular as well) and the log is:

Malwarebytes' Anti-Malware 1.36
Database version: 2146
Windows 5.1.2600 Service Pack 3

18/5/2009 10:44:53 πμ
mbam-log-2009-05-18 (10-44-41).txt

Scan type: Full Scan (C:\|D:\|E:\|K:\|)
Objects scanned: 273405
Time elapsed: 1 hour(s), 8 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Report •

#11
May 18, 2009 at 04:53:11
Seems infection is removed you might want to run these tools to try to solve other problems:
http://onecare.live.com/site/en-Us/...
http://onecare.live.com/site/en-Us/...

Report •

#12
May 18, 2009 at 05:27:51
My system is running stable, no problems at all so far. I really appreciate your help, you saved me :)

Thank you very much


Report •


Ask Question