Virus infections detected, help on removing them.

  pigseattruffles 19:10 03 Sep 2006
Locked

Here is my Kaspersky log. Any help to remove the infected items without damaging the system in any way will be hugely appreiated. Thanks in advance.

  pigseattruffles 19:10 03 Sep 2006

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, September 03, 2006 6:55:51 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 3/09/2006
Kaspersky Anti-Virus database records: 207529
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C: D: F: G: H: I:
Scan Statistics:
Total number of scanned objects: 88498
Number of viruses found: 9
Number of infected objects: 26 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:41:54

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd002.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-09-03_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36366047.ex$ Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F1B5CEB.ex$ Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\Brett Worth\.housecall\Quarantine\A0022617.exe.bac_a01868 Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\Brett Worth\.housecall\Quarantine\A0023610.dll.bac_a01868 Infected: Trojan.Win32.Agent.vg skipped
C:\Documents and Settings\Brett Worth\.housecall\Quarantine\A0023616.exe.bac_a01868 Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\Brett Worth\.housecall\Quarantine\A0024615.exe.bac_a01868 Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\Brett Worth\.housecall\Quarantine\A0025623.exe.bac_a01868 Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\Brett Worth\.housecall\Quarantine\A0025641.exe.bac_a01868 Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\Brett Worth\.housecall\Quarantine\A0026683.exe.bac_a01868 Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\Brett Worth\.housecall\Quarantine\A0026711.exe.bac_a01868 Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\Brett Worth\.housecall\Quarantine\A0026729.exe.bac_a01868 Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\Brett Worth\.housecall\Quarantine\A0026741.exe.bac_a01868 Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\Brett Worth\.housecall\Quarantine\A0026772.exe.bac_a01868 Infected: Trojan-Downloader.Win32.Zlob.ts skipped

  pigseattruffles 19:11 03 Sep 2006

C:\Documents and Settings\Brett Worth\.housecall\Quarantine\A0026816.exe.bac_a01868 Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\Brett Worth\.housecall\Quarantine\A0026817.exe.bac_a01868 Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\Brett Worth\.housecall\Quarantine\A0034112.EXE.bac_a01868 Infected: Trojan-Dropper.Win32.Microjoin.bx skipped
C:\Documents and Settings\Brett Worth\.housecall\Quarantine\mst4B9.tmp.bac_a01544 Infected: Packed.Win32.Klone.g skipped
C:\Documents and Settings\Brett Worth\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Brett Worth\Application Data\Mozilla\Firefox\Profiles\a226hyet.default\cert8.db Object is locked skipped
C:\Documents and Settings\Brett Worth\Application Data\Mozilla\Firefox\Profiles\a226hyet.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Brett Worth\Application Data\Mozilla\Firefox\Profiles\a226hyet.default\history.dat Object is locked skipped
C:\Documents and Settings\Brett Worth\Application Data\Mozilla\Firefox\Profiles\a226hyet.default\key3.db

  pigseattruffles 19:12 03 Sep 2006

Object is locked skipped
C:\Documents and Settings\Brett Worth\Application Data\Mozilla\Firefox\Profiles\a226hyet.default\parent.lock Object is locked skipped
C:\Documents and Settings\Brett Worth\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_644C_3C15_4C3B_E08A\dfsr.db Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_644C_3C15_4C3B_E08A\fsr.log Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_644C_3C15_4C3B_E08A\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_644C_3C15_4C3B_E08A\tmp.edb Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\History\History.IE5\MSHist012006090320060904\index.dat Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Temp\a991vb11.exe Infected: Trojan-Downloader.Win32.Agent.alr skipped
C:\Documents and Settings\Brett Worth\Local Settings\Temp\~DF8DDF.tmp Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Temp\~DF8DEE.tmp Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Temp\~DF98C8.tmp Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Temp\~DF99F0.tmp Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Temp\~DF9B6A.tmp Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Temp\~DFC87A.tmp Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Brett Worth\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Brett Worth\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Brett Worth\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

  pigseattruffles 19:12 03 Sep 2006

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0022614.tlb Infected: Trojan-Downloader.Win32.Zlob.ub skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0024618.tlb Infected: Trojan-Downloader.Win32.Zlob.ub skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0026694.tlb Infected: Trojan-Downloader.Win32.Zlob.ub skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP186\A0026719.tlb Infected: Trojan-Downloader.Win32.Zlob.ub skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP187\A0026773.exe Infected: Trojan-Downloader.Win32.Zlob.ub skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP187\A0026775.exe Infected: Trojan-Downloader.Win32.Zlob.tx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP187\A0026776.tlb Infected: Trojan-Downloader.Win32.Zlob.ub skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP235\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{1DF1845E-9B60-4B60-90B4-9FD8945B5DEF}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\rdpibeqq.dll Infected: Trojan-Spy.Win32.VBStat.d skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

  VoG II 19:14 03 Sep 2006

Have you got *four* anti-virus programs on there ????

  skidzy 19:17 03 Sep 2006

Better off posting a Hijackthis log click here and post here click here

They have the experts to point you in the right direction.

  VoG II 19:22 03 Sep 2006

As far as I can see all of the ingected files are in system restore points or have been quarantined by other anti-virus programs - they cannot escape from there.

You should only have one anti-virus installed.

  SANTOS7 19:25 03 Sep 2006

you have this Trojan-Downloader.Win32.Zlob.ub in your system volume information files (where your restore points are kept) the only way to delete them is to disable system restore reboot enable system restore then if you are still infected follow skidzy,s links the site is far more dedicated to the problems you have..

  SANTOS7 19:28 03 Sep 2006

click here
the trojan in question is recognised by A-Squared download free tool from link it may help
click here

  skidzy 19:29 03 Sep 2006

Just to add to SANTOS7 suggestion regarding disabling System Restore,please dont forget to empty your recycle bin.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Galaxy Note 8 vs iPhone X

The secrets of creating gory VFX

How to update iOS on iPhone or iPad

WhatsApp : comment lire vos messages sans que l’expéditeur le sache