[imperfeckd]

AVG found a virus (trojan )and i put it in vault ....does this mean it is quarentined? and do i have to do anything with it now???

***edit***..now has found another one...same exact virus....put it in vault and the status on them both say active.....i have deleted my temp. files

i did a HJT log and am posting it...can you please read it for me to make sure pc is clean???i am on brand new computer now... thankyou...

Logfile of HijackThis v1.99.1
Scan saved at 6:42:58 AM, on 1/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\diane\My Documents\My Received Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070104
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070104
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DellHelp] C:\Dell\DellHelp\DellHelp.exe /c
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?d5858bad6635418ebf0517d9486f0fcb
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?d5858bad6635418ebf0517d9486f0fcb
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

[Byteman]

Hi Diane, The items found by AVG in quarantine (Vault) can be emptied from there- but they can also be Restored, and you have to be careful not to let them back-

I hate to tell anyone to just clear out the vault without knowing what was found, so, can you go into the Test Center and find the log for that scan or those two items that were found, and post them?

Did you have another TSG thread where someone was helping you?

 

[imperfeckd]

Hi Diane, The items found by AVG in quarantine (Vault) can be emptied from there- but they can also be Restored, and you have to be careful not to let them back-

I hate to tell anyone to just clear out the vault without knowing what was found, so, can you go into the Test Center and find the log for that scan or those two items that were found, and post them?

Did you have another TSG thread where someone was helping you?

no i didnt have another thread,,,i went ahead and used BitDefenders online scan...and they were not repairable but BitDefender was able to delete them...sorry but my vault is now empty...i was lucky because from my understanding not many AV's will scan the vault....but BitDefender picked them up right away...i also sent a report to BitDefender so that they could examine the nasties..

.if there is a way to get the old log from my vault then tell me how to do it and i will post it for you...

 

[imperfeckd]

i don't know if this will help because i have very little experience with viruses but this was BitDefenders report of the scan...

Virus Detected



Exploit.HTML.IESlice.C
2


please advise me if they were trojans and how i possibly could have picked them up....

 

[Byteman]

Hi, Well if they are gone then that's that and you submitted them so if they were new, then that will help. Slight chance of them doing anything.

I would need the filenames and where exactly they were in the system- you might see that, in the log or report, if you saved the BD one, or from AVG's. The online scans can even get into System Restore and clean things, really good thing to run once in while that's for sure.

For most of these Exploits there is an update or patch from Microsoft

I will look for it and post back.

 

[imperfeckd]

heres the link for this particular trojan...i still just want to know how i got the dang thing...

http://www.sophos.com/security/analyses/trojwaferb.html

if you can shed some light on this i would appreciate it greatly...

 

[Byteman]

Hi, This is a detection of HTML.IE.Slice.c

what was found on yours may be very similar and it may help you find a filename> 5846168D.htm

Here is where to get the patch for this vulnerability, though it may already be installed (will tell you if
it is already patched) because you may have gotten it in temp files, before your machine was fully updated.
Will not hurt to make sure!

http://www.microsoft.com/technet/security/Bulletin/MS06-057.mspx

Make sure you get the right one for your version of Windows.

 

[imperfeckd]

this morning i just got 2 more trojans...here is the log from BitDefender....can you please advise me what to do about this...??? The 2nd trojan got by AVG...it was not stopped....

i am going to go to the link that you gave me and see what it has to say there...will be back with more information....i went to that link...

Am i suppose to download the Windows XP service pack 2 ???

***note***i have Windows XP Media Center Edition 2002 service pack 2....

thank you for your help...

BitDefender Online Scanner

Scan report generated at: Sun, Jan 14, 2007 - 05:42:22

Scan path: C:\;D:\;

results

Identified Viruses
2

Infected Files
2

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
2

Engines Info

Virus Definitions
370034

Engine build
AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)

First Action
Disinfect

Second Action
Delete

Scanned File
Status

C:\$VAULT$.AVG\52325390.FIL
Infected with: Exploit.HTML.IESlice.C

C:\$VAULT$.AVG\52325390.FIL
Disinfection failed

C:\$VAULT$.AVG\52325390.FIL
Deleted

C:\Documents and Settings\diane\Local Settings\Temporary Internet Files\Content.IE5\POH9RTHN\3_z[1].htm
Infected with: Trojan.Exploit.JS.B

C:\Documents and Settings\diane\Local Settings\Temporary Internet Files\Content.IE5\POH9RTHN\3_z[1].htm
Disinfection failed

C:\Documents and Settings\diane\Local Settings\Temporary Internet Files\Content.IE5\POH9RTHN\3_z[1].htm
Deleted

I would appreciate any help mthat you can give to me...

 

[imperfeckd]

i went ahead and installed that patch....i also did a windows search for the file content:

*****.IE5\POH9RTHN\3_z[1].htm.....*****

i came up with 2 files....i have no idea what to do with them from this point on...they are:

1.....bdoscan c\wiindows\bdoscan8...2 kb text document

2.....bdoscan c\windows\bdoscan8...18kb HTML

*****HTML.IESlice.C*****

i came up with 3 files:

1.....bdoscan c\wiindows\bdoscan8...2kb text document

2.....rtvr_rep c\wiindows\bdoscan8...5kb HTML Document

3.....scanrep c\wiindows\bdoscan8...18kb HTML Document

***are these the BitDefender scan results??***?

 

[imperfeckd]

a friend just found the link for the last trojan....i just cant figure this out...i have never had a virus and now they are coming out the wazoo....

http://www.symantec.com/security_response/writeup.jsp?docid=2001-082822-3603-99&tabid=3

help.......

 

[Byteman]

Hi, The download was for a Critical Update to patch a vulnerability, not Service Pack 2, however if you have installed Internet Explorer 7, then you are already patched, unless you had the trojans or vulnerability breached.....before you installed IE 7.0 as it carries over from IE 6. You have IE 6, and that tells me you
probably have Automatic Updates turned off, or at least have updates set to not install if they are downloaded, until you run them.

The exploits are things that run off of websites, where if you go to the site unprotected, unpatched, or without an antivirus program let's say, these bugs will immediately be running in through the open door. It's actually a good way to get "hacked" and therefore we need to take care of the vulnerability, and also the files that have managed to get in. The vulnerability is a defect, or something hackers and the like take advantage of, to get control of other computers and wreak havoc, steal money, info, become famous....

NEVER try to "run" or "Open" a file that has been detected as infected!!!!!!!!!!!!!!!!

Not even if someone tells you it's a recipe for wealth and fame or a winning lottery scheme
[Sometimes, you don't even need to open or run a virus, they can be started by a preview in for example, Outlook Express, not all virii can do that.

{I'm sorry, I wrote this before I discovered that you had installed the patch, so NEVERMIND!!...}

I advise you to download the patch, here: Without it, the door remains Open! Somehow, you don't have this update, it was issued some time ago....do you have Automatic Updates turned off? That itself is not too bad an idea, as sometimes these updates break Windows> so, if you are not automatically downloading and installing them, I can't say that is totally bad, but you must run Windows Updates manually, and if you do not have them install themselves right then, you must remember to do so.

http://www.microsoft.com/technet/security/Bulletin/MS06-057.mspx

It says this at the link above>
• Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 - Download the update
That does not mean your'e downloading SP2, it means that the patch there next to it, is FOR those using Windows XP that have either SP1 or SP2 INSTALLED....means that it is compatible with either.

The download link is right there, "Download the Update" save to dekstop or your favorite download folder When you install patches like that, they close the hole these bugs apparently are sliding through, you could only otherwise prevent them with an extremely security tight setup, and that might not work, since they take advantage of Windows and IE, it's nothing you do or don't do. A firewall might alert you but might not work in time, or you or someone might tell the firewall it's OK not realizing what was happening.

Anyway, the file you are after is:

POH9RTHN\3_z[1].htm.....***** <<this is one file located here> The random folder name is normal,
that is in the CONTENT.IE5 main folder...do not delete the folder delete the files in them with the tool I will post below. 3_z[1].htm <<<this is the file name but, there may be others there by now, apparently they are coming from a website you or someone goes to, or email or IM links OR files downloaded

This file was found IN the AVG Virus Vault, it has been deleted by Bit Defender.
:\$VAULT$.AVG\52325390.FIL
Infected with: Exploit.HTML.IESlice.C

C:\$VAULT$.AVG\52325390.FIL
Disinfection failed

C:\$VAULT$.AVG\52325390.FIL
Deleted

Same for the second file Bit Defender found, it tried disinfection, failed, so it deleted it.

C:\Documents and Settings\diane\Local Settings\Temporary Internet Files\Content.IE5\POH9RTHN\3_z[1].htm
Infected with: Trojan.Exploit.JS.B <<this is your notification or Trojan name

C:\Documents and Settings\diane\Local Settings\Temporary Internet Files\Content.IE5\POH9RTHN\3_z[1].htm
Disinfection failed <<this is the first action, which failed....

C:\Documents and Settings\diane\Local Settings\Temporary Internet Files\Content.IE5\POH9RTHN\3_z[1].htm
Deleted << this is the second action, which got rid of it!

All 3 above in each group, are the SAME FILE, if you look closely at the filename.

bdoscan.xxxxxxxx's

These are the logs, if you can see them can you open and copy and paste the content into a reply? It's just a report, the log, the results....of the scan. You cannot attach an HTML file extension so rename it to text.....

We can get rid of anything in the Temp folders using a nice utility, perhaps you even already have one....let's use CleanUp! This will NOT empty the Virus Vault, you have to do that!

Download Cleanup from here

• Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
• Click the Options... button on the right.
• Move the arrow down to "Custom CleanUp!"
• Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies <<Checking this will remove saved logins...usernames and passwords!
    You might want to wait until you are sure you have those things written or saved someplace else!
  • Cleanup! All Users
  Click OK
• DO NOT RUN IT YET

Now boot to safe mode.

You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter

Run Cleanup:

• Click on the "Cleanup" button and let it run.
• Once its done, close the program.

Restart the computer normally, and back to regular Windows (no key tapping please).

Next: Open AVG, go to the Virus Vault in the Test Center and empty it! Or, these files that are actually
copies of the trojans, will stay there forever (they cannot do anything to the system in Vault but they will continue to be found by other scanners and worry you to death.

Scan again with Bit Defender --Place a check on everything under "Scan Options"

There should be something that tells you "Save Results" or similar----please try to find that, save the results to YOUR DESKTOP so you can find them, and then, copy and paste them to your reply, and also put in a new Hijackthis log and we will check them. You may have saved the results, those text files look like the ones, but I cant really tell for sure, only you can, they cannot do anything so open them and look and see what they tell you, you should recognize the files found....they might be older scan results though!

scanrep.html This looks like the BitDefender result log but you cannot post HTML here at TSG, so you need to save the Text from it and post that way. All we need to see is the exact filenames and where it was found on the system, and what the scanner did with it, for each file found..

Rename the results file this time, so you can easily pick it out!

 

[Byteman]

Diane, I found good (better than mine) directions for saving the
Bit Defnder scan results

[webquote=http://forums.majorgeeks.com/showthread.php?t=35407]

Bitdefender: agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files. Once Bitdefender completes the scan:

Click-on the Detected Problems tab. Then select Click here to export the scan report

When the window comes up to save the report, change the Save as type: box to Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click save. This will save a file named bdscan.txt in whatever folder you are currently in when you save the file (take notice of where you are at so you can find it later). This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html. ((I can do that here on my computer-edit by Byteman. TSG site does not allow HTML to be uploaded))

If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.

Post the bdscan.txt file as an ATTACHMENT. See: HOW TO: Attach Items To Your Post
You MUST attach the Bitdefender log even it it indicates no problems. We want to see it anyway!!!![/webquote]

 

[imperfeckd]

here is the bdoscan that i still have...the others i might have deleted after i posted them...

[General]
App = "BitDefender Online Scanner v8"
Date = 14:01:2007
Time = 05:42:22
Scan Path = C:\;D:\;

[Engines Info]
Virus Definitions = 370034
Engine build = "AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)"
Scan plugins = 14
Archive plugins = 38
Unpack plugins = 6
E-mail plugins = 6
System plugins = 1

[Scan Statistics]
Folders = 3690
Files = 334955
Archives = 4026
Packed files = 36098
Identified viruses = 2
Infected files = 2
Warnings = 0
Suspect files = 0
Disinfected files = 0
Deleted files = 2
Copied files = 0
Moved files = 0
Renamed files = 0
I/O Errors = 38

[Scan Settings]
SecondAction = Delete
FirstAction = Disinfect
Heuristics = 1
Enable Warnings = 1
Exclude Ext =
Extensions = *;
Scan Emails = 1
Scan Archives = 1
Scan Packed = 1
Scan Files = 1
Scan Boot = 1
Verify Memory = 0

[Scan Results]
Line00000005 = "C:\$VAULT$.AVG\52325390.FIL Infected with: Exploit.HTML.IESlice.C"
Line00000004 = "C:\$VAULT$.AVG\52325390.FIL Disinfection failed"
Line00000003 = "C:\$VAULT$.AVG\52325390.FIL Deleted"
Line00000002 = "C:\Documents and Settings\diane\Local Settings\Temporary Internet Files\Content.IE5\POH9RTHN\3_z[1].htm Infected with: Trojan.Exploit.JS.B"
Line00000001 = "C:\Documents and Settings\diane\Local Settings\Temporary Internet Files\Content.IE5\POH9RTHN\3_z[1].htm Disinfection failed"
Line00000000 = "C:\Documents and Settings\diane\Local Settings\Temporary Internet Files\Content.IE5\POH9RTHN\3_z[1].htm Deleted"

the next one is coming up...i hope that i am following your directions correctly...

 

[Byteman]

Diane, that is a report, done correctly... from Jan 14th, today. Infected files were

""Deleted files = 2""

We should see that no more of the exploit is found since you have installed that patch.

The JS type typically is after passwords, at least tht is what they used to do...I have not gone to the link about this specific bug but I will be able to shortly. :up:

More likely they are just coming into Temp Internet Files cache, but are not anything "infecting" your system.
Or, your own installed programs would have been popping up telling you about it....

AVG Antivirus is a good program, but it may not be detecting things coming into Temp files, at least until
they are active... You do have AVG protection turned on, right???
And, you keep it updated??

You should also use AdAware and SpyBot...or, Windows Defender from Microsoft.

Or, AVG Antispyware...this is a free trial type, it expires as far as updating, but will still protect you
from whereever it leaves off. Of course, an antispyware program that is kept udpated, is much better to have. This program is the old Ewido trojan detector, AVG's owner company acquired it recently.

Windows Defender, for XP, is free, from Microsoft.

 

[imperfeckd]

this is bitbefenders scan from today appearently...

BitDefender Online Scanner

Scan report generated at: Sun, Jan 14, 2007 - 05:42:22

Scan path: C:\;D:\;

Statistics

Time
00:44:43

Files
334955

Folders
3690

Boot Sectors
4

Archives
4026

Packed Files
36098

Results

Identified Viruses
2

Infected Files
2

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
2

Engines Info

Virus Definitions
370034

Engine build
AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\$VAULT$.AVG\52325390.FIL
Infected with: Exploit.HTML.IESlice.C

C:\$VAULT$.AVG\52325390.FIL
Disinfection failed

C:\$VAULT$.AVG\52325390.FIL
Deleted

C:\Documents and Settings\diane\Local Settings\Temporary Internet Files\Content.IE5\POH9RTHN\3_z[1].htm
Infected with: Trojan.Exploit.JS.B

C:\Documents and Settings\diane\Local Settings\Temporary Internet Files\Content.IE5\POH9RTHN\3_z[1].htm
Disinfection failed

C:\Documents and Settings\diane\Local Settings\Temporary Internet Files\Content.IE5\POH9RTHN\3_z[1].htm
Deleted

AVG has nothing in vault but in history i found something...the scan this morning was not completed for some reason...but there is a history to report i think..coming up next...

 

[Byteman]

Diane, those are the same files, they have been deleted....no need to post anymore OLD logs, just get the CleanUp utility I posted, run it as shown, and then take new Bit Defender scan post the log, and also, a new Hijackthis log.

When you do an antivirus scan , an AVG log is always saved, even if you stop the scan early>

Look in> Test Results>> they may be from way back, just look at the newest one
If you havent recently scanned with AVG,then no sense posting anything....

Virus Vault in AVG was emptied apparently, by the Bit Defender scan.....so, you probably only had the one file found by AVG, as you said, the other one wasn't detected at all by AVG.

 

[imperfeckd]

i dont understand some things about Clean up...Do i have to make a backup??/ it states that i do and i have no idea how to do that...this pc is less than a week old... and i am pretty sure i know what website has done this and who it is also...but that is for a later time...

and which version of cleanup am i suposed to download??/ they have at least 2 different ones..i think 1 of them is an update or something....

 

[imperfeckd]

Diane, those are the same files, they have been deleted....no need to post anymore OLD logs, just get the CleanUp utility I posted, run it as shown, and then take new Bit Defender scan post the log, and also, a new Hijackthis log.

But, an AVG log is always saved, even if you stop the scan early>

Look in> Test Results

Virus Vault in AVG was emptied apparently, by the Bit Defender scan.....so, you probably only had the one file found by AVG, as you said, the other one wasn't detected at all by AVG.

i found the AVG log but when i went to open it it went weird and said somethig to the effect that it wont let me do anythhing with it because of someone can use the information in it in a bad way...how do i post it?? i got one of those yellow bars across the top of the screen saying something like options????

 

[Byteman]

Diane, No need to post the entire AVG log> just copy and paste the selected text of the filenames, file locations, and what was done with them...if there are any.

Since viruses etc are first Cleaned/Disinfected by default> then if not cleanable, the next move by an antivirus program is Vault/Quarantine, or Delete, there really is no need to post any of the old things that were detected...if you can do it, then do so, but really, don't like get old and gray about it. You would be getting AVG alerts about anything that infected anything.
Try a new scan with AVG when you have some time.

CleanUP!> get CleanUp452.exe Available from: HERE

I have never done any backing up before using it, but I do have backups made of anything I need.

I can;t tell you what to do here, but backing up ususally consists of any files you moved to the new computer, such as music, pictures, documents, downloaded program installers, etc that you do not have saved anywhere else. You should put all those on media, either DVD or CDRW, but if you do not have any files to back up, then there is no need to do that.

You could create a NEW Restore Point right before you run CleanUp.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "Before cleanup". Click Create and you're done.

Wait five minutes then run the CleanUP! program, boot to safe mode to do it!!!!!!!

What you really really need to do is see if Windows Updates are set up to INSTALL not just download....

Start>Control Panel> Security Center> does it say Automatic Updates? See how your settings are> ON
means, any updates will be downloaded and installed, in the backgroun, with only a shield icon in the system tray telling you....same icon as the Security Center, only it is gold color.

It could be that you have it set to download updates only, which does no good unless you go and install them.

Check how they are set up this way> ""To open Automatic Updates, click Start, click Control Panel, and then double-click Automatic Updates"" See how the settings are.

Here is a pic of how it looks, when Automatic Updates is "ON"

(The screenshot was made with a Yahoo Widget)

You may not want it this way- many people feel that they would like to be more in control of updates from Microsoft and they have it set to DOWNLOAD them to the hard drive, but NOT to install automatically. ((It will tell you for sure at the Windows Update website)).

 

[imperfeckd]

my computer is set to install updates daily at a certain time....i am going to run cleanup in just a few minutes....i sure hope i do this right....thank you for your help.... :up: i will be back after i run cleanup and do my scans....i will post results when done....thank you again for helping me to save my poor new pc... :up: