Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
25 Posts
Discussion Starter · #1 ·
Hi all!

Would be very happy if you can look at this, reinstalling is close :):):)

I've had the W32/Netsky.P.worm and Trj/Startpage.BW and lastly Exploit/ByteVerify.

During this time I've been at payment sites so I'm a bit worried since the viruses? uses trojans, Black Box, that logs keystrokes.

I've changed the passwords there now when I think it's ok but since they still tries to get into my computer I'm a bit worried, or do they send the logs by mail?

The other trojan is Trojan.Java.ClassLoader.f, I'm also have some things left and I'm trying to buy PestPatrol but there were something with their shop will try again today though.

Those two have dissepeard when I runned a deep scan with Panda also some other things were removed as well.

I'm presenting 4 logs namely, HijackThis, Panda Antivirus, PestPatrol and Netstat info before and after being connected to broadband:

HijackThis:

Logfile of HijackThis v1.97.7
Scan saved at 09:30:08, on 2004-04-02
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDXP\System32\smss.exe
C:\WINDXP\system32\winlogon.exe
C:\WINDXP\system32\services.exe
C:\WINDXP\system32\lsass.exe
C:\WINDXP\System32\Ati2evxx.exe
C:\WINDXP\system32\svchost.exe
C:\WINDXP\System32\svchost.exe
C:\WINDXP\system32\spoolsv.exe
C:\Program Files\KeyFocus\KFWS\bin\kfwserv.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDXP\System32\Tablet.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\WINDXP\system32\Ati2evxx.exe
C:\WINDXP\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDXP\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\regprot\regprot.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDXP\System32\sstray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDXP\System32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\IFACE.EXE
C:\Documents and Settings\Rick.SHUTTLE01.000\Desktop\sakerhat\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Ambrose Creatives :)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDXP\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KFWebServer] C:\Program Files\KeyFocus\KFWS\bin\kfwsmon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDXP\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDXP\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [Tau Monitor] C:\Program Files\Agnitum\Tauscan 1.6\taumon.exe
O4 - HKLM\..\Run: [RegProt] c:\regprot\regprot.exe /start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDXP\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [Skype] "C:\PROGRA~1\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ATI TV (HKLM)
O9 - Extra button: Add to Restricted Zone (HKLM)
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Add to Trusted Zone (HKLM)
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://forum.caligari.com
O15 - Trusted Zone: http://www.google.se
O15 - Trusted Zone: http://by2fd.bay2.hotmail.msn.com
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://www.poker-festival.com
O15 - Trusted Zone: http://forums.techguy.org
O15 - Trusted Zone: http://login1.telia.com
O15 - Trusted Zone: http://www.startsidan.telia.se
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.vietnet.tv/tdserver.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9E214F45-89C2-4DE3-94A9-530EB1D05F7E} (QuestActiveX Class) - http://www.quest3d.com/Quest3D_WebInstall.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37946.6189930556
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = FOO
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = FOO

Panda: this is long so all connection attempts is in this mail and the virus in the next one :)

Panda Antivirus Platinum incident report
Filter selected:All, Date: All
INCIDENT NOTIFIED BY DATE-TIME RESULT ADDITIONAL INFORMATION
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Connection attempt Firewall protection 04/02/04 08:58:40 Blocked Source IP address: 210.183.97.52
Connection attempt Firewall protection 04/02/04 08:48:19 Blocked Source IP address: 80.239.41.49
Connection attempt Firewall protection 04/02/04 08:43:33 Blocked Source IP address: 69.22.29.85
Connection attempt Firewall protection 04/02/04 08:32:34 Blocked Source IP address: 213.67.169.119
Connection attempt Firewall protection 04/02/04 08:26:47 Blocked Source IP address: 132.239.171.249
Connection attempt Firewall protection 04/02/04 08:23:12 Blocked Source IP address: 61.75.23.51
Connection attempt Firewall protection 04/02/04 08:23:03 Blocked Source IP address: 61.75.23.51
Connection attempt Firewall protection 04/02/04 03:20:50 Blocked Source IP address: 195.67.199.15
Connection attempt Firewall protection 04/02/04 03:20:24 Blocked Source IP address: 195.67.199.15
Connection attempt Firewall protection 04/02/04 03:19:54 Blocked Source IP address: 195.67.199.15
Attacking IP address blocked Firewall protection 04/02/04 02:05:59 Complete Source IP address: 68.126.5.70
Attacking IP address blocked Firewall protection 04/02/04 01:56:00 Started Source IP address: 68.126.5.70
Port scan attack Firewall protection 04/02/04 01:55:59 Blocked Source IP address: 68.126.5.70
Update Update system 04/01/04 14:28:11 Correct New virus signatures: 143
Connection attempt Firewall protection 04/01/04 13:49:10 Blocked Source IP address: 195.67.199.15
Connection attempt Firewall protection 04/01/04 13:49:10 Blocked Source IP address: 195.67.199.16
Connection attempt Firewall protection 04/01/04 13:46:00 Blocked Source IP address: 195.67.199.15
Connection attempt Firewall protection 04/01/04 11:47:53 Blocked Source IP address: 211.46.10.2
Connection attempt Firewall protection 04/01/04 11:35:08 Blocked Source IP address: 218.109.192.147
Connection attempt Firewall protection 04/01/04 11:20:01 Blocked Source IP address: 210.186.220.127
Connection attempt Firewall protection 04/01/04 11:14:50 Blocked Source IP address: 10.0.114.1
Connection attempt Firewall protection 04/01/04 11:12:00 Blocked Source IP address: 195.67.199.16
Connection attempt Firewall protection 04/01/04 11:04:01 Blocked Source IP address: 219.23.168.232
Connection attempt Firewall protection 04/01/04 11:03:58 Blocked Source IP address: 219.23.168.232
Connection attempt Firewall protection 04/01/04 11:02:02 Blocked Source IP address: 195.67.199.15
Connection attempt Firewall protection 04/01/04 11:01:53 Blocked Source IP address: 213.67.169.119
Connection attempt Firewall protection 04/01/04 11:01:32 Blocked Source IP address: 195.67.199.16
Connection attempt Firewall protection 04/01/04 10:58:24 Blocked Source IP address: 213.98.89.207
Connection attempt Firewall protection 04/01/04 10:44:21 Blocked Source IP address: 195.67.199.15
Connection attempt Firewall protection 04/01/04 10:44:21 Blocked Source IP address: 195.67.199.16
Connection attempt Firewall protection 04/01/04 10:39:44 Blocked Source IP address: 213.64.234.234
Connection attempt Firewall protection 04/01/04 10:37:04 Blocked Source IP address: 211.244.179.157
Connection attempt Firewall protection 04/01/04 10:19:47 Blocked Source IP address: 61.82.247.190
Connection attempt Firewall protection 04/01/04 09:56:59 Blocked Source IP address: 12.177.49.164
Connection attempt Firewall protection 04/01/04 09:44:53 Blocked Source IP address: 61.208.217.220
Connection attempt Firewall protection 04/01/04 09:00:31 Blocked Source IP address: 195.67.199.16
Connection attempt Firewall protection 04/01/04 09:00:24 Blocked Source IP address: 195.67.199.15
Connection attempt Firewall protection 04/01/04 08:55:11 Blocked Source IP address: 213.67.69.91
Connection attempt Firewall protection 04/01/04 08:31:50 Blocked Source IP address: 193.146.76.66
Connection attempt Firewall protection 04/01/04 08:30:09 Blocked Source IP address: 130.237.203.226
Connection attempt Firewall protection 04/01/04 08:30:01 Blocked Source IP address: 130.237.203.226
Connection attempt Firewall protection 04/01/04 08:29:55 Blocked Source IP address: 130.237.203.226
Connection attempt Firewall protection 04/01/04 08:23:05 Blocked Source IP address: 24.157.206.52
Connection attempt Firewall protection 04/01/04 08:02:31 Blocked Source IP address: 64.108.8.197
Connection attempt Firewall protection 04/01/04 07:51:18 Blocked Source IP address: 195.67.199.15
Connection attempt Firewall protection 04/01/04 07:49:21 Blocked Source IP address: 213.67.169.119
Attacking IP address blocked Firewall protection 04/01/04 06:47:13 Complete Source IP address: 200.45.138.126
Attacking IP address blocked Firewall protection 04/01/04 06:37:15 Started Source IP address: 200.45.138.126
Connection attempt Firewall protection 04/01/04 06:37:15 Blocked Source IP address: 200.45.138.126
Connection attempt Firewall protection 04/01/04 06:37:15 Blocked Source IP address: 200.45.138.126
Connection attempt Firewall protection 04/01/04 06:37:15 Blocked Source IP address: 200.45.138.126
Connection attempt Firewall protection 04/01/04 06:37:15 Blocked Source IP address: 200.45.138.126
Connection attempt Firewall protection 04/01/04 06:37:15 Blocked Source IP address: 200.45.138.126
Port scan attack Firewall protection 04/01/04 06:37:14 Blocked Source IP address: 200.45.138.126
Connection attempt Firewall protection 04/01/04 06:30:11 Blocked Source IP address: 218.70.9.210
Connection attempt Firewall protection 04/01/04 06:13:08 Blocked Source IP address: 213.67.169.119
Connection attempt Firewall protection 04/01/04 06:10:00 Blocked Source IP address: 64.156.39.12
Connection attempt Firewall protection 04/01/04 06:10:00 Blocked Source IP address: 64.156.39.12
Connection attempt Firewall protection 04/01/04 05:52:09 Blocked Source IP address: 195.67.199.16
Connection attempt Firewall protection 04/01/04 05:50:51 Blocked Application: C:\Program Files\Internet Explorer\iexplore.exe
Connection attempt Firewall protection 04/01/04 05:50:43 Blocked Application: C:\Program Files\Internet Explorer\iexplore.exe
Scan complete On-demand antivirus scan 04/01/04 05:50:21 Scan: Microsoft Outlook
Scan started On-demand antivirus scan 04/01/04 05:49:51 Scan: Microsoft Outlook
Connection attempt Firewall protection 04/01/04 05:44:23 Blocked Source IP address: 212.67.96.27
Connection attempt Firewall protection 04/01/04 05:44:23 Blocked Source IP address: 212.67.96.27
Connection attempt Firewall protection 04/01/04 05:44:23 Blocked Source IP address: 212.67.96.27
Connection attempt Firewall protection 04/01/04 04:47:30 Blocked Source IP address: 213.67.169.119
Connection attempt Firewall protection 04/01/04 04:47:08 Blocked Source IP address: 213.89.8.181
Connection attempt Firewall protection 04/01/04 04:47:08 Blocked Source IP address: 213.89.8.181
Connection attempt Firewall protection 04/01/04 04:47:02 Blocked Source IP address: 213.89.8.181
Connection attempt Firewall protection 04/01/04 04:47:02 Blocked Source IP address: 213.89.8.181
Connection attempt Firewall protection 04/01/04 04:46:59 Blocked Source IP address: 213.89.8.181
Connection attempt Firewall protection 04/01/04 04:46:59 Blocked Source IP address: 213.89.8.181
Connection attempt Firewall protection 04/01/04 04:22:45 Blocked Source IP address: 195.136.72.100
Connection attempt Firewall protection 04/01/04 04:20:16 Blocked Source IP address: 66.126.67.35
Connection attempt Firewall protection 04/01/04 03:33:15 Blocked Source IP address: 62.214.20.157
Connection attempt Firewall protection 04/01/04 03:33:15 Blocked Source IP address: 62.214.20.157
Connection attempt Firewall protection 04/01/04 03:26:48 Blocked Source IP address: 24.146.1.176
Connection attempt Firewall protection 04/01/04 03:15:04 Blocked Source IP address: 194.108.220.27
Connection attempt Firewall protection 04/01/04 03:14:51 Blocked Source IP address: 213.67.169.119
Connection attempt Firewall protection 04/01/04 03:12:14 Blocked Source IP address: 211.160.164.54
Connection attempt Firewall protection 04/01/04 02:24:42 Blocked Source IP address: 62.20.106.32
Connection attempt Firewall protection 04/01/04 01:55:13 Blocked Source IP address: 213.231.76.221
Connection attempt Firewall protection 04/01/04 01:54:12 Blocked Source IP address: 218.89.53.77
Connection attempt Firewall protection 04/01/04 01:32:09 Blocked Source IP address: 213.67.169.119
Attacking IP address blocked Firewall protection 04/01/04 01:22:03 Complete Source IP address: 83.88.136.236
Connection attempt Firewall protection 04/01/04 01:12:04 Blocked Source IP address: 83.88.136.236
Connection attempt Firewall protection 04/01/04 01:12:04 Blocked Source IP address: 83.88.136.236
Connection attempt Firewall protection 04/01/04 01:12:04 Blocked Source IP address: 83.88.136.236
Connection attempt Firewall protection 04/01/04 01:12:04 Blocked Source IP address: 83.88.136.236
Connection attempt Firewall protection 04/01/04 01:12:04 Blocked Source IP address: 83.88.136.236
Port scan attack Firewall protection 04/01/04 01:12:03 Blocked Source IP address: 83.88.136.236
Attacking IP address blocked Firewall protection 04/01/04 01:12:03 Started Source IP address: 83.88.136.236
Connection attempt Firewall protection 04/01/04 00:24:51 Blocked Source IP address: 81.225.156.175
Connection attempt Firewall protection 03/31/04 23:58:34 Blocked Source IP address: 12.125.51.14
Connection attempt Firewall protection 03/31/04 23:56:04 Blocked Source IP address: 213.67.169.119
Connection attempt Firewall protection 03/31/04 23:51:15 Blocked Source IP address: 12.125.51.14
Connection attempt Firewall protection 03/31/04 23:43:56 Blocked Source IP address: 195.67.199.16
... to be continued.
 

·
Registered
Joined
·
25 Posts
Discussion Starter · #2 ·
and the rest...

Suspicious file On-demand antivirus scan 03/31/04 23:34:10 Moved File: C:\Documents and Settings\Sir Simon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SGH-E715_20031106__3dmall__30.jpg-2746739f-7835615e.idx
Suspicious file On-demand antivirus scan 03/31/04 23:34:09 Moved File: C:\Documents and Settings\Sir Simon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SGH-E715_20031106__3dmall__3.jpg-1ef8d537-55feeeec.idx
Connection attempt Firewall protection 03/31/04 23:32:10 Blocked Source IP address: 24.232.94.50
Virus detected: Exploit/ByteVerify On-demand antivirus scan 03/31/04 23:29:16 Disinfected Path: C:\Documents and Settings\Rick.SHUTTLE01.000\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\WebCounter.jar-63879d6e-5f1f605e.zip[WebCounter.class]
Virus detected: Exploit/ByteVerify On-demand antivirus scan 03/31/04 23:29:15 Disinfected Path: C:\Documents and Settings\Rick.SHUTTLE01.000\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\WebCounter.jar-63879d6e-5f1f605e.zip[VerifierBug.class]
Virus detected: Exploit/ByteVerify On-demand antivirus scan 03/31/04 23:29:13 Disinfected Path: C:\Documents and Settings\Rick.SHUTTLE01.000\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\WebCounter.jar-63879d6e-5f1f605e.zip[Dummy.class]
Virus detected: Exploit/ByteVerify On-demand antivirus scan 03/31/04 23:29:12 Disinfected Path: C:\Documents and Settings\Rick.SHUTTLE01.000\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\showbanner.jar-228e1fd-6e6956b2.zip[VerifierBug.class]
Virus detected: Exploit/ByteVerify On-demand antivirus scan 03/31/04 23:29:10 Disinfected Path: C:\Documents and Settings\Rick.SHUTTLE01.000\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\showbanner.jar-228e1fd-6e6956b2.zip[Dummy.class]
Virus detected: Exploit/ByteVerify On-demand antivirus scan 03/31/04 23:29:09 Disinfected Path: C:\Documents and Settings\Rick.SHUTTLE01.000\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\showbanner.jar-228e1fd-6e6956b2.zip[BlackBox.class]
Virus detected: Exploit/ByteVerify On-demand antivirus scan 03/31/04 23:29:07 Disinfected Path: C:\Documents and Settings\Rick.SHUTTLE01.000\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nbb2.jar-3ba8fb30-2757f7f7.zip[VerifierBug.class]
Virus detected: Exploit/ByteVerify On-demand antivirus scan 03/31/04 23:29:06 Disinfected Path: C:\Documents and Settings\Rick.SHUTTLE01.000\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nbb2.jar-3ba8fb30-2757f7f7.zip[Dummy.class]
Virus detected: Exploit/ByteVerify On-demand antivirus scan 03/31/04 23:29:04 Disinfected Path: C:\Documents and Settings\Rick.SHUTTLE01.000\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nbb2.jar-3ba8fb30-2757f7f7.zip[counter.class]
Virus detected: Exploit/ByteVerify On-demand antivirus scan 03/31/04 23:29:03 Disinfected Path: C:\Documents and Settings\Rick.SHUTTLE01.000\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nbb2.jar-3ba8fb30-2757f7f7.zip[Beyond.class]
Virus detected: Exploit/ByteVerify On-demand antivirus scan 03/31/04 23:29:00 Disinfected Path: C:\Documents and Settings\Rick.SHUTTLE01.000\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\demo.jar-311c7835-175e12dc.zip[Dummy.class]
Virus detected: Exploit/ByteVerify On-demand antivirus scan 03/31/04 23:28:58 Disinfected Path: C:\Documents and Settings\Rick.SHUTTLE01.000\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\demo.jar-311c7835-175e12dc.zip[VerifierBug.class]
Virus detected: Exploit/ByteVerify On-demand antivirus scan 03/31/04 23:28:57 Disinfected Path: C:\Documents and Settings\Rick.SHUTTLE01.000\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jar-503d0b18-26fb7096.zip[Dummy.class]
Virus detected: Exploit/ByteVerify On-demand antivirus scan 03/31/04 23:28:56 Disinfected Path: C:\Documents and Settings\Rick.SHUTTLE01.000\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4ff11e7a-67f007a1.zip[Dummy.class]
Virus detected: Exploit/ByteVerify On-demand antivirus scan 03/31/04 23:28:52 Disinfected Path: C:\Documents and Settings\Rick.SHUTTLE01.000\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-1803745e-31b0f212.zip[A.class]
Virus detected: Exploit/ByteVerify On-demand antivirus scan 03/31/04 23:28:51 Disinfected Path: C:\Documents and Settings\Rick.SHUTTLE01.000\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-1803745e-31b0f212.zip[BlackBox.class]
Virus detected: Exploit/ByteVerify On-demand antivirus scan 03/31/04 23:28:49 Disinfected Path: C:\Documents and Settings\Rick.SHUTTLE01.000\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5ea3e6c5-7687bab9.zip[Gummy.class]
Virus detected: Exploit/ByteVerify On-demand antivirus scan 03/31/04 23:28:48 Disinfected Path: C:\Documents and Settings\Rick.SHUTTLE01.000\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-1ba304ec-1e578371.zip[Gummy.class]
Virus detected: Exploit/ByteVerify On-demand antivirus scan 03/31/04 23:28:45 Disinfected Path: C:\Documents and Settings\Rick.SHUTTLE01.000\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-5aad7e12-6ef397a0.class
Virus detected: Exploit/ByteVerify On-demand antivirus scan 03/31/04 23:28:43 Disinfected Path: C:\Documents and Settings\Rick.SHUTTLE01.000\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-11f54855-54e06628.class
Virus detected: Exploit/ByteVerify On-demand antivirus scan 03/31/04 23:28:40 Disinfected Path: C:\Documents and Settings\Rick.SHUTTLE01.000\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-6b5281ff-6567bd18.class
Virus detected: Exploit/ByteVerify On-demand antivirus scan 03/31/04 23:28:39 Disinfected Path: C:\Documents and Settings\Rick.SHUTTLE01.000\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-1d59cbfc-20f2a008.class
Virus detected: Exploit/ByteVerify On-demand antivirus scan 03/31/04 23:28:37 Disinfected Path: C:\Documents and Settings\Rick.SHUTTLE01.000\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-7e80d0ed-50510c1c.class
Virus detected: Exploit/ByteVerify On-demand antivirus scan 03/31/04 23:28:36 Disinfected Path: C:\Documents and Settings\Rick.SHUTTLE01.000\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-222b5bf4-75b48513.class
Scan complete On-demand antivirus scan 03/31/04 23:23:45 Scan: A floppy disk drive:
Scan started On-demand antivirus scan 03/31/04 23:23:45 Scan: C hard disk:
Scan complete On-demand antivirus scan 03/31/04 23:23:44 Scan: Memory
Scan started On-demand antivirus scan 03/31/04 23:23:44 Scan: A floppy disk drive:
Scan started On-demand antivirus scan 03/31/04 23:23:38 Scan: Memory
Scan complete On-demand antivirus scan 03/31/04 23:23:01 Scan: Microsoft Outlook
Connection attempt Firewall protection 03/31/04 23:22:46 Blocked Source IP address: 195.67.199.16
Scan started On-demand antivirus scan 03/31/04 23:22:18 Scan: Microsoft Outlook
Connection attempt Firewall protection 03/31/04 23:22:14 Blocked Source IP address: 195.67.199.16
Connection attempt Firewall protection 03/31/04 23:10:55 Blocked Source IP address: 202.108.249.51
Connection attempt Firewall protection 03/31/04 23:06:22 Blocked Source IP address: 195.67.199.15
Connection attempt Firewall protection 03/31/04 23:05:53 Blocked Source IP address: 195.67.199.15
Connection attempt Firewall protection 03/31/04 22:58:55 Blocked Source IP address: 195.67.199.16
Connection attempt Firewall protection 03/31/04 22:58:47 Blocked Source IP address: 195.67.199.16
Connection attempt Firewall protection 03/31/04 22:58:46 Blocked Source IP address: 195.67.199.15
Connection attempt Firewall protection 03/31/04 22:58:15 Blocked Source IP address: 195.67.199.15
Connection attempt Firewall protection 03/31/04 22:19:20 Blocked Source IP address: 213.67.169.119
Update Update system 03/31/04 18:40:53 Correct New virus signatures: 1
Virus detected: Trj/Startpage.BW File antivirus protection 03/31/04 12:24:31 Disinfected Path: c:\documents and settings\sys.exe
Update Update system 03/31/04 12:20:25 Correct New virus signatures: 120
Update Update system 03/30/04 14:10:30 Correct New virus signatures: 2
Virus detected: W32/Netsky.P.worm File antivirus protection 03/30/04 07:54:41 Disinfected Path: c:\docume~1\ricksh~1.000\locals~1\temp\temporary directory 1 for readme_luu[1].zip\details.txt .pif
Update Update system 03/29/04 22:36:06 Correct New virus signatures: 108
Update Update system 03/29/04 17:19:09 Correct New virus signatures: 1
Update Update system 03/29/04 13:01:23 Correct New virus signatures: 1
Update Update system 03/29/04 10:51:42 Correct New virus signatures: 65
Update Update system 03/28/04 17:45:16 Correct New virus signatures: 89
Update Update system 03/28/04 04:42:14 Correct New virus signatures: 131
Update Update system 08/29/03 10:55:39 Correct New virus signatures: 9
Virus detected: W32/Blaster File antivirus protection 08/29/03 10:37:41 Disinfected Path: c:\windxp\system32\msblast.exe
Update Update system 08/28/03 12:42:48 Correct New virus signatures: 10
Update Update system 08/27/03 14:37:56 Correct New virus signatures: 18

PestPatrol:

04-02-2004,"0409333021","","Rick","C:\Documents and Settings\Rick.SHUTTLE01.000\Local Settings\Temp\comver.dll","GameSpy Arcade","1686415999","Ignored","6fe6f4ea34ac74f25792bcae8eb94816","SHUTTLE01"

04-02-2004,"0409333021","","Rick","C:\Documents and Settings\Rick.SHUTTLE01.000\Local Settings\Temp\GSAEULA.TXT","GameSpy Arcade","141043165","Ignored","52abe475727395f0079f428e522d7084","SHUTTLE01"

04-02-2004,"0409333021","","Rick","","CWS.GoogleMS.3","","Ignored","","SHUTTLE01"

04-01-2004,"0409200366","","Rick","C:\Documents and Settings\Rick.SHUTTLE01.000\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\showbanner.jar-228e1fd-6e6956b2.zip|BlackBox.class","Trojan.Java.ClassLoader.f","-2051297270","Ignored","d41d8cd98f00b204e9800998ecf8427e","SHUTTLE01"

04-01-2004,"0409200366","","Rick","C:\Documents and Settings\Rick.SHUTTLE01.000\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-6b5281ff-6567bd18.class","Black Box","256864385","Ignored","ef7a8439a4ecd5e445815018711e3513","SHUTTLE01"

04-01-2004,"0409200366","","Rick","C:\Documents and Settings\Rick.SHUTTLE01.000\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-1d59cbfc-20f2a008.class","Black Box","256864385","Ignored","ef7a8439a4ecd5e445815018711e3513","SHUTTLE01"

Netstat, no broadband:

Proto Local Address Foreign Address State
TCP shuttle01:4050 shuttle01:0 LISTENING
TCP shuttle01:6060 shuttle01:0 LISTENING
TCP shuttle01:9727 shuttle01:0 LISTENING
TCP shuttle01:31595 shuttle01:0 LISTENING
TCP shuttle01:31596 shuttle01:0 LISTENING
TCP shuttle01:31597 shuttle01:0 LISTENING
UDP shuttle01:ntp *:*
UDP shuttle01:2184 *:*
UDP shuttle01:18001 *:*
UDP shuttle01:18002 *:*
UDP shuttle01:18003 *:*
UDP shuttle01:ntp *:*
UDP shuttle01:ntp *:*

Netstat, with broadband:

Proto Local Address Foreign Address State
TCP shuttle01:2101 shuttle01:0 LISTENING
TCP shuttle01:2146 shuttle01:0 LISTENING
TCP shuttle01:2371 shuttle01:0 LISTENING
TCP shuttle01:2372 shuttle01:0 LISTENING
TCP shuttle01:4050 shuttle01:0 LISTENING
TCP shuttle01:6060 shuttle01:0 LISTENING
TCP shuttle01:9727 shuttle01:0 LISTENING
TCP shuttle01:31595 shuttle01:0 LISTENING
TCP shuttle01:31596 shuttle01:0 LISTENING
TCP shuttle01:31597 shuttle01:0 LISTENING
TCP shuttle01:2101 baym-cs20.msgr.hotmail.com:1863 ESTABLISHED
TCP shuttle01:2272 rad.msn.com:http TIME_WAIT
TCP shuttle01:2327 66.35.198.16:http TIME_WAIT
TCP shuttle01:2351 66.35.198.16:http TIME_WAIT
TCP shuttle01:2359 66.35.198.16:http TIME_WAIT
TCP shuttle01:2367 66.35.198.16:http TIME_WAIT
TCP shuttle01:2371 rad.msn.com:http ESTABLISHED
TCP shuttle01:2372 baym-sb23.msgr.hotmail.com:1863 ESTABLISHED
UDP shuttle01:2150 *:*
UDP shuttle01:ntp *:*
UDP shuttle01:2085 *:*
UDP shuttle01:2102 *:*
UDP shuttle01:2184 *:*
UDP shuttle01:18001 *:*
UDP shuttle01:18002 *:*
UDP shuttle01:18003 *:*
UDP shuttle01:ntp *:*
UDP shuttle01:discard *:*
UDP shuttle01:ntp *:*

Please see if something can be done!?

Thanks for any help/SeYa/Ambrose...
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top