[Ramnit- Not curable] Licosearch hijack browser - im really struggling!

By broony
Jun 4, 2011
Topic Status:
Not open for further replies.
  1. hi chaps,

    im really struggling with this one.

    My browser redirects me to licosearch and wont allow lots of web pages to load.

    thankfully i did manage to open up a thread on here and tried to follow the 7 step plan.

    what i have done so far:

    loaded up avira and completed a full scan (took about 6 hours) lots of stuff found.

    loaded up malwarebytes and did a full scan as well as a quick scan after the avira.

    i tried to load up the GMER but my internet wont open it ( ithink it might be the virus again??)

    and so here i am - my google is still redirecting we to licosearch and im tearing my hair out!!!!

    all help and advice gratefully welcome.
  2. broony

    broony Newcomer, in training Topic Starter Posts: 19

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6765

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    04/06/2011 13:00:16
    mbam-log-2011-06-04 (13-00-16).txt

    Scan type: Quick scan
    Objects scanned: 186314
    Time elapsed: 17 minute(s), 57 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Welcome to TechSpot!

    Hopefully you are running DDS and will pasted those 2 logs into your next reply. Then I will review them,and go on to the next step. Try running GMER in Safe Mode to do the scan.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
  4. broony

    broony Newcomer, in training Topic Starter Posts: 19

    my system wont allow me to start in safe mode with or without metworking. Im at my wits end!

    i cant load the dds as i get a message saying

    unable to establish a connection

    yet i know i am online with a good wireless signal.
  5. broony

    broony Newcomer, in training Topic Starter Posts: 19

    Logged in under the wifes log in - success!!

    GMER:

    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-06-04 20:53:18
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.10.0
    Running: y15z1efj.exe; Driver: C:\DOCUME~1\LORRAI~1\LOCALS~1\Temp\kflcykod.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 61

    ---- EOF - GMER 1.0.15 ----
  6. broony

    broony Newcomer, in training Topic Starter Posts: 19

    DDS:

    .
    DDS (Ver_2011-06-03.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
    Run by lorraine hobson at 21:13:31 on 2011-06-04
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.507 [GMT 1:00]
    .
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwbarebytes' brilliant virus removal\mbamservice.exe
    C:\WINDOWS\system32\nvsvc32.exe
    svchost.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = <local>
    mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\program files\lxbmaesm\tesykeca.exe
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\documents and settings\lorraine hobson\start menu\programs\startup\tesykeca.exe
    Trusted Zone: com.tw\asia.msi
    Trusted Zone: com.tw\global.msi
    Trusted Zone: com.tw\www.msi
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
    WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\lorraine hobson\application data\mozilla\firefox\profiles\bs3czrpn.default\
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-4-28 53816]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-6-4 11608]
    R1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\26169\RapportCerberus_26169.sys [2011-5-2 57144]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-4-28 158904]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-6-4 136360]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-4 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-4 61960]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-11-26 66048]
    R2 MBAMService;MBAMService;c:\program files\malwbarebytes' brilliant virus removal\mbamservice.exe [2011-6-3 366640]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2006-7-10 882688]
    R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2011-3-15 57440]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-3 22712]
    R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2006-7-10 7040]
    S1 MpKsl0b05d477;MpKsl0b05d477;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3f392024-a7a8-4a02-ac08-b1d7a85fc6a6}\mpksl0b05d477.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3f392024-a7a8-4a02-ac08-b1d7a85fc6a6}\MpKsl0b05d477.sys [?]
    S1 MpKsl35231091;MpKsl35231091;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{32028339-1dc9-4323-ac79-3e178affe807}\mpksl35231091.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{32028339-1dc9-4323-ac79-3e178affe807}\MpKsl35231091.sys [?]
    S1 MpKslae24dca0;MpKslae24dca0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{32028339-1dc9-4323-ac79-3e178affe807}\mpkslae24dca0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{32028339-1dc9-4323-ac79-3e178affe807}\MpKslae24dca0.sys [?]
    S1 MpKslb9bbebb4;MpKslb9bbebb4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{48696746-f734-4d1d-91aa-cb7eb40d032d}\mpkslb9bbebb4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{48696746-f734-4d1d-91aa-cb7eb40d032d}\MpKslb9bbebb4.sys [?]
    S1 MpKsld3ad200c;MpKsld3ad200c; [x]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-3 136176]
    S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2011-3-15 1723840]
    S3 DUBE100;D-LINK DUB-E100 USB 2.0 to Fast Ethernet Adapter;c:\windows\system32\drivers\DUBE100.sys [2009-1-16 11935]
    S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-3 136176]
    S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wna1100\jswpsapi.exe [2011-3-15 360529]
    S3 Micorsoft Windows Service;Micorsoft Windows Service;\??\c:\windows\temp\bptgnbum.sys --> c:\windows\temp\bptgnbum.sys [?]
    S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2008-11-26 167808]
    S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2008-11-26 13532]
    S4 WSWNA1100;WSWNA1100;c:\program files\netgear\wna1100\WifiSvc.exe [2011-3-15 268768]
    .
    =============== Created Last 30 ================
    .
    2011-06-04 20:03:29 -------- d-----w- c:\documents and settings\lorraine hobson\application data\Avira
    2011-06-04 19:53:35 179631 ----a-w- c:\program files\internet explorer\iexploremgr.exe
    2011-06-04 18:26:09 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-06-04 18:26:09 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-06-04 00:53:50 -------- d-sha-w- c:\windows\Repair
    2011-06-04 00:40:56 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-06-04 00:40:54 -------- d-----w- c:\program files\Avira
    2011-06-04 00:40:54 -------- d-----w- c:\documents and settings\all users\application data\Avira
    2011-06-04 00:12:14 -------- d-----w- c:\program files\Trend Micro
    2011-06-03 21:34:54 -------- d-----w- c:\program files\Spybot - Search & Destroy brilliant
    2011-06-03 18:55:56 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-03 18:55:50 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-03 18:55:50 -------- d-----w- c:\program files\Malwbarebytes' brilliant virus removal
    2011-06-03 18:31:33 -------- d--h--w- c:\windows\system32\GroupPolicy
    2011-06-03 18:24:18 179631 --s---w- C:\tesykeca.exe
    2011-05-28 22:49:28 -------- d-----w- c:\program files\lxbmaesm
    .
    ==================== Find3M ====================
    .
    2011-04-28 13:34:50 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2003-08-27 22:19:18 36963 ----a-r- c:\program files\common files\SM1updtr.dll
    .
    ============= FINISH: 21:17:56.50 ===============
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    We need to submit 2 files for identification:

    Please go to VirSCAN.org FREE on-line scan service:
    If busy, you can use one of the following: ( you only need one)
    VirusTotal
    Jotti

    • [1]. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.

      Code:
      c:\windows\system32\userinit.exe
      
      c:\program files\Internet Explorer\iexploremgr.exe
      
      
      [2]. At the upload site, click once inside the window next to Browse.
      [3]. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
      [4]. Click on the Upload button.
      This will perform a scan across multiple different virus scanning engines.
      Your file will possibly be entered into a queue which normally takes less than a minute to clear.
      Important: Wait for all of the scanning engines to complete.
      [5]. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
      [6]. Paste the contents of the Clipboard in your next reply.

    The results of these scan will determine what we do next.

    Note: If you are unable to access the internet to get the identifications, please run a full scan with your AV program, then post that log.

    .
  8. broony

    broony Newcomer, in training Topic Starter Posts: 19

    hi,

    i really appreciate your help.

    first file:

    Antivirus Version Last Update Result
    AhnLab-V3 2011.06.05.00 2011.06.05 -
    AntiVir 7.11.9.29 2011.06.05 -
    Antiy-AVL 2.0.3.7 2011.06.05 -
    Avast 4.8.1351.0 2011.06.05 -
    Avast5 5.0.677.0 2011.06.05 -
    AVG 10.0.0.1190 2011.06.05 -
    CAT-QuickHeal 11.00 2011.06.05 -
    ClamAV 0.97.0.0 2011.06.05 -
    Commtouch 5.3.2.6 2011.06.05 -
    Comodo 8961 2011.06.05 -
    DrWeb 5.0.2.03300 2011.06.05 -
    Emsisoft 5.1.0.5 2011.06.05 -
    eSafe 7.0.17.0 2011.06.02 -
    eTrust-Vet 36.1.8366 2011.06.03 -
    F-Prot 4.6.2.117 2011.06.05 -
    F-Secure 9.0.16440.0 2011.06.05 -
    Fortinet 4.2.257.0 2011.06.04 -
    Ikarus T3.1.1.104.0 2011.06.05 -
    Jiangmin 13.0.900 2011.06.01 -
    K7AntiVirus 9.104.4769 2011.06.04 -
    Kaspersky 9.0.0.837 2011.06.05 -
    McAfee 5.400.0.1158 2011.06.05 -
    McAfee-GW-Edition 2010.1D 2011.06.05 -
    Microsoft 1.6903 2011.06.05 -
    NOD32 6182 2011.06.05 -
    Norman 6.07.07 2011.06.05 -
    nProtect 2011-06-05.01 2011.06.05 -
    Panda 10.0.3.5 2011.06.05 -
    PCTools 7.0.3.5 2011.06.03 -
    Prevx 3.0 2011.06.05 -
    Rising 23.60.03.09 2011.06.03 -
    Sophos 4.66.0 2011.06.05 -
    SUPERAntiSpyware 4.40.0.1006 2011.06.05 -
    TheHacker 6.7.0.1.220 2011.06.04 -
    TrendMicro 9.200.0.1012 2011.06.05 -
    TrendMicro-HouseCall 9.200.0.1012 2011.06.05 -
    VBA32 3.12.16.0 2011.06.03 -
    VIPRE 9495 2011.06.05 -
    ViRobot 2011.6.4.4496 2011.06.05 -
    VirusBuster 14.0.68.0 2011.06.05 -
    Additional information
    MD5 : a93aee1928a9d7ce3e16d24ec7380f89
    SHA1 : 513f8bdf67a5a9e09803cfb61f590b39f2683853
    SHA256: 944cd2135e171af338352568aa7fe1b8004733a4281395ad6723e0cf43d5f53f
  9. broony

    broony Newcomer, in training Topic Starter Posts: 19

    let me explain:

    my DDs and GMER files were done from my wifes log in (as my log in couldnt upload the files)

    my previous post is from my log in but the second file you asked for couldnt be found. I have loggen in again using the wifes.

    here is the first one again.

    Antivirus Version Last Update Result
    AhnLab-V3 2011.06.05.00 2011.06.05 -
    AntiVir 7.11.9.29 2011.06.05 -
    Antiy-AVL 2.0.3.7 2011.06.05 -
    Avast 4.8.1351.0 2011.06.05 -
    Avast5 5.0.677.0 2011.06.05 -
    AVG 10.0.0.1190 2011.06.05 -
    BitDefender 7.2 2011.06.05 -
    CAT-QuickHeal 11.00 2011.06.05 -
    ClamAV 0.97.0.0 2011.06.05 -
    Commtouch 5.3.2.6 2011.06.05 -
    Comodo 8961 2011.06.05 -
    DrWeb 5.0.2.03300 2011.06.05 -
    Emsisoft 5.1.0.5 2011.06.05 -
    eSafe 7.0.17.0 2011.06.02 -
    eTrust-Vet 36.1.8366 2011.06.03 -
    F-Prot 4.6.2.117 2011.06.05 -
    F-Secure 9.0.16440.0 2011.06.05 -
    Fortinet 4.2.257.0 2011.06.04 -
    GData 22 2011.06.05 -
    Ikarus T3.1.1.104.0 2011.06.05 -
    Jiangmin 13.0.900 2011.06.01 -
    K7AntiVirus 9.104.4769 2011.06.04 -
    Kaspersky 9.0.0.837 2011.06.05 -
    McAfee 5.400.0.1158 2011.06.05 -
    McAfee-GW-Edition 2010.1D 2011.06.05 -
    Microsoft 1.6903 2011.06.05 -
    NOD32 6182 2011.06.05 -
    Norman 6.07.07 2011.06.05 -
    nProtect 2011-06-05.01 2011.06.05 -
    Panda 10.0.3.5 2011.06.05 -
    PCTools 7.0.3.5 2011.06.03 -
    Prevx 3.0 2011.06.05 -
    Rising 23.60.03.09 2011.06.03 -
    Sophos 4.66.0 2011.06.05 -
    SUPERAntiSpyware 4.40.0.1006 2011.06.05 -
    Symantec 20111.1.0.186 2011.06.05 -
    TheHacker 6.7.0.1.220 2011.06.04 -
    TrendMicro 9.200.0.1012 2011.06.05 -
    TrendMicro-HouseCall 9.200.0.1012 2011.06.05 -
    VBA32 3.12.16.0 2011.06.03 -
    VIPRE 9495 2011.06.05 -
    ViRobot 2011.6.4.4496 2011.06.05 -
    VirusBuster 14.0.68.0 2011.06.05 -
    Additional informationShow all
    MD5 : a93aee1928a9d7ce3e16d24ec7380f89
    SHA1 : 513f8bdf67a5a9e09803cfb61f590b39f2683853
    SHA256: 944cd2135e171af338352568aa7fe1b8004733a4281395ad6723e0cf43d5f53f
    ssdeep: 768:0RMJi8jDLIDSAaQFxfftjaLacmkLGKOq:0RMJbDMDSA7FxffJaLaSLG9q
    File size : 26112 bytes
    First seen: 2009-02-12 03:28:35
    Last seen : 2011-06-05 21:07:02
    TrID:
    Win32 Executable MS Visual C++ (generic) (65.2%)
    Win32 Executable Generic (14.7%)
    Win32 Dynamic Link Library (generic) (13.1%)
    Generic Win/DOS Executable (3.4%)
    DOS Executable Generic (3.4%)
    sigcheck:
    publisher....: Microsoft Corporation
    copyright....: (c) Microsoft Corporation. All rights reserved.
    product......: Microsoft_ Windows_ Operating System
    description..: Userinit Logon Application
    original name: USERINIT.EXE
    internal name: userinit
    file version.: 5.1.2600.5512 (xpsp.080413-2113)
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned

    PEInfo: PE structure information

    [[ basic data ]]
    entrypointaddress: 0x54AD
    timedatestamp....: 0x480251A8 (Sun Apr 13 18:32:08 2008)
    machinetype......: 0x14c (I386)

    [[ 3 section(s) ]]
    name, viradd, virsiz, rawdsiz, ntropy, md5
    .text, 0x1000, 0x520E, 0x5400, 5.95, 099b53205ad3f1c3b853a5310d08a9b1
    .data, 0x7000, 0x14C, 0x200, 1.86, 0bb948f267e82975313a03d8c0e8a1cf
    .rsrc, 0x8000, 0xB50, 0xC00, 3.27, bac832e39f87c4f5f640e5d5c6a1c2fc

    [[ 9 import(s) ]]
    USER32.dll: CreateWindowExW, DestroyWindow, RegisterClassExW, DefWindowProcW, LoadRemoteFonts, wsprintfW, GetSystemMetrics, GetKeyboardLayout, SystemParametersInfoW, GetDesktopWindow, LoadStringW, MessageBoxW, ExitWindowsEx, CharNextW
    ADVAPI32.dll: RegOpenKeyExA, ReportEventW, RegisterEventSourceW, DeregisterEventSource, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, GetUserNameW, RegQueryValueExW, RegOpenKeyExW, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExA
    CRYPT32.dll: CryptProtectData
    WINSPOOL.DRV: SpoolerInit
    ntdll.dll: RtlLengthSid, RtlCopySid, _itow, RtlFreeUnicodeString, DbgPrint, wcslen, wcscpy, wcscat, wcscmp, RtlInitUnicodeString, NtOpenKey, NtClose, _wcsicmp, memmove, RtlConvertSidToUnicodeString, NtQueryInformationToken
    NETAPI32.dll: DsGetDcNameW, NetApiBufferFree
    WLDAP32.dll: -, -, -, -, -, -
    msvcrt.dll: __setusermatherr, _initterm, __getmainargs, _acmdln, _adjust_fdiv, _XcptFilter, _exit, _c_exit, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _cexit, exit
    KERNEL32.dll: CompareFileTime, LoadLibraryW, GetProcAddress, FreeLibrary, lstrcpyW, CreateProcessW, lstrlenW, GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, CloseHandle, lstrcatW, WaitForSingleObject, DelayLoadFailureHook, GetStartupInfoA, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, LocalReAlloc, GetSystemTime, lstrcmpW, GetCurrentThread, SetThreadPriority, ExpandEnvironmentStringsW, SearchPathW, GetLastError, CreateThread, GetFileAttributesExW, GetSystemDirectoryW, SetCurrentDirectoryW, FormatMessageW, lstrcmpiW, GetCurrentProcess, GetUserDefaultLangID, GetCurrentProcessId, SetEvent, OpenEventW, Sleep, SetEnvironmentVariableW

    ExifTool:
    file metadata
    CharacterSet: Unicode
    CodeSize: 21504
    CompanyName: Microsoft Corporation
    EntryPoint: 0x54ad
    FileDescription: Userinit Logon Application
    FileFlagsMask: 0x003f
    FileOS: Windows NT 32-bit
    FileSize: 26 kB
    FileSubtype: 0
    FileType: Win32 EXE
    FileVersion: 5.1.2600.5512 (xpsp.080413-2113)
    FileVersionNumber: 5.1.2600.5512
    ImageVersion: 5.1
    InitializedDataSize: 3584
    InternalName: userinit
    LanguageCode: English (U.S.)
    LegalCopyright: Microsoft Corporation. All rights reserved.
    LinkerVersion: 7.1
    MIMEType: application/octet-stream
    MachineType: Intel 386 or later, and compatibles
    OSVersion: 5.1
    ObjectFileType: Executable application
    OriginalFilename: USERINIT.EXE
    PEType: PE32
    ProductName: Microsoft Windows Operating System
    ProductVersion: 5.1.2600.5512
    ProductVersionNumber: 5.1.2600.5512
    Subsystem: Windows GUI
    SubsystemVersion: 4.0
    TimeStamp: 2008:04:13 20:32:08+02:00
    UninitializedDataSize: 0
  10. broony

    broony Newcomer, in training Topic Starter Posts: 19

    hi,

    no, the second file is not uploading - no file of that name exists. The first one is in my previous post.
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    None of these scan have headers. Nor do they say "No Malware" or "Found Malware." I have never seen the scans print out like this.

    What is this?
    And everything in between! This is not even the purpose of the scan.
    And we need to handle everything from the problem computer. I don't know if you're referring to one computer for you and another for your wife- or of it's different accounts on the same computer. But the identification has to come from thr computer that has the files on it.
    =================================
    Example of identification from a VirScan:

    File information
    File Name : USERINIT.EXE
    File Size : 57856 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : 185f0bd20a504aee0b006737e72ad3fa
    SHA1 : b1eefe9234036ced2924ffe7e4c5e5ab9763f391

    Scanner results
    Scanner results : 49% Scanner(s) (18/37) found malware!
    Time : 2011/05/24 13:00:56 (CST)

    Then it has the listing of all the scanners with their results like this:
    Scanner ↓.Engine Ver..... Sig Ver...........Sig Date.........Scan result...............Time
    a-squared ..... 5.1.0.2.......... 20110524031136 ....2011-05-24....Virus.Win32.Virut!IK...... 5.332
    AVG ....... .... 8.5.850......... 271.1.1/3656............2011-05-24 ....Win32/Virut............. 1.368
  12. broony

    broony Newcomer, in training Topic Starter Posts: 19

    all from the same computer, i switched log ins so i could download the DDs and other software.

    i have done a full AV:

    Avira AntiVir Personal
    Report file date: 05 June 2011 22:22

    Scanning for 2717015 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : YOUR-62C93FF897

    Version information:
    BUILD.DAT : 10.0.0.648 31823 Bytes 01/04/2011 18:36:00
    AVSCAN.EXE : 10.0.4.2 442024 Bytes 01/04/2011 16:07:43
    AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2011 16:07:57
    LUKE.DLL : 10.0.3.2 104296 Bytes 01/04/2011 16:07:53
    LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36
    VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 15:15:47
    VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 15:15:47
    VBASE003.VDF : 7.11.5.225 1980416 Bytes 07/04/2011 19:42:32
    VBASE004.VDF : 7.11.8.178 2354176 Bytes 31/05/2011 19:42:34
    VBASE005.VDF : 7.11.8.179 2048 Bytes 31/05/2011 19:42:34
    VBASE006.VDF : 7.11.8.180 2048 Bytes 31/05/2011 19:42:34
    VBASE007.VDF : 7.11.8.181 2048 Bytes 31/05/2011 19:42:34
    VBASE008.VDF : 7.11.8.182 2048 Bytes 31/05/2011 19:42:34
    VBASE009.VDF : 7.11.8.183 2048 Bytes 31/05/2011 19:42:34
    VBASE010.VDF : 7.11.8.184 2048 Bytes 31/05/2011 19:42:34
    VBASE011.VDF : 7.11.8.185 2048 Bytes 31/05/2011 19:42:35
    VBASE012.VDF : 7.11.8.186 2048 Bytes 31/05/2011 19:42:35
    VBASE013.VDF : 7.11.8.222 121856 Bytes 02/06/2011 19:42:35
    VBASE014.VDF : 7.11.9.7 134656 Bytes 04/06/2011 19:42:36
    VBASE015.VDF : 7.11.9.8 2048 Bytes 04/06/2011 19:42:36
    VBASE016.VDF : 7.11.9.9 2048 Bytes 04/06/2011 19:42:36
    VBASE017.VDF : 7.11.9.10 2048 Bytes 04/06/2011 19:42:36
    VBASE018.VDF : 7.11.9.11 2048 Bytes 04/06/2011 19:42:36
    VBASE019.VDF : 7.11.9.12 2048 Bytes 04/06/2011 19:42:36
    VBASE020.VDF : 7.11.9.13 2048 Bytes 04/06/2011 19:42:36
    VBASE021.VDF : 7.11.9.14 2048 Bytes 04/06/2011 19:42:36
    VBASE022.VDF : 7.11.9.15 2048 Bytes 04/06/2011 19:42:37
    VBASE023.VDF : 7.11.9.16 2048 Bytes 04/06/2011 19:42:37
    VBASE024.VDF : 7.11.9.17 2048 Bytes 04/06/2011 19:42:37
    VBASE025.VDF : 7.11.9.18 2048 Bytes 04/06/2011 19:42:37
    VBASE026.VDF : 7.11.9.19 2048 Bytes 04/06/2011 19:42:37
    VBASE027.VDF : 7.11.9.20 2048 Bytes 04/06/2011 19:42:37
    VBASE028.VDF : 7.11.9.21 2048 Bytes 04/06/2011 19:42:37
    VBASE029.VDF : 7.11.9.22 2048 Bytes 04/06/2011 19:42:37
    VBASE030.VDF : 7.11.9.23 2048 Bytes 04/06/2011 19:42:37
    VBASE031.VDF : 7.11.9.27 19968 Bytes 04/06/2011 19:42:37
    Engineversion : 8.2.5.12
    AEVDF.DLL : 8.1.2.1 106868 Bytes 28/03/2011 15:15:27
    AESCRIPT.DLL : 8.1.3.65 1606010 Bytes 04/06/2011 19:42:47
    AESCN.DLL : 8.1.7.2 127349 Bytes 28/03/2011 15:15:27
    AESBX.DLL : 8.2.1.34 323957 Bytes 04/06/2011 19:42:48
    AERDL.DLL : 8.1.9.9 639347 Bytes 25/03/2011 11:21:38
    AEPACK.DLL : 8.2.6.8 557430 Bytes 04/06/2011 19:42:46
    AEOFFICE.DLL : 8.1.1.25 205178 Bytes 04/06/2011 19:42:46
    AEHEUR.DLL : 8.1.2.123 3502456 Bytes 04/06/2011 19:42:45
    AEHELP.DLL : 8.1.17.2 246135 Bytes 04/06/2011 19:42:40
    AEGEN.DLL : 8.1.5.6 401780 Bytes 04/06/2011 19:42:40
    AEEMU.DLL : 8.1.3.0 393589 Bytes 28/03/2011 15:15:19
    AECORE.DLL : 8.1.21.1 196983 Bytes 04/06/2011 19:42:39
    AEBB.DLL : 8.1.1.0 53618 Bytes 28/03/2011 15:15:19
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 28/03/2011 15:15:31
    AVPREF.DLL : 10.0.0.0 44904 Bytes 01/04/2011 16:07:42
    AVREP.DLL : 10.0.0.10 174120 Bytes 04/06/2011 19:42:49
    AVREG.DLL : 10.0.3.2 53096 Bytes 01/04/2011 16:07:42
    AVSCPLR.DLL : 10.0.4.2 84840 Bytes 01/04/2011 16:07:43
    AVARKT.DLL : 10.0.22.6 231784 Bytes 01/04/2011 16:07:38
    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 01/04/2011 16:07:41
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 14:27:22
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 28/03/2011 15:15:30
    NETNT.DLL : 10.0.0.0 11624 Bytes 28/03/2011 15:15:39
    RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 01/04/2011 16:07:58
    RCTEXT.DLL : 10.0.58.0 97128 Bytes 28/03/2011 15:15:52

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:,
    Process scan........................: on
    Extended process scan...............: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium

    Start of the scan: 05 June 2011 22:22

    Starting search for hidden objects.

    The scan of running processes will be started
    Scan process 'logon.scr' - '15' Module(s) have been scanned
    Scan process 'avscan.exe' - '69' Module(s) have been scanned
    Scan process 'avcenter.exe' - '64' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '38' Module(s) have been scanned
    Scan process 'msdtc.exe' - '42' Module(s) have been scanned
    Scan process 'dllhost.exe' - '47' Module(s) have been scanned
    Scan process 'vssvc.exe' - '49' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '27' Module(s) have been scanned
    Scan process 'msmsgs.exe' - '44' Module(s) have been scanned
    Scan process 'avgnt.exe' - '54' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '105' Module(s) have been scanned
    Scan process 'winlogon.exe' - '71' Module(s) have been scanned
    Scan process 'csrss.exe' - '16' Module(s) have been scanned
    Scan process 'msmsgs.exe' - '44' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '27' Module(s) have been scanned
    Scan process 'avgnt.exe' - '47' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '104' Module(s) have been scanned
    Scan process 'alg.exe' - '33' Module(s) have been scanned
    Scan process 'dllhost.exe' - '62' Module(s) have been scanned
    Scan process 'mcrdsvc.exe' - '31' Module(s) have been scanned
    Scan process 'x10nets.exe' - '36' Module(s) have been scanned
    Scan process 'svchost.exe' - '38' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '37' Module(s) have been scanned
    Scan process 'mbamservice.exe' - '35' Module(s) have been scanned
    Scan process 'avshadow.exe' - '28' Module(s) have been scanned
    Scan process 'jqs.exe' - '35' Module(s) have been scanned
    Scan process 'ehSched.exe' - '40' Module(s) have been scanned
    Scan process 'ehRecvr.exe' - '89' Module(s) have been scanned
    Scan process 'avguard.exe' - '62' Module(s) have been scanned
    Scan process 'svchost.exe' - '36' Module(s) have been scanned
    Scan process 'sched.exe' - '45' Module(s) have been scanned
    Scan process 'acs.exe' - '85' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '55' Module(s) have been scanned
    Scan process 'svchost.exe' - '33' Module(s) have been scanned
    Scan process 'svchost.exe' - '34' Module(s) have been scanned
    Scan process 'svchost.exe' - '169' Module(s) have been scanned
    Scan process 'svchost.exe' - '40' Module(s) have been scanned
    Scan process 'svchost.exe' - '53' Module(s) have been scanned
    Scan process 'lsass.exe' - '60' Module(s) have been scanned
    Scan process 'services.exe' - '29' Module(s) have been scanned
    Scan process 'winlogon.exe' - '74' Module(s) have been scanned
    Scan process 'csrss.exe' - '14' Module(s) have been scanned
    Scan process 'smss.exe' - '2' Module(s) have been scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    Master boot sector HD2
    [INFO] No virus was found!
    Master boot sector HD3
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).
    The registry was scanned ( '451' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\addr_file.html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Desktop\y15z1efj.exe
    [DETECTION] Contains code of the W32/Ramnit.C Windows virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temp\ljqtpgej.exe
    [DETECTION] Is the TR/Drop.41984 Trojan
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\0UTGWKBO\login[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\0UTGWKBO\subsite[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\3LC6PV0Q\11307225621@x50[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\3LC6PV0Q\button[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\3LC6PV0Q\firstpage[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\3LC6PV0Q\how-to-disable-script-blocking-392291[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\3LC6PV0Q\index[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\3LC6PV0Q\menu28[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\3LC6PV0Q\MiniNavBar[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\ads[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\Context[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\EditMessageLight[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\login[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\net[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\search[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\topic166085[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\topic58138[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\76QCCSO7\getdata[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\76QCCSO7\HHWRAPPER[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\76QCCSO7\InboxLight[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\76QCCSO7\newreply[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\76QCCSO7\topic166085[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\76QCCSO7\topic166085[2].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\8D8AXQ9N\proxy[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\B41O5NXX\ads[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\B41O5NXX\menu28[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\DJS2XFIR\topic58138[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\E5XEC0LT\clickenc=http___bid.openx[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\E5XEC0LT\forumdisplay[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\E5XEC0LT\showthread[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\E5XEC0LT\topic166085[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\EEJSSUNS\menu28[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\EEJSSUNS\MergedLoginHistoryFrame[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\EEJSSUNS\NavBar[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\EEJSSUNS\Search[2].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\FAII3BSS\blank[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\FAII3BSS\mainHomepage[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\FAII3BSS\newreply[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\FAII3BSS\topic58138[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\FAII3BSS\xmlProxy[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
  13. broony

    broony Newcomer, in training Topic Starter Posts: 19

    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\IUD7WQ4G\RteFrame[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\IUD7WQ4G\showthread[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\IUD7WQ4G\stage1b[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\IUD7WQ4G\topic58138[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\IUD7WQ4G\WebIMPop[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\JMTMZX5J\jump1[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\JMTMZX5J\newreply[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\JMTMZX5J\search[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\HomePage[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\jump1[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\LocalStorage[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\menu28[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\menu28[2].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\Messenger[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\search[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\showthread[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\xmlProxy[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\M5ACYO4L\ads[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\M5ACYO4L\CA1B2Y14.HTM
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\M5ACYO4L\CATA2R6B.HTM
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\M5ACYO4L\resourcespreload[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\M5ACYO4L\search[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\M5ACYO4L\search[2].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\M5ACYO4L\search[3].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\P7VL5VI6\1@x13[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\P7VL5VI6\adloader[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\P7VL5VI6\HistoryFrame[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\P7VL5VI6\menu28[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\P7VL5VI6\newreply[2].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\P7VL5VI6\searchblurb[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\XPR64MQF\ads[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\XPR64MQF\ads[2].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\XPR64MQF\celticminded_com[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\XPR64MQF\xd_receiver[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    C:\Documents and Settings\lorraine hobson\Start Menu\Programs\Startup\tesykeca.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\Documents and Settings\peter brown\Application Data\Sun\Java\Deployment\cache\6.0\34\37db3fe2-563c88be
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Scuds.A Java virus
    C:\Documents and Settings\peter brown\Local Settings\Temp\jar_cache3884259870189179631.tmp
    [0] Archive type: ZIP
    [DETECTION] Contains recognition pattern of the JAVA/Agent.JS Java virus
    --> nongame.class
    [DETECTION] Contains recognition pattern of the JAVA/Agent.JS Java virus
    C:\Documents and Settings\peter brown\Local Settings\Temp\ljqtpgej.exe
    [DETECTION] Is the TR/Drop.41984 Trojan
    C:\Program Files\Google\Update\GoogleUpdatemgr.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\Program Files\Google\Update\GoogleUpdatemgrmgr.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\Program Files\Google\Update\GoogleUpdatemgrmgrmgr.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP738\A0112568.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP739\A0148618.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP740\A0152080.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP740\A0153065.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0153534.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0154807.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0157050.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0157053.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0160333.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0160336.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0160337.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0161297.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0161298.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0161299.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0161941.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0162899.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0162900.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0162901.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0163118.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0163559.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0164047.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0164067.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0164068.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0165068.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0165555.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0165556.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0165557.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0166236.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0167425.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0167428.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0168563.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0168564.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0168565.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0169315.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0169626.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP744\A0170536.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP744\A0170845.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP744\A0171595.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP744\A0171596.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP744\A0171597.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP744\A0172282.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP744\A0172299.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0172389.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0172409.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0172415.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0172416.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0172417.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0172451.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0172927.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0173611.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0173612.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0173613.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0174347.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0176213.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0176214.exe
     
  14. broony

    broony Newcomer, in training Topic Starter Posts: 19

    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP746\A0176216.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP746\A0176217.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\WINDOWS\Explorermgr.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\WINDOWS\Temp\1.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\WINDOWS\Temp\10.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\WINDOWS\Temp\11.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\WINDOWS\Temp\12.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\WINDOWS\Temp\13.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\WINDOWS\Temp\14.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\WINDOWS\Temp\15.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\WINDOWS\Temp\16.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\WINDOWS\Temp\18.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\WINDOWS\Temp\2.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\WINDOWS\Temp\3.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\WINDOWS\Temp\A.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\WINDOWS\Temp\B.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\WINDOWS\Temp\C.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\WINDOWS\Temp\D.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\WINDOWS\Temp\E.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\WINDOWS\Temp\F.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    C:\WINDOWS\Temp\ljqtpgej.exe
    [DETECTION] Is the TR/Drop.41984 Trojan

    Beginning disinfection:
    C:\WINDOWS\Temp\ljqtpgej.exe
    [DETECTION] Is the TR/Drop.41984 Trojan
    [NOTE] The file was moved to the quarantine directory under the name '4dc4d023.qua'.
    C:\WINDOWS\Temp\F.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '556eff58.qua'.
    C:\WINDOWS\Temp\E.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '0731a5b1.qua'.
    C:\WINDOWS\Temp\D.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '6106ea73.qua'.
    C:\WINDOWS\Temp\C.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '2482c74d.qua'.
    C:\WINDOWS\Temp\B.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '5b99f52c.qua'.
    C:\WINDOWS\Temp\A.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '1721d966.qua'.
    C:\WINDOWS\Temp\3.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '6b399936.qua'.
    C:\WINDOWS\Temp\2.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '4663b67b.qua'.
    C:\WINDOWS\Temp\18.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '5f718deb.qua'.
    C:\WINDOWS\Temp\16.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '332da1d9.qua'.
    C:\WINDOWS\Temp\15.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '4294984d.qua'.
    C:\WINDOWS\Temp\14.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '4c8ea885.qua'.
    C:\WINDOWS\Temp\13.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '09a7d1c6.qua'.
    C:\WINDOWS\Temp\12.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '00acd56e.qua'.
    C:\WINDOWS\Temp\11.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '58edcc06.qua'.
    C:\WINDOWS\Temp\10.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '7419b5cd.qua'.
    C:\WINDOWS\Temp\1.tmp
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '4a9dd515.qua'.
    C:\WINDOWS\Explorermgr.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '29affeac.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP746\A0176217.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '0f26be79.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP746\A0176216.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '3db2c5dc.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0176214.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '37f7eea5.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0176213.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '08a48ae0.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0174347.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '768886c7.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0173613.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '23f0820c.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0173612.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '2e66f324.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0173611.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '323be72d.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0172927.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '03e8aae3.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0172451.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '6fbebed5.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0172417.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '26249bd2.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0172416.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '7db19303.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0172415.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '1b039fea.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0172409.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '4c8ded42.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP745\A0172389.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '6efdba36.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP744\A0172299.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '06edc0a0.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP744\A0172282.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '269bc425.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP744\A0171597.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '73bf8291.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP744\A0171596.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '129fa32f.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP744\A0171595.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '7733e1a4.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP744\A0170845.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '12e49505.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP744\A0170536.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '0100a996.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0169626.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '13b9d52b.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0169315.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '04e9b699.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0168565.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '5ecb8409.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0168564.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '7bc6fe1d.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0168563.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '0f9de66e.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0167428.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '2d9fb4e1.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0167425.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '580cccf8.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0166236.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '735b90f8.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0165557.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '143cd847.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0165556.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '5f4ce151.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0165555.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '5fb2eb00.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP743\A0165068.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '151dbe10.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0164068.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '7b3491d9.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0164067.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '3614cfa9.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0164047.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '5e30e892.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0163559.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '2481d25b.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0163118.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '55d38e1e.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0162901.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '2534a40e.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0162900.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '5e44d85b.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP742\A0162899.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '101fab31.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0161941.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '6e64d017.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0161299.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '1afef864.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0161298.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '11caa40d.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0161297.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '4212b7cf.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0160337.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '277b9ca5.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0160336.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '0f80cc07.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0160333.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '7b2395bd.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0157053.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '342eed34.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0157050.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
  15. broony

    broony Newcomer, in training Topic Starter Posts: 19

    [NOTE] The file was moved to the quarantine directory under the name '0bfab492.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0154807.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '71ccb724.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP741\A0153534.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '21c4b054.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP740\A0153065.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '77ccba19.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP740\A0152080.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '307cbeca.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP739\A0148618.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '1330d048.qua'.
    C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP738\A0112568.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '54bbf9a6.qua'.
    C:\Program Files\Google\Update\GoogleUpdatemgrmgrmgr.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '2699aafd.qua'.
    C:\Program Files\Google\Update\GoogleUpdatemgrmgr.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '0df6e9eb.qua'.
    C:\Program Files\Google\Update\GoogleUpdatemgr.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '4e6fe754.qua'.
    C:\Documents and Settings\peter brown\Local Settings\Temp\ljqtpgej.exe
    [DETECTION] Is the TR/Drop.41984 Trojan
    [NOTE] The file was moved to the quarantine directory under the name '04a79e69.qua'.
    C:\Documents and Settings\peter brown\Local Settings\Temp\jar_cache3884259870189179631.tmp
    [DETECTION] Contains recognition pattern of the JAVA/Agent.JS Java virus
    [NOTE] The file was moved to the quarantine directory under the name '09ec80d2.qua'.
    C:\Documents and Settings\peter brown\Application Data\Sun\Java\Deployment\cache\6.0\34\37db3fe2-563c88be
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Scuds.A Java virus
    [NOTE] The file was moved to the quarantine directory under the name '2608c815.qua'.
    C:\Documents and Settings\lorraine hobson\Start Menu\Programs\Startup\tesykeca.exe
    [DETECTION] Is the TR/Lebag.dae Trojan
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '19c38151.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\XPR64MQF\xd_receiver[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '263097c8.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\XPR64MQF\celticminded_com[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '43fac71c.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\XPR64MQF\ads[2].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '65dce075.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\XPR64MQF\ads[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '6971b30d.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\P7VL5VI6\searchblurb[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '5c09c5d7.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\P7VL5VI6\newreply[2].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '2707c29d.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\P7VL5VI6\menu28[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '013ec7a6.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\P7VL5VI6\HistoryFrame[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '6db68a61.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\P7VL5VI6\adloader[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '4ddd9fcd.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\P7VL5VI6\1@x13[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '2ae6f504.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\M5ACYO4L\search[3].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '570996cf.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\M5ACYO4L\search[2].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '0b3299d0.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\M5ACYO4L\search[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '436da22e.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\M5ACYO4L\resourcespreload[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '2da7cfd0.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\M5ACYO4L\CATA2R6B.HTM
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '087f9152.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\M5ACYO4L\CA1B2Y14.HTM
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '7a4b81fe.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\M5ACYO4L\ads[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '14f2bd29.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\xmlProxy[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '7a0d85d4.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\showthread[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '041cdc34.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\search[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '1d858c9d.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\Messenger[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '0d68e358.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\menu28[2].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '14e4ee42.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\menu28[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '55bab31d.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\LocalStorage[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '5b2be776.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\jump1[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '7764e7d3.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\K06ZC88J\HomePage[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '4192c812.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\JMTMZX5J\search[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '41e8a01a.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\JMTMZX5J\newreply[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '3ae89e2e.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\JMTMZX5J\jump1[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '3f6bbd72.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\IUD7WQ4G\WebIMPop[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via
  16. broony

    broony Newcomer, in training Topic Starter Posts: 19

    Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '50e6fa6d.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\IUD7WQ4G\topic58138[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '797e81cd.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\IUD7WQ4G\stage1b[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '1d99d538.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\IUD7WQ4G\showthread[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '7425a3a9.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\IUD7WQ4G\RteFrame[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '0164c952.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\FAII3BSS\xmlProxy[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '2081f203.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\FAII3BSS\topic58138[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '0214c456.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\FAII3BSS\newreply[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '05b9a81a.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\FAII3BSS\mainHomepage[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '5a73c671.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\FAII3BSS\blank[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '0af3ebcc.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\EEJSSUNS\Search[2].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '52eb8030.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\EEJSSUNS\NavBar[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '00b5c16b.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\EEJSSUNS\MergedLoginHistoryFrame[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '073ab4ef.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\EEJSSUNS\menu28[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '72a09252.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\E5XEC0LT\topic166085[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '133cd645.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\E5XEC0LT\showthread[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '0283c06d.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\E5XEC0LT\forumdisplay[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '2b148b04.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\E5XEC0LT\clickenc=http___bid.openx[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '045ef706.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\DJS2XFIR\topic58138[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '3941d6bc.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\B41O5NXX\menu28[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '10ce9d90.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\B41O5NXX\ads[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '1896e4e1.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\8D8AXQ9N\proxy[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '65b9d0b6.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\76QCCSO7\topic166085[2].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '6ac98e51.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\76QCCSO7\topic166085[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '4009f72e.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\76QCCSO7\newreply[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '2127c75c.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\76QCCSO7\InboxLight[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '5e2db1ca.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\76QCCSO7\HHWRAPPER[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '47db91fa.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\76QCCSO7\getdata[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '1fdbf0ec.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\topic58138[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '0829a173.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\topic166085[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '79b5be2e.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\search[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '766ad83e.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\net[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '5e5ab140.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\login[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '1395b03e.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\EditMessageLight[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '2435e2da.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\Context[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '2223c4de.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\4FBOZZ8D\ads[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '6b87e0cc.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\3LC6PV0Q\MiniNavBar[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '5da3907c.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\3LC6PV0Q\menu28[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '2993db3e.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\3LC6PV0Q\index[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '03e8e20d.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\3LC6PV0Q\how-to-disable-script-blocking-392291[1].html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '4493e879.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\3LC6PV0Q\firstpage[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '1e5fb12c.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\3LC6PV0Q\button[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '40bad8ce.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\3LC6PV0Q\11307225621@x50[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '50bebd00.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\0UTGWKBO\subsite[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '383fdee8.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temporary Internet Files\Content.IE5\0UTGWKBO\login[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '193596c7.qua'.
    C:\Documents and Settings\lorraine hobson\Local Settings\Temp\ljqtpgej.exe
    [DETECTION] Is the TR/Drop.41984 Trojan
    [NOTE] The file was moved to the quarantine directory under the name '72e6a896.qua'.
    C:\Documents and Settings\lorraine hobson\Desktop\y15z1efj.exe
    [DETECTION] Contains code of the W32/Ramnit.C Windows virus
    [NOTE] The file was moved to the quarantine directory under the name '7206fda4.qua'.
    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\addr_file.html
    [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
    [NOTE] The file was moved to the quarantine directory under the name '0ccfa8ea.qua'.


    End of the scan: 06 June 2011 07:31
    Used time: 4:14:00 Hour(s)

    The scan has been done completely.

    9671 Scanned directories
    470882 Files were scanned
    160 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    160 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    470722 Files not concerned
    12843 Archives were scanned
    0 Warnings
    160 Notes
    651513 Objects were scanned with rootkit scan
    0 Hidden objects were found
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    OK, let me explain: Even though you see a gazillion entries from the Avira scan, I only see the following:

    1. Location >> System Volume: anything located here is no longer active in the system. This is where the System Restore point are. The only way an of these entries could cause a problem is IF you decided to do a System Restore and IF you happened to choose one of the infected restore points, that you 'might' reinfect the system-but-
    You are instructed not to do a System Restore while cleaning.
    I will have you drop all of the old restore points when we have finished cleaning and then set a new clean one.

    2.Location: >>Temporary Internet Files These are files that you pick up during your surfing.
    • Good maintenance will keep them at a minimum.
    • Disc Cleanup will remove them.
    • The browser can be set to delete them each time you close the browser
    • Or running a cleaning program like the following will remove then: ATF Cleaner by Atribune

      3. Detection:>>Ramnit. The presence of an incurable file infector named Ramnit
      This is what I expected when I had you run the userinit.exe scan
      Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

      With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

      Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

      #1 and #2 are of no concern if this is a Ramnit infection. Removing entries in either of those locations would not 'cure' the system.

      I would like you to try the VirSCAN again. Please note: It must be done on the same computer and account that the Avira scan was run on. Any entries in docs & settings have the name 'lorraine hobson'. I have made a change in the code box and you only need to run the scans on VirSCAN:

      Please go to VirSCAN.org FREE on-line scan service:

      • [1]. Copy and paste each of the following file paths into the Suspicious files to scan box on the top of the page.

        Code:
          [b]c:\windows\system32\userinit.exe
        
            c:\windows\explorer.exe
        
            c:\window\system32\svchost.exe[/b]
        
        
        [2]. At the upload site, click once inside the window next to Browse.
        [3]. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
        [4]. Click on the Upload button.
        This will perform a scan across multiple different virus scanning engines.
        Your file will possibly be entered into a queue which normally takes less than a minute to clear.
        Important: Wait for all of the scanning engines to complete.
        [5]. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard. Note: you will not see the clipboard, but if you open Notepad> Click on Format and make sure 'Word Wrap' is unchecked> Do a Ctrl V, then contents will appear on Notepad. Then paste it in the next reply.
        [6]. Paste the contents of the Clipboard in your next reply.
  18. broony

    broony Newcomer, in training Topic Starter Posts: 19

    i have been called overseas with work and wont be home until friday evening and i will run this on friday.

    thanks for your help.

    please dont delete the thread, the computer is switched off and no-one will use it.
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Keeping thread open. Run the scans when you get back. Stay safe.
  20. broony

    broony Newcomer, in training Topic Starter Posts: 19

    Hi,

    thanks for your patience. Here is the 'windows explorer' log:

    VirSCAN.org Scanned Report :
    Scanned time : 2011/03/27 14:32:31 (BST)
    Scanner results: Scanners did not find malware!
    File Name : explorer.exe
    File Size : 1033728 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : 12896823fb95bfb3dc9b46bcaedc9923
    SHA1 : 9d2bf84874abc5b6e9a2744b7865c193c08d362f
    Online report : http://file.virscan.org/report/635184550864d66ff4c20a6b2e0061e6.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 5.1.0.2 20110327010737 2011-03-27 8.16 -
    AhnLab V3 2011.03.27.01 2011.03.27 2011-03-27 4.07 -
    AntiVir 8.2.4.192 7.11.5.80 2011-03-27 0.31 -
    Antiy 2.0.18 20110205.7694535 2011-02-05 0.12 -
    Arcavir 2010 201103240801 2011-03-24 0.00 -
    Authentium 5.1.1 201103271122 2011-03-27 2.60 -
    AVAST! 4.7.4 110327-0 2011-03-27 0.07 -
    AVG 8.5.850 271.1.1/3516 2011-03-19 0.24 -
    BitDefender 7.90123.7000471 7.36815 2011-03-27 6.50 -
    ClamAV 0.96.5 12911 2011-03-26 0.26 -
    Comodo 4.0 8124 2011-03-27 1.16 -
    CP Secure 1.3.0.5 2011.03.26 2011-03-26 0.11 -
    Dr.Web 5.0.2.3300 2011.03.27 2011-03-27 11.29 -
    F-Prot 4.4.4.56 20110326 2011-03-26 2.51 -
    F-Secure 7.02.73807 2011.03.27.01 2011-03-27 4.62 -
    Fortinet 4.2.254 13.48 2011-03-26 0.55 -
    GData 21.2140/21.773 20110327 2011-03-27 11.72 -
    ViRobot 20110326 2011.03.26 2011-03-26 0.44 -
    Ikarus T3.1.32.20.0 2011.03.27.78030 2011-03-27 4.79 -
    JiangMin 13.0.900 2011.03.27 2011-03-27 1.58 -
    Kaspersky 5.5.10 2011.03.27 2011-03-27 0.12 -
    KingSoft 2009.2.5.15 2011.3.27.9 2011-03-27 0.86 -
    McAfee 5400.1158 6297 2011-03-26 8.16 -
    Microsoft 1.6702 2011.03.27 2011-03-27 14.20 -
    NOD32 3.0.21 5988 2011-03-26 0.01 -
    Norman 6.07.03 6.07.00 2011-03-26 9.94 -
    Panda 9.05.01 2011.03.27 2011-03-27 3.67 -
    Trend Micro 9.200-1012 7.930.06 2011-03-27 0.04 -
    Quick Heal 11.00 2011.03.26 2011-03-26 1.61 -
    Rising 20.0 23.50.05.05 2011-03-26 2.98 -
    Sophos 3.16.1 4.62 2011-03-27 5.81 -
    Sunbelt 3.9.2486.2 8831 2011-03-26 5.15 -
    Symantec 1.3.0.24 20110326.002 2011-03-26 0.66 -
    nProtect 20110326.01 3275801 2011-03-26 16.42 -
    The Hacker 6.7.0.1 v00159 2011-03-26 1.56 -
    VBA32 3.12.14.3 20110325.1219 2011-03-25 4.03 -
    VirusBuster 5.2.0.28 13.6.271.0/48521222011-03-26 0.00 -
  21. broony

    broony Newcomer, in training Topic Starter Posts: 19

    for the first on the list of 3 i am getting this message:

    The file are userinit.exe uploaded by other users and scanned successfully at 2011/03/17 23:01:23, and 37 softwares update the database from last scan to now.

    choice: Scan result or rescan

    i am choosing rescan

    the result: ERROR: Can't find upload file!
  22. broony

    broony Newcomer, in training Topic Starter Posts: 19

    for:

    c:\window\system32\svchost.exe

    Path does not exist please verify the correct path was given.

    note: this message comes from my computer and not the website.
  23. broony

    broony Newcomer, in training Topic Starter Posts: 19

    i think ive managed to get the 3rd one to scan:


    VirSCAN.org Scanned Report :
    Scanned time : 2011/06/10 22:18:27 (BST)
    Scanner results: Scanners did not find malware!
    File Name : svchost.exe
    File Size : 14336 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : 27c6d03bcdb8cfeb96b716f3d8be3e18
    SHA1 : 49083ae3725a0488e0a8fbbe1335c745f70c4667
    Online report : http://file.virscan.org/report/00dff1361819c0c3a21d130fdc86a3b2.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 5.1.0.2 20110611040745 2011-06-11 5.55 -
    AhnLab V3 2011.06.11.00 2011.06.11 2011-06-11 2.13 -
    AntiVir 8.2.5.14 7.11.9.156 2011-06-10 0.27 -
    Antiy 2.0.18 20110205.7694535 2011-02-05 0.02 -
    Arcavir 2011 201105080215 2011-05-08 0.03 -
    Authentium 5.1.1 201106101924 2011-06-10 1.41 -
    AVAST! 4.7.4 110610-1 2011-06-10 0.01 -
    AVG 8.5.850 271.1.1/3692 2011-06-10 0.23 -
    BitDefender 7.90123.7406640 7.37559 2011-05-24 0.00 -
    ClamAV 0.96.5 13177 2011-06-10 0.01 -
    Comodo 4.0 9021 2011-06-10 1.25 -
    CP Secure 1.3.0.5 2011.06.10 2011-06-10 0.04 -
    Dr.Web 5.0.2.3300 2011.06.11 2011-06-11 12.52 -
    F-Prot 4.4.4.56 20110610 2011-06-10 1.41 -
    F-Secure 7.02.73807 2011.06.10.05 2011-06-10 12.68 -
    Fortinet 4.2.257 13.310 2011-06-10 0.22 -
    GData 22.584/22.154 20110610 2011-06-10 9.07 -
    ViRobot 20110610 2011.06.10 2011-06-10 0.38 -
    Ikarus T3.1.32.20.0 2011.06.10.78574 2011-06-10 4.78 -
    JiangMin 13.0.900 2011.06.10 2011-06-10 1.58 -
    Kaspersky 5.5.10 2011.06.10 2011-06-10 0.10 -
    KingSoft 2009.2.5.15 2011.6.10.18 2011-06-10 0.78 -
    McAfee 5400.1158 6368 2011-06-05 9.46 -
    Microsoft 1.6903 2011.06.10 2011-06-10 7.32 -
    NOD32 3.0.21 6197 2011-06-10 0.01 -
    Norman 6.07.10 6.07.00 2011-06-10 14.02 -
    Panda 9.05.01 2011.06.10 2011-06-10 2.35 -
    Trend Micro 9.200-1012 8.214.11 2011-06-10 0.03 -
    Quick Heal 11.00 2011.06.09 2011-06-09 1.18 -
    Rising 20.0 23.61.04.07 2011-06-10 2.16 -
    Sophos 3.20.2 4.66 2011-06-11 3.54 -
    Sunbelt 3.9.2494.2 9544 2011-06-10 0.71 -
    Symantec 1.3.0.24 20110610.002 2011-06-10 0.05 -
    nProtect 20110601.01 3460661 2011-06-01 7.60 -
    The Hacker 6.7.0.1 v00176 2011-04-18 0.58 -
    VBA32 3.12.16.1 20110609.2030 2011-06-09 4.37 -
    VirusBuster 5.3.0.4 14.0.75.2/5348666 2011-06-10 0.00 -
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Can you clear this up for me please?
    1. There is one computer.
    2. You have a user account> you are the one who is experiencing the redirect.
    3. Your wife has a user account (lorrainehobson)
    4. You said:
    What puzzles me is that this is one computer> one account can connect to the internet but the other can't- is that correct?
    5. Why were you trying to get into Safe Mode. These scans are run in Normal Mode if it's available. You did the virus scan in Normal Mode. There are times when GMER won't run. IF that happens, one of the things we suggest is to try and run it in Safe Mode. But otherwise, Normal Mode should be used.
    6. Then you told me:
    7. The logs were run on the Run by lorraine hobson at 21:13:31 on 2011-06-04 account
    ===========================================
    Regarding the download, install and running of the scan:
    The download can be done to a flash drive if needed.
    The installation has to be on the computer with the problem>>> and in your case, the account with the problem and the scans have to be run on the account with the problem.

    Do you understand what I mean here? If you are the one being redirected to 'licosearch', then doing the scans on your wife's account isn't going to show us what's on your account. Any of the entries with a name in them all have 'lorraine hobson.'

    The issue here is: "My browser redirects me to licosearch and wont allow lots of web pages to load."

    Since licosearch.com belongs to a malicious domain, I'm going to have you block the domain on both your and your wife's account. You will do #1, #2 and #3 in Internet Options, doing the same thing on both accounts, the same way on each:

    1. Restricting the Domain:
    Open Internet Options either through the Control Panel or Tools in Internet Explorer> Choose the Security tab: Restricted Sites> Sites> type the following in the dialog box for 'Add this website'> Click on Add after each:
    When you have finished Click on OK

    2. Resetting the Cookies:
    Then choose the Privacy Tab
    Reset Cookies

    For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

    For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List

    For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    (First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
    ==========================================
    3. Deleting Files and Cookies
    Now choose the General tab> Temporaery Internet Files section> Click on each 'Delete files'> 'Delete Cookies'> Move down to the History section> Click on Delete History.
    Whe finished> Click on OK

    When you have finished setting both accounts with the Restricted Sites , resetting the Cookies, deleting the temporary internet files, Cookies and History> Click on OK> Apply> OK

    Reboot the computer.
    ===================================
    Run the following: Please download MBRCheck and save to your desktop
    • Double click on MBRCheck.exeto run.(Vista and Windows 7 users will have to confirm the UAC prompt)
    • It will show a Black screen with some information that will contain either the below line if no problem is found:
      [o] Done! Press ENTER to exit...
    • Or you will see more information like below if a problem is found:
      [o] Found non-standard or infected MBR.
      [o] Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
    • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
    • Paste this log to your next message.
  25. broony

    broony Newcomer, in training Topic Starter Posts: 19

    hi,

    thanks for your help.

    i decided to do a system recovery having read a few other posts on this forum around the type of virus i think the pc contacted Ramnit (post 17).

    i dont really keep anything of real importance on the pc and (as you can probably tell) im not the most knowledgable in finding my way around technically.

    This added to my regular working away from home means i would have been weeks sorting it out.

    The PC is running great, i have downloaded AVIRA and using that as my antivirus, i have updated JAVA and Adobe. I have updated from the microsoft website too.

    I know this ramnit thing might reappear, but for now all seems well. I did a full scan with AVIRA and it was clear.

    Is there anything else i can do, anything else i should do. All tips to stay clean would be gratefully appreciated.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.