many, many viruses

Jaska · June 2007

hi, first topic here :rolleyes:

ill describe you my problem: I bought a new PC some months ago, with the new Vista, and decided to buy BitDefender. Since this, and as I have seen, like other users, I’ve been downloading tons of music, keygens and games, thinking that scanning every file I downloaded before using it would eliminate all the menaces. But I was wrong. Since the first time, I got a virus message window on bottom-right corner that tells me that a Trojan has been detected and BD wasn’t able to delete or move it. I tried to find it manually, but it was impossible to delete it (windows won’t allow me to). I must say that this has happened with many different viruses/Trojans/malware but until now I just closed the little windows and kept doing the same things. Until now. Recently I’ve began getting unexpected popups of “Your computer is infected with lots of virus. Please download our antivirus” and also began having problems writing in Internet explorer: many letters don’t appear in the message/post (that’s why now I’m writing with Word). I keep using MSN Messenger and there’s no problem there, just when I try to write a message or something in Internet Explorer. Apart from this, my computer has been suffering from many “program not responding” issues, but I think that it is Vista’s fault. I put with this my last Deep Scan Log

Please help me!!

PS: sorry for my English, I’m Spanish, and I do my best.

//-----------------------------------------------------------------

//

// Product BitDefender Antivirus Plus v10

// Product 10.2

//

// Created on: 26/06/2007 12:00:17

//

//-----------------------------------------------------------------

Virus Statistics

Scan path : C:\

Folders : 12226

Files : 183301

Memory processes scanned : 54

Archives : 2927

Runtime packers : 6075

Identified viruses : 12

Infected files : 31

Memory processes infected : 0

Suspect files : 0

Warnings : 0

Disinfected files : 0

Deleted files : 0

Moved files : 14

I/O errors : 123

Scan time : 00:45:32

Scan speed (files/sec) : 67

Spyware Statistics

Registry keys scanned : 1925

Registry keys infected : 1

Cookies scanned : 63

Cookies infected : 0

Spyware files infected : 0

Spyware threats detected : 1

Virus definitions : 625245

Scan plugins : 16

Archive plugins : 41

Unpack plugins : 6

Mail plugins : 6

System plugins : 5

Virus scan options

Detection

[X] Scan boot sectors

[X] Memory Processes

[X] Scan archives

[X] Scan runtime packers

[X] Scan email

File mask

[ ] Programs

[X] All files

[ ] User defined extensions:

[ ] Exclude extensions: ;

Action

Infected objects

[ ] Ignore

[X] Disinfect

[ ] Delete

[ ] Move to quarantine

[ ] Prompt user

Second action

[ ] Ignore

[ ] Delete

[X] Move to quarantine

[ ] Prompt user

Virus scan options

[X] Enable warnings

[X] Enable heuristics

[ ] Show all files in log

[X] Report file: C:\ProgramData\Bitdefender\Desktop\Profiles\Logs\deep_scan\1182852017.log

Spyware scan options

[X] Scan for riskware

[ ] Skip dial and applications from scan

[X] Registry keys

[X] Cookies

Summary:

<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\runner1=>C:\WINDOWS\RETADPU1000627.EXE Detected: Trojan.Downloader.Agent.YFI

<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\runner1=>C:\WINDOWS\RETADPU1000627.EXE Disinfection failed

<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\runner1=>C:\WINDOWS\RETADPU1000627.EXE Move failed

C:\sonsoles\sonsoles\call.exe=>(NSIS o)=>zlib_nsis0002 Infected: Trojan.Downloader.JISG

C:\sonsoles\sonsoles\call.exe=>(NSIS o)=>zlib_nsis0002 Disinfection failed

C:\sonsoles\sonsoles\call.exe=>(NSIS o)=>zlib_nsis0002 Move failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5YVNYD2E\tob_snd_20070616[1] Infected: Trojan.Fotomoto.A

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5YVNYD2E\tob_snd_20070616[1] Disinfection failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5YVNYD2E\tob_snd_20070616[1] Moved

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6A29AHOG\mjwrweeooy[1].txt Infected: Trojan.Downloader.Small.ECR

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6A29AHOG\mjwrweeooy[1].txt Disinfection failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6A29AHOG\mjwrweeooy[1].txt Moved

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6A29AHOG\sfksiesoy[1].htm Infected: Backdoor.Rustock.NBL

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6A29AHOG\sfksiesoy[1].htm Disinfection failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6A29AHOG\sfksiesoy[1].htm Moved

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6A29AHOG\xkpgojx[1].htm Infected: Dropped:Rootkit.Agent.CO

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6A29AHOG\xkpgojx[1].htm Disinfection failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6A29AHOG\xkpgojx[1].htm Moved

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZ9AX30T\mon[1].doc=>(NSIS o)=>zlib_nsis0002 Infected: Trojan.Downloader.JISG

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZ9AX30T\mon[1].doc=>(NSIS o)=>zlib_nsis0002 Disinfection failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZ9AX30T\mon[1].doc=>(NSIS o)=>zlib_nsis0002 Move failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TF7LF76E\koocwolla_20070601[1] Infected: Trojan.LowZones.SA

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TF7LF76E\koocwolla_20070601[1] Disinfection failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TF7LF76E\koocwolla_20070601[1] Moved

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U4R7JF10\vwjrmrmur[1].htm Infected: DeepScan:Generic.Malware.SFMdldg.7A877721

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U4R7JF10\vwjrmrmur[1].htm Disinfection failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U4R7JF10\vwjrmrmur[1].htm Moved

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U4R7JF10\xkpgojx[1].htm Infected: Dropped:Rootkit.Agent.CO

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U4R7JF10\xkpgojx[1].htm Disinfection failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U4R7JF10\xkpgojx[1].htm Moved

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NXQCZRB7\swat_4_keygenCA1BUNH7.exe=>(RAR Sfx o)=>keygen.exe Infected: Trojan.Inject.BX

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NXQCZRB7\swat_4_keygenCA1BUNH7.exe=>(RAR Sfx o)=>keygen.exe Disinfection failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NXQCZRB7\swat_4_keygenCA1BUNH7.exe=>(RAR Sfx o)=>keygen.exe Move failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NXQCZRB7\swat_4_keygenCA1BUNH7.exe=>(RAR Sfx o)=>crack.exe Infected: MemScan:Adware.Virtumonde.GES

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NXQCZRB7\swat_4_keygenCA1BUNH7.exe=>(RAR Sfx o)=>crack.exe Disinfection failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NXQCZRB7\swat_4_keygenCA1BUNH7.exe=>(RAR Sfx o)=>crack.exe Move failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NXQCZRB7\swat_4_keygenCA1BUNH7.exe=>(RAR Sfx o)=>serial.exe Infected: Trojan.Agent.AAAN

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NXQCZRB7\swat_4_keygenCA1BUNH7.exe=>(RAR Sfx o)=>serial.exe Disinfection failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NXQCZRB7\swat_4_keygenCA1BUNH7.exe=>(RAR Sfx o)=>serial.exe Move failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NXQCZRB7\swat_4_keygen[1].exe=>(RAR Sfx o)=>keygen.exe Infected: Trojan.Inject.BX

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NXQCZRB7\swat_4_keygen[1].exe=>(RAR Sfx o)=>keygen.exe Disinfection failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NXQCZRB7\swat_4_keygen[1].exe=>(RAR Sfx o)=>keygen.exe Move failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NXQCZRB7\swat_4_keygen[1].exe=>(RAR Sfx o)=>crack.exe Infected: MemScan:Adware.Virtumonde.GES

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NXQCZRB7\swat_4_keygen[1].exe=>(RAR Sfx o)=>crack.exe Disinfection failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NXQCZRB7\swat_4_keygen[1].exe=>(RAR Sfx o)=>crack.exe Move failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NXQCZRB7\swat_4_keygen[1].exe=>(RAR Sfx o)=>serial.exe Infected: Trojan.Agent.AAAN

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NXQCZRB7\swat_4_keygen[1].exe=>(RAR Sfx o)=>serial.exe Disinfection failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NXQCZRB7\swat_4_keygen[1].exe=>(RAR Sfx o)=>serial.exe Move failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VTWFP6AO\world_of_warcraft_keygen[1].exe=>(RAR Sfx o)=>keygen.exe Infected: Trojan.Inject.BX

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VTWFP6AO\world_of_warcraft_keygen[1].exe=>(RAR Sfx o)=>keygen.exe Disinfection failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VTWFP6AO\world_of_warcraft_keygen[1].exe=>(RAR Sfx o)=>keygen.exe Move failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VTWFP6AO\world_of_warcraft_keygen[1].exe=>(RAR Sfx o)=>crack.exe Infected: MemScan:Adware.Virtumonde.GES

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VTWFP6AO\world_of_warcraft_keygen[1].exe=>(RAR Sfx o)=>crack.exe Disinfection failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VTWFP6AO\world_of_warcraft_keygen[1].exe=>(RAR Sfx o)=>crack.exe Move failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VTWFP6AO\world_of_warcraft_keygen[1].exe=>(RAR Sfx o)=>serial.exe Infected: Trojan.Agent.AAAN

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VTWFP6AO\world_of_warcraft_keygen[1].exe=>(RAR Sfx o)=>serial.exe Disinfection failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VTWFP6AO\world_of_warcraft_keygen[1].exe=>(RAR Sfx o)=>serial.exe Move failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJPSUTTC\swat_4_keygen[1].exe=>(RAR Sfx o)=>keygen.exe Infected: Trojan.Inject.BX

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJPSUTTC\swat_4_keygen[1].exe=>(RAR Sfx o)=>keygen.exe Disinfection failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJPSUTTC\swat_4_keygen[1].exe=>(RAR Sfx o)=>keygen.exe Move failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJPSUTTC\swat_4_keygen[1].exe=>(RAR Sfx o)=>crack.exe Infected: MemScan:Adware.Virtumonde.GES

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJPSUTTC\swat_4_keygen[1].exe=>(RAR Sfx o)=>crack.exe Disinfection failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJPSUTTC\swat_4_keygen[1].exe=>(RAR Sfx o)=>crack.exe Move failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJPSUTTC\swat_4_keygen[1].exe=>(RAR Sfx o)=>serial.exe Infected: Trojan.Agent.AAAN

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJPSUTTC\swat_4_keygen[1].exe=>(RAR Sfx o)=>serial.exe Disinfection failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJPSUTTC\swat_4_keygen[1].exe=>(RAR Sfx o)=>serial.exe Move failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJPSUTTC\swat_pc_keygen[1].exe=>(RAR Sfx o)=>keygen.exe Infected: Trojan.Inject.BX

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJPSUTTC\swat_pc_keygen[1].exe=>(RAR Sfx o)=>keygen.exe Disinfection failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJPSUTTC\swat_pc_keygen[1].exe=>(RAR Sfx o)=>keygen.exe Move failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJPSUTTC\swat_pc_keygen[1].exe=>(RAR Sfx o)=>crack.exe Infected: MemScan:Adware.Virtumonde.GES

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJPSUTTC\swat_pc_keygen[1].exe=>(RAR Sfx o)=>crack.exe Disinfection failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJPSUTTC\swat_pc_keygen[1].exe=>(RAR Sfx o)=>crack.exe Move failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJPSUTTC\swat_pc_keygen[1].exe=>(RAR Sfx o)=>serial.exe Infected: Trojan.Agent.AAAN

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJPSUTTC\swat_pc_keygen[1].exe=>(RAR Sfx o)=>serial.exe Disinfection failed

C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJPSUTTC\swat_pc_keygen[1].exe=>(RAR Sfx o)=>serial.exe Move failed

C:\Users\casa\AppData\Local\Temp\cqabfaxi.exe Infected: Trojan.LowZones.SA

C:\Users\casa\AppData\Local\Temp\cqabfaxi.exe Disinfection failed

C:\Users\casa\AppData\Local\Temp\cqabfaxi.exe Moved

C:\Users\casa\AppData\Local\Temp\NER4E78.tmp\Toolbar.exe Detected: Application.MWS

C:\Users\casa\AppData\Local\Temp\NER4E78.tmp\Toolbar.exe Disinfection failed

C:\Users\casa\AppData\Local\Temp\NER4E78.tmp\Toolbar.exe Moved

C:\Users\casa\AppData\Local\Temp\qodansvq.exe Infected: Trojan.Fotomoto.A

C:\Users\casa\AppData\Local\Temp\qodansvq.exe Disinfection failed

C:\Users\casa\AppData\Local\Temp\qodansvq.exe Moved

C:\Users\casa\AppData\Local\Temp\second.exe Infected: Trojan.Downloader.JISG

C:\Users\casa\AppData\Local\Temp\second.exe Disinfection failed

C:\Users\casa\AppData\Local\Temp\second.exe Moved

C:\Users\casa\AppData\Local\Temp\wndC86C.tmp Infected: Trojan.Agent.AAAN

C:\Users\casa\AppData\Local\Temp\wndC86C.tmp Disinfection failed

C:\Users\casa\AppData\Local\Temp\wndC86C.tmp Moved

C:\Users\casa\Desktop\crack.exe Infected: MemScan:Adware.Virtumonde.GES

C:\Users\casa\Desktop\crack.exe Disinfection failed

C:\Users\casa\Desktop\crack.exe Moved

C:\Windows\retadpu1000627.exe Infected: Trojan.Downloader.Agent.YFI

C:\Windows\retadpu1000627.exe Disinfection failed

C:\Windows\retadpu1000627.exe Moved

Niels · June 2007

Hello Jaska

I suggest that you do this. Download these programs:

superantispyware: http://downloads2.superantispyware.com/dow...AntiSpyware.exe Install it perform an update. Reboot your pc afterwards and press several times on the F8 button before the windowsloading screen choose for safe mode. Start superantispyware and perform a complete scan.

Download also this removal tool: http://www.verzend.be/v/2957210/Virtumonde_Remover.exe.html Let it also run in safe mode.

Dr web cureit:

ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe But do not let it remove vsserv or anything that is located in the installation folder of BitDefender. Because than you have to repair BitDefender. Boot your pc again.

Now download ccleaner: http://www.filehippo.com/download/9838386a...32ae2/download/

Don't forget to uncheck yahoo toolbar during installation. Close internet explorer first after that start ccleaner andu use the cleanupfunction.

After that update BitDefender and perform a deep scan. To do that start BitDefender go to antivirus,scanning,deep scan.

Regards

Niels

many, many viruses

Comments

All Time Leaders

Categories

Defenders of the month - March