Member Panel

Pancake · 10:58 PM

Go to Kaspersky Online Scanner
Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

ehn

...and here is the Kaspersky report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, November 23, 2007 5:56:59 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/11/2007
Kaspersky Anti-Virus database records: 464228
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
L:\
M:\
N:\
P:\
Q:\
S:\
U:\
Y:\
Z:\
Scan Statistics:
Total number of scanned objects: 198335
Number of viruses found: 2
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 03:28:10
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokale indstillinger\Oversigt\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\sb\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\sb\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\sb\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\sb\Lokale indstillinger\Oversigt\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\sb\Lokale indstillinger\Oversigt\History.IE5\MSHist012007112 220071123\index.dat Object is locked skipped
C:\Documents and Settings\sb\Lokale indstillinger\Temp\~DF14FF.tmp Object is locked skipped
C:\Documents and Settings\sb\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\sb\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\sb\ntuser.dat.LOG Object is locked skipped
C:\Dracar\Log\Distribution.ServerUpdateService.22-11-2007.log Object is locked skipped
C:\Gammel Computer\SB Gammel drev\Slettet post.dbx/[From jk@ringe.citroen.dk][Date Mon, 14 Jun 2004 07:59:37 +0200]/UNNAMED/friend.zip/friend.pif Infected: Email-Worm.Win32.NetSky.b skipped
C:\Gammel Computer\SB Gammel drev\Slettet post.dbx/[From jk@ringe.citroen.dk][Date Mon, 14 Jun 2004 07:59:37 +0200]/UNNAMED/friend.zip Infected: Email-Worm.Win32.NetSky.b skipped
C:\Gammel Computer\SB Gammel drev\Slettet post.dbx/[From jk@ringe.citroen.dk][Date Mon, 14 Jun 2004 07:59:37 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b skipped
C:\Gammel Computer\SB Gammel drev\Slettet post.dbx Mail MS Outlook 5: infected - 3 skipped
C:\itouch_crash_info.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{BA2BC61B-0BEB-4975-B2C4-CFE45AB59CA6}\RP6\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Q:\hans\lillek\pack.zip/Program Files/dialers/dyr2/dyr2.exe Infected: not-a-virus

ialer.Win32.gen skipped
Q:\hans\lillek\pack.zip ZIP: infected - 1 skipped
Q:\POSTNUMR.ADX Object is locked skipped
Q:\POSTNUMR.dbf Object is locked skipped
S:\HB\1\2\salgsafd\KUNDE.ADX Object is locked skipped
S:\HB\1\2\salgsafd\KUNDE.dbf Object is locked skipped
S:\HB\1\2\salgsafd\KUNDE.dbt Object is locked skipped
S:\HB\1\2\salgsafd\SAELGER.ADX Object is locked skipped
S:\HB\1\2\salgsafd\SAELGER.dbf Object is locked skipped
S:\HB\1\2\salgsafd\STIL.ADX Object is locked skipped
S:\HB\1\2\salgsafd\STIL.dbf Object is locked skipped
S:\HB\1\2\salgsafd\VOGNK.dbf Object is locked skipped
S:\HB\afvigelser\START.ADX Object is locked skipped
S:\HB\afvigelser\START.dbf Object is locked skipped
S:\HB\Aktioner\Database\REG.ADX Object is locked skipped
S:\HB\Aktioner\Database\REG.dbf Object is locked skipped
S:\HB\Daekk\DAEK.DBF Object is locked skipped
S:\HB\Daekk\Opels\POSTNR.ADX Object is locked skipped
S:\HB\Daekk\Opels\POSTNR.DBF Object is locked skipped
Scan process completed.

Pancake

You can remove these two files and your all done..

Q:\hans\lillek\pack.zip
friend.zip

ehn

After having removed the affected files I have run Kaspersky again.
The report now indicates that the computer is clean ... but the popups
continue to show up.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, November 24, 2007 5:08:14 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/11/2007
Kaspersky Anti-Virus database records: 464808
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
L:\
M:\
N:\
P:\
Q:\
S:\
U:\
Y:\
Z:\
Scan Statistics:
Total number of scanned objects: 199189
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 03:11:30
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokale indstillinger\Oversigt\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\sb\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\sb\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\sb\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\sb\Lokale indstillinger\Oversigt\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\sb\Lokale indstillinger\Temp\~DF31CC.tmp Object is locked skipped
C:\Documents and Settings\sb\Lokale indstillinger\Temp\~DFBFB.tmp Object is locked skipped
C:\Documents and Settings\sb\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\sb\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\sb\ntuser.dat.LOG Object is locked skipped
C:\Dracar\Log\Distribution.ServerUpdateService.24-11-2007.log Object is locked skipped
C:\itouch_crash_info.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{BA2BC61B-0BEB-4975-B2C4-CFE45AB59CA6}\RP7\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
S:\HB\afvigelser\START.ADX Object is locked skipped
S:\HB\afvigelser\START.dbf Object is locked skipped
S:\HB\Aktioner\Database\REG.ADX Object is locked skipped
S:\HB\Aktioner\Database\REG.dbf Object is locked skipped
S:\HB\Daekk\DAEK.DBF Object is locked skipped
S:\HB\Daekk\Opels\POSTNR.ADX Object is locked skipped
S:\HB\Daekk\Opels\POSTNR.DBF Object is locked skipped
Scan process completed.

Pancake

I still cannot see anything in the log....try running SpyBot.

The home of Spybot-S&D!

ehn

Hello Pancake,
I ran Spybot - but that did'nt solve the problem.
I have decided to format the harddisk and do a new XP installation.
Thanks very much for your kind help with this case.
Regards
Eigil

Pancake

Member Panel

Sponsors and Ads

Noticeboard