Watch out for Screen Savers – Adware.Starware

Windows 5.1.2600 Service Pack 3

6/2/2009 5:54:23 PM

Scan type: Quick Scan
Objects scanned: 97907
Time elapsed: 9 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 49
Files Infected: 81

Memory Processes Infected:
(No malicious items detected)

Read more

Rogue.Internet Antivirus removed

1/13/2009 1:52:47 PM

Scan type: Quick Scan
Objects scanned: 53184
Time elapsed: 8 minute(s), 43 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 6
Files Infected: 30

Memory Processes Infected:
C:\program files\Internet Antivirus Pro\IAPro.exe (Rogue.InternetAntivirus) -> Unloaded process successfully.
C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\winlogon.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iapro_is1 (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Antivirus Pro_is1 (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet antivirus pro (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\iv (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft windows logon process (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Administrator\Application Data\Internet Antivirus Pro (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Internet Antivirus Pro\db (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro (Rogue.InternetAntivirus) -> Delete on reboot.
C:\Program Files\Internet Antivirus Pro\db (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\Languages (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LDZFVN3A\InternetAntivirusPro[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\InternetAntivirusPro.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Internet Antivirus Pro\settings.ini (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Internet Antivirus Pro\uill.ini (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Internet Antivirus Pro\unins000.exe (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Internet Antivirus Pro\Uninstall  Internet Antivirus Pro.lnk (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Internet Antivirus Pro\db\config.cfg (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Internet Antivirus Pro\db\Urls.inf (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\activate.ico (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\Explorer.ico (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\IAPro.exe (Rogue.InternetAntivirus) -> Delete on reboot.
C:\Program Files\Internet Antivirus Pro\unins000.dat (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\uninstall.ico (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\working.log (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\db\DBInfo.ver (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\db\ia080614.db (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\Languages\IAEs.lng (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\Languages\IAFr.lng (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\Languages\IAGer.lng (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\Languages\IAIt.lng (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro\Internet Antivirus Pro Home Page.lnk (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro\Internet Antivirus Pro.lnk (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro\Purchase License.lnk (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Antivirus Pro.lnk (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\pguard.ini (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\winlogon.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\services.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\file.exe (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Internet Antivirus Pro.lnk (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.

Trojans removed

9/29/2008 3:43:51 PM
Scan type: Full Scan (C:\|)
Objects scanned: 109068
Time elapsed: 4 hour(s), 22 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (“%1″ %*) Good: (“%1″ /S) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\XXXXXX\Desktop\vidrev.png (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\XXXXXX\Desktop\vidrev.jpg (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\XXXXXX\Desktop\After a timely warning.doc (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\XXXXXX\Desktop\Bio.doc (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\XXXXXX\Desktop\Cold winter Day.doc (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\XXXXXX\Desktop\Study 20 trimmed.doc (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\XXXXXX\Desktop\Study 20.doc (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\XXXXXX\Desktop\WestBridge PFS(1).xls (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.

October 30, 2008 Virus Removal

Scan type: Quick Scan
Objects scanned: 62175
Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersiontdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREtdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionrhcte0j0e985 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_USERS.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionRunbrastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunbrastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:WINDOWSbrastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:WINDOWSSYSTEM32wini10801.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:WINDOWSSYSTEM32brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

October 29, 2008 Virus Log

Scan type: Full Scan (C:|)
Objects scanned: 101795
Time elapsed: 9 minute(s), 49 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 18

Memory Processes Infected:
C:Program FilesAntiSpywareXP2009AntiSpywareXP2009.exe (Rogue.AntispywareXP) -> Unloaded process successfully.

Memory Modules Infected:
C:Program FilesAntiSpywareXP2009AVEngn.dll (Rogue.AntispywareXP) -> Delete on reboot.
C:Program FilesAntiSpywareXP2009pthreadVC2.dll (Rogue.AntispywareXP) -> Delete on reboot.
C:Program FilesAntiSpywareXP2009htmlayout.dll (Rogue.AntispywareXP) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallantispywarexp2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREantispywarexp2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersiontdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREtdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunantispywarexp 2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:Program FilesAntiSpywareXP2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Program FilesAntiSpywareXP2009Microsoft.VC80.CRT (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Program FilesAntiSpywareXP2009data (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Documents and SettingsxxxxxxStart MenuProgramsAntiSpywareXP2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

Files Infected:
C:Program FilesMSN Messengerriched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:Program FilesMSN Messengermsimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:My Documentsadobe_flash.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:Program FilesAntiSpywareXP2009AntiSpywareXP2009.exe (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Program FilesAntiSpywareXP2009AVEngn.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Program FilesAntiSpywareXP2009pthreadVC2.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Program FilesAntiSpywareXP2009htmlayout.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Program FilesAntiSpywareXP2009wscui.cpl (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Program FilesAntiSpywareXP2009Uninstall.exe (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Program FilesAntiSpywareXP2009AntiSpywareXP2009.cfg (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Program FilesAntiSpywareXP2009Microsoft.VC80.CRTMicrosoft.VC80.CRT.manifest (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Program FilesAntiSpywareXP2009Microsoft.VC80.CRTmsvcm80.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Program FilesAntiSpywareXP2009Microsoft.VC80.CRTmsvcp80.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Program FilesAntiSpywareXP2009Microsoft.VC80.CRTmsvcr80.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Program FilesAntiSpywareXP2009datadaily.cvd (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Documents and SettingsxxxxxxStart MenuProgramsAntiSpywareXP2009AntiSpywareXP2009.lnk (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Documents and SettingsxxxxxxStart MenuProgramsAntiSpywareXP2009Uninstall.lnk (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:WINDOWSSYSTEM32_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Next Page »