Internet Antivirus Rogue Removed 10 minutes

Windows 5.0.2195 Service Pack 4

1/13/2009 1:52:47 PM

Scan type: Quick Scan
Objects scanned: 53184
Time elapsed: 8 minute(s), 43 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 6
Files Infected: 30

Memory Processes Infected:
C:\program files\Internet Antivirus Pro\IAPro.exe (Rogue.InternetAntivirus) -> Unloaded process successfully.
C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\winlogon.exe (Trojan.Agent) -> Unloaded process successfully. Read more

Rogue.Internet Antivirus removed

1/13/2009 1:52:47 PM

Scan type: Quick Scan
Objects scanned: 53184
Time elapsed: 8 minute(s), 43 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 6
Files Infected: 30

Memory Processes Infected:
C:\program files\Internet Antivirus Pro\IAPro.exe (Rogue.InternetAntivirus) -> Unloaded process successfully.
C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\winlogon.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iapro_is1 (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Antivirus Pro_is1 (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet antivirus pro (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\iv (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft windows logon process (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Administrator\Application Data\Internet Antivirus Pro (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Internet Antivirus Pro\db (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro (Rogue.InternetAntivirus) -> Delete on reboot.
C:\Program Files\Internet Antivirus Pro\db (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\Languages (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LDZFVN3A\InternetAntivirusPro[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\InternetAntivirusPro.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Internet Antivirus Pro\settings.ini (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Internet Antivirus Pro\uill.ini (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Internet Antivirus Pro\unins000.exe (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Internet Antivirus Pro\Uninstall  Internet Antivirus Pro.lnk (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Internet Antivirus Pro\db\config.cfg (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Internet Antivirus Pro\db\Urls.inf (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\activate.ico (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\Explorer.ico (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\IAPro.exe (Rogue.InternetAntivirus) -> Delete on reboot.
C:\Program Files\Internet Antivirus Pro\unins000.dat (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\uninstall.ico (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\working.log (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\db\DBInfo.ver (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\db\ia080614.db (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\Languages\IAEs.lng (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\Languages\IAFr.lng (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\Languages\IAGer.lng (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\Languages\IAIt.lng (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro\Internet Antivirus Pro Home Page.lnk (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro\Internet Antivirus Pro.lnk (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro\Purchase License.lnk (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Antivirus Pro.lnk (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\pguard.ini (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\winlogon.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\services.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\file.exe (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Internet Antivirus Pro.lnk (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.

October 30, 2008 Virus Removal

Scan type: Quick Scan
Objects scanned: 62175
Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersiontdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREtdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionrhcte0j0e985 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_USERS.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionRunbrastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunbrastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:WINDOWSbrastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:WINDOWSSYSTEM32wini10801.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:WINDOWSSYSTEM32brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

October 29, 2008 Virus Log

Scan type: Full Scan (C:|)
Objects scanned: 101795
Time elapsed: 9 minute(s), 49 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 18

Memory Processes Infected:
C:Program FilesAntiSpywareXP2009AntiSpywareXP2009.exe (Rogue.AntispywareXP) -> Unloaded process successfully.

Memory Modules Infected:
C:Program FilesAntiSpywareXP2009AVEngn.dll (Rogue.AntispywareXP) -> Delete on reboot.
C:Program FilesAntiSpywareXP2009pthreadVC2.dll (Rogue.AntispywareXP) -> Delete on reboot.
C:Program FilesAntiSpywareXP2009htmlayout.dll (Rogue.AntispywareXP) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallantispywarexp2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREantispywarexp2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersiontdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREtdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunantispywarexp 2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:Program FilesAntiSpywareXP2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Program FilesAntiSpywareXP2009Microsoft.VC80.CRT (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Program FilesAntiSpywareXP2009data (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Documents and SettingsxxxxxxStart MenuProgramsAntiSpywareXP2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

Files Infected:
C:Program FilesMSN Messengerriched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:Program FilesMSN Messengermsimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:My Documentsadobe_flash.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:Program FilesAntiSpywareXP2009AntiSpywareXP2009.exe (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Program FilesAntiSpywareXP2009AVEngn.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Program FilesAntiSpywareXP2009pthreadVC2.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Program FilesAntiSpywareXP2009htmlayout.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Program FilesAntiSpywareXP2009wscui.cpl (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Program FilesAntiSpywareXP2009Uninstall.exe (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Program FilesAntiSpywareXP2009AntiSpywareXP2009.cfg (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Program FilesAntiSpywareXP2009Microsoft.VC80.CRTMicrosoft.VC80.CRT.manifest (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Program FilesAntiSpywareXP2009Microsoft.VC80.CRTmsvcm80.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Program FilesAntiSpywareXP2009Microsoft.VC80.CRTmsvcp80.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Program FilesAntiSpywareXP2009Microsoft.VC80.CRTmsvcr80.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Program FilesAntiSpywareXP2009datadaily.cvd (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Documents and SettingsxxxxxxStart MenuProgramsAntiSpywareXP2009AntiSpywareXP2009.lnk (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:Documents and SettingsxxxxxxStart MenuProgramsAntiSpywareXP2009Uninstall.lnk (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:WINDOWSSYSTEM32_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.

October 29, 2008 Virus Log

Scan type: Quick Scan
Objects scanned: 55797
Time elapsed: 3 minute(s), 31 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 21

Memory Processes Infected:
C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\AntiSpywareXP2009\AVEngn.dll (Rogue.AntispywareXP) -> Delete on reboot.
C:\Program Files\AntiSpywareXP2009\pthreadVC2.dll (Rogue.AntispywareXP) -> Delete on reboot.
C:\Program Files\AntiSpywareXP2009\htmlayout.dll (Rogue.AntispywareXP) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\antispywarexp2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\antispywarexp2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antispywarexp 2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\AntiSpywareXP2009 (Rogue.AntispywareXP) -> Delete on reboot.
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\data (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxx\Start Menu\Programs\AntiSpywareXP2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\AntiSpywareXP2009\AntiSpywareXP2009.exe (Rogue.AntispywareXP) -> Delete on reboot.
C:\Program Files\AntiSpywareXP2009\AVEngn.dll (Rogue.AntispywareXP) -> Delete on reboot.
C:\Program Files\AntiSpywareXP2009\pthreadVC2.dll (Rogue.AntispywareXP) -> Delete on reboot.
C:\Program Files\AntiSpywareXP2009\htmlayout.dll (Rogue.AntispywareXP) -> Delete on reboot.
C:\Program Files\AntiSpywareXP2009\wscui.cpl (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\Uninstall.exe (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\AntiSpywareXP2009.cfg (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcm80.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcp80.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcr80.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\data\daily.cvd (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxx\Start Menu\Programs\AntiSpywareXP2009\AntiSpywareXP2009.lnk (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxx\Start Menu\Programs\AntiSpywareXP2009\Uninstall.lnk (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxx\Desktop\AntiSpywareXP2009.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareXP2009.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.