Archived from groups: microsoft.public.win2000.general (
More info?)
From: "Simon Woods" <simonDELETECAPSjwoods@hotmaiIl.com>
| David see below for the scan results ... I'm about to look for a cleaner for
| the virus found
|
| "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
|
>> * * * Please report back your results * * *
|
| Using C:\McAfee\EXTRA.DAT to scan for 2 additional virus(es).
|
| 05/18/2005 17:58:01
|
| Options:
| /ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL
| /PROGRAM /MIME /HTML "C:\MCAFEE\SCANREPORT.HTML"
|
| Scanning C: [Local Disk]
| Scanning C:\*.*
| C:\Documents and Settings\Simon Woods\Application
| Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3cc46f89-13
| ea4f30.RB0\INSTALLERAPPLET.CLASS ... Found the Exploit-ByteVerify trojan !!!
| C:\Documents and Settings\Simon Woods\Application Data\WWMH~1.EXE\WWMH~1.EXE
| ... Found potentially unwanted program Adware-ClickSpring.
| The file or process has been deleted.
| C:\Documents and Settings\Simon Woods\Local Settings\Temp\addit.exe ...
| Found potentially unwanted program Adware-Midaddle.dr.
| The file or process has been deleted.
| C:\Documents and Settings\Simon Woods\Local Settings\Temp\Lc.dll ... Found
| potentially unwanted program Adware-Midaddle.dll.
| The file or process has been deleted.
| C:\Documents and Settings\Simon Woods\Local Settings\Temp\mw.exe ... Found
| potentially unwanted program Adware-MemWatcher.
| The file or process has been deleted.
| C:\Program Files\hhProxy\hhproxy.exe ... Found potentially unwanted program
| Hhproxy.
| The file or process has been deleted.
| C:\Program Files\Sonic\MyDVD\LeaderReg.EXE\00415620.EXE ... Found
| potentially unwanted program Adware-Powerreg.
| The file or process has been deleted.
| The archive has been deleted.
| C:\Program Files\Sonic\Simple Backup\System\leaderreg.exe\00415620.EXE ...
| Found potentially unwanted program Adware-Powerreg.
| The file or process has been deleted.
| The archive has been deleted.
| C:\Program Files\TightVNC\VNCHooks.dll ... Found potentially unwanted
| program TightVNC.
| The file or process has been deleted.
| C:\Program Files\TightVNC\vncviewer.exe ... Found potentially unwanted
| program TightVNC.
| The file or process has been deleted.
| C:\Program Files\TightVNC\WinVNC.exe ... Found potentially unwanted program
| TightVNC.
| The file or process has been deleted.
| C:\WINNT\system32\adsnt640.exe ... Found potentially unwanted program
| Adware-IEDriver.
| The file or process has been deleted.
| C:\WINNT\system32\ADVAPI32.exe ... Found potentially unwanted program
| Adware-IEDriver.
| The file or process has been deleted.
| C:\WINNT\system32\cmpbk321.exe ... Found potentially unwanted program
| Adware-IEDriver.
| The file or process has been deleted.
|
| Summary report on C:\*.*
| File(s)
| Total files: ........... 232025
| Clean: ................. 231961
| Possibly Infected: ..... 1
| Cleaned: ............... 0
| Deleted: ............... 13
| Non-critical Error(s): 2
| Master Boot Record(s): ......... 2
| Possibly Infected: ..... 0
| Boot Sector(s): ................ 1
| Possibly Infected: ..... 0
| Scanning D: [InfoFlex]
| Scanning D:\*.*
|
| Summary report on D:\*.*
| File(s)
| Total files: ........... 217479
| Clean: ................. 217478
| Possibly Infected: ..... 0
| Cleaned: ............... 0
| Non-critical Error(s): 1
| Master Boot Record(s): ......... 2
| Possibly Infected: ..... 0
| Boot Sector(s): ................ 1
| Possibly Infected: ..... 0
| Scanning E: [Web]
| Scanning E:\*.*
|
| Summary report on E:\*.*
| File(s)
| Total files: ........... 8963
| Clean: ................. 8963
| Possibly Infected: ..... 0
| Cleaned: ............... 0
| Master Boot Record(s): ......... 2
| Possibly Infected: ..... 0
| Boot Sector(s): ................ 1
| Possibly Infected: ..... 0
| Scanning F: [Dev Tools]
| Scanning F:\*.*
| F:\CCRP\hhproxy_rel.exe\HHPROXY.EXE ... Found potentially unwanted program
| Hhproxy.
| F:\CCRP\PlanetSource\CodeFixer\GeneralServices.bas ... Found the
| VBA/Generic.src virus !!!
| The file or process has been deleted.
| F:\CCRP\PlanetSource\Code_Fixer16626510232003.zip\GENERALSERVICES.BAS ...
| Found the VBA/Generic.src virus !!!
| F:\CCRP\PlanetSource\Ulli's_Cod1558233122003\dCodeProfiler.Dsr ... Found the
| VBA/Generic.src virus !!!
| The file or process has been deleted.
| F:\CCRP\PlanetSource\Ulli's_Cod1558233122003.zip\DCODEPROFILER.DSR ... Found
| the VBA/Generic.src virus !!!
|
| Summary report on F:\*.*
| File(s)
| Total files: ........... 47655
| Clean: ................. 47608
| Possibly Infected: ..... 4
| Cleaned: ............... 0
| Deleted: ............... 2
| Non-critical Error(s): 2
| Master Boot Record(s): ......... 2
| Possibly Infected: ..... 0
| Boot Sector(s): ................ 1
| Possibly Infected: ..... 0
| Scanning G: [Bin]
| Scanning G:\*.*
|
| Summary report on G:\*.*
| File(s)
| Total files: ........... 10969
| Clean: ................. 10965
| Possibly Infected: ..... 0
| Cleaned: ............... 0
| Non-critical Error(s): 2
| Master Boot Record(s): ......... 2
| Possibly Infected: ..... 0
| Boot Sector(s): ................ 1
| Possibly Infected: ..... 0
|
| Time: 04:14.54
|
Simon:
The following Trojan and Virus were found ...
VBA/Generic.src virus
Exploit-ByteVerify trojan
Delete; F:\CCRP\PlanetSource\Ulli's_Cod1558233122003.zip
The following is a "Exploit-ByteVerify trojan " found in a Java Jar...
C:\Documents and Settings\Simon Woods\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3cc46f89-1ea4f30.RB0\INSTAL
LERAPPLET.CLASS
Dump the contents of your Sun Java cache -
Start --> settings --> control panel --> Java applet --> cache --> clear
or
Start --> settings --> control panel --> Java applet --> general --> settings -->
delete files
In addition to the above, several adware objects were found...
1) Download the following item...
Adaware SE (Free personal version)
http://www.lavasoftusa.com/
2) Update Adaware with latest definitions.
3) Reboot your PC into Safe Mode
4) Using Adaware SE, perform a Full Scan of your platform and clean/delete
any parasites found.
When done...
Execute; c:\mcafee\CLEAN.BAT
{ or Double-click on 'Clean Link' in c:\mcafee }
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm