The Recycler Virus

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

http://www.mcse.ms/archive222-2004-12-1192094.html

There was much that the Trend couldn't scan, no access, etc.

Just wondering if you know of anything new.
*Windows One Care, the entire program, 1.0 will not run in safe mode at
all.......

I'd send you the recycler in a .zip but you don't need the problems....:-)

BTW, Adaware SE caught (I hope) all of that crap, malware.



/--------------------------------------------------------------\
|                 Trend Micro Sysclean Package                 |
|              Copyright 2002, Trend Micro, Inc.               |
|                  http://www.trendmicro.com |
\--------------------------------------------------------------/


2006-08-26, 10:14:55,   Auto-clean mode specified.
2006-08-26, 10:14:55,   Running scanner "C:\New Folder\TSC.BIN"...
2006-08-26, 10:17:16,   Scanner "C:\New Folder\TSC.BIN" has finished
running.
2006-08-26, 10:17:16,   TSC Log:

Damage Cleanup Engine (DCE)  3.98(Build 1012)
Windows XP(Build 2600: Service Pack 2)

Start time : Sat Aug 26 2006 10:14:55

Load Damage Cleanup Template (DCT) "C:\New Folder\tsc.ptn" (version 774)
[success]

Complete time : Sat Aug 26 2006 10:17:16
Execute pattern count(2931), Virus found count(0), Virus clean count(0),
Clean failed count(0)

2006-08-26, 10:17:19,   An error was detected on "C:\Documents and
Settings\Administrator.MAHLERSCOM\Local Settings\Temporary Internet
Files\AntiPhishing\*.*": Access is denied.
2006-08-26, 10:17:43,   An error occurred while scanning file "C:\Documents
and Settings\mahler\ntuser.dat": Access is denied.
2006-08-26, 10:17:43,   An error occurred while scanning file "C:\Documents
and Settings\mahler\NTUSER.DAT.LOG": Access is denied.
2006-08-26, 10:39:03,   The user stopped the operation.


/--------------------------------------------------------------\
|                 Trend Micro Sysclean Package                 |
|              Copyright 2002, Trend Micro, Inc.               |
|                  http://www.trendmicro.com |
\--------------------------------------------------------------/


2006-08-26, 10:40:15,   Auto-clean mode specified.
2006-08-26, 10:40:15,   Running scanner "C:\New Folder\TSC.BIN"...
2006-08-26, 10:41:17,   Scanner "C:\New Folder\TSC.BIN" has finished
running.
2006-08-26, 10:41:17,   TSC Log:

Damage Cleanup Engine (DCE)  3.98(Build 1012)
Windows XP(Build 2600: Service Pack 2)

Start time : Sat Aug 26 2006 10:40:15

Load Damage Cleanup Template (DCT) "C:\New Folder\tsc.ptn" (version 774)
[success]

Complete time : Sat Aug 26 2006 10:41:17
Execute pattern count(2931), Virus found count(0), Virus clean count(0),
Clean failed count(0)

2006-08-26, 10:41:22,   Running scanner "C:\New Folder\VSCANTM.BIN"...
2006-08-26, 10:41:32,   Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 8/26/2006 10:41:22
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 689 (129228 Patterns) (2006/08/24) (368900)
Command Line: C:\New Folder\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC
/LCF /NM /NB /C /ACTIVEACTION=5 C:\RECYCLER\*.* /P=C:\New Folder

21 files have been read.
21 files have been checked.
3 files have been scanned.
3 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 8/26/2006 10:41:32
---------*---------*---------*---------*---------*---------*---------*---------*
2006-08-26, 10:41:32,   Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 8/26/2006 10:41:22
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 689 (129228 Patterns) (2006/08/24) (368900)
Command Line: C:\New Folder\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC
/LCF /NM /NB /C /ACTIVEACTION=5 C:\RECYCLER\*.* /P=C:\New Folder

21 files have been read.
21 files have been checked.
3 files have been scanned.
3 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 8/26/2006 10:41:32 0.21 seconds has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-08-26, 10:41:32,   Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 8/26/2006 10:41:22
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 689 (129228 Patterns) (2006/08/24) (368900)
Command Line: C:\New Folder\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC
/LCF /NM /NB /C /ACTIVEACTION=5 C:\RECYCLER\*.* /P=C:\New Folder

21 files have been read.
21 files have been checked.
3 files have been scanned.
3 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 8/26/2006 10:41:32 0.21 seconds has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-08-26, 10:41:32,   Scanner "C:\New Folder\VSCANTM.BIN" has finished
running.


/--------------------------------------------------------------\
|                 Trend Micro Sysclean Package                 |
|              Copyright 2002, Trend Micro, Inc.               |
|                  http://www.trendmicro.com |
\--------------------------------------------------------------/


2006-08-26, 11:14:16,   Auto-clean mode specified.
2006-08-26, 11:14:16,   Running scanner "C:\New Folder\TSC.BIN"...
2006-08-26, 11:16:14,   Scanner "C:\New Folder\TSC.BIN" has finished
running.
2006-08-26, 11:16:14,   TSC Log:

Damage Cleanup Engine (DCE)  3.98(Build 1012)
Windows XP(Build 2600: Service Pack 2)

Start time : Sat Aug 26 2006 11:14:16

Load Damage Cleanup Template (DCT) "C:\New Folder\tsc.ptn" (version 774)
[success]

Complete time : Sat Aug 26 2006 11:16:14
Execute pattern count(2931), Virus found count(0), Virus clean count(0),
Clean failed count(0)

2006-08-26, 11:16:19,   An error was detected on "C:\Documents and
Settings\Administrator.MAHLERSCOM\Local Settings\Temporary Internet
Files\AntiPhishing\*.*": Access is denied.
2006-08-26, 11:16:36,   An error occurred while scanning file "C:\Documents
and Settings\Administrator.MAHLERSCOM.000\NTUSER.DAT": Access is denied.
2006-08-26, 11:16:36,   An error occurred while scanning file "C:\Documents
and Settings\Administrator.MAHLERSCOM.000\NTUSER.DAT.LOG": Access is denied.
2006-08-26, 11:16:37,   An error occurred while scanning file "C:\Documents
and Settings\Administrator.MAHLERSCOM.000\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2006-08-26, 11:16:37,   An error occurred while scanning file "C:\Documents
and Settings\Administrator.MAHLERSCOM.000\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2006-08-26, 11:16:43,   Could not set file for reading on "C:\Documents and
Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeysd07ec6741f14f14c8e93588dbf4c44_af17003c-eb4f-47c0-889c-930f97125477":
Access is denied.
2006-08-26, 11:16:44,   Could not set file for reading on "C:\Documents and
Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeysd897f200b3844a6b8515f74ef02dbeb_af17003c-eb4f-47c0-889c-930f97125477":
Access is denied.
2006-08-26, 11:16:44,   Could not set file for reading on "C:\Documents and
Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeys7f07a97e27e48ba84bb8d3c9ae0e30_af17003c-eb4f-47c0-889c-930f97125477":
Access is denied.
2006-08-26, 11:16:46,   Could not set file for reading on "C:\Documents and
Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeys\cc7f010375bda985dc352c606ee67753_af17003c-eb4f-47c0-889c-930f97125477":
Access is denied.
2006-08-26, 11:16:57,   An error occurred while scanning file "C:\Documents
and Settings\LocalService\NTUSER.DAT": Access is denied.
2006-08-26, 11:16:57,   An error occurred while scanning file "C:\Documents
and Settings\LocalService\ntuser.dat.LOG": Access is denied.
2006-08-26, 11:16:57,   An error occurred while scanning file "C:\Documents
and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2006-08-26, 11:16:57,   An error occurred while scanning file "C:\Documents
and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2006-08-26, 11:16:57,   An error occurred while scanning file "C:\Documents
and Settings\mahler\ntuser.dat": Access is denied.
2006-08-26, 11:16:57,   An error occurred while scanning file "C:\Documents
and Settings\mahler\NTUSER.DAT.LOG": Access is denied.
2006-08-26, 11:32:06,   An error occurred while scanning file "C:\Documents
and Settings\mahler\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2006-08-26, 11:32:06,   An error occurred while scanning file "C:\Documents
and Settings\mahler\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2006-08-26, 11:33:11,   An error occurred while scanning file "C:\Documents
and Settings\NetworkService\NTUSER.DAT": Access is denied.
2006-08-26, 11:33:11,   An error occurred while scanning file "C:\Documents
and Settings\NetworkService\ntuser.dat.LOG": Access is denied.
2006-08-26, 11:33:11,   An error occurred while scanning file "C:\Documents
and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2006-08-26, 11:33:11,   An error occurred while scanning file "C:\Documents
and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2006-08-26, 11:36:32,   An error was detected on "C:\Program Files\Microsoft
Windows OneCare Live\ClientSD\*.*": Access is denied.
2006-08-26, 11:36:32,   Could not set file for reading on "C:\Program
Files\Microsoft Windows OneCare Live\Database\edb.chk": Access is denied.
2006-08-26, 11:36:32,   Could not set file for reading on "C:\Program
Files\Microsoft Windows OneCare Live\Database\edb.log": Access is denied.
2006-08-26, 11:36:32,   Could not set file for reading on "C:\Program
Files\Microsoft Windows OneCare Live\Database\res1.log": Access is denied.
2006-08-26, 11:36:32,   Could not set file for reading on "C:\Program
Files\Microsoft Windows OneCare Live\Database\res2.log": Access is denied.
2006-08-26, 11:36:32,   Could not set file for reading on "C:\Program
Files\Microsoft Windows OneCare Live\Database\WinSS_st.edb": Access is
denied.
2006-08-26, 11:43:57,   Could not set file for reading on
"C:\WINDOWS\Prefetch\AAWSEPERSONAL.EXE-19A80090.pf": Access is denied.
2006-08-26, 11:43:57,   Could not set file for reading on
"C:\WINDOWS\Prefetch\ACRORD32.EXE-13285B88.pf": Access is denied.
2006-08-26, 11:43:57,   Could not set file for reading on
"C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-013EA364.pf": Access is denied.
2006-08-26, 11:43:57,   Could not set file for reading on
"C:\WINDOWS\Prefetch\AD-AWARE.EXE-0B387BE8.pf": Access is denied.
2006-08-26, 11:43:57,   Could not set file for reading on
"C:\WINDOWS\Prefetch\AGENTSVR.EXE-002E45AB.pf": Access is denied.
2006-08-26, 11:43:57,   Could not set file for reading on
"C:\WINDOWS\Prefetch\ALBUMDB2.EXE-0EEB0F05.pf": Access is denied.
2006-08-26, 11:43:57,   Could not set file for reading on
"C:\WINDOWS\Prefetch\ANYDVD-UNINST.EXE-1EE6614C.pf": Access is denied.
2006-08-26, 11:43:57,   Could not set file for reading on
"C:\WINDOWS\Prefetch\ANYDVD.EXE-37B0B29A.pf": Access is denied.
2006-08-26, 11:43:57,   Could not set file for reading on
"C:\WINDOWS\Prefetch\ATIPTAXX.EXE-29301952.pf": Access is denied.
2006-08-26, 11:43:57,   Could not set file for reading on
"C:\WINDOWS\Prefetch\AZUREUS.EXE-008B7A30.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\A~NSISU_.EXE-166C1549.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\A~NSISU_.TMP-32839876.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\BTDOWNLOADGUI.EXE-2EF8091C.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\CLONEDVD2-UNINST.EXE-31EEE685.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\CTCMS.EXE-3897A504.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\CTDETECT.EXE-3A528B09.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\CTDVDDET.EXE-002C6B82.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\CTHELPER.EXE-11B416D5.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\CTSYSVOL.EXE-1D56C447.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\DREAMWEAVER.EXE-318DD6F4.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\DVDDECRYPTER.EXE-09D4C287.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\DVDFABDECRYPTER.EXE-29F7D074.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\DVDFABDECRYPTER29.EXE-0F8850FF.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\ES0M.EXE-198F512B.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\EXPLAIN.EXE-0451E61C.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\FLACDEC.EXE-1F59E895.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\FORGE60.EXE-06FF03A8.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\FREEDVD.EXE-26F19846.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\FXSVR2.EXE-14513BBA.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\GETPOPUPINFO.EXE-22F2D0C9.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\GOOGLETOOLBARNOTIFIER.EXE-16437588.pf": Access is
denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\IEDIT.EXE-16B0A270.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\IMJPMIG.EXE-03882F7A.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\INSTALL.EXE-0EAC8F48.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\IS-6KALB.TMP-089243F6.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\JUSTZIPIT.EXE-1D49B1AE.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\Layout.ini": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\LIMEWIRE.EXE-1944953E.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\LOGITRAY.EXE-33843C37.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\LVCOMSX.EXE-0AC1D558.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\MANIFESTENGINE.EXE-36F394D0.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\MIRC.EXE-0661EC22.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\MMC.EXE-39071BCC.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\MPAS-D.EXE-2F969366.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\MPCMDRUN.EXE-1F9D1CA1.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\MPENG.EXE-169BCCD8.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\MPSIGSTUB.EXE-08241AD3.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\MSASCUI.EXE-08BEC8D8.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\MSIMN.EXE-38BA891D.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\MUSICCONVERTER.EXE-0510E7B7.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\MYCD.EXE-10B492B4.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\MYCDPRO.EXE-1421DD39.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\MYDVD.EXE-359F8D2B.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\NOTEPAD.EXE-189578DA.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\POWER2GO.EXE-2EE4CDE5.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\POWERDVD.EXE-13FC7432.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\QTTASK.EXE-342507FB.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\REALONEMESSAGECENTER.EXE-0F115151.pf": Access is
denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\REALPLAY.EXE-1BF219BD.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\REALSCHED.EXE-3282FD31.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\RGDRVLS.EXE-05B298B5.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\RIP.EXE-2312E7CD.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\RPHELPERAPP.EXE-33CB172B.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\RSTRUI.EXE-03C49A96.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\RUNDLL32.EXE-1360DF21.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\RUNDLL32.EXE-147710F4.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\RUNDLL32.EXE-23929A23.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\RUNDLL32.EXE-2CD85FD3.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\SBDRVDET.EXE-2E29F9E6.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\SBWIN32.EXE-0F3BB2DE.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\SETUPANYDVD6050.EXE-055BADAD.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\SETUPCLONEDVD2.EXE-13772A76.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\SETUPDVDDECRYPTER_3.5.4.0.EXE-01A525EB.pf": Access is
denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\SFBATCH.EXE-05D7D3DB.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\SGTRAY.EXE-2681711E.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\SKYPE.EXE-30AE1A60.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\SPOONUNINSTALL.EXE-06BD1D75.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\SPUPDSVC.EXE-21B36524.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\START.EXE-2629DD07.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\SURMIXER.EXE-07F5975B.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\SYSCLEAN.COM-0FE2DDF0.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\SYSCLEAN.EXE-38C1732D.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\TALKNOWMULTI.EXE-24A991C1.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\TALKNO~1.EXE-3ACCF59C.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\TFSWCTRL.EXE-360FB39A.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\TINTSETP.EXE-39BF0732.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\UNINS000.EXE-29B8ECE9.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\UNINST.EXE-12F26817.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\UNINSTALL.EXE-01352136.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\UNLOCKER1.8.3.EXE-1A9E096B.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\UNLOCKERASSISTANT.EXE-23C96476.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\UNWISE.EXE-24BC6326.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\UPDATE.EXE-265B2F9E.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\UPDREG.EXE-084B6B55.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\VSSVC.EXE-0F74375A.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\WAVEPAD.EXE-084D3786.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\WGATRAY.EXE-0ED38BED.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\WINAMP.EXE-0D0189CA.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\WINHLP32.EXE-2C18E975.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\WINSSINTRO.EXE-3A1C4AF1.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\WINSSNOTIFY.EXE-20433AAC.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\WINSSUI.EXE-35DAC2CB.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\WISE_FTP.EXE-09D93F76.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\WMIAPSRV.EXE-1E2270A5.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf": Access is denied.
2006-08-26, 11:43:58,   Could not set file for reading on
"C:\WINDOWS\Prefetch\_IU14D2N.TMP-381E585D.pf": Access is denied.
2006-08-26, 11:45:28,   An error occurred while scanning file
"C:\WINDOWS\system32\config\default": Access is denied.
2006-08-26, 11:45:28,   An error occurred while scanning file
"C:\WINDOWS\system32\config\default.LOG": Access is denied.
2006-08-26, 11:45:28,   An error occurred while scanning file
"C:\WINDOWS\system32\config\SAM": Access is denied.
2006-08-26, 11:45:28,   An error occurred while scanning file
"C:\WINDOWS\system32\config\SAM.LOG": Access is denied.
2006-08-26, 11:45:28,   An error occurred while scanning file
"C:\WINDOWS\system32\config\SECURITY": Access is denied.
2006-08-26, 11:45:28,   An error occurred while scanning file
"C:\WINDOWS\system32\config\SECURITY.LOG": Access is denied.
2006-08-26, 11:45:28,   An error occurred while scanning file
"C:\WINDOWS\system32\config\software": Access is denied.
2006-08-26, 11:45:28,   An error occurred while scanning file
"C:\WINDOWS\system32\config\software.LOG": Access is denied.
2006-08-26, 11:45:28,   An error occurred while scanning file
"C:\WINDOWS\system32\config\system": Access is denied.
2006-08-26, 11:45:28,   An error occurred while scanning file
"C:\WINDOWS\system32\config\system.LOG": Access is denied.
2006-08-26, 11:46:03,   Could not set file for reading on
"C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx": Access is denied.
2006-08-26, 11:46:20,   Running scanner "C:\New Folder\VSCANTM.BIN"...
2006-08-26, 12:06:31,   Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 8/26/2006 11:46:21
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 689 (129228 Patterns) (2006/08/24) (368900)
Command Line: C:\New Folder\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC
/LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\New Folder

56594 files have been read.
56594 files have been checked.
52404 files have been scanned.
114291 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 8/26/2006 12:06:30
---------*---------*---------*---------*---------*---------*---------*---------*
2006-08-26, 12:06:31,   Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 8/26/2006 11:46:21
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 689 (129228 Patterns) (2006/08/24) (368900)
Command Line: C:\New Folder\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC
/LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\New Folder

56594 files have been read.
56594 files have been checked.
52404 files have been scanned.
114291 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 8/26/2006 12:06:30 20 minutes 6 seconds (1206.12 seconds) has
elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-08-26, 12:06:31,   Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 8/26/2006 11:46:21
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 689 (129228 Patterns) (2006/08/24) (368900)
Command Line: C:\New Folder\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC
/LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\New Folder

56594 files have been read.
56594 files have been checked.
52404 files have been scanned.
114291 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 8/26/2006 12:06:30 20 minutes 6 seconds (1206.12 seconds) has
elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-08-26, 12:06:31,   Scanner "C:\New Folder\VSCANTM.BIN" has finished
running.

Thanks,

William K. Mahler
http://www.mahlers.com Skype ID:  mahlersdotcom
*Any outgoing calls using Skype to a landline or cellphone anywhere within
the USA & Canada are now totally unlimited, unmetered and 100%
free of charge and there are no startup costs whatsoever.
http://www.skype.com made by KaZaa & owned by EBay.......:-)

--
Thanks,

William K. Mahler
http://www.mahlers.com Skype ID:  mahlersdotcom
*Any outgoing calls using Skype to a landline or cellphone anywhere within
the USA & Canada are now totally unlimited, unmetered and 100%
free of charge and there are no startup costs whatsoever.
http://www.skype.com made by KaZaa & owned by EBay.......:-)



Re: The Recycler Virus


|
| http://www.mcse.ms/archive222-2004-12-1192094.html
|
| There was much that the Trend couldn't scan, no access, etc.
|
| Just wondering if you know of anything new.
| *Windows One Care, the entire program, 1.0 will not run in safe mode at
| all.......
|

< snip >

Hello William:

It is good to see you in the anti virus news Groups.  :-)

I don't see in the body of your post the relationship to the Windows Recycle Bin.
I will state that *MANY* AV scanners can NOT remove malware found in the
Recycler folder
which is the Windows Recycle Bin.  However, some can like McAfee.

Please junk Windows OneCare.  As an anti virus solution it falls way below
industry
standards.
I striongly suggest solutions from Kaspersky or NOD32.

As for the Trend Micro Sysclean log, that's a normal report.

Either the file's respective File Handle is held open by the OS such as...
NTUSER.DAT.LOG
ntuser.dat

Or NTFS permissions or other OS protections scemes are blocking access to the
gfiles such
that you get "Access Denied".  Trend is over exuberant in logging these events
while other
AV scanners do not log such events.

The important aspect is the log showing...
0 files containing viruses.

The other is...
Virus Pattern Version : 689 (129228 Patterns)

That means there are only ~130,000 signatures in LPT$VPN.689 (Pattern File 698)

You may wish to try my Multi AV Scanning Tool and the Sophos, McAfee and
Kaspersky modules.

McAfee is up at around ~206,000 signatures.


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.

You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode.  It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file.  http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * *   Please report back your results  * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Site Timeline