Virus check question

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Windows XP Pro SP2
I ran the Kaspersky on line virus check
http://usa.kaspersky.com/services/free-virus-scanner.php
& it showed 7 viruses & 17 infected objects but I couldn't find a way to get
rid of them with this program so I ran kaspersky in the multi av & it didn't
show anything then ran online virus check again & it showed the same 7
viruses &17 infectioned objects.Next ran Trend  in the multi av & it was
ok.Ran on line check again & same thing.Ran sopho  & it showed ok. Next ran
Raspersky 6 & found nothing So what am I to beleive ? Is the on line scan by
Kaspersky
a scare tactic or am I really infected & am not being cleaned by the other
programs?
All help is appreciated

Kaspersky online scan report

      KASPERSKY ONLINE SCANNER REPORT
      Thursday, August 10, 2006 7:06:06 AM
      Operating System: Microsoft Windows XP Professional, Service Pack 2
(Build 2600)
      Kaspersky Online Scanner version: 5.0.83.0
      Kaspersky Anti-Virus database last update: 10/08/2006
      Kaspersky Anti-Virus database records: 201047


      Scan Settings
      Scan using the following antivirus database standard
      Scan Archives true
      Scan Mail Bases true

      Scan Target My Computer
      C:\
      D:\
      E:\
      F:\
      K:\
      L:\
      M:\
      N:\
      O:\
      P:\
      Q:\
      R:\

      Scan Statistics
      Total number of scanned objects 152683
      Number of viruses found 7
      Number of infected objects 17 / 0
      Number of suspicious objects 0
      Duration of the scan process 01:03:14

      Infected Object Name Virus Name Last Action
      C:\Documents and Settings\All Users\Application Data\Kaspersky
Lab\AVP6\Reportefa_pdm_eventcritlog.rpt  Object is locked  skipped

      C:\Documents and Settings\All Users\Application Data\Kaspersky
Lab\AVP6\Reportefa_pdm_eventlog.rpt  Object is locked  skipped

      C:\Documents and Settings\All Users\Application Data\Kaspersky
Lab\AVP6\Reportefd_File_Monitoring_eventlog.rpt  Object is locked  skipped

      C:\Documents and Settings\All Users\Application Data\Kaspersky
Lab\AVP6\Reportf01_Web_Monitoring_eventlog.rpt  Object is locked  skipped

      C:\Documents and Settings\All Users\Application Data\Kaspersky
Lab\AVP6\Report\detected.idx  Object is locked  skipped

      C:\Documents and Settings\All Users\Application Data\Kaspersky
Lab\AVP6\Report\detected.rpt  Object is locked  skipped

      C:\Documents and Settings\All Users\Application Data\Kaspersky
Lab\AVP6\Report\eventlog.rpt  Object is locked  skipped

      C:\Documents and Settings\All Users\Application Data\Kaspersky
Lab\AVP6\Report\report.rpt  Object is locked  skipped

      C:\Documents and Settings\J C Ames\Cookies\index.dat  Object is locked
skipped

      C:\Documents and Settings\J C Ames\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat  Object is locked  skipped

      C:\Documents and Settings\J C Ames\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG  Object is locked  skipped

      C:\Documents and Settings\J C Ames\Local
Settings\History\History.IE5\index.dat  Object is locked  skipped

      C:\Documents and Settings\J C Ames\Local
Settings\History\History.IE5\MSHist012006080920060810\index.dat  Object is
locked  skipped

      C:\Documents and Settings\J C Ames\Local Settings\Temporary Internet
Files\Content.IE5\index.dat  Object is locked  skipped

      C:\Documents and Settings\J C Ames\ntuser.dat  Object is locked
skipped

      C:\Documents and Settings\J C Ames\NTUSER.DAT.LOG  Object is locked
skipped

      C:\Documents and Settings\LocalService\Cookies\index.dat  Object is
locked  skipped

      C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat  Object is locked  skipped

      C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG  Object is locked  skipped

      C:\Documents and Settings\LocalService\Local
Settings\History\History.IE5\index.dat  Object is locked  skipped

      C:\Documents and Settings\LocalService\Local Settings\Temporary
Internet Files\Content.IE5\index.dat  Object is locked  skipped

      C:\Documents and Settings\LocalService\NTUSER.DAT  Object is locked
skipped

      C:\Documents and Settings\LocalService\ntuser.dat.LOG  Object is
locked  skipped

      C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat  Object is locked  skipped

      C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG  Object is locked  skipped

      C:\Documents and Settings\NetworkService\NTUSER.DAT  Object is locked
skipped

      C:\Documents and Settings\NetworkService\ntuser.dat.LOG  Object is
locked  skipped

      C:\System Volume Information\MountPointManagerRemoteDatabase  Object
is locked  skipped

      C:\WINDOWS\Debug\PASSWD.LOG  Object is locked  skipped

      C:\WINDOWS\ModemLog_U.S. Robotics 56K Fax Win.txt  Object is locked
skipped

      C:\WINDOWS\SchedLgU.Txt  Object is locked  skipped

      C:\WINDOWS\SoftwareDistribution\ReportingEvents.log  Object is locked
skipped

      C:\WINDOWS\Sti_Trace.log  Object is locked  skipped

      C:\WINDOWS\system32\CatRoot2\edb.log  Object is locked  skipped

      C:\WINDOWS\system32\CatRoot2\tmp.edb  Object is locked  skipped

      C:\WINDOWS\system32\config\AppEvent.Evt  Object is locked  skipped

      C:\WINDOWS\system32\config\default  Object is locked  skipped

      C:\WINDOWS\system32\config\default.LOG  Object is locked  skipped

      C:\WINDOWS\system32\config\SAM  Object is locked  skipped

      C:\WINDOWS\system32\config\SAM.LOG  Object is locked  skipped

      C:\WINDOWS\system32\config\SecEvent.Evt  Object is locked  skipped

      C:\WINDOWS\system32\config\SECURITY  Object is locked  skipped

      C:\WINDOWS\system32\config\SECURITY.LOG  Object is locked  skipped

      C:\WINDOWS\system32\config\software  Object is locked  skipped

      C:\WINDOWS\system32\config\software.LOG  Object is locked  skipped

      C:\WINDOWS\system32\config\SysEvent.Evt  Object is locked  skipped

      C:\WINDOWS\system32\config\system  Object is locked  skipped

      C:\WINDOWS\system32\config\system.LOG  Object is locked  skipped

      C:\WINDOWS\system32\drivers\fidbox.dat  Object is locked  skipped

      C:\WINDOWS\system32\drivers\fidbox.idx  Object is locked  skipped

      C:\WINDOWS\system32\drivers\fidbox2.dat  Object is locked  skipped

      C:\WINDOWS\system32\drivers\fidbox2.idx  Object is locked  skipped

      C:\WINDOWS\system32\h323log.txt  Object is locked  skipped

      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR  Object is locked
skipped

      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP  Object is locked
skipped

      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER  Object is locked
skipped

      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP  Object is locked
skipped

      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP  Object is locked
skipped

      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA  Object is locked
skipped

      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP  Object is locked
skipped

      C:\WINDOWS\Temp\hsperfdata_SYSTEM40  Object is locked  skipped

      C:\WINDOWS\Temp\ib2  Object is locked  skipped

      C:\WINDOWS\Temp\ib3  Object is locked  skipped

      C:\WINDOWS\Temp\ib4  Object is locked  skipped

      C:\WINDOWS\Temp\~DFE6B7.tmp  Object is locked  skipped

      C:\WINDOWS\wiadebug.log  Object is locked  skipped

      C:\WINDOWS\wiaservc.log  Object is locked  skipped

      C:\WINDOWS\WindowsUpdate.log  Object is locked  skipped

      D:\AdobeCS2\Adobe Version Cue
CS2\config\configuration\org.eclipse.core.runtime\.manager\.tmp46172.instance
Object is locked  skipped

      D:\AdobeCS2\Adobe Version Cue CS2\data\database\data\ibdata1  Object
is locked  skipped

      D:\AdobeCS2\Adobe Version Cue CS2\data\database\data\ib_logfile0
Object is locked  skipped

      D:\AdobeCS2\Adobe Version Cue CS2\data\database\data\ib_logfile1
Object is locked  skipped

      D:\AdobeCS2\Adobe Version Cue
CS2\data\database\data\versioncue\bhasset.ibd  Object is locked  skipped

      D:\AdobeCS2\Adobe Version Cue
CS2\data\database\data\versioncue\bhlabel.ibd  Object is locked  skipped

      D:\AdobeCS2\Adobe Version Cue
CS2\data\database\data\versioncue\bhlabeltoversion.ibd  Object is locked
skipped

      D:\AdobeCS2\Adobe Version Cue
CS2\data\database\data\versioncue\bhpqentry.ibd  Object is locked  skipped

      D:\AdobeCS2\Adobe Version Cue
CS2\data\database\data\versioncue\bhschemaversion.ibd  Object is locked
skipped

      D:\AdobeCS2\Adobe Version Cue
CS2\data\database\data\versioncue\bhserverglobals.ibd  Object is locked
skipped

      D:\AdobeCS2\Adobe Version Cue
CS2\data\database\data\versioncue\bhuser.ibd  Object is locked  skipped

      D:\AdobeCS2\Adobe Version Cue CS2\logs\VersionCue.log  Object is
locked  skipped

      D:\System Volume Information\MountPointManagerRemoteDatabase  Object
is locked  skipped

      E:\System Volume Information\MountPointManagerRemoteDatabase  Object
is locked  skipped

      F:\H-D & S\Documents and Settings\HP_Owner\Application
Data\Thunderbird\Profiless7vcr3a.default\Mail\Local Folders\Inbox/[From
"Regions Bank" ][Date Mon, 21 Feb 2005 10:40:33 a.m. -0800]/UNNAMED/html
Infected: Trojan-Spy.HTML.Bankfraud.cr  skipped

      F:\H-D & S\Documents and Settings\HP_Owner\Application
Data\Thunderbird\Profiless7vcr3a.default\Mail\Local Folders\Inbox/[From
"Regions Bank" ][Date Mon, 21 Feb 2005 10:40:33 a.m. -0800]/UNNAMED
Infected: Trojan-Spy.HTML.Bankfraud.cr  skipped

      F:\H-D & S\Documents and Settings\HP_Owner\Application
Data\Thunderbird\Profiless7vcr3a.default\Mail\Local Folders\Inbox  Mail
Berkeley mbox: infected - 2  skipped

      F:\H-D & S\Documents and Settings\HP_Owner\Application
Data\Thunderbird\Profiless7vcr3a.default\Mail\Local Folders\Trash/[From
"Cyril Barr" ][Date Fri, 18 Feb 2005 16:37:14 +0700]/text/[From
=?utf-8?q?Ruth Zkspw?= ][Date Fri, 18 Feb 2005 19:49:40 +0000]/UNNAMED/[From
"Regions Bank" ][Date Mon, 21 Feb 2005 10:40:33 a.m. -0800]/UNNAMED/html
Infected: Trojan-Spy.HTML.Bankfraud.cr  skipped

      F:\H-D & S\Documents and Settings\HP_Owner\Application
Data\Thunderbird\Profiless7vcr3a.default\Mail\Local Folders\Trash/[From
"Cyril Barr" ][Date Fri, 18 Feb 2005 16:37:14 +0700]/text/[From
=?utf-8?q?Ruth Zkspw?= ][Date Fri, 18 Feb 2005 19:49:40 +0000]/UNNAMED/[From
"Regions Bank" ][Date Mon, 21 Feb 2005 10:40:33 a.m. -0800]/UNNAMED
Infected: Trojan-Spy.HTML.Bankfraud.cr  skipped

      F:\H-D & S\Documents and Settings\HP_Owner\Application
Data\Thunderbird\Profiless7vcr3a.default\Mail\Local Folders\Trash/[From
"Cyril Barr" ][Date Fri, 18 Feb 2005 16:37:14 +0700]/text/[From
=?utf-8?q?Ruth Zkspw?= ][Date Fri, 18 Feb 2005 19:49:40 +0000]/UNNAMED
Infected: Trojan-Spy.HTML.Bankfraud.cr  skipped

      F:\H-D & S\Documents and Settings\HP_Owner\Application
Data\Thunderbird\Profiless7vcr3a.default\Mail\Local Folders\Trash/[From
"Cyril Barr" ][Date Fri, 18 Feb 2005 16:37:14 +0700]/text  Infected:
Trojan-Spy.HTML.Bankfraud.cr  skipped

      F:\H-D & S\Documents and Settings\HP_Owner\Application
Data\Thunderbird\Profiless7vcr3a.default\Mail\Local Folders\Trash  Mail
Berkeley mbox: infected - 4  skipped

      F:\H-D & S\Documents and Settings\HP_Owner\Local Settings\Application
Data\Identities\\Microsoft\Outlook
Express\Inbox.dbx/[From "Jcames" ][Date Mon, 27 Jun 2005
15:16:31 -0800]/new.zip/f5434.exe  Infected: Email-Worm.Win32.Bagle.br
skipped

      F:\H-D & S\Documents and Settings\HP_Owner\Local Settings\Application
Data\Identities\\Microsoft\Outlook
Express\Inbox.dbx/[From "Jcames" ][Date Mon, 27 Jun 2005
15:16:31 -0800]/new.zip  Infected: Email-Worm.Win32.Bagle.br  skipped

      F:\H-D & S\Documents and Settings\HP_Owner\Local Settings\Application
Data\Identities\\Microsoft\Outlook
Express\Inbox.dbx  Mail MS Outlook 5: infected - 2  skipped

      F:\H-D & S\Documents and Settings\HP_Owner.BUD\Application
Data\Thunderbird\Profiles\ss82ci2p.default\Mail\Local Folders\Inbox/[From
"service@intl.paypal.com" ][Date Mon, 07 Feb 2005 18:54:40 -0200]/html
Infected: Trojan-Spy.HTML.Paylap.bz  skipped

      F:\H-D & S\Documents and Settings\HP_Owner.BUD\Application
Data\Thunderbird\Profiles\ss82ci2p.default\Mail\Local Folders\Inbox/[From
Washington Mutual ][Date Thu, 10 Feb 2005 08:42:09 +0300]/html  Infected:
Trojan-Spy.HTML.Wamufraud.bo  skipped

      F:\H-D & S\Documents and Settings\HP_Owner.BUD\Application
Data\Thunderbird\Profiles\ss82ci2p.default\Mail\Local Folders\Inbox/[From
"PayPal.com" ][Date Sat, 12 Feb 2005 19:35:40 +0000]/html  Infected:
Trojan-Spy.HTML.Paylap.cb  skipped

      F:\H-D & S\Documents and Settings\HP_Owner.BUD\Application
Data\Thunderbird\Profiles\ss82ci2p.default\Mail\Local Folders\Inbox/[From
Washington Mutual Online Banking][Date Sun, 13 Feb 2005 09:57:11 +1100]/html
Infected: Trojan-Spy.HTML.Bankfraud.bz  skipped

      F:\H-D & S\Documents and Settings\HP_Owner.BUD\Application
Data\Thunderbird\Profiles\ss82ci2p.default\Mail\Local Folders\Inbox/[From
"aw-confirm@ebay.com"][Date Sat, 12 Feb 2005 23:01:31 -0200]/html  Infected:
Trojan-Spy.HTML.Bayfraud.dm  skipped

      F:\H-D & S\Documents and Settings\HP_Owner.BUD\Application
Data\Thunderbird\Profiles\ss82ci2p.default\Mail\Local Folders\Inbox  Mail
Berkeley mbox: infected - 5  skipped

      F:\System Volume Information\MountPointManagerRemoteDatabase  Object
is locked  skipped

      Scan process completed.

--
"Politicians are like diapers.They both should be changed frequently and for
the same reason"



Re: Virus check question

Quoted text here. Click to load it
get
didn't
ran
by
</snipped>

If you look at the report, it shows they are in your e-mail clients
inbox/trash folder. Deleting them from there will get rid of them for you.

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!



Re: Virus check question

wrote:

Quoted text here. Click to load it

No scare tactics apparent in the log at all. The KAV online scanner
simply found a couple of different malwares in Thunderbird Inbox
and trash and something in a OE email folder. The scanner isn't
telling you the machine is infested with active malware. It's finding
inactive malware embedded in the email folders/archives.

I don't know why David's Multi AV isn't finding them. KAVDOS32
should find the same items if it's set to scan email and email
archives ... and scan your drive F:\   The same goes for KAV 6.
It should find the same malware if you have email scanning activated
and scan drive F:\

Note that those scanners won't be able to delete the embedded
malware. You have to do that from within the email apps.

Art
http://home.epix.net/~artnpeg

Re: Virus check question


|
| No scare tactics apparent in the log at all. The KAV online scanner
| simply found a couple of different malwares in Thunderbird Inbox
| and trash and something in a OE email folder. The scanner isn't
| telling you the machine is infested with active malware. It's finding
| inactive malware embedded in the email folders/archives.
|
| I don't know why David's Multi AV isn't finding them. KAVDOS32
| should find the same items if it's set to scan email and email
| archives ... and scan your drive F:\   The same goes for KAV 6.
| It should find the same malware if you have email scanning activated
| and scan drive F:\
|
| Note that those scanners won't be able to delete the embedded
| malware. You have to do that from within the email apps.
|
| Art
| http://home.epix.net/~artnpeg

It is not programmed to scan mail stores.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Virus check question

Am Thu, 10 Aug 2006 08:44:57 -0500 schrieb Lombardi:

Quoted text here. Click to load it

[snip]

If it finds malware in your Thunderbird profile, you have to do this:
1. Delete the mails which have malicious attachments
2. Empty Thunderbird trash
3. Compact all folders of all Thunderbird accounts (incl. local folders)

Many users forget to perform step 3.

Good luck :-)

Gabriela

Site Timeline