Virus infections detected, help on removing them.

  pigseattruffles 19:10 03 Sep 06
Locked

Here is my Kaspersky log. Any help to remove the infected items without damaging the system in any way will be hugely appreiated. Thanks in advance.

  pigseattruffles 19:10 03 Sep 06

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, September 03, 2006 6:55:51 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 3/09/2006
Kaspersky Anti-Virus database records: 207529
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C: D: F: G: H: I:
Scan Statistics:
Total number of scanned objects: 88498
Number of viruses found: 9
Number of infected objects: 26 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:41:54

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd002.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-09-03_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36366047.ex$ Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F1B5CEB.ex$ Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\Brett Worth\.housecall\Quarantine\A0022617.exe.bac_a01868 Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\Brett Worth\.housecall\Quarantine\A0023610.dll.bac_a01868 Infected: Trojan.Win32.Agent.vg skipped
C:\Documents and Settings\Brett Worth\.housecall\Quarantine\A0023616.exe.bac_a01868 Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\Brett Worth\.housecall\Quarantine\A0024615.exe.bac_a01868 Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\Brett Worth\.housecall\Quarantine\A0025623.exe.bac_a01868 Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\Brett Worth\.housecall\Quarantine\A0025641.exe.bac_a01868 Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\Brett Worth\.housecall\Quarantine\A0026683.exe.bac_a01868 Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\Brett Worth\.housecall\Quarantine\A0026711.exe.bac_a01868 Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\Brett Worth\.housecall\Quarantine\A0026729.exe.bac_a01868 Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\Brett Worth\.housecall\Quarantine\A0026741.exe.bac_a01868 Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\Brett Worth\.housecall\Quarantine\A0026772.exe.bac_a01868 Infected: Trojan-Downloader.Win32.Zlob.ts skipped

  pigseattruffles 19:11 03 Sep 06

C:\Documents and Settings\Brett Worth\.housecall\Quarantine\A0026816.exe.bac_a01868 Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\Brett Worth\.housecall\Quarantine\A0026817.exe.bac_a01868 Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\Brett Worth\.housecall\Quarantine\A0034112.EXE.bac_a01868 Infected: Trojan-Dropper.Win32.Microjoin.bx skipped
C:\Documents and Settings\Brett Worth\.housecall\Quarantine\mst4B9.tmp.bac_a01544 Infected: Packed.Win32.Klone.g skipped
C:\Documents and Settings\Brett Worth\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Brett Worth\Application Data\Mozilla\Firefox\Profiles\a226hyet.default\cert8.db Object is locked skipped
C:\Documents and Settings\Brett Worth\Application Data\Mozilla\Firefox\Profiles\a226hyet.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Brett Worth\Application Data\Mozilla\Firefox\Profiles\a226hyet.default\history.dat Object is locked skipped
C:\Documents and Settings\Brett Worth\Application Data\Mozilla\Firefox\Profiles\a226hyet.default\key3.db

  pigseattruffles 19:12 03 Sep 06

Object is locked skipped
C:\Documents and Settings\Brett Worth\Application Data\Mozilla\Firefox\Profiles\a226hyet.default\parent.lock Object is locked skipped
C:\Documents and Settings\Brett Worth\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_644C_3C15_4C3B_E08A\dfsr.db Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_644C_3C15_4C3B_E08A\fsr.log Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_644C_3C15_4C3B_E08A\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_644C_3C15_4C3B_E08A\tmp.edb Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\History\History.IE5\MSHist012006090320060904\index.dat Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Temp\a991vb11.exe Infected: Trojan-Downloader.Win32.Agent.alr skipped
C:\Documents and Settings\Brett Worth\Local Settings\Temp\~DF8DDF.tmp Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Temp\~DF8DEE.tmp Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Temp\~DF98C8.tmp Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Temp\~DF99F0.tmp Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Temp\~DF9B6A.tmp Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Temp\~DFC87A.tmp Object is locked skipped
C:\Documents and Settings\Brett Worth\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Brett Worth\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Brett Worth\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Brett Worth\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

  pigseattruffles 19:12 03 Sep 06

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0022614.tlb Infected: Trojan-Downloader.Win32.Zlob.ub skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0024618.tlb Infected: Trojan-Downloader.Win32.Zlob.ub skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0026694.tlb Infected: Trojan-Downloader.Win32.Zlob.ub skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP186\A0026719.tlb Infected: Trojan-Downloader.Win32.Zlob.ub skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP187\A0026773.exe Infected: Trojan-Downloader.Win32.Zlob.ub skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP187\A0026775.exe Infected: Trojan-Downloader.Win32.Zlob.tx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP187\A0026776.tlb Infected: Trojan-Downloader.Win32.Zlob.ub skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP235\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{1DF1845E-9B60-4B60-90B4-9FD8945B5DEF}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\rdpibeqq.dll Infected: Trojan-Spy.Win32.VBStat.d skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

  VoG II 19:14 03 Sep 06

Have you got *four* anti-virus programs on there ????

  skidzy 19:17 03 Sep 06

Better off posting a Hijackthis log click here and post here click here

They have the experts to point you in the right direction.

  VoG II 19:22 03 Sep 06

As far as I can see all of the ingected files are in system restore points or have been quarantined by other anti-virus programs - they cannot escape from there.

You should only have one anti-virus installed.

  SANTOS7 19:25 03 Sep 06

you have this Trojan-Downloader.Win32.Zlob.ub in your system volume information files (where your restore points are kept) the only way to delete them is to disable system restore reboot enable system restore then if you are still infected follow skidzy,s links the site is far more dedicated to the problems you have..

  SANTOS7 19:28 03 Sep 06

click here
the trojan in question is recognised by A-Squared download free tool from link it may help
click here

  skidzy 19:29 03 Sep 06

Just to add to SANTOS7 suggestion regarding disabling System Restore,please dont forget to empty your recycle bin.

This thread is now locked and can not be replied to.

Surface Pro 5 News - release date, UK price, features, specs

Microsoft Surface Studio hands-on review: the iMac killer is here

Best Mac antivirus 2017