Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 39

Thread: Owned by Spyware!! Please Help?

  1. #11
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    Be sure to post the Ewido log also. I will be back as soon as I can after going through the logs. Also have to fix dinner for some guests. But I won't forget you, promise!

  2. #12
    Join Date
    Sep 2006
    Posts
    19
    Thanks!!

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 22:32:18 09/07/2006

    + Scan result:



    [144] VM_00B40000 -> Downloader.Agent.uj : Error during cleaning.
    [164] VM_009B0000 -> Downloader.Agent.uj : Error during cleaning.
    [176] VM_006B0000 -> Downloader.Agent.uj : Error during cleaning.
    [432] VM_00840000 -> Downloader.Agent.uj : Error during cleaning.


    ::Report end

  3. #13
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    Was the Ewido log done before or after FixWareout? Is this the original Ewido log or the one done from safe mode?
    Give me awhile, have to look up some other tools
    Judy

  4. #14
    Join Date
    Sep 2006
    Posts
    19
    The ewido log was done before fix. It's the one done in safe mode.
    thanks

  5. #15
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    I am sorry, bear with me here....You have me VERY confused.....I really think you have only completed parts of various items, and have done them "out of sync"
    In post #3 you say this;
    OK, I've tried numerous times to reboot into safe mode but when windows starts up in safe mode the screen freezes and doesn't allow me to open anything. I had to restart with alt and f4 and try again with no luck. I followed your instructions and downloaded ewido which deleted everything found apart from downloader agent uj - Googling tells me ewido won't be able to remove this?
    Which tells me that you cannot do anything in safe mode.
    Also in that very same post is your Ewido log. Which, because you said that you could not get into safe mode I assumed was run in Normal Mode.
    Then in post #4 you tell me about finding the link for and running FixWareout but the only thing you post is this;
    Check for missing files
    .....
    C:\WINNT\system32\AUTOEXEC.NT not there
    .....
    End check for missing files
    I then gave you instructions on how to look for the replacement of that file...did you look and replace it or just ignore my instruction?

    What you DID NOT post was the FULL FixWareout log. I am not even certain that you had run the program at that time at all.

    In post #5 I told you to run HJT again and fix these entries;
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spysp...CabInstall.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5F6F117C-E815-4580-BA7D-846BC2968AE9}: NameServer = 85.255.115.6 85.255.112.20
    O23 - Service: RA Server (Slave) - Unknown owner - C:\WINNT\Slave.exe (file missing)
    I also asked you to try to run Ewido again in Safe Mode.

    You post back in #6 and say this....
    I still can't do anything whilst in safe mode - I have to ctrl alt & del and even then I get an error message saying internet explorer isn't responding. I dont understand this as I hadn't even opened internet explorer?

    So edwido hasnt been run in safe.
    But you DO post what you say is a new HJT log and some of the fixes I requested seem to have been applied but these remain in the new log;
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5F6F117C-E815-4580-BA7D-846BC2968AE9}: NameServer = 85.255.115.6 85.255.112.20
    O23 - Service: RA Server (Slave) - Unknown owner - C:\WINNT\Slave.exe (file missing)
    So I asked you in #7 if you had applied the fixes in HJT I requested and also ask if you still cannot go into safe mode. I also told you to check task manager to be certain it says ieexplore.exe
    In post #8 you say...
    I can get it in safe mode by pressing f8 at menu, but when i login after it starts up, the desktop freezes not allowing me to click anything.

    I fixed the entries you told me to yes.
    In post #9 I tell you to try to go to safe mode by using a step by step method and I note you have not posted the full FixWareout log.

    In post #10 you say...
    Apologies, it was explorer.exe
    For some reason it allowed me to run ewido in safe mode (after about 6 attempts) I rebooted and followed your last instructions
    Honesly, I have no idea at this point what "last instructions" you are referring to...You then post the full FixWareout log along with another HJT log. Which still contains the two entries I note above.

    This is where it really gets confusing to me...
    Was this log the automatic log which was supposed to run immediately after the FixWareout was run as noted in the link that you cited or is this a log you have run yourself manually? AND if this was the automatic log why didn't you try to fix those two remaining entries?
    Also, did you complete the instructions given on the link for using FixWareout?
    That is the uploading (by copy/pasting the file path into the box and hitting submit) C:\WINNT\System32\CSEIX.EXE noted in the FixWareout scan to http://virusscan.jotti.org/
    to have it checked out?
    If you DID complete this step, why haven't you posted that information here?

    Also then why did you post the OLD Ewido scan when the link clearly states to run the Ewido scan, in safe mode AFTER using FixWareout. That is the Ewido scan I expected to see not one run BEFORE using FixWareout. The reason for running one AFTER FixWareout is that Ewido should be able to fix the problem then. The one before the fix identifies what cannot be fixed so that additional steps can be applied before running Ewido again.
    This is why, when removing malware, viruses, trojans, spyware, etc., each and every step must be followed exactly. Patience is the KEY. These are often very time consuming processes that need to be followed slowly and correctly. Steps cannot be skipped or done out of order. There is truly a reason the steps must be followed in order. If they are not they may not work at all. If a step cannot be completed then you should stop the process and that information should be posted and then you wait while a search is done for a new step to be tried. By using part of the information from that link and following part of the steps given by me and part of the steps from PP's link I honestly have no idea where we stand for sure or exactly what you have completed and when.

    I need you to please upload that information to the link above and get the log from them. Save it. Don't post it here yet.

    I now need you to reboot to safe mode and run Ewido again. Let it fix whatever is found and please save that log.

    Reboot to normal mode. Run HJT again and fix those two entries, IF they remain that I have noted above. Reboot. Run it again, save the log and post THAT last HJT log, the Ewido log and the log from Virusscan here. Do NOTHING else.
    If you have already done something else then DON'T follow these instructions yet...post back to me what you HAVE done and in what order. Don't post any old logs, just new ones.
    Judy

  6. #16
    Join Date
    Sep 2006
    Posts
    19
    I kept trying to get in safe mode - on the 5th time, I just run ewido in normalk mode - i was informed that safe mode is the safest way, so presumed if safe mode wasnt working then I'd have to run it without it?

    I rebooted again and managed to get into safe mode, which is when I run ewido again.

    I took your instructions to paste that file and I did that.

    When I downloaded fixwareout, I didn't see any concrete instructions on how to run it? so am not sure if i posted the full log?

    I fixed all the hjt entries you told me but they still seemed to come back?

    The 'last instructions' i referred to were

    Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal
    The sticky on here is quite confusing to non techy people - it appears to consist of a lot of info, but doesn't give a definitive order to which these steps should be taken. It mentions hiding ops and enabling hidden files but doens't tell you exactly when you should do it? I'm probably wrong but thats the way it I'm reading it!

    I'm just run http://virusscan.jotti.org/

    Heres the info
    Service load: 0% 100%

    File: cseix.exe
    Status: INFECTED/MALWARE
    MD5 4ec349a0d45a6ee6b8c2e0dbd9b83886
    Packers detected: PE-CRYPT.POLYCRYPTA
    Scanner results
    AntiVir Found Heuristic/Malware (probable variant)
    ArcaVir Found nothing
    Avast Found Win32:Agent-AVO
    AVG Antivirus Found Downloader.Agent.FCQ
    BitDefender Found Trojan.Downloader.Mohbpork.A
    ClamAV Found Trojan.Downloader.Agent-657
    Dr.Web Found Trojan.DnsChange
    F-Prot Antivirus Found Possibly a new variant of W32/SecRisk-ProcessPatcher-based!Maximus
    Fortinet Found W32/Agent.UJ!tr.dldr
    Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Agent.uj
    NOD32 Found a variant of Win32/Small.FB
    Norman Virus Control Found nothing
    UNA Found nothing
    VirusBuster Found nothing
    VBA32 Found Trojan.DownLoader.10960


    I'm sorry, I've had malware problems before but this one seems ridiculously complex, particularly as my pc wouldnt even allow me to run safe mode for so long. I appreciate what you're doing massively though.

    Progress UPDATE - I ran fix although the only log that appears is yesterdays and i cant locate any more for fix?

    I rebooted in safe mode then run ewido. It cleaned the agent uj trojan, here's the report;
    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 10:32:10 09/08/2006

    + Scan result:



    C:\WINNT\system32\cseix.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).


    ::Report end

    I am now able to run adaware (which is clean) and the speed of my surfing has improved!

    Well done you!

    I have since trued that jotti scan and the CSEIX.EXE file you asked me to locate, cannot be found - i presume this is a good thing?

    Do I run hjt in safe now? Im so damn confused! I'll await your instructions.

    Thanks a million for your patience!
    Last edited by spyware_victim; 09-08-2006 at 05:02 AM.

  7. #17
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    The sticky on here is quite confusing to non techy people - it appears to consist of a lot of info, but doesn't give a definitive order to which these steps should be taken. It mentions hiding ops and enabling hidden files but doens't tell you exactly when you should do it? I'm probably wrong but thats the way it I'm reading it!
    Hey, don't panic. We both were confused for a while yesterday
    First of all let me say, things ARE looking MUCH better.

    Now I am going to walk you through the steps, in the order they should be performed, which IS in the exact order that PP gives, because I want you to follow all the steps again, just to be certain that your computer is clean.

    READ ME Before Posting A Request For Assistance!

    1. His first step asks you to familiarize yourself with three items...
    You already know how to boot to safe mode so you do not need to read that one.
    I DO want you to Enable Viewing of Hidden Files and Folders
    So do that NOW.
    Turning off System Restore only applies to Windows ME and XP so it does not apply to your system so just go forward.

    2. Here he requests that you download five programs.
    I know you have AdAwareSE and Ewido for sure. Update both of those programs but DO NOT RUN THEM YET.
    I want you to download any of the other three you DO NOT have at this time. Download, install and update them but DO NOT RUN THEM YET.

    3.
    You already have HiJackThis on your system so you do not need to download it again. But while we are on this step, go ahead and delete any of the old logs from HJT AND Ewido that you have remaining on your system. They are already posted here so if need be we can refer back to those so just delete them from your computer to avoid confusion. (you and I both have all ready had enough of that!)

    4. Look in Add/Remove for any programs you don't recognize or didn't add yourself and if you find any either remove them or if you are not certain then leave them for now but make a note to ask about it LATER.

    5. Be certain that you have Enabled the Viewing of Hidden Files and Folders.

    6. Run the Microsoft® Windows® Malicious Software Removal Tool that you downloaded in step #2.

    7.
    Run at least 2 of the online anti-virus scans that he lists in the sticky. I would recommend that you run Trend Micro
    and Symantec
    I want to add a third of my own choosing here that I also think you should run and that is Windows Security Trojan Scan
    I would like you to run all three of those, in the order given. Have them remove everything found.
    Make a note of everything found and fixed and the where it was located.

    8. Disconnect completely from the internet. That means REMOVE THE INTERNET PLUG FROM YOUR COMPUTER ENTIRELY. Close all browsers and boot to SAFE MODE.

    Do the following, and in this order;
    A – Open and RUN CCleaner with the default options to clean out temporary files. Only use the Default Scan (Windows Tab) click the Analyze Button. It will scan your computer for unnecessary files. It will take a few minutes. When it is complete it will show you, in the window, what files are safe to remove Click the Run Cleaner button. Do not run any other options from other tabs.

    B – Open SpyBotSD and Click “Check for Problems.” Allow SpyBot to fix what it finds.

    C – Open Ad-Aware SE Personal and Click START > Check the Perform full system scan box > Click NEXT. Allow Ad-Aware to fix what it finds.

    D – Open Microsoft® Windows Defender (Windows XP/2K/2003 users ONLY!) and Click the downward pointing arrow next to SCAN and Select Full Scan. Allow it to run and fix what it finds.

    E – Last is EWIDO Anti-Spyware, please OPEN EWIDO and click Scanner > Complete System Scan.
    Allow it to fix what it finds and click on Save Report. Save the log to your desktop and please attach it along with your HijackThis log when you post back.

    Finally, once you have completed ALL of the above steps, in the EXACT ORDER GIVEN then Reboot the computer to NORMAL MODE.

    Run a NEW HiJackThis scan, save the log to your desktop. Then post back here with the NEW HJT log and the Ewido Log.

  8. #18
    Join Date
    Sep 2006
    Posts
    19
    Ok, I've got to your step 7, I've run trend micro which found several trojans but couldnt locate or delete one(TSPY_PUPER) I went to run symantec scan and it doesnt load, it just brings up a white box and doe nothing.
    I'm not sure if I should continue to the next step or not, can you let me know?

  9. #19
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    Try this scan instead;
    BitDefender Online Scan
    You will have to scroll down and in the lower left is a button which says Scan Now. A pop up box will open. Click I agree and the scan should download and run.

  10. #20
    Join Date
    Sep 2006
    Posts
    19
    Ok, symantec as I said wouldn't run, neither would Microsoft win defender - Apparantly it requires GDI+ to enable it to be run? Which My system doesn't have..

    Followed all your other instructions.


    Logfile of HijackThis v1.99.1
    Scan saved at 22:42:05, on 09/08/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\SOUNDMAN.EXE
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINNT\system32\msiexec.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\system32\khooker.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://www.phenology.org.uk/download/CfxIEAx.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1153904857656
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37350.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
    O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: RA Server (Slave) - Unknown owner - C:\WINNT\Slave.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

    ---------------


    BitDefender Online Scanner



    Scan report generated at: Fri, Sep 08, 2006 - 20:33:09





    Scan path: A:\;C:\;D:\;







    Statistics

    Time
    00:30:02

    Files
    161204

    Folders
    2404

    Boot Sectors
    2

    Archives
    17629

    Packed Files
    14062




    Results

    Identified Viruses
    0

    Infected Files
    0

    Suspect Files
    2

    Warnings
    0

    Disinfected
    0

    Deleted Files
    2




    Engines Info

    Virus Definitions
    453250

    Engine build
    AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

    Scan plugins
    13

    Archive plugins
    38

    Unpack plugins
    6

    E-mail plugins
    6

    System plugins
    1




    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions


    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes




    Scanned File
    Status

    C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 179)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 27 Jun 2006 10:21:55 +0100]=>(MIME part)=>(MIME part)=>(MIME part)=>(message body)
    Suspected of: Exploit.Iframe.Vulnerability

    C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 179)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 27 Jun 2006 10:21:55 +0100]=>(MIME part)=>(MIME part)=>(MIME part)=>(message body)
    Disinfection failed

    C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 179)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 27 Jun 2006 10:21:55 +0100]=>(MIME part)=>(MIME part)=>(MIME part)=>(message body)
    Deleted

    C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 179)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 27 Jun 2006 10:21:55 +0100]=>(MIME part)=>(MIME part)=>(MIME part)
    Updated

    C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 179)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 27 Jun 2006 10:21:55 +0100]=>(MIME part)=>(MIME part)
    Updated

    C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 179)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 27 Jun 2006 10:21:55 +0100]=>(MIME part)
    Updated

    C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 179)
    Updated

    C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx
    Update failed

    C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 204)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 20 Jun 2006 18:31:28 +0100]=>(MIME part)=>(MIME part)=>(MIME part)=>(message body)
    Suspected of: Exploit.Iframe.Vulnerability

    C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 204)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 20 Jun 2006 18:31:28 +0100]=>(MIME part)=>(MIME part)=>(MIME part)=>(message body)
    Disinfection failed

    C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 204)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 20 Jun 2006 18:31:28 +0100]=>(MIME part)=>(MIME part)=>(MIME part)=>(message body)
    Deleted

    C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 204)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 20 Jun 2006 18:31:28 +0100]=>(MIME part)=>(MIME part)=>(MIME part)
    Updated

    C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 204)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 20 Jun 2006 18:31:28 +0100]=>(MIME part)=>(MIME part)
    Updated

    C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 204)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 20 Jun 2006 18:31:28 +0100]=>(MIME part)
    Updated

    C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 204)
    Updated

    C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx
    Update failed



    --------------

    I can't locate the Ewido log, but it was clear anyway.

    I hope this all makes sense?
    Thanks for waiting!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •