Be sure to post the Ewido log also. I will be back as soon as I can after going through the logs. Also have to fix dinner for some guests. But I won't forget you, promise!
Administrator
Be sure to post the Ewido log also. I will be back as soon as I can after going through the logs. Also have to fix dinner for some guests. But I won't forget you, promise!
Junior Member
Thanks!!
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 22:32:18 09/07/2006
+ Scan result:
[144] VM_00B40000 -> Downloader.Agent.uj : Error during cleaning.
[164] VM_009B0000 -> Downloader.Agent.uj : Error during cleaning.
[176] VM_006B0000 -> Downloader.Agent.uj : Error during cleaning.
[432] VM_00840000 -> Downloader.Agent.uj : Error during cleaning.
::Report end
Administrator
Was the Ewido log done before or after FixWareout? Is this the original Ewido log or the one done from safe mode?
Give me awhile, have to look up some other tools
Judy
Junior Member
The ewido log was done before fix. It's the one done in safe mode.
thanks
Administrator
I am sorry, bear with me here....You have me VERY confused.....I really think you have only completed parts of various items, and have done them "out of sync"
In post #3 you say this;
Which tells me that you cannot do anything in safe mode.OK, I've tried numerous times to reboot into safe mode but when windows starts up in safe mode the screen freezes and doesn't allow me to open anything. I had to restart with alt and f4 and try again with no luck. I followed your instructions and downloaded ewido which deleted everything found apart from downloader agent uj - Googling tells me ewido won't be able to remove this?
Also in that very same post is your Ewido log. Which, because you said that you could not get into safe mode I assumed was run in Normal Mode.
Then in post #4 you tell me about finding the link for and running FixWareout but the only thing you post is this;
I then gave you instructions on how to look for the replacement of that file...did you look and replace it or just ignore my instruction?Check for missing files
.....
C:\WINNT\system32\AUTOEXEC.NT not there
.....
End check for missing files
What you DID NOT post was the FULL FixWareout log. I am not even certain that you had run the program at that time at all.
In post #5 I told you to run HJT again and fix these entries;
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKCU\..\Run: [internat.exe] internat.exe
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spysp...CabInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F6F117C-E815-4580-BA7D-846BC2968AE9}: NameServer = 85.255.115.6 85.255.112.20
O23 - Service: RA Server (Slave) - Unknown owner - C:\WINNT\Slave.exe (file missing)
I also asked you to try to run Ewido again in Safe Mode.
You post back in #6 and say this....
But you DO post what you say is a new HJT log and some of the fixes I requested seem to have been applied but these remain in the new log;I still can't do anything whilst in safe mode - I have to ctrl alt & del and even then I get an error message saying internet explorer isn't responding. I dont understand this as I hadn't even opened internet explorer?
So edwido hasnt been run in safe.
So I asked you in #7 if you had applied the fixes in HJT I requested and also ask if you still cannot go into safe mode. I also told you to check task manager to be certain it says ieexplore.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{5F6F117C-E815-4580-BA7D-846BC2968AE9}: NameServer = 85.255.115.6 85.255.112.20
O23 - Service: RA Server (Slave) - Unknown owner - C:\WINNT\Slave.exe (file missing)
In post #8 you say...
In post #9 I tell you to try to go to safe mode by using a step by step method and I note you have not posted the full FixWareout log.I can get it in safe mode by pressing f8 at menu, but when i login after it starts up, the desktop freezes not allowing me to click anything.
I fixed the entries you told me to yes.
In post #10 you say...
Honesly, I have no idea at this point what "last instructions" you are referring to...You then post the full FixWareout log along with another HJT log. Which still contains the two entries I note above.Apologies, it was explorer.exe
For some reason it allowed me to run ewido in safe mode (after about 6 attempts) I rebooted and followed your last instructions
This is where it really gets confusing to me...
Was this log the automatic log which was supposed to run immediately after the FixWareout was run as noted in the link that you cited or is this a log you have run yourself manually? AND if this was the automatic log why didn't you try to fix those two remaining entries?
Also, did you complete the instructions given on the link for using FixWareout?
That is the uploading (by copy/pasting the file path into the box and hitting submit) C:\WINNT\System32\CSEIX.EXE noted in the FixWareout scan to http://virusscan.jotti.org/
to have it checked out?
If you DID complete this step, why haven't you posted that information here?
Also then why did you post the OLD Ewido scan when the link clearly states to run the Ewido scan, in safe mode AFTER using FixWareout. That is the Ewido scan I expected to see not one run BEFORE using FixWareout. The reason for running one AFTER FixWareout is that Ewido should be able to fix the problem then. The one before the fix identifies what cannot be fixed so that additional steps can be applied before running Ewido again.
This is why, when removing malware, viruses, trojans, spyware, etc., each and every step must be followed exactly. Patience is the KEY. These are often very time consuming processes that need to be followed slowly and correctly. Steps cannot be skipped or done out of order. There is truly a reason the steps must be followed in order. If they are not they may not work at all. If a step cannot be completed then you should stop the process and that information should be posted and then you wait while a search is done for a new step to be tried. By using part of the information from that link and following part of the steps given by me and part of the steps from PP's link I honestly have no idea where we stand for sure or exactly what you have completed and when.
I need you to please upload that information to the link above and get the log from them. Save it. Don't post it here yet.
I now need you to reboot to safe mode and run Ewido again. Let it fix whatever is found and please save that log.
Reboot to normal mode. Run HJT again and fix those two entries, IF they remain that I have noted above. Reboot. Run it again, save the log and post THAT last HJT log, the Ewido log and the log from Virusscan here. Do NOTHING else.
If you have already done something else then DON'T follow these instructions yet...post back to me what you HAVE done and in what order. Don't post any old logs, just new ones.
Judy
Junior Member
I kept trying to get in safe mode - on the 5th time, I just run ewido in normalk mode - i was informed that safe mode is the safest way, so presumed if safe mode wasnt working then I'd have to run it without it?
I rebooted again and managed to get into safe mode, which is when I run ewido again.
I took your instructions to paste that file and I did that.
When I downloaded fixwareout, I didn't see any concrete instructions on how to run it? so am not sure if i posted the full log?
I fixed all the hjt entries you told me but they still seemed to come back?
The 'last instructions' i referred to were
The sticky on here is quite confusing to non techy people - it appears to consist of a lot of info, but doesn't give a definitive order to which these steps should be taken. It mentions hiding ops and enabling hidden files but doens't tell you exactly when you should do it? I'm probably wrong but thats the way it I'm reading it!Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal
I'm just run http://virusscan.jotti.org/
Heres the info
Service load: 0% 100%
File: cseix.exe
Status: INFECTED/MALWARE
MD5 4ec349a0d45a6ee6b8c2e0dbd9b83886
Packers detected: PE-CRYPT.POLYCRYPTA
Scanner results
AntiVir Found Heuristic/Malware (probable variant)
ArcaVir Found nothing
Avast Found Win32:Agent-AVO
AVG Antivirus Found Downloader.Agent.FCQ
BitDefender Found Trojan.Downloader.Mohbpork.A
ClamAV Found Trojan.Downloader.Agent-657
Dr.Web Found Trojan.DnsChange
F-Prot Antivirus Found Possibly a new variant of W32/SecRisk-ProcessPatcher-based!Maximus
Fortinet Found W32/Agent.UJ!tr.dldr
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Agent.uj
NOD32 Found a variant of Win32/Small.FB
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found Trojan.DownLoader.10960
I'm sorry, I've had malware problems before but this one seems ridiculously complex, particularly as my pc wouldnt even allow me to run safe mode for so long. I appreciate what you're doing massively though.
Progress UPDATE - I ran fix although the only log that appears is yesterdays and i cant locate any more for fix?
I rebooted in safe mode then run ewido. It cleaned the agent uj trojan, here's the report;
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:32:10 09/08/2006
+ Scan result:
C:\WINNT\system32\cseix.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
::Report end
I am now able to run adaware (which is clean) and the speed of my surfing has improved!
Well done you!
I have since trued that jotti scan and the CSEIX.EXE file you asked me to locate, cannot be found - i presume this is a good thing?
Do I run hjt in safe now? Im so damn confused! I'll await your instructions.
Thanks a million for your patience!
Last edited by spyware_victim; 09-08-2006 at 05:02 AM.
Administrator
Hey, don't panic. We both were confused for a while yesterdayThe sticky on here is quite confusing to non techy people - it appears to consist of a lot of info, but doesn't give a definitive order to which these steps should be taken. It mentions hiding ops and enabling hidden files but doens't tell you exactly when you should do it? I'm probably wrong but thats the way it I'm reading it!
First of all let me say, things ARE looking MUCH better.
Now I am going to walk you through the steps, in the order they should be performed, which IS in the exact order that PP gives, because I want you to follow all the steps again, just to be certain that your computer is clean.
READ ME Before Posting A Request For Assistance!
1. His first step asks you to familiarize yourself with three items...
You already know how to boot to safe mode so you do not need to read that one.
I DO want you to Enable Viewing of Hidden Files and Folders
So do that NOW.
Turning off System Restore only applies to Windows ME and XP so it does not apply to your system so just go forward.
2. Here he requests that you download five programs.
I know you have AdAwareSE and Ewido for sure. Update both of those programs but DO NOT RUN THEM YET.
I want you to download any of the other three you DO NOT have at this time. Download, install and update them but DO NOT RUN THEM YET.
3. You already have HiJackThis on your system so you do not need to download it again. But while we are on this step, go ahead and delete any of the old logs from HJT AND Ewido that you have remaining on your system. They are already posted here so if need be we can refer back to those so just delete them from your computer to avoid confusion. (you and I both have all ready had enough of that!)
4. Look in Add/Remove for any programs you don't recognize or didn't add yourself and if you find any either remove them or if you are not certain then leave them for now but make a note to ask about it LATER.
5. Be certain that you have Enabled the Viewing of Hidden Files and Folders.
6. Run the Microsoft® Windows® Malicious Software Removal Tool that you downloaded in step #2.
7. Run at least 2 of the online anti-virus scans that he lists in the sticky. I would recommend that you run Trend Micro
and Symantec
I want to add a third of my own choosing here that I also think you should run and that is Windows Security Trojan Scan
I would like you to run all three of those, in the order given. Have them remove everything found.
Make a note of everything found and fixed and the where it was located.
8. Disconnect completely from the internet. That means REMOVE THE INTERNET PLUG FROM YOUR COMPUTER ENTIRELY. Close all browsers and boot to SAFE MODE.
Do the following, and in this order;
A – Open and RUN CCleaner with the default options to clean out temporary files. Only use the Default Scan (Windows Tab) click the Analyze Button. It will scan your computer for unnecessary files. It will take a few minutes. When it is complete it will show you, in the window, what files are safe to remove Click the Run Cleaner button. Do not run any other options from other tabs.
B – Open SpyBotSD and Click “Check for Problems.” Allow SpyBot to fix what it finds.
C – Open Ad-Aware SE Personal and Click START > Check the Perform full system scan box > Click NEXT. Allow Ad-Aware to fix what it finds.
D – Open Microsoft® Windows Defender (Windows XP/2K/2003 users ONLY!) and Click the downward pointing arrow next to SCAN and Select Full Scan. Allow it to run and fix what it finds.
E – Last is EWIDO Anti-Spyware, please OPEN EWIDO and click Scanner > Complete System Scan.
Allow it to fix what it finds and click on Save Report. Save the log to your desktop and please attach it along with your HijackThis log when you post back.
Finally, once you have completed ALL of the above steps, in the EXACT ORDER GIVEN then Reboot the computer to NORMAL MODE.
Run a NEW HiJackThis scan, save the log to your desktop. Then post back here with the NEW HJT log and the Ewido Log.
Junior Member
Ok, I've got to your step 7, I've run trend micro which found several trojans but couldnt locate or delete one(TSPY_PUPER) I went to run symantec scan and it doesnt load, it just brings up a white box and doe nothing.
I'm not sure if I should continue to the next step or not, can you let me know?
Administrator
Try this scan instead;
BitDefender Online Scan
You will have to scroll down and in the lower left is a button which says Scan Now. A pop up box will open. Click I agree and the scan should download and run.
Junior Member
Ok, symantec as I said wouldn't run, neither would Microsoft win defender - Apparantly it requires GDI+ to enable it to be run? Which My system doesn't have..
Followed all your other instructions.
Logfile of HijackThis v1.99.1
Scan saved at 22:42:05, on 09/08/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\msiexec.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\system32\khooker.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://www.phenology.org.uk/download/CfxIEAx.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1153904857656
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37350.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RA Server (Slave) - Unknown owner - C:\WINNT\Slave.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
---------------
BitDefender Online Scanner
Scan report generated at: Fri, Sep 08, 2006 - 20:33:09
Scan path: A:\;C:\;D:\;
Statistics
Time
00:30:02
Files
161204
Folders
2404
Boot Sectors
2
Archives
17629
Packed Files
14062
Results
Identified Viruses
0
Infected Files
0
Suspect Files
2
Warnings
0
Disinfected
0
Deleted Files
2
Engines Info
Virus Definitions
453250
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 179)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 27 Jun 2006 10:21:55 +0100]=>(MIME part)=>(MIME part)=>(MIME part)=>(message body)
Suspected of: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 179)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 27 Jun 2006 10:21:55 +0100]=>(MIME part)=>(MIME part)=>(MIME part)=>(message body)
Disinfection failed
C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 179)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 27 Jun 2006 10:21:55 +0100]=>(MIME part)=>(MIME part)=>(MIME part)=>(message body)
Deleted
C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 179)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 27 Jun 2006 10:21:55 +0100]=>(MIME part)=>(MIME part)=>(MIME part)
Updated
C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 179)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 27 Jun 2006 10:21:55 +0100]=>(MIME part)=>(MIME part)
Updated
C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 179)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 27 Jun 2006 10:21:55 +0100]=>(MIME part)
Updated
C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 179)
Updated
C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx
Update failed
C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 204)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 20 Jun 2006 18:31:28 +0100]=>(MIME part)=>(MIME part)=>(MIME part)=>(message body)
Suspected of: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 204)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 20 Jun 2006 18:31:28 +0100]=>(MIME part)=>(MIME part)=>(MIME part)=>(message body)
Disinfection failed
C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 204)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 20 Jun 2006 18:31:28 +0100]=>(MIME part)=>(MIME part)=>(MIME part)=>(message body)
Deleted
C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 204)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 20 Jun 2006 18:31:28 +0100]=>(MIME part)=>(MIME part)=>(MIME part)
Updated
C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 204)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 20 Jun 2006 18:31:28 +0100]=>(MIME part)=>(MIME part)
Updated
C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 204)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 20 Jun 2006 18:31:28 +0100]=>(MIME part)
Updated
C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 204)
Updated
C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx
Update failed
--------------
I can't locate the Ewido log, but it was clear anyway.
I hope this all makes sense?
Thanks for waiting!
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
