EsetNOD32 Removes Program Files 9/29

Discussion in 'ESET NOD32 Antivirus' started by bartkile, Oct 4, 2008.

Thread Status:
Not open for further replies.
  1. bartkile

    bartkile Registered Member

    Joined:
    Feb 21, 2008
    Posts:
    4
    Beginning on September 29th our ESET Ver 3.0.621.0 began detecting and cleaning and quaranteening program files as Win32/Sality.NAR virus on all of our servers and possibly on some of our user computers. This began with update to version 3479 (20080929). This is still continuing. Is anyone else having this problem and how can I get this corrected.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    That's weird because files infected with a virus should never be quarantined automatically, but instead you should always be prompted for an action as EAV itself cannot decide if it's safe to move such file to quarantine. What's more, we have not adjsuted or added detection for Sality recently. Could you please post here 2-3 examples from your threat log? I gather that the files are currently located in quarantine.
     
  3. bartkile

    bartkile Registered Member

    Joined:
    Feb 21, 2008
    Posts:
    4
    9/29/2008 10:14:08 PM Real-time file system protection file C:\Printer Drivers\HL LJ 1200 PCL6\lj988en.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\lsass.exe.
    9/29/2008 10:14:03 PM Real-time file system protection file C:\Printer Drivers\HL LJ 1200 PCL6\lj1017en.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\lsass.exe.
    9/29/2008 10:13:44 PM Real-time file system protection file C:\Printer Drivers\EPSON COLOR STYLUS 880\OEMINF.EXE Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\lsass.exe.
    9/29/2008 10:13:40 PM Real-time file system protection file C:\Printer Drivers\EPSON COLOR STYLUS 880\E_SCHK02.EXE Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\lsass.exe.
    9/29/2008 10:13:35 PM Real-time file system protection file C:\Printer Drivers\EPSON COLOR STYLUS 880\epson10001.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\lsass.exe.
    9/29/2008 10:13:28 PM Real-time file system protection file C:\Printer Drivers\EPSON COLOR STYLUS 880\DEVICEOP.EXE Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\lsass.exe.
    9/29/2008 10:13:16 PM Real-time file system protection file C:\Printer Drivers\DESKJET 842C\840-enu-xp.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\lsass.exe.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    1, do you have the printer shared in your network?
    2, what operating system and what service pack do you have installed?
    3, do you have all available Windows updates installed?
    4, do the files keep being re-infected even with the computer unplugged from the network?
     
  5. bartkile

    bartkile Registered Member

    Joined:
    Feb 21, 2008
    Posts:
    4
    This is happening on all of our Servers, all fully updated to the most current Service Packs and patches. I have not removed any of our servers from the network to test if this still happens. Here are logs from a different server:
    10/4/2008 10:30:12 AM Real-time file system protection file C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe Win32/Sality.NAR virus unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe.
    10/4/2008 10:30:12 AM Real-time file system protection file C:\PROGRA~1\WINZIP\winzip32.exe Win32/Sality.NAR virus unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINNT\Explorer.EXE.
    10/4/2008 10:30:12 AM Real-time file system protection file C:\PROGRA~1\WINZIP\winzip32.exe Win32/Sality.NAR virus unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINNT\Explorer.EXE.
    10/4/2008 10:30:12 AM Real-time file system protection file C:\Program Files\Common Files\Microsoft Shared\Office10\DW.EXE Win32/Sality.NAR virus unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe.
    10/4/2008 10:30:12 AM Real-time file system protection file C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe Win32/Sality.NAR virus unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe.
    10/4/2008 10:30:12 AM Real-time file system protection file C:\Documents and Settings\Administrator\Local Settings\Temp\jre-6u5-windows-i586-p-iftw_1b121abb.exe Win32/Sality.NAR virus unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe.
    10/4/2008 10:30:12 AM Real-time file system protection file C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe Win32/Sality.NAR virus unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe.
    10/4/2008 10:30:12 AM Real-time file system protection file C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe Win32/Sality.NAR virus unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe.
    10/4/2008 10:30:12 AM Real-time file system protection file C:\Program Files\WinZip\WINZIP32.EXE Win32/Sality.NAR virus unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINNT\Explorer.EXE.
    10/4/2008 10:30:10 AM Real-time file system protection file C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe Win32/Sality.NAR virus unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINNT\Explorer.EXE.
    10/4/2008 10:30:10 AM Real-time file system protection file C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe Win32/Sality.NAR virus unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINNT\Explorer.EXE.
    10/4/2008 10:25:41 AM Startup scanner file C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlagent.EXE Win32/Sality.NAR virus unable to clean
    10/4/2008 10:25:41 AM Real-time file system protection file C:\WINNT\$NtUninstallKB913580$\dtcsetup.exe Win32/Sality.NAR virus unable to clean Event occurred during an attempt to access the file by the application: C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe.
    10/4/2008 10:25:41 AM Real-time file system protection file C:\WINNT\$NtUninstallKB917537$\spuninst\spuninst.exe Win32/Sality.NAR virus unable to clean Event occurred during an attempt to access the file by the application: C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe.
    10/4/2008 10:25:41 AM Real-time file system protection file C:\PROGRA~1\WINZIP\winzip32.exe Win32/Sality.NAR virus unable to clean Event occurred during an attempt to access the file by the application: C:\WINNT\Explorer.EXE.
    10/4/2008 10:25:40 AM Startup scanner file C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe Win32/Sality.NAR virus unable to clean










































    10/4/2008 10:25:37 AM Real-time file system protection file C:\WINNT\$NtUninstallKB899591$\spuninst\spuninst.exe Win32/Sality.NAR virus unable to clean Event occurred during an attempt to access the file by the application: C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe.
    10/4/2008 10:25:37 AM Real-time file system protection file C:\WINNT\$NtUninstallKB896423$\spoolsv.exe Win32/Sality.NAR virus unable to clean Event occurred during an attempt to access the file by the application: C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe.
    10/4/2008 10:25:37 AM Real-time file system protection file C:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe Win32/Sality.NAR virus unable to clean Event occurred during an attempt to access the file by the application: C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe.
    10/4/2008 10:25:37 AM Real-time file system protection file C:\WINNT\$NtUninstallKB897715-OE6SP1-20050503.210336$\spuninst\spuninst.exe Win32/Sality.NAR virus unable to clean Event occurred during an attempt to access the file by the application: C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe.
    10/4/2008 10:25:37 AM Real-time file system protection file C:\WINNT\$NtUninstallKB896688-IE6SP1-20051004.130236$\spuninst\spuninst.exe Win32/Sality.NAR virus unable to clean Event occurred during an attempt to access the file by the application: C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe.
    10/4/2008 10:25:37 AM Real-time file system protection file C:\WINNT\$NtUninstallKB890859$\ntkrpamp.exe Win32/Sality.NAR virus unable to clean Event occurred during an attempt to access the file by the application: C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe.
    10/4/2008 10:25:37 AM Real-time file system protection file C:\WINNT\$NtUninstallKB890859$\ntkrnlpa.exe Win32/Sality.NAR virus unable to clean Event occurred during an attempt to access the file by the application: C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe.
    10/4/2008 10:25:37 AM Real-time file system protection file C:\WINNT\$NtUninstallKB890859$\ntoskrnl.exe Win32/Sality.NAR virus unable to clean Event occurred during an attempt to access the file by the application: C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe.
    10/4/2008 10:25:37 AM Real-time file system protection file C:\WINNT\$NtUninstallKB893756$\spuninst\spuninst.exe Win32/Sality.NAR virus unable to clean Event occurred during an attempt to access the file by the application: C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe.
    10/4/2008 10:25:37 AM Real-time file system protection file C:\WINNT\$NtUninstallKB893086$\spuninst\spuninst.exe Win32/Sality.NAR virus unable to clean Event occurred during an attempt to access the file by the application: C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe.
    10/4/2008 10:25:37 AM Real-time file system protection file C:\WINNT\$NtUninstallKB896422$\spuninst\spuninst.exe Win32/Sality.NAR virus unable to clean Event occurred during an attempt to access the file by the application: C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe.
    10/4/2008 10:25:36 AM Real-time file system protection file C:\WINNT\$NtUninstallKB893066$\spuninst\spuninst.exe Win32/Sality.NAR virus unable to clean Event occurred during an attempt to access the file by the application: C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe.
    10/4/2008 10:25:36 AM Real-time file system protection file C:\WINNT\$NtUninstallKB891781$\spuninst\spuninst.exe Win32/Sality.NAR virus unable to clean Event occurred during an attempt to access the file by the application: C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe.
    10/4/2008 10:25:36 AM Real-time file system protection file C:\WINNT\$NtUninstallKB894320$\spuninst\spuninst.exe Win32/Sality.NAR virus unable to clean Event occurred during an attempt to access the file by the application: C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe.
    10/4/2008 10:25:36 AM Real-time file system protection file C:\WINNT\$NtUninstallKB891711$\spuninst\spuninst.exe Win32/Sality.NAR virus unable to clean Event occurred during an attempt to access the file by the application: C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe.
    10/4/2008 10:25:36 AM Real-time file system protection file C:\WINNT\$NtUninstallKB890859$\spuninst\spuninst.exe Win32/Sality.NAR virus unable to clean Event occurred during an attempt to access the file by the application: C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe.


































































































































































































































































































































































































































































































































































































    10/3/2008 6:13:14 AM Real-time file system protection file C:\PROGRAM FILES\XEROX\SUPPORT CENTRE\supportuninstall.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 6:13:08 AM Real-time file system protection file C:\PROGRAM FILES\XEROX\SUPPORT CENTRE\InstallationManager.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 6:07:38 AM Real-time file system protection file C:\PROGRAM FILES\WINZIP\WZSEPE32.EXE Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: \??\C:\WINNT\system32\winlogon.exe.
    10/3/2008 6:07:32 AM Real-time file system protection file C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: \??\C:\WINNT\system32\winlogon.exe.
    10/3/2008 6:07:26 AM Real-time file system protection file C:\PROGRAM FILES\WINZIP\WINZIP32.EXE Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: \??\C:\WINNT\system32\winlogon.exe.
    10/3/2008 6:07:06 AM Real-time file system protection file C:\PROGRAM FILES\WINDOWS NT\PINBALL\pinball.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: \??\C:\WINNT\system32\winlogon.exe.
    10/3/2008 6:06:28 AM Real-time file system protection file C:\PROGRAM FILES\WINDOWS NT\ACCESSORIES\IMAGEVUE\kodakprv.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: \??\C:\WINNT\system32\winlogon.exe.
    10/3/2008 6:06:22 AM Real-time file system protection file C:\PROGRAM FILES\WINDOWS NT\ACCESSORIES\IMAGEVUE\kodakimg.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: \??\C:\WINNT\system32\winlogon.exe.
    10/3/2008 6:05:58 AM Real-time file system protection file C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\logagent.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: \??\C:\WINNT\system32\winlogon.exe.
    10/3/2008 6:05:44 AM Real-time file system protection file C:\PROGRAM FILES\VERITAS\VXUPDATE\VxUpdate.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 6:02:29 AM Real-time file system protection file C:\PROGRAM FILES\VERITAS\BACKUP EXEC\NT\ECM\ECM.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 6:02:16 AM Real-time file system protection file C:\PROGRAM FILES\VERITAS\BACKUP EXEC\NT\DLOConsoleu.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 6:01:51 AM Real-time file system protection file C:\PROGRAM FILES\VERITAS\BACKUP EXEC\NT\clusconfig.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 6:01:45 AM Real-time file system protection file C:\PROGRAM FILES\VERITAS\BACKUP EXEC\NT\clrest.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 6:01:13 AM Real-time file system protection file C:\PROGRAM FILES\VERITAS\BACKUP EXEC\NT\BEUtility.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 6:00:46 AM Real-time file system protection file C:\PROGRAM FILES\VERITAS\BACKUP EXEC\NT\BEPerfSetup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.










































































































































































    10/3/2008 4:58:15 AM Real-time file system protection file C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{9586B56D-0B14-479E-85FB-ADFA65B84AE6}\setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 4:58:03 AM Real-time file system protection file C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{947C704B-EE80-4E78-8EA6-41B9A4D34D72}\setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 4:57:41 AM Real-time file system protection file C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{8089ACCF-1566-459B-A28C-5DBFEADCE930}\setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 4:57:32 AM Real-time file system protection file C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{7937FEFF-5B69-450B-A7A4-15644552BAE3}\setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 4:57:23 AM Real-time file system protection file C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{62F3A721-B7C9-4716-9D3F-077D28FB49B0}\setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 4:57:08 AM Real-time file system protection file C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{49CEF248-C5F8-41B1-B3E7-5D95FF2F5677}\Setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 4:56:58 AM Real-time file system protection file C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{4412C7F0-4B05-48CE-A71A-7143227D90BD}\setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 4:56:49 AM Real-time file system protection file C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{3D88764D-268B-47CA-9B05-75A9C425A3B4}\setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 4:56:39 AM Real-time file system protection file C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{2840D77B-F9AC-44E3-B7F3-A3F7FCAAB66A}\setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 4:56:29 AM Real-time file system protection file C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{145C1EF0-5822-4573-83ED-95CD4426FE9C}\setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 4:56:20 AM Real-time file system protection file C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{11AD7005-5193-40F0-91BA-2727632C5A9E}\setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 4:56:10 AM Real-time file system protection file C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{08F782CE-8EDB-48B4-9CC3-4BA8F9A6952B}\setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 4:55:55 AM Real-time file system protection file C:\PROGRAM FILES\HEWLETT-PACKARD\HP INSTALL NETWORK PRINTER WIZARD\README\launchreadme.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 4:55:07 AM Real-time file system protection file C:\PROGRAM FILES\HEWLETT-PACKARD\HP INSTALL NETWORK PRINTER WIZARD\hpjnpici.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 4:54:11 AM Real-time file system protection file C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\EHttpSrv.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 4:54:03 AM Real-time file system protection file C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\ecmd.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.




































































































    10/3/2008 3:48:22 AM Real-time file system protection file C:\PROGRAM FILES\CANON\NETWORK SCANGEAR\syserror.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 3:48:18 AM Real-time file system protection file C:\PROGRAM FILES\CANON\NETWORK SCANGEAR\SgTool.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 3:48:14 AM Real-time file system protection file C:\PROGRAM FILES\CANON\NETWORK SCANGEAR\CANOIT32.EXE Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 3:45:00 AM Real-time file system protection file C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\AcroRd32.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 3:40:37 AM Real-time file system protection file C:\F9V45\f9.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\System32\tcpsvcs.exe.
    10/3/2008 3:40:29 AM Real-time file system protection file C:\F9V45\apadvepb45.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\System32\tcpsvcs.exe.
    10/3/2008 3:40:24 AM Real-time file system protection file C:\F9V45\ACCPAC_ADV_ENT_PB\RunAny.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\System32\tcpsvcs.exe.
    10/3/2008 2:42:10 AM Real-time file system protection file C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4TM3K5MF\SM070928[1].exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 2:34:35 AM Real-time file system protection file C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\XEROX\SUPPORTCENTRE\SupportCentre.Exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 2:34:25 AM Real-time file system protection file C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\XEROX\EREG\opbreg.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 2:33:41 AM Real-time file system protection file C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\SIT30844.TMP\SETUP.EXE Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 2:33:31 AM Real-time file system protection file C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\SIT30539.TMP\SETUP.EXE Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 2:33:20 AM Real-time file system protection file C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\SIT28511.TMP\SETUP.EXE Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 2:33:10 AM Real-time file system protection file C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\SIT26755.TMP\SETUP.EXE Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 2:33:01 AM Real-time file system protection file C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\SIT12232.TMP\SETUP.EXE Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/3/2008 2:31:40 AM Real-time file system protection file C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\jre-6u7-windows-i586-p-iftw_bdb28397.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.








































































































































































































































































    10/1/2008 2:34:43 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB842526$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 2:34:28 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB841873$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 2:34:18 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB841873$\mstask.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 2:34:07 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB841872$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 2:33:59 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB841872$\psxss.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 2:33:49 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB841533$\winlogon.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 2:33:44 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB841533$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 2:33:35 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB841533$\netdde.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 2:33:31 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB841533$\cmd.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 2:33:20 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB841356$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 2:33:12 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB841356$\grpconv.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 2:33:02 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB840987$\winlogon.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 2:32:57 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB840987$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 2:32:48 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB840987$\ntvdm.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 2:32:44 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB840987$\ntoskrnl.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 2:32:39 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB840987$\ntkrnlpa.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.



















































































































































    10/1/2008 12:24:53 AM Real-time file system protection file C:\PROGRAM FILES\JAVA\JRE1.6.0_07\BIN\jureg.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 12:24:49 AM Real-time file system protection file C:\PROGRAM FILES\JAVA\JRE1.6.0_07\BIN\jucheck.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 12:24:44 AM Real-time file system protection file C:\PROGRAM FILES\JAVA\JRE1.6.0_07\BIN\javaws.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 12:24:40 AM Real-time file system protection file C:\PROGRAM FILES\JAVA\JRE1.6.0_07\BIN\javaw.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 12:24:33 AM Real-time file system protection file C:\PROGRAM FILES\JAVA\JRE1.6.0_07\BIN\java.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 12:24:27 AM Real-time file system protection file C:\PROGRAM FILES\JAVA\JRE1.6.0_07\BIN\java-rmi.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 12:21:08 AM Real-time file system protection file C:\PROGRAM FILES\JAVA\JRE1.6.0_05\BIN\klist.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 12:21:04 AM Real-time file system protection file C:\PROGRAM FILES\JAVA\JRE1.6.0_05\BIN\kinit.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 12:20:59 AM Real-time file system protection file C:\PROGRAM FILES\JAVA\JRE1.6.0_05\BIN\keytool.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 12:20:55 AM Real-time file system protection file C:\PROGRAM FILES\JAVA\JRE1.6.0_05\BIN\jusched.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 12:20:51 AM Real-time file system protection file C:\PROGRAM FILES\JAVA\JRE1.6.0_05\BIN\jureg.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 12:20:47 AM Real-time file system protection file C:\PROGRAM FILES\JAVA\JRE1.6.0_05\BIN\jucheck.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 12:20:42 AM Real-time file system protection file C:\PROGRAM FILES\JAVA\JRE1.6.0_05\BIN\javaws.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 12:20:38 AM Real-time file system protection file C:\PROGRAM FILES\JAVA\JRE1.6.0_05\BIN\javaw.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 12:20:31 AM Real-time file system protection file C:\PROGRAM FILES\JAVA\JRE1.6.0_05\BIN\java.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    10/1/2008 12:20:27 AM Real-time file system protection file C:\PROGRAM FILES\JAVA\JRE1.6.0_05\BIN\java-rmi.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.



















































































































































































































































































    9/30/2008 5:29:38 AM Real-time file system protection file C:\WINNT\INSTALLER\{609F7AC8-C510-11D4-A788-009027ABA5D0}\_1F120C28B6D0_4C9E_836B_10108B9F751F.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: \??\C:\WINNT\system32\winlogon.exe.
    9/30/2008 5:29:28 AM Real-time file system protection file C:\WINNT\INSTALLER\{5CA60F17-0BFA-4854-906C-5A6D31B7199A}\NewShortcut9.4BD99262_AED8_4B84_8316_991180332D0F.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: \??\C:\WINNT\system32\winlogon.exe.
    9/30/2008 5:29:24 AM Real-time file system protection file C:\WINNT\INSTALLER\{5CA60F17-0BFA-4854-906C-5A6D31B7199A}\NewShortcut8.4BD99262_AED8_4B84_8316_991180332D0F.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 5:29:20 AM Real-time file system protection file C:\WINNT\INSTALLER\{5CA60F17-0BFA-4854-906C-5A6D31B7199A}\NewShortcut6.4BD99262_AED8_4B84_8316_991180332D0F.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: \??\C:\WINNT\system32\winlogon.exe.
    9/30/2008 5:29:15 AM Real-time file system protection file C:\WINNT\INSTALLER\{5CA60F17-0BFA-4854-906C-5A6D31B7199A}\NewShortcut5.4BD99262_AED8_4B84_8316_991180332D0F.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: \??\C:\WINNT\system32\winlogon.exe.
    9/30/2008 5:29:10 AM Real-time file system protection file C:\WINNT\INSTALLER\{5CA60F17-0BFA-4854-906C-5A6D31B7199A}\NewShortcut3.4BD99262_AED8_4B84_8316_991180332D0F.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: \??\C:\WINNT\system32\winlogon.exe.
    9/30/2008 5:29:06 AM Real-time file system protection file C:\WINNT\INSTALLER\{5CA60F17-0BFA-4854-906C-5A6D31B7199A}\NewShortcut2.4BD99262_AED8_4B84_8316_991180332D0F.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: \??\C:\WINNT\system32\winlogon.exe.
    9/30/2008 5:29:02 AM Real-time file system protection file C:\WINNT\INSTALLER\{5CA60F17-0BFA-4854-906C-5A6D31B7199A}\NewShortcut1.D9FA6856_FF03_4C42_A2B3_B51115BCF574.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: \??\C:\WINNT\system32\winlogon.exe.
    9/30/2008 5:28:40 AM Real-time file system protection file C:\WINNT\INSTALLER\{4A8252BE-CEA7-470A-A98A-98102D794DCD}\NewShortcut9.4BD99262_AED8_4B84_8316_991180332D0F.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: \??\C:\WINNT\system32\winlogon.exe.
    9/30/2008 5:28:35 AM Real-time file system protection file C:\WINNT\INSTALLER\{4A8252BE-CEA7-470A-A98A-98102D794DCD}\NewShortcut8.4BD99262_AED8_4B84_8316_991180332D0F.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: \??\C:\WINNT\system32\winlogon.exe.
    9/30/2008 5:28:28 AM Real-time file system protection file C:\WINNT\INSTALLER\{4A8252BE-CEA7-470A-A98A-98102D794DCD}\NewShortcut6.4BD99262_AED8_4B84_8316_991180332D0F.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: \??\C:\WINNT\system32\winlogon.exe.
    9/30/2008 5:28:23 AM Real-time file system protection file C:\WINNT\INSTALLER\{4A8252BE-CEA7-470A-A98A-98102D794DCD}\NewShortcut5.4BD99262_AED8_4B84_8316_991180332D0F.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: \??\C:\WINNT\system32\winlogon.exe.
    9/30/2008 5:28:19 AM Real-time file system protection file C:\WINNT\INSTALLER\{4A8252BE-CEA7-470A-A98A-98102D794DCD}\NewShortcut3.4BD99262_AED8_4B84_8316_991180332D0F.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: \??\C:\WINNT\system32\winlogon.exe.
    9/30/2008 5:28:15 AM Real-time file system protection file C:\WINNT\INSTALLER\{4A8252BE-CEA7-470A-A98A-98102D794DCD}\NewShortcut2.4BD99262_AED8_4B84_8316_991180332D0F.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: \??\C:\WINNT\system32\winlogon.exe.
    9/30/2008 5:28:11 AM Real-time file system protection file C:\WINNT\INSTALLER\{4A8252BE-CEA7-470A-A98A-98102D794DCD}\NewShortcut1.D9FA6856_FF03_4C42_A2B3_B51115BCF574.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: \??\C:\WINNT\system32\winlogon.exe.
    9/30/2008 5:26:57 AM Real-time file system protection file C:\WINNT\INSTALLER\{201E698C-B88E-41AE-8C46-3BBACADCD6E7}\Setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: \??\C:\WINNT\system32\winlogon.exe.

































































    9/30/2008 4:44:43 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB896727-IE6SP1-20050719.165959$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 4:44:28 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB896688-IE6SP1-20051004.130236$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 4:44:13 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB896424$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 4:43:58 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB896423$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 4:43:50 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB896423$\spoolsv.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 4:43:39 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB896422$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 4:43:24 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB896358$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 4:43:06 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB894320$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 4:42:52 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB893756$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 4:42:37 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB893086$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 4:42:22 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB893066$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 4:42:07 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB891781$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 4:41:49 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB891711$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 4:41:31 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB890923-IE6SP1-20050225.103456$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 4:41:16 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB890859$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 4:41:07 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB890859$\ntoskrnl.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.










































    9/30/2008 4:33:52 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB840987$\cmd.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 4:33:42 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB840315$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\System32\dns.exe.
    9/30/2008 4:33:27 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB839645$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\System32\dns.exe.
    9/30/2008 4:33:10 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB839643$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\System32\dns.exe.
    9/30/2008 4:32:54 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB837001$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\System32\dns.exe.
    9/30/2008 4:32:41 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB835732$\w32tm.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\System32\dns.exe.
    9/30/2008 4:32:35 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB835732$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\System32\dns.exe.
    9/30/2008 4:32:23 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB835732$\cmd.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\System32\dns.exe.
    9/30/2008 4:32:12 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB834707-IE6SP1-20040929.091901$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\System32\dns.exe.
    9/30/2008 4:31:59 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB830352$\wins.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\System32\dns.exe.
    9/30/2008 4:31:53 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB830352$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\System32\dns.exe.
    9/30/2008 4:31:39 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB828749$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\System32\dns.exe.
    9/30/2008 4:31:24 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB828741$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\System32\dns.exe.
    9/30/2008 4:31:15 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB828741$\dtcsetup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\System32\dns.exe.
    9/30/2008 4:31:03 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB828035$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\System32\dns.exe.
    9/30/2008 4:30:48 AM Real-time file system protection file C:\WINNT\$NTUNINSTALLKB828028$\SPUNINST\spuninst.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\System32\dns.exe.

























































































































































































































    9/30/2008 2:19:57 AM Real-time file system protection file C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{EF3ED947-DAD5-4877-9366-FC3502B18BC4}\setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 2:19:42 AM Real-time file system protection file C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{E9CF4812-53A2-4FB4-AEB5-5031A699A9C9}\setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 2:19:33 AM Real-time file system protection file C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{CC72E886-7583-44B7-B94E-F5FDC5C7DCDD}\setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 2:19:24 AM Real-time file system protection file C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{CB717CA8-2DAC-4063-852A-17C63B298075}\setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 2:19:14 AM Real-time file system protection file C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{C5E5233B-17E9-4F1B-824D-46571B780EB1}\Setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 2:19:05 AM Real-time file system protection file C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{B53AB0FD-A0B3-4661-B641-481A83C65835}\setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 2:18:55 AM Real-time file system protection file C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{A9DD16B1-D91D-4B27-8DE1-B33E3822C7D9}\setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 2:18:46 AM Real-time file system protection file C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{9D480A23-D2CE-49D2-8998-285E53012F9A}\setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 2:18:36 AM Real-time file system protection file C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{9B4170F9-15D4-4929-801B-08BA7DA3728C}\setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 2:18:27 AM Real-time file system protection file C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{9586B56D-0B14-479E-85FB-ADFA65B84AE6}\setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 2:18:17 AM Real-time file system protection file C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{947C704B-EE80-4E78-8EA6-41B9A4D34D72}\setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 2:18:08 AM Real-time file system protection file C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{8089ACCF-1566-459B-A28C-5DBFEADCE930}\setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 2:17:59 AM Real-time file system protection file C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{7937FEFF-5B69-450B-A7A4-15644552BAE3}\setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 2:17:49 AM Real-time file system protection file C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{62F3A721-B7C9-4716-9D3F-077D28FB49B0}\setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 2:17:35 AM Real-time file system protection file C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{49CEF248-C5F8-41B1-B3E7-5D95FF2F5677}\Setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/30/2008 2:17:25 AM Real-time file system protection file C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{4412C7F0-4B05-48CE-A71A-7143227D90BD}\setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.



















































































































































    9/29/2008 11:04:29 PM Real-time file system protection file C:\PVSW\PERVASIVE.SQL_8.6_CLIENT_WINDOWS\CLIENTS\WIN32\PSA\_ISDel.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/29/2008 11:04:08 PM Real-time file system protection file C:\PVSW\PERVASIVE.SQL_8.6_CLIENT_WINDOWS\CLIENTS\WIN32\PSA\Setup.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/29/2008 11:02:07 PM Real-time file system protection file C:\PVSW\BIN\pvddl.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Program Files\VERITAS\Backup Exec\NT\bengine.exe.
    9/29/2008 11:02:02 PM Real-time file system protection file C:\PVSW\BIN\pvdbpass.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Program Files\VERITAS\Backup Exec\NT\bengine.exe.
    9/29/2008 11:01:46 PM Real-time file system protection file C:\PVSW\BIN\psregsvr.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Program Files\VERITAS\Backup Exec\NT\bengine.exe.
    9/29/2008 10:40:27 PM Real-time file system protection file C:\PVSW\BIN\pcc.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\System32\WBEM\WinMgmt.exe.
    9/29/2008 10:39:44 PM Real-time file system protection file C:\PVSW\BIN\guilcadm.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\System32\WBEM\WinMgmt.exe.
    9/29/2008 10:39:36 PM Real-time file system protection file C:\PVSW\BIN\ExpWizrd.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\System32\WBEM\WinMgmt.exe.
    9/29/2008 10:38:55 PM Real-time file system protection file C:\PVSW\BIN\cobolschemaexec.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/29/2008 10:38:51 PM Real-time file system protection file C:\PVSW\BIN\clilcadm.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/29/2008 10:38:46 PM Real-time file system protection file C:\PVSW\BIN\butil.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    9/29/2008 10:38:32 PM Real-time file system protection file C:\PVSW\BIN\bdu.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINNT\system32\services.exe.
    8/18/2008 1:45:08 PM Real-time file system protection file C:\SHARED-FILES\CLIPART\ACMSETUP.EXE Win32/Sality.NAR virus deleted Event occurred during an attempt to access the file by the application: C:\PVSW\bin\NTDBSMGR.EXE.
    8/18/2008 12:52:42 PM Real-time file system protection file C:\SHARED-FILES\CLIPART\ACMSETUP.EXE Win32/Sality.NAR virus error while cleaning NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\PVSW\bin\NTDBSMGR.EXE.
    8/18/2008 12:46:08 PM Real-time file system protection file C:\SHARED-FILES\thwn.exe Win32/Sality.NAR virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\PVSW\bin\NTDBSMGR.EXE.
     
Thread Status:
Not open for further replies.