NewHeur_PE virus

Discussion in 'NOD32 version 2 Forum' started by Azn_Tweaker, Mar 6, 2005.

Thread Status:
Not open for further replies.
  1. Azn_Tweaker

    Azn_Tweaker Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    120
    Location:
    Canada, Toronto
    hello. :D

    i was rebooot my computer then it frooze and im like wtf o_O :eek: so i press the restart button on my case and that works(thank god:D) so im thinking i got some spyware or virus. RAn ad-aware and came up with tracking cookies. then ran NOD32 and found this "NewHeur_PE virus ". i read the blackspears extra settings guide and said "If a scan finds a “Probable NewHeur_PE virus found”, please do the following:

    1. Place a tick in the Quarantine check-box
    2. Select Delete
    3. Send the quarantined file to Eset: samples@nod32.com

    This file can be found here: C> Program files> Eset> Infected"

    heres my scanning Log from NOD32:

    Scan performed at: 06/03/2005 13:21:06 PM
    Scanning Log
    NOD32 version 1.1018 (20050305) NT
    Operating memory - is OK

    date: 6.3.2005 time: 13:22:24
    Scanned disks, directories and files: C:
    C:\pagefile.sys - error opening (file locked) [4]
    C:\Documents and Settings\Andrew & Linda\NTUSER.DAT - error opening (file locked) [4]
    C:\Documents and Settings\Andrew & Linda\NTUSER.DAT.LOG - error opening (file locked) [4]
    C:\Documents and Settings\Andrew & Linda\Application Data\Mozilla\Firefox\Profiles\ued2f6u7.default\parent.lock - error opening (file locked) [4]
    C:\Documents and Settings\Andrew & Linda\Application Data\Mozilla\Firefox\Profiles\ued2f6u7.default\Cache\258422D6d01 »ZIP »Wallpapers/Better Than Bliss.jpg - archive damaged
    C:\Documents and Settings\Andrew & Linda\Desktop\Adobe_Acrobat_7.0_Professional_incl_KeyGen-PARADOX\pdxAc70.rar »RAR »Adobe Acrobat 7.0 Professional\Data1.cab - next archive volume not found
    C:\Documents and Settings\Andrew & Linda\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (file locked) [4]
    C:\Documents and Settings\Andrew & Linda\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (file locked) [4]
    C:\Documents and Settings\Andrew & Linda\Local Settings\Temporary Internet Files\Content.IE5\SXYRK1IB\adblock-0.5.2.039-fx[1].xpi »ZIP »chrome/adblock.jar - archive damaged
    C:\Documents and Settings\LocalService\NTUSER.DAT - error opening (file locked) [4]
    C:\Documents and Settings\LocalService\ntuser.dat.LOG - error opening (file locked) [4]
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (file locked) [4]
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (file locked) [4]
    C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening (file locked) [4]
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG - error opening (file locked) [4]
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (file locked) [4]
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (file locked) [4]
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »arrow1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »arrow2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bck1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bck2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt11.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt12.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt13.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt21.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt22.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt23.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt31.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt32.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt33.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt41.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt42.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt43.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt51.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt52.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt53.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt61.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »bt62.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »checkbox1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »checkbox2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »checkbox3.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »checkbox4.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »default.skn - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »defbtn1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »defbtn2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »defbtn3.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »glyph1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »glyph2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »glyph3.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »glyph4.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »glyph5.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »glyph6.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »glyph7.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »main.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »preview.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »sprite1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »tab1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask »ZIP »tab2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »arrow1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »arrow2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »awgrad1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »awgrad2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »bck1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »bck2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »bt11.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »bt12.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »bt13.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »bt21.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »bt22.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »bt23.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »bt31.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »bt32.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »bt33.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »bt41.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »bt42.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »bt43.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »bt51.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »bt52.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »bt53.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »bt61.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »bt62.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »checkbox1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »checkbox2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »checkbox3.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »checkbox4.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »defbtn1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »defbtn2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »defbtn3.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »glyph1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »glyph2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »glyph3.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »glyph4.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »glyph5.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »glyph6.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »glyph7.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »greyskin.skn - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »main.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »preview.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »sprite1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »tab1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask »ZIP »tab2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »arrow1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »arrow2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »awgrad1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »awgrad2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »bck1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »bck2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »bt11.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »bt12.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »bt13.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »bt21.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »bt22.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »bt23.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »bt31.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »bt32.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »bt33.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »bt41.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »bt42.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »bt43.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »bt51.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »bt52.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »bt53.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »bt61.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »bt62.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »checkbox1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »checkbox2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »checkbox3.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »checkbox4.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »defbtn1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »defbtn2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »defbtn3.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »glyph1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »glyph2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »glyph3.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »glyph4.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »glyph5.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »glyph6.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »glyph7.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »main.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »mediumblue.skn - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »preview.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »sprite1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »tab1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask »ZIP »tab2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »arrow1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »arrow2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »awgrad1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »awgrad2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »bck1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »bck2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »bt11.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »bt12.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »bt13.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »bt21.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »bt22.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »bt23.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »bt31.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »bt32.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »bt33.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »bt41.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »bt42.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »bt43.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »bt51.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »bt52.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »bt53.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »bt61.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »bt62.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »checkbox1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »checkbox2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »checkbox3.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »checkbox4.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »defbtn1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »defbtn2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »defbtn3.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »glyph1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »glyph2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »glyph3.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »glyph4.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »glyph5.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »glyph6.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »glyph7.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »main.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »MHQ.skn - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »preview.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »slider.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »sprite1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »tab1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask »ZIP »tab2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »arrow1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »arrow2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »awgrad1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »awgrad2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »bck1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »bck2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »bt11.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »bt12.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »bt13.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »bt21.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »bt22.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »bt23.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »bt31.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »bt32.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »bt33.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »bt41.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »bt42.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »bt43.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »bt51.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »bt52.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »bt53.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »bt61.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »bt62.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »checkbox1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »checkbox2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »checkbox3.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »checkbox4.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »defbtn1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »defbtn2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »defbtn3.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »glyph1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »glyph2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »glyph3.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »glyph4.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »glyph5.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »glyph6.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »glyph7.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »main.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »preview.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »sprite1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »tab1.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »tab2.bmp - error - the file is password-protected
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask »ZIP »testskin.skn - error - the file is password-protected
    C:\WINDOWS\system32\itunes.exe - probably unknown NewHeur_PE virus [7] - error quarantining the object - - unable to clean - deleted (after the next restart) [2]
    C:\WINDOWS\system32\config\default - error opening (file locked) [4]
    C:\WINDOWS\system32\config\default.LOG - error opening (file locked) [4]
    C:\WINDOWS\system32\config\SAM - error opening (file locked) [4]
    C:\WINDOWS\system32\config\SAM.LOG - error opening (file locked) [4]
    C:\WINDOWS\system32\config\SECURITY - error opening (file locked) [4]
    C:\WINDOWS\system32\config\SECURITY.LOG - error opening (file locked) [4]
    C:\WINDOWS\system32\config\software - error opening (file locked) [4]
    C:\WINDOWS\system32\config\software.LOG - error opening (file locked) [4]
    C:\WINDOWS\system32\config\system - error opening (file locked) [4]
    C:\WINDOWS\system32\config\system.LOG - error opening (file locked) [4]
    number of scanned files: 70174
    number of viruses found: 1
    number of files cleaned: 1
    time of completion: 13:33:52 total scanning time: 688 sec (00:11:2:cool:

    Notes:
    [2] File is being used (open or running). System restart is required for the cleaning to complete.
    [4] File cannot be open. It is being exclusively used by another application or operating system.
    [7] File is probably infected with an unknown virus. Please send it to sample@nod32.com

    Am i Safe? or is there something i need to do? thanks :D
     
    Azn_Tweaker, Mar 6, 2005
    #1
  2. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    Hello!


    Please send this file to samples@nod32.com. Encrypt file with WinZIP and protect the archive with the password.

    izi
     
    izi, Mar 6, 2005
    #2
  3. Happy Bytes

    Happy Bytes Guest

    itunes.exe installs normally into the programfolder. so this file seems to be a trojan - if i remember right it connects to a website: hxxp://av.pj34r.us/ and some other subdomains and sends data to over there. This file comes not alone, it gets droped - so it is possible that some other file which might still active drops it again.

    Please rebot and scan again.
    If possible please delete all unneeded loglines and post the scan report again.

    Should be some kind of SDBot Backdoor type.
     
    Happy Bytes, Mar 6, 2005
    #3
  4. Azn_Tweaker

    Azn_Tweaker Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    120
    Location:
    Canada, Toronto
    Thanks for the replies. i think its fixed now :D
     
    Azn_Tweaker, Mar 6, 2005
    #4
  5. kavkilledmysystem

    kavkilledmysystem Guest

    kavkilledmysystem, Mar 6, 2005
    #5
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...