NOD32 cant cleane this Trojan (Log Posted)

Discussion in 'NOD32 version 2 Forum' started by sLapshock, Jul 19, 2006.

Thread Status:
Not open for further replies.
  1. sLapshock

    sLapshock Registered Member

    Joined:
    Jul 19, 2006
    Posts:
    16
    This is the log that posted in my NOD32

    Can anyone help me how to clean this trojan from my system?
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    Re: NOD32 cant cleaned this Trojan (Log Posted)

    have u rebooted yet so that nod32 may clean/delete the trojan?
     
  3. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Re: NOD32 cant cleaned this Trojan (Log Posted)

    The first log looks like it was just a scan, not a scan & clean - please try this.

    After you restarted the PC were the detections in the second log gone?

    Third and fourth logs are on their own quite normal.

    Cheers :)
     
  4. sLapshock

    sLapshock Registered Member

    Joined:
    Jul 19, 2006
    Posts:
    16
    Re: NOD32 cant cleaned this Trojan (Log Posted)

    how do i properly paste a log of NOF32? is that the rigght way?

    Code:
    Time	Module	Object	Name	Threat	Action	User	Information
    7/19/2006 11:57:14 AM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/19/2006 11:57:13 AM	AMON	file	C:\WINDOWS\system32\ismon.exe	Win32/TrojanDownloader.Zlob.VB trojan		NT AUTHORITY\SYSTEM	Event occurred at an attempt to access the file by the application: C:\Program Files\ewido anti-spyware 4.0\guard.exe.
    7/19/2006 11:57:12 AM	AMON	file	C:\WINDOWS\system32\ishost.exe	Win32/TrojanDownloader.Zlob.VB trojan		NT AUTHORITY\SYSTEM	Event occurred at an attempt to access the file by the application: C:\Program Files\ewido anti-spyware 4.0\guard.exe.
    7/19/2006 11:55:38 AM	Kernel	file	C:\WINDOWS\system32\ismon.exe	Win32/TrojanDownloader.Zlob.VB trojan			Alert was generated during the system startup file check.
    7/19/2006 11:55:14 AM	Kernel	file	C:\WINDOWS\system32\ishost.exe	Win32/TrojanDownloader.Zlob.VB trojan			Alert was generated during the system startup file check.
    7/18/2006 23:52:50 PM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 23:27:45 PM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 23:02:42 PM	AMON	file	C:\WINDOWS\system32\components\flx2.dll	a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 22:37:41 PM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 22:37:39 PM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	probably a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 22:12:38 PM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 22:12:36 PM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	probably a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 21:47:31 PM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 21:47:30 PM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	probably a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 14:16:53 PM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 14:16:52 PM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	probably a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 13:59:46 PM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 13:59:44 PM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	probably a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 13:49:08 PM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 13:48:23 PM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	probably a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 13:25:44 PM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 13:25:42 PM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	probably a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 12:56:09 PM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 12:56:08 PM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	probably a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 12:31:11 PM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 12:31:08 PM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	probably a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 12:12:26 PM	AMON	file	C:\Documents and Settings\Lola Okhrana\Local Settings\Temporary Internet Files\Content.IE5\4LMRS5A3\l11[1].exe	probably a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\Program Files\Internet Explorer\IEXPLORE.EXE. The file was moved to quarantine. You may close this window. 
    7/18/2006 12:06:06 PM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 12:06:05 PM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	probably a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 11:58:21 AM	AMON	file	C:\windows\system32\components\flx5.dll	Win32/Hoax.Renos.DW application	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window. 
    7/18/2006 11:58:19 AM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 11:58:16 AM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	probably a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 11:01:04 AM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 11:01:03 AM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	probably a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 10:46:01 AM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 10:36:09 AM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	probably a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 10:02:13 AM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 10:02:12 AM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	probably a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 9:37:31 AM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 9:37:28 AM	AMON	file	C:\WINDOWS\system32\components\flx1.dll	probably a variant of Win32/TrojanDownloader.Zlob.VB trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window. 
    7/18/2006 9:35:16 AM	AMON	file	C:\WINDOWS\system32\issearch.exe	probably a variant of Win32/TrojanDownloader.Zlob.VA trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window. 
    7/18/2006 0:42:50 AM	Kernel	file	C:\WINDOWS\system32\issearch.exe	probably a variant of Win32/TrojanDownloader.Zlob.VA trojan			
    7/17/2006 22:55:21 PM	AMON	file	C:\DOCUME~1\LOLAOK~1\LOCALS~1\Temp\jd30sehy.exe	a variant of Win32/Dialer.DialHub application	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe. The file was moved to quarantine. You may close this window. 
    7/17/2006 22:55:19 PM	AMON	file	C:\Documents and Settings\Lola Okhrana\Local Settings\Application Data\Mozilla\Firefox\Profiles\tbqgv2q3.default\Cache\F498AD79d01	a variant of Win32/Dialer.DialHub application	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe. The file was moved to quarantine. You may close this window. 
    7/17/2006 22:51:45 PM	AMON	file	C:\WINDOWS\system32\pmnqguh.dll	Win32/Hoax.Renos application	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\WINDOWS\system32\components\flx5.dll. The file was moved to quarantine. You may close this window. 
    7/17/2006 22:49:26 PM	AMON	file	C:\DOCUME~1\LOLAOK~1\LOCALS~1\Temp\mshtml2.exe	Win32/TrojanDownloader.PurityScan.BV trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\DOCUME~1\LOLAOK~1\LOCALS~1\Temp\OA.exe. The file was moved to quarantine. You may close this window. 
    6/24/2006 22:37:34 PM	AMON	file	C:\DOCUME~1\LOLAOK~1\LOCALS~1\Temp\1cfjb76u.exe	a variant of Win32/TrojanDownloader.IstBar trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\PROGRA~1\MOZILL~1\FIREFOX.EXE. The file was moved to quarantine. You may close this window. 
    6/24/2006 22:37:32 PM	AMON	file	C:\Documents and Settings\Lola Okhrana\Local Settings\Application Data\Mozilla\Firefox\Profiles\tbqgv2q3.default\Cache\390E18F6d01	a variant of Win32/TrojanDownloader.IstBar trojan	quarantined - deleted	SLAPSHOCK\Lola Okhrana	Event occurred on a new file created by the application: C:\PROGRA~1\MOZILL~1\FIREFOX.EXE. The file was moved to quarantine. You may close this window. 
    6/24/2006 22:37:27 PM	IMON	file	hxxp://www.binarity.com/ysbinstall_1002755_3.exe a variant of Win32/TrojanDownloader.IstBar trojan		SLAPSHOCK\Lola Okhrana	
    
     
    Last edited by a moderator: Jul 19, 2006
  5. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Re: NOD32 cant cleaned this Trojan (Log Posted)

    This newer log shows all the times that NOD32 has prevented infiltrations for you...
    Some of the entries are there from when ewido and other have attempted to check a file and NOD32 has checked it first on access...
     
  6. sLapshock

    sLapshock Registered Member

    Joined:
    Jul 19, 2006
    Posts:
    16
    Re: NOD32 cant cleaned this Trojan (Log Posted)

    ok this is my log

    Code:
    Scan performed at: 7/19/2006 12:41:45 PM
    Scanning Log
    NOD32 version 1.1667 (20060718) NT
    Command line: C:\ /adware /ah /all /arch+ /clean /cleanmode /delete /heur+ /log+ /mailbox+ /ntfs+ /pack+ /quarantine /scanboot+ /scanmbr+ /scanmem+ /scroll+ /sfx+ /unsafe /wrap+
    Operating memory - is OK
    
    Date: 19.7.2006  Time: 12:41:51
    Scanned disks, folders and files: C:\
    C:\hiberfil.sys - error opening (File locked) [4]
    C:\pagefile.sys - error opening (File locked) [4]
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotsearchBar.zip »ZIP »nsv48.tmp - error - password-protected file
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotsearchBar.zip »ZIP »sbRecovery.ini - error - password-protected file
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotsearchBar1.zip »ZIP »nsv47.tmp - error - password-protected file
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotsearchBar1.zip »ZIP »sbRecovery.ini - error - password-protected file
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify.zip »ZIP »sbRecovery.reg - error - password-protected file
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify.zip »ZIP »sbRecovery.ini - error - password-protected file
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify.zip »ZIP »sbRecovery.reg - error - password-protected file
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify.zip »ZIP »sbRecovery.ini - error - password-protected file
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterUpdateDisableNotify.zip »ZIP »sbRecovery.reg - error - password-protected file
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterUpdateDisableNotify.zip »ZIP »sbRecovery.ini - error - password-protected file
    C:\Documents and Settings\LocalService\NTUSER.DAT - error opening (File locked) [4]
    C:\Documents and Settings\LocalService\ntuser.dat.LOG - error opening (File locked) [4]
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]
    C:\Documents and Settings\Lola Okhrana\NTUSER.DAT - error opening (File locked) [4]
    C:\Documents and Settings\Lola Okhrana\ntuser.dat.LOG - error opening (File locked) [4]
    C:\Documents and Settings\Lola Okhrana\Application Data\Mozilla\Firefox\Profiles\tbqgv2q3.default\parent.lock - error opening (File locked) [4]
    C:\Documents and Settings\Lola Okhrana\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]
    C:\Documents and Settings\Lola Okhrana\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]
    C:\Documents and Settings\Lola Okhrana\Local Settings\Application Data\Mozilla\Firefox\Profiles\tbqgv2q3.default\Cache\4906828Dd01 »ZIP »smitRem/Process.exe - Win32/PrcView application - was a part of the deleted object
    C:\Documents and Settings\Lola Okhrana\Local Settings\Temp\8jv8op36.zip »ZIP »Rempit....avi - archive damaged
    C:\Documents and Settings\Lola Okhrana\Local Settings\Temp\hsperfdata_Lola Okhrana\4788 - error opening (Access denied) [4]
    C:\Documents and Settings\Lola Okhrana\Local Settings\Temp\_PegEx~1\Program Files\TCPMP\language.tgz »GZ »language.tar »TAR - archive damaged
    C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening (File locked) [4]
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG - error opening (File locked) [4]
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]
    C:\Program Files\BitComet\fav\search_el_gr.mht »MIME - error occurred while reading archive
    C:\Program Files\MySQL\MySQL Server 5.0\Docs\manual.chm »CHM »::DataSpace/Storage/MSCompressed/Content - error occurred while reading archive
    C:\Program Files\Roguescanfix\Process.exe - Win32/PrcView application - Error quarantining the object  -  - unable to clean - deleted
    C:\WINDOWS\SoftwareDistribution\EventCache\{623A84EF-B288-4D5A-89B4-FA89E151315F}.bin - error opening (File locked) [4]
    C:\WINDOWS\system32\config\default - error opening (File locked) [4]
    C:\WINDOWS\system32\config\default.LOG - error opening (File locked) [4]
    C:\WINDOWS\system32\config\SAM - error opening (File locked) [4]
    C:\WINDOWS\system32\config\SAM.LOG - error opening (File locked) [4]
    C:\WINDOWS\system32\config\SECURITY - error opening (File locked) [4]
    C:\WINDOWS\system32\config\SECURITY.LOG - error opening (File locked) [4]
    C:\WINDOWS\system32\config\software - error opening (File locked) [4]
    C:\WINDOWS\system32\config\software.LOG - error opening (File locked) [4]
    C:\WINDOWS\system32\config\system - error opening (File locked) [4]
    C:\WINDOWS\system32\config\system.LOG - error opening (File locked) [4]
    C:\WINDOWS\system32\drivers\dtscsi.sys - error opening (File locked) [4]
    C:\WINDOWS\system32\drivers\sptd.sys - error opening (File locked) [4]
    C:\WINDOWS\system32\drivers\sptd1853.sys - error opening (File locked) [4]
    Number of scanned files: 285383
    Number of threats found: 2
    Number of files cleaned: 2
    Time of completion: 13:08:38 Total scanning time: 1607 sec (00:26:47)
    
    Notes:
    [4] File cannot be opened. It may be in use by another application or operating system.
    
    
    how do i know my trojan.zlob.zb is leaned frm my system?

    ewido software doest detect anything
     
  7. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Re: NOD32 cant cleaned this Trojan (Log Posted)

    ewido is not detecting anything because NOD32 is preventing anything from accessing the detected files.

    Please scroll up a bit to posts #2, #3 and #5 and let us know how you go after that...
    ...or if post#6 is after you have rebooted your PC already then it should now be just fine :)

    Cheers :)
     
    Last edited: Jul 19, 2006
  8. sLapshock

    sLapshock Registered Member

    Joined:
    Jul 19, 2006
    Posts:
    16
    Re: NOD32 cant cleaned this Trojan (Log Posted)

    done.

    if nod32 doesnt led anything access..so whats the use of ewido to me now?
     
  9. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Re: NOD32 cant cleaned this Trojan (Log Posted)

    Many people use multiple on-deman scanners (but only one real-time AV) - one acts as a double check for the other since none are perfect on their own.
    If you wish to use ewido to double check your system I would suggest the following

    1. Run a full scan and clean with NOD32 like post#6
    2. Scan and clean with ewido or whatever other trusted application you choose to use

    That is really all that is necessary since after having first run a full scan anything NOD32 would prevent access to because of detection should already be gone anyway...

    Also, you may wish to verify that some registry cleaner hasn't removed the entry for the NOD32 Quarantine folder - if it has I'd suggest restoring it.

    Cheers :)
     
  10. sLapshock

    sLapshock Registered Member

    Joined:
    Jul 19, 2006
    Posts:
    16
    Re: NOD32 cant cleaned this Trojan (Log Posted)

    thanks for the reply

    anyway, how do i done that im using registry mechanic
     
  11. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Re: NOD32 cant cleaned this Trojan (Log Posted)

    Not entirely familiar with registry mechanic, but you should be able to restore it as follows:-
    1. Open the NOD32 Control Center
    2. in the left side, navigate to 'NOD32 System Tools' --> 'NOD32 System Setup'
    3. in the right side click 'Setup' and enter your settings password if you have one
    4. click on the 'Advanced' tab
    5. notice the Quarantine section at the bottom
    6. if you have not already changed it in the past, it should say 'C:\Program Files\Eset\infected' otherwise fill it in now.
    7. click OK
    8. in the left side, navigate to 'NOD32 System Tools' --> 'Quarantine'
    9. use 'Add' to move a file to the quarantine folder to check (some file you don't need - a blank text file you have created on you desktop?)
    10. The file you just added should appear at the top of the Quarantined list

    Cheers :)
     
  12. sLapshock

    sLapshock Registered Member

    Joined:
    Jul 19, 2006
    Posts:
    16
    Re: NOD32 cant cleaned this Trojan (Log Posted)

    where can i get passowrd and username for nod32
     
  13. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Re: NOD32 cant cleaned this Trojan (Log Posted)

    You can buy a username and password (licence) for NOD32 from pretty much any reseller worldwide, but unless there was a special reason I would suggest your local reseller...

    What part of the world are you in?
     
  14. sLapshock

    sLapshock Registered Member

    Joined:
    Jul 19, 2006
    Posts:
    16
    Re: NOD32 cant cleaned this Trojan (Log Posted)

    im in singapore.

    anyway, when i opened my internet explorer, it direct me to www,sysprotectionpage.net (if im nt wrong)

    and also is it safe to remove

    HKLM\SOFTWARE\Microsoft\Windows\CurrentWindows\policies\explorer\run\\kernel32.dll Which Infected wit Trojan.Small

    and

    C:\Windows\System32\isnotify.exe which infected with Downloader.Zlob.zd

    can i remove both of this file which is in my quarantine now?
     
    Last edited by a moderator: Jul 19, 2006
  15. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Re: NOD32 cant cleaned this Trojan (Log Posted)

    Singapore - you should be able to find a local reseller that pleases you -->HERE<--

    Yes - clean out your quarantine any time you choose.

    Cheers :)
     
  16. ASpace

    ASpace Guest

    Re: NOD32 cant cleaned this Trojan (Log Posted)


    Please , check your Private Messages ! :D :thumb:
     
  17. sLapshock

    sLapshock Registered Member

    Joined:
    Jul 19, 2006
    Posts:
    16
    Re: NOD32 cant cleaned this Trojan (Log Posted)

    my internet explorer still redirects me to www,sysprotectionpage.net , no matter how many thousand times i sca with ewido or nod32. not that i also use software like

    HijackThuis
    SmitFraud
    UnDLL for NOD32
    FixReg.req
    SmitREm
    bla bla bla....

    and also online scan...panda software..

    but my IE still redirects me to www,sysprotectionpage.net

    and also in my C:\ theres alot of sqmdata0x
    *x = number

    pls pls help.im begging.
     
    Last edited by a moderator: Jul 19, 2006
  18. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hello sLapshock,

    As I have noted in 2 of your posts I have edited....that clickable link is a known CWS.VCodec group of badware folks. If you don't mind....if you feel you need to post those links in the future in this thread....Please make them non-clickable.

    Thanks,
    Bubba

    As for your problem....it appears you recognize that it is a possible Smitfraud problem. As such....that would normally require running a special tool and for that reason I suggest you post a HijackThis log at one of the below Forums that deal with this sort of thing.

    http://gladiator-antivirus.com/forum/index.php?showforum=170

    http://bfccomputerhelp.com/index.php?showforum=5

    http://forums.subratam.org/index.php?showforum=7

    Just select one Forum to post to. Your problem probably needs special attention since I don't think regular scanners will deal with it.
     
    Last edited: Jul 19, 2006
  19. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Re: NOD32 cant cleaned this Trojan (Log Posted)

    Hi sLapshock,

    Please be careful when posting reference to a potentially malicious web address that you use the advanced method to make your post and uncheck the box below that says 'Automatically parse links in text', or use commas or something instead of the dots - the mods have helped you with this a couple of times so far. (OK Bubba - you beat me to it :D)

    Have you reset your homepage to something you like and it is automatically being changed back? Or do you need some help to change it?
     
    Last edited: Jul 19, 2006
  20. sLapshock

    sLapshock Registered Member

    Joined:
    Jul 19, 2006
    Posts:
    16
    Re: NOD32 cant cleaned this Trojan (Log Posted)

    sorry guys, i will not pose malicious links.

    whats about the sqmdata01.sqm theres' alot in my c:\
     
  21. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Re: NOD32 cant cleaned this Trojan (Log Posted)

    It appears that they may be from SquirrelMail software - have you ever used that?

    Or Windows Live Massenger ?
     
  22. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Please download VundoFix.exe to your desktop.

    1 Reboot your PC into "Safe Mode".
    2. Double click on VundoFix.exe
    3. Place a tick next to "Run VundoFix" as a task.
    4. You will receive a message saying VundoFix will close and re-open in a minute or less.
    5. Click "OK".
    6. When VundoFix re-opens, click the "Scan for Vundo" button.
    7. Once it's done scanning, click the "Remove Vundo" button.
    8. You will receive a prompt asking if you want to remove the files, click "Yes".
    9. Once you click yes, your desktop will go blank as it starts removing Vundo.
    10. When completed, it will prompt that it will shutdown your computer, click "Ok".
    11. Turn on your computer.

    Let us know how you go...

    Cheers :D
     
  23. sLapshock

    sLapshock Registered Member

    Joined:
    Jul 19, 2006
    Posts:
    16
    Re: NOD32 cant cleaned this Trojan (Log Posted)

    what is that software?
    nope.
     
  24. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Re: NOD32 cant cleaned this Trojan (Log Posted)

    Go with what Bubba and Blackspear said above in any case...

    Cheers :)
     
  25. sLapshock

    sLapshock Registered Member

    Joined:
    Jul 19, 2006
    Posts:
    16
    Re: NOD32 cant cleaned this Trojan (Log Posted)

    okay, i will try it. im at school now. is there any other methods avail?
     
Thread Status:
Not open for further replies.