TDS trace scans?????

Discussion in 'Trojan Defence Suite' started by Grasshopper, Apr 19, 2004.

Thread Status:
Not open for further replies.
  1. Grasshopper

    Grasshopper Registered Member

    Joined:
    Sep 30, 2002
    Posts:
    77
    Hello everyone ,

    I just installed Process Guard on my system , and after the install TDS started giving me trace scan reports of what seems to me to be a list of blocked junk from one of my other programs. This list is huge and I have no idea what program it might be from . Most of this list is not on my computer and never was.
    Yesterday , knowing I was getting Process Guard today , I did a complete scan of my computer with everything I have including TDS and everything came up clean.
    Process Guard seems to be an awsome program , I hope it isn't the cause .

    As always thanks for any help,
    Frank
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hello Grasshopper, Can you tell us what OS you are using please?
    Not sure what is going on in your PC. Are you running TDS3 as an Admin or restricted user?

    To quote Gavin:
    Now would be a good time to submit an ASViewer report, please enable all autostart options by pressing F2 F3 and F4 or ticking the relevant options before saving a log

    http://www.diamondcs.com.au/index.php?page=asviewer

    Thanks Pilli
     
  3. Grasshopper

    Grasshopper Registered Member

    Joined:
    Sep 30, 2002
    Posts:
    77
    Hi Pilli,

    My OS is win XP pro .
    I have never attached anything to a post , can you explain th process .

    Thanks,
    Frank
     

    Attached Files:

  4. Grasshopper

    Grasshopper Registered Member

    Joined:
    Sep 30, 2002
    Posts:
    77
    Never mind DUH!!!
    Frank
     
  5. Grasshopper

    Grasshopper Registered Member

    Joined:
    Sep 30, 2002
    Posts:
    77
    Hi again Pilli ,

    I saved the scan results from TDS if you want them.
     
  6. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Frank to make it easier I will paste the contents here: I am not an expert with these so shall ask for assistance - Thanks. Pilli

    DiamondCS Autostart Viewer (www.diamondcs.com.au) -
    Report for Frank, 04-19-2004
    g:\windows\system32\autoexec.nt
    G:\WINDOWS\system32\mscdexnt.exe
    G:\WINDOWS\system32\redir.exe
    G:\WINDOWS\system32\dosx.exe
    g:\windows\system32\config.nt
    G:\WINDOWS\system32\himem.sys
    g:\windows\system.ini [drivers]
    timer=timer.drv
    g:\windows\system.ini [boot]\shell
    G:\WINDOWS\Explorer.exe
    g:\windows\system.ini [boot]\scrnsave.exe
    G:\WINDOWS\System32\sstext3d.scr
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
    G:\WINDOWS\Explorer.exe
    HKCU\Control Panel\Desktop\scrnsave.exe
    G:\WINDOWS\System32\sstext3d.scr
    HKCR\vbsfile\shell\open\command\
    G:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\vbefile\shell\open\command\
    G:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\jsfile\shell\open\command\
    G:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\jsefile\shell\open\command\
    G:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\wshfile\shell\open\command\
    G:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\wsffile\shell\open\command\
    G:\WINDOWS\System32\WScript.exe "%1" %*
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\nod32kui
    G:\Program Files\Eset\nod32kui.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Outpost Firewall
    G:\Program Files\Security\Outpost\Outpost Firewall\outpost.exe /waitservice
    HKU\.Default\Software\Microsoft\Windows\CurrentVersion\Run\CTFMON.EXE
    G:\WINDOWS\System32\CTFMON.EXE
    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
    G:\WINDOWS\system32\SHELL32.dll
    G:\WINDOWS\system32\SHELL32.dll
    G:\WINDOWS\System32\webcheck.dll
    G:\WINDOWS\System32\stobject.dll
    G:\Documents and Settings\Frank\Start Menu\Programs\Startup\Process Guard.lnk
    G:\Program Files\Security\Process Guard\ProcessGuard\procguard.exe
    G:\Documents and Settings\Frank\Start Menu\Programs\Startup\SpywareGuard.lnk
    G:\Program Files\Security\Spyware G\SpywareGuard\sgmain.exe
    HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
    autocheck autochk *
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
    G:\WINDOWS\system32\userinit.exe
    HKLM\System\CurrentControlSet\Control\WOW\cmdline
    G:\WINDOWS\system32\ntvdm.exe
    HKLM\System\CurrentControlSet\Control\WOW\wowcmdline
    G:\WINDOWS\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\
    G:\WINDOWS\system32\imon.dll
    G:\WINDOWS\System32\dcsws2.dll
    G:\WINDOWS\system32\mswsock.dll
    G:\WINDOWS\system32\rsvpsp.dll
    HKLM\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\
    G:\WINDOWS\inf\unregmp2.exe /ShowWMP
    HKLM\Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}\
    G:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE
    HKLM\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS\
    RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    HKLM\Software\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\
    G:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
    HKLM\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\
    G:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    HKLM\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\
    %ProgramFiles%\Outlook Express\setup50.exe
    HKLM\Software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}\
    rundll32.exe advpack.dll,LaunchINFSection G:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    HKLM\Software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}\
    rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser
    HKLM\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\
    rundll32.exe advpack.dll,LaunchINFSection G:\WINDOWS\INF\wmp.inf,PerUserStub
    HKLM\Software\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}\
    %ProgramFiles%\Outlook Express\setup50.exe
    HKLM\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}\
    regsvr32.exe /s /n /i:U shell32.dll
    HKLM\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\
    G:\WINDOWS\system32\ie4uinit.exe
    HKLM\System\CurrentControlSet\Services\VxD\JAVASUP\
    G:\WINDOWS\system32\JAVASUP.VXD
    HKLM\System\CurrentControlSet\Services\AFD\
    G:\WINDOWS\System32\drivers\afd.sys
    HKLM\System\CurrentControlSet\Services\AMON\
    \??\G:\WINDOWS\System32\drivers\amon.sys
    HKLM\System\CurrentControlSet\Services\AudioSrv\
    G:\WINDOWS\System32\svchost.exe -k netsvcs
    HKLM\System\CurrentControlSet\Services\Browser\
    G:\WINDOWS\System32\svchost.exe -k netsvcs
    HKLM\System\CurrentControlSet\Services\CryptSvc\
    G:\WINDOWS\system32\svchost.exe -k netsvcs
    HKLM\System\CurrentControlSet\Services\DCSUserProt\
    G:\Program Files\Security\Process Guard\ProcessGuard\dcsuserprot.exe
    HKLM\System\CurrentControlSet\Services\Dhcp\
    G:\WINDOWS\System32\svchost.exe -k netsvcs
    HKLM\System\CurrentControlSet\Services\Dnscache\
    G:\WINDOWS\System32\svchost.exe -k NetworkService
    HKLM\System\CurrentControlSet\Services\Eventlog\
    G:\WINDOWS\system32\services.exe
    HKLM\System\CurrentControlSet\Services\lanmanserver\
    G:\WINDOWS\System32\svchost.exe -k netsvcs
    HKLM\System\CurrentControlSet\Services\lanmanworkstation\
    G:\WINDOWS\System32\svchost.exe -k netsvcs
    HKLM\System\CurrentControlSet\Services\NOD32krn\
    G:\Program Files\Eset\nod32krn.exe
    HKLM\System\CurrentControlSet\Services\OutpostFirewall\
    G:\PROGRA~1\Security\Outpost\OUTPOS~1\outpost.exe /service
    HKLM\System\CurrentControlSet\Services\PlugPlay\
    G:\WINDOWS\system32\services.exe
    HKLM\System\CurrentControlSet\Services\procguard\
    \??\G:\WINDOWS\System32\drivers\procguard.sys
    HKLM\System\CurrentControlSet\Services\ProtectedStorage\
    G:\WINDOWS\system32\lsass.exe
    HKLM\System\CurrentControlSet\Services\RpcSs\
    G:\WINDOWS\system32\svchost -k rpcss
    HKLM\System\CurrentControlSet\Services\SamSs\
    G:\WINDOWS\system32\lsass.exe
    HKLM\System\CurrentControlSet\Services\SENS\
    G:\WINDOWS\system32\svchost.exe -k netsvcs
    HKLM\System\CurrentControlSet\Services\ShellHWDetection\
    G:\WINDOWS\System32\svchost.exe -k netsvcs
    HKLM\System\CurrentControlSet\Services\Spooler\
    G:\WINDOWS\system32\spoolsv.exe
    HKLM\System\CurrentControlSet\Services\srservice\
    G:\WINDOWS\System32\svchost.exe -k netsvcs
    HKLM\System\CurrentControlSet\Services\stisvc\
    G:\WINDOWS\System32\svchost.exe -k imgsvc
    HKLM\System\CurrentControlSet\Services\Themes\
    G:\WINDOWS\System32\svchost.exe -k netsvcs
    HKLM\System\CurrentControlSet\Services\TrkWks\
    G:\WINDOWS\system32\svchost.exe -k netsvcs
    HKLM\System\CurrentControlSet\Services\winmgmt\
    G:\WINDOWS\system32\svchost.exe -k netsvcs
    HKLM\System\CurrentControlSet\Services\wuauserv\
    G:\WINDOWS\system32\svchost.exe -k netsvcs
     
  7. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    I can't see anything obviously out of place

    can you post a tds scandump log taken after a tds scan that might show something
     
  8. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
  9. Grasshopper

    Grasshopper Registered Member

    Joined:
    Sep 30, 2002
    Posts:
    77
    Hi Pilli ,

    I don't know what you are looking for , I swear my computer is clean but if you think it will help I'll post a hijack this log .
    in the mean time here is my TDS log.

    Scan Control Dumped @ 08:40:04 19-04-04
    File Trace: Default trojan filename: Worm.DMSetup
    File: C:\mirc\bakupwrks.ini

    File Trace: Default trojan filename: Worm.DMSetup
    File: C:\mirc\backup0412.ini

    File Trace: Default trojan filename: Worm.DMSetup
    File: C:\configg.sys

    File Trace: Default trojan filename: Worm.DMSetup
    File: C:\logox.sys

    File Trace: Default trojan filename: Worm.DMSetup
    File: C:\taged.lmr

    File Trace: Default trojan filename: Worm.DMSetup
    File: C:\dmsetup.exe

    File Trace: Default trojan filename: Worm.DMSetup
    File: C:\mirc\dmsetup.exe

    File Trace: Default trojan filename: Worm.DMSetup
    File: C:\windoom.exe

    File Trace: Default trojan filename: Worm.El Inca
    File: C:\mirc\revenge.com

    File Trace: Default trojan filename: Back Orifice Dropper.Worm.Khaled
    File: C:\mirc\khaled.exe

    File Trace: Default trojan filename: Worm.SS-3 (Day 15)
    File: C:\bussed.exe

    File Trace: Default trojan filename: Novell Login (Captured Passwords)
    File: C:\os31337.sys

    File Trace: Default trojan filename: Worm.SS-3 (Dwarf.b)
    File: C:\mirc\ownefnet.com

    File Trace: Default trojan filename: Worm.SS-3 (Dwarf.b)
    File: C:\mirc\freemirc.com

    File Trace: Default trojan filename: Worm.SS-3 (Dwarf.b)
    File: C:\unarj.com

    File Trace: Default trojan filename: Worm.SS-3 (Dwarf.b)
    File: C:\hexedit.com

    File Trace: Default trojan filename: Worm.Metak
    File: C:\mirc\mirc56.com

    File Trace: Default trojan filename: Worm.Metak
    File: C:\mirc\download\HotChik.com

    File Trace: Default trojan filename: Worm.mIRC55t
    File: C:\mirc55t.exe

    File Trace: Default trojan filename: mIRC.Julie16
    File: C:\Julie16.jpg.com

    File Trace: Default trojan filename: Worm.BC-Kipo
    File: C:\mirc\HotXXX.com

    File Trace: Default trojan filename: Canasson
    File: C:\msie5.exe

    File Trace: Default trojan filename: Canason
    File: C:\00.txt

    File Trace: Default trojan filename: RAT.CrazyNet
    File: C:\winstart.bat

    File Trace: Default trojan filename: RAT.Delta Source
    File: C:\TEMPSERVER.exe

    File Trace: Default trojan filename: RAT.Doly Trojan v1.1 - v1.5
    File: C:\Program Files\MStesk.exe

    File Trace: Default trojan filename: RAT.Doly Trojan
    File: C:\Program Files\Mdm.exe

    File Trace: Default trojan filename: RAT.Doly Trojan v1.1 - v1.5
    File: C:\sys.lon

    File Trace: Default trojan filename: RAT.Doly Trojan v1.7
    File: c:\iecookie.exe

    File Trace: Default trojan filename: Keylog.Fatal Network Error - Stolen Password logfile
    File: C:\os32779.sys

    File Trace: Default trojan filename: FTP.Goy FTP 2.07.95
    File: C:\Program Files\~TEMPORARY_SETUP\Run_app_16.exe

    File Trace: Default trojan filename: DDoS.RAT.GT Bot
    File: C:\Program Files\Accessories\BACKUP\SYSTEM\vsf\mirc.ini

    File Trace: Default trojan filename: RAT.EPS 1.6
    File: c:\priocol.dll

    File Trace: Default trojan filename: RAT.EPS 1.6
    File: c:\pricol.exe

    File Trace: Default trojan filename: Suspicious
    File: c:\rundll.exe

    File Trace: Default trojan filename: Worm.VBS_Stages.A
    File: c:\recycled\dbindex.vbs

    File Trace: Default trojan filename: Worm.VBS_Stages.A
    File: c:\recycled\mrscycld.dat

    File Trace: Default trojan filename: Worm.VBS_Stages.A
    File: c:\recycled\rcycldbn.dat

    File Trace: Default trojan filename: Worm.VBS_Stages.A --> Rename back to c:\win dir\regedit.exe
    File: c:\recycled\recycled.vxd

    File Trace: Default trojan filename: Suspicious
    File: c:\command.exe

    File Trace: Default trojan filename: Destruct.Buddy.1
    File: c:\America Online 4.0\buddylist.exe

    File Trace: Default trojan filename: Worm.VBS.Fireburn.A
    File: c:\mirc\Ultra-Hardcore-Bondage.JPG.vbs

    File Trace: Default trojan filename: Worm.VBS.Fireburn.A
    File: c:\program files\mirc\Ultra-Hardcore-Bondage.JPG.vbs

    File Trace: Default trojan filename: Worm.VBS.Fireburn.A
    File: c:\programme\mirc\Ultra-Hardcore-Bondage.JPG.vbs

    File Trace: Default trojan filename: Worm.VBS.Fireburn.A
    File: c:\programme\mirc\Christina__NUDE!!!.JPG.vbs

    File Trace: Default trojan filename: Worm.VBS.Fireburn.A
    File: c:\program files\mirc\Christina__NUDE!!!.JPG.vbs

    File Trace: Default trojan filename: Worm.VBS.Fireburn.A
    File: c:\mirc\Christina__NUDE!!!.JPG.vbs

    File Trace: Default trojan filename: Worm.VBS.Fireburn.A
    File: c:\mirc\CuteJany__BigTits!.GIF.vbs

    File Trace: Default trojan filename: Worm.VBS.Fireburn.A
    File: c:\program files\mirc\CuteJany__BigTits!.GIF.vbs

    File Trace: Default trojan filename: Worm.VBS.Fireburn.A
    File: c:\programme\mirc\CuteJany__BigTits!.GIF.vbs

    File Trace: Default trojan filename: Worm.VBS.Fireburn.A
    File: c:\programme\mirc\MyGirlfriend_NUDE!.JPF.vbs

    File Trace: Default trojan filename: Worm.VBS.Fireburn.A
    File: c:\program files\mirc\MyGirlfriend_NUDE!.JPF.vbs

    File Trace: Default trojan filename: Worm.VBS.Fireburn.A
    File: c:\mirc\MyGirlfriend_NUDE!.JPF.vbs

    File Trace: Default trojan filename: Worm.VBS.Fireburn.A
    File: c:\mirc\Aguiliera_NUDE!!.JPG.vbs

    File Trace: Default trojan filename: Worm.VBS.Fireburn.A
    File: c:\programme\mirc\Aguiliera_NUDE!!.JPG.vbs

    File Trace: Default trojan filename: Worm.VBS.Fireburn.A
    File: c:\program files\mirc\Aguiliera_NUDE!!.JPG.vbs

    File Trace: Default trojan filename: Worm.VBS.Fireburn.A
    File: c:\program files\mirc\!Jany__Gets-****ed!.GIF.vbs

    File Trace: Default trojan filename: Worm.VBS.Fireburn.A
    File: c:\programme\mirc\!Jany__Gets-****ed!.GIF.vbs

    File Trace: Default trojan filename: Worm.VBS.Fireburn.A
    File: c:\mirc\!Jany__Gets-****ed!.GIF.vbs

    File Trace: Default trojan filename: Worm.VBS.Fireburn.A
    File: c:\mirc\cute_EmmaPeel!!!.JPG.vbs

    File Trace: Default trojan filename: Worm.VBS.Fireburn.A
    File: c:\programme\mirc\cute_EmmaPeel!!!.JPG.vbs

    File Trace: Default trojan filename: Worm.VBS.Fireburn.A
    File: c:\program files\mirc\cute_EmmaPeel!!!.JPG.vbs

    File Trace: Default trojan filename: Worm.VBS.Fireburn.A
    File: c:\program files\mirc\Julie17__xxx.GIF.vbs

    File Trace: Default trojan filename: Worm.VBS.Fireburn.A
    File: c:\programme\mirc\Julie17__xxx.GIF.vbs

    File Trace: Default trojan filename: Worm.VBS.Fireburn.A
    File: c:\mirc\Julie17__xxx.GIF.vbs

    File Trace: Default trojan filename: Worm.VBS.Fool.H
    File: c:\My Documents\MyPicture.bmp.vbs

    File Trace: Default trojan filename: Worm.VBS.Fool.H
    File: c:\MyPicture.bmp.vbs

    File Trace: Default trojan filename: Worm.VBS.Gnutel
    File: c:\program files\gnutella\Gnutella Worm v1.1.vbs

    File Trace: Default trojan filename: Worm.VBS.Gnutel
    File: c:\program files\gnutella\Jenna Jameson movie listing.vbs

    File Trace: Default trojan filename: Worm.VBS.Gnutel
    File: c:\program files\gnutella\Pamela Anderson movie listing.vbs

    File Trace: Default trojan filename: Worm.VBS.Gnutel
    File: c:\program files\gnutella\Asia Carerra movie listing.vbs

    File Trace: Default trojan filename: Worm.VBS.Gnutel
    File: c:\program files\gnutella\xxx FTP movie listing.vbs

    File Trace: Default trojan filename: Worm.VBS.Gnutel
    File: c:\program files\gnutella\ASF Compressor (No quality loss).vbs

    File Trace: Default trojan filename: Worm.VBS.Gnutel
    File: c:\program files\gnutella\collegesex.vbs

    File Trace: Default trojan filename: Worm.VBS.Gnutel
    File: c:\program files\gnutella\Gladiator.vbs

    File Trace: Default trojan filename: Worm.VBS.Gnutel
    File: c:\program files\gnutella\Battlefield Earth.vbs

    File Trace: Default trojan filename: Worm.VBS.Gnutel
    File: c:\program files\gnutella\Evangelion complete episodes scripts.vbs

    File Trace: Default trojan filename: Worm.VBS.Gnutel
    File: c:\program files\gnutella\Scan Master checklist.vbs

    File Trace: Default trojan filename: Worm.VBS.Gnutel
    File: c:\program files\gnutella\How to eat *****.vbs

    File Trace: Default trojan filename: Worm.VBS.Gnutel
    File: c:\program files\gnutella\Alicia Silverstone.vbs

    File Trace: Default trojan filename: Worm.VBS.Gnutel
    File: c:\program files\gnutella\Pearl Jam.vbs

    File Trace: Default trojan filename: Worm.VBS.Gnutel
    File: c:\program files\gnutella\Mp3 compressor (Half the size but same quality).vbs

    File Trace: Default trojan filename: Worm.VBS.Gnutel
    File: c:\program files\gnutella\Napster Metallica Crack.vbs

    File Trace: Default trojan filename: Worm.VBS.Gnutel
    File: c:\program files\gnutella\Santana.vbs

    File Trace: Default trojan filename: Worm.VBS.Gnutel
    File: c:\program files\gnutella\NSync.vbs

    File Trace: Default trojan filename: Worm.VBS.Gnutel
    File: c:\program files\gnutella\Nirvana.mp3.vbs

    File Trace: Default trojan filename: Worm.VBS.Gnutel
    File: c:\program files\gnutella\Shania Twain.mp3.vbs

    File Trace: Default trojan filename: Worm.VBS.Gnutel
    File: c:\program files\gnutella\Jesus loves you.vbs

    File Trace: Default trojan filename: Worm.VBS.Gnutel
    File: c:\program files\gnutella\Gnutella upgrade.vbs

    File Trace: Default trojan filename: Worm.VBS.Gnutel
    File: c:\program files\gnutella\OFFICIAL Gnutella Option Pack.vbs

    File Trace: Default trojan filename: Suspicious
    File: C:\winsys98.bat

    File Trace: Default trojan filename: Worm.VBS.Reaper.A
    File: C:\mirc\download\christina_aguilera_nude!.vbs.

    File Trace: Default trojan filename: Worm.VBS_Stages.A
    File: c:\My Documents\IMPORTANT.TXT.SHS

    File Trace: Default trojan filename: Suspicious
    File: c:\default.ini

    File Trace: Default trojan filename: Suspicious
    File: c:\mirc\default.ini

    File Trace: Default trojan filename: Worm.VBS.Breaker.A
    File: c:\breaker.vbs

    File Trace: Default trojan filename: Worm.VBS.Overbuf.A
    File: c:\netmonn.hta

    File Trace: Default trojan filename: Worm.VBS.Overbuf.A
    File: c:\REPAIR.ZIP

    File Trace: Default trojan filename: Suspicious
    File: c:\REPAIR.BAT

    File Trace: Default trojan filename: Worm.VBS.Runscript.A
    File: c:\REPAIR.DBG

    File Trace: Default trojan filename: Worm.VBS.Phone.Timofonica
    File: c:\TIMOFONICA.TXT.VBS

    File Trace: Default trojan filename: Worm.VBS.Phone.Timofonica
    File: c:\TIMOFONICA.TXT

    File Trace: Default trojan filename: Worm.VBS.Chantal
    File: c:\mkv2.bat

    File Trace: Default trojan filename: Suspicious
    File: c:\icqpatch.exe

    File Trace: Default trojan filename: Suspicious
    File: c:\mirc\nuker.exe

    File Trace: Default trojan filename: Suspicious
    File: c:\mirc\download\mirc60.exe

    File Trace: Default trojan filename: Suspicious
    File: c:\mirc\logs\logging.exe

    File Trace: Default trojan filename: Suspicious
    File: c:\games\spider.exe

    File Trace: Default trojan filename: Suspicious
    File: c:\mirc\MIRC_SYS.INI

    File Trace: Default trojan filename: Worm.IRC.Lucky
    File: c:\mirc\lk7.ini

    File Trace: Default trojan filename: Worm.IRC.Milbug
    File: c:\mirc\download\milbug_a.exe

    File Trace: Default trojan filename: Worm.IRC.Milbug
    File: c:\mirc\download\milbug_b.exe

    File Trace: Default trojan filename: Worm.MyPics
    File: c:\Pics4You.exe

    File Trace: Default trojan filename: Worm.MyPics
    File: C:\CBIOS.COM

    File Trace: Default trojan filename: Worm.MyPics.b
    File: C:\Icq_Greetings.exe

    File Trace: Default trojan filename: Worm.MyPics.c
    File: c:\zip01.exe

    File Trace: Default trojan filename: Suspicious
    File: C:\KillAntiVirus.bat

    File Trace: Default trojan filename: Suspicious
    File: c:\icq.exe

    File Trace: Default trojan filename: Worm.Jim.A
    File: C:\MSDOS.DLL

    File Trace: Default trojan filename: Worm.Jim.A
    File: C:\CONFIG.DLL

    File Trace: Default trojan filename: Antisocial.E
    File: c:\ss.vbs

    File Trace: Default trojan filename: Antisocial.E
    File: c:\ss.bas

    File Trace: Default trojan filename: Suspicious
    File: C:\INSTALAR.EXE

    File Trace: Default trojan filename: Babylonia
    File: C:\BABYLONIA.EXE

    File Trace: Default trojan filename: Chantal.A
    File: C:\CB2.BAT

    File Trace: Default trojan filename: Chantal.A
    File: c:\mk2.bat

    File Trace: Default trojan filename: Suspicious
    File: c:\trojan.exe

    File Trace: Default trojan filename: MSN Cookie
    File: c:\msnwin.dll

    File Trace: Default trojan filename: RAT.Frenzy
    File: c:\program files\msgsrv36.exe

    File Trace: Default trojan filename: Worm.Trilisa
    File: c:\e_$.exe

    File Trace: Default trojan filename: Worm.Trilisa
    File: c:\MerKaVa.vbs

    File Trace: Default trojan filename: RAT.Delta Source
    File: c:\trojansserver.exe

    File Trace: Default trojan filename: PSW.Kuang
    File: C:\system.dup

    File Trace: Default trojan filename: RAT.Moon Pie 1.0
    File: c:\mffgwmhz.khz

    File Trace: Default trojan filename: Possible trojan - this Explorer will start instead of the Explorer in the Windows directory
    File: C:\explorer.exe

    File Trace: Default trojan filename: RAT.SkyDance (logfile)
    File: C:\skdlogfile.txt

    File Trace: Default trojan filename: RAT.Click'N'Show 1.0
    File: C:\sistem.exe

    File Trace: Default trojan filename: RAT.The Prayer 1.2
    File: C:\dlls32.exe

    File Trace: Default trojan filename: RAT.Celine 3.3.3
    File: C:\Celine.scr

    File Trace: Default trojan filename: RAT.Sky Rat (keylog)
    File: C:\offkeys.dat

    File Trace: Default trojan filename: RAT.CrazyNet (logfile)
    File: C:\mykeys.sys

    File Trace: Default trojan filename: Pokemon
    File: C:\47.VIR

    File Trace: Default trojan filename: Worm.Choke
    File: C:\Choke.exe

    File Trace: Default trojan filename: DDoS.RAT.GT Bot
    File: C:\Program Files\Accessories\BACKUP\SYSTEM\vsf\EXPL32.EXE

    File Trace: Default trojan filename: DDoS.RAT.GT Bot
    File: C:\Program Files\Accessories\BACKUP\SYSTEM\vsf\EXPLORER.scr

    File Trace: Default trojan filename: DDoS.RAT.GT Bot
    File: C:\Program Files\Accessories\BACKUP\SYSTEM\vsf\explorer2.exe

    File Trace: Default trojan filename: DDoS.RAT.GT Bot
    File: C:\Program Files\Accessories\BACKUP\SYSTEM\vsf\remote.ini

    File Trace: Default trojan filename: DDoS.RAT.GT Bot
    File: C:\Program Files\Accessories\BACKUP\SYSTEM\vsf\scanner.mrc

    File Trace: Default trojan filename: DDoS.RAT.GT Bot
    File: C:\Program Files\Accessories\BACKUP\SYSTEM\vsf\script1.ini

    File Trace: Default trojan filename: DDoS.RAT.GT Bot
    File: C:\Program Files\Accessories\BACKUP\SYSTEM\vsf\script2.ini

    File Trace: Default trojan filename: DDoS.RAT.GT Bot
    File: C:\Program Files\Accessories\BACKUP\SYSTEM\vsf\script3.ini

    File Trace: Default trojan filename: DDoS.RAT.GT Bot
    File: C:\Program Files\Accessories\BACKUP\SYSTEM\vsf\uncapper.exe

    File Trace: Default trojan filename: DDoS.RAT.GT Bot
    File: C:\Program Files\Accessories\BACKUP\SYSTEM\vsf\updater.ini

    File Trace: Default trojan filename: RAT.NeuroticKat 1.1 (logfile)
    File: C:\inputput.txt

    File Trace: Default trojan filename: Worm.Marijuana
    File: C:\Winnt\System32.exe

    File Trace: Default trojan filename: Worm.SirCam
    File: C:\Recycled\SirC32.exe

    File Trace: Default trojan filename: Pokemon
    File: C:\R28.VIR

    File Trace: Default trojan filename: Worm.SirCam (payload)
    File: C:\SirCam.Sys

    File Trace: Default trojan filename: Worm.Code Red
    File: C:\notworm

    File Trace: Default trojan filename: PSW.Host Unreachable
    File: C:\HostUnre.dll

    File Trace: Default trojan filename: Destruct.Whistler
    File: C:\WXP

    File Trace: Default trojan filename: Worm.Trilisa
    File: c:\$$-%1@.exe

    File Trace: Default trojan filename: Worm.Trilisa
    File: c:\$~.exe

    File Trace: Default trojan filename: RAT.SnidX3
    File: C:\Temp#01.sni

    File Trace: Default trojan filename: RAT.SnidX3
    File: C:\Temp$01.exe

    File Trace: Default trojan filename: Pokemon
    File: C:\A1.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\T57.VIR

    File Trace: Default trojan filename: RAT.Akosch
    File: C:\security.exe

    File Trace: Default trojan filename: PSW.Kuang
    File: C:\ll.dat

    File Trace: Default trojan filename: Worm.GoDog
    File: C:\Mirc\Ghostdog.exe

    File Trace: Default trojan filename: Worm.Taxifolia
    File: C:\Recycled\Taxifolia.exe

    File Trace: Default trojan filename: Pokemon
    File: C:\R55.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\S29.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\S56.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\T30.VIR

    File Trace: Default trojan filename: Worm.MyPics.e
    File: C:\Pictures.exe

    File Trace: Default trojan filename: Worm.Roussarcoma.a
    File: C:\RousSarc.exe

    File Trace: Default trojan filename: Worm.Roussarcoma.c
    File: C:\SegaFred.exe

    File Trace: Default trojan filename: Pokemon
    File: C:\A37.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\B2.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\B38.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\C3.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\C39.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\D4.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\D40.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\E41.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\E5.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\F42.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\F6.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\G43.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\G7.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\H44.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\H8.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\I45.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\I9.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\J10.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\J46.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\K21.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\K48.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\L22.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\L49.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\M23.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\M50.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\N24.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\N51.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\O25.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\O52.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\P26.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\P53.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\Q27.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\Q54.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\U31.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\U58.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\V32.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\V59.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\W33.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\W60.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\X34.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\Y35.VIR

    File Trace: Default trojan filename: Pokemon
    File: C:\Z36.VIR

    File Trace: Default trojan filename: Worm.Buffy
    File: c:\BTVS.exe

    File Trace: Default trojan filename: Worm.Casper
    File: C:\CasperMail.vbs

    File Trace: Default trojan filename: Worm.Friends
    File: C:\Friends\maya.vbs

    File Trace: Default trojan filename: Worm.Hydra
    File: C:\Hydra.reg

    File Trace: Default trojan filename: Worm.Mustard
    File: C:\send.vbs

    File Trace: Default trojan filename: Worm.Roussarcoma
    File: C:\RousSarc.vbs

    File Trace: Default trojan filename: Worm.Elspy.b
    File: C:\AUT0EXE.BAT

    File Trace: Default trojan filename: Worm.Dragon
    File: C:\gygax.dll

    File Trace: Default trojan filename: Worm.Azaco
    File: C:\azaco.exe

    File Trace: Default trojan filename: Destruct.Sunset
    File: C:\YAMYAM.YAM\FUN!

    File Trace: Default trojan filename: Destruct.Sunset
    File: C:\YAMYAM.YAM\HAVE

    File Trace: Default trojan filename: Destruct.Sunset
    File: C:\YAMYAM.YAM\SAYS

    File Trace: Default trojan filename: Destruct.Sunset
    File: C:\YAMYAM.YAM\YAM

    File Trace: Default trojan filename: Worm.SouthPark
    File: C:\Winguard.exe

    File Trace: Default trojan filename: Worm.Parrot
    File: C:\parrot.scr

    File Trace: Default trojan filename: Worm.Silver
    File: C:\SILVER.EXE

    File Trace: Default trojan filename: Worm.SouthPark
    File: C:\South Park.exe

    File Trace: Default trojan filename: Suspicious
    File: C:\PKZIP.EXE

    File Trace: Default trojan filename: Worm.Tossed
    File: C:\Win95\IE5FIX.EXE

    File Trace: Default trojan filename: Worm.Tossed
    File: C:\Win98\IE5FIX.EXE

    File Trace: Default trojan filename: Worm.Tossed
    File: C:\WinNT\IE5FIX.EXE

    File Trace: Default trojan filename: Worm.Tossed
    File: C:\Win95\NOADS.EXE

    File Trace: Default trojan filename: Worm.Tossed
    File: C:\Win98\NOADS.EXE

    File Trace: Default trojan filename: Worm.Tossed
    File: C:\WinNT\NOADS.EXE

    File Trace: Default trojan filename: Worm.Tossed
    File: C:\Win95\IMAGES.EXE

    File Trace: Default trojan filename: Worm.Tossed
    File: C:\Win98\IMAGES.EXE

    File Trace: Default trojan filename: Worm.Tossed
    File: C:\WinNT\IMAGES.EXE

    File Trace: Default trojan filename: Worm.Tossed
    File: C:\Win95\COOLPICS.EXE

    File Trace: Default trojan filename: Worm.Tossed
    File: C:\Win98\COOLPICS.EXE

    File Trace: Default trojan filename: Worm.Tossed
    File: C:\WinNT\COOLPICS.EXE

    File Trace: Default trojan filename: Worm.Tossed
    File: C:\Win95\DOCS.EXE

    File Trace: Default trojan filename: Worm.Tossed
    File: C:\Win98\DOCS.EXE

    File Trace: Default trojan filename: Worm.Tossed
    File: C:\WinNT\DOCS.EXE

    File Trace: Default trojan filename: Worm.Tossed
    File: C:\Win95\PKSETUP.EXE

    File Trace: Default trojan filename: Worm.Tossed
    File: C:\Win98\PKSETUP.EXE

    File Trace: Default trojan filename: Worm.Tossed
    File: C:\WinNT\PKSETUP.EXE

    File Trace: Default trojan filename: Worm.Tossed
    File: C:\Win95\SCRNSAVE.EXE

    File Trace: Default trojan filename: Worm.Tossed
    File: C:\Win98\SCRNSAVE.EXE

    File Trace: Default trojan filename: Worm.Tossed
    File: C:\WinNT\SCRNSAVE.EXE

    File Trace: Default trojan filename: Worm.Tossed
    File: C:\Win95\TYPEDEF.VBS

    File Trace: Default trojan filename: Worm.Tossed
    File: C:\Win98\TYPEDEF.VBS

    File Trace: Default trojan filename: Worm.Tossed
    File: C:\WinNT\TYPEDEF.VBS

    File Trace: Default trojan filename: Worm.Tossed
    File: C:\Win95\TYPEDEF.INI

    File Trace: Default trojan filename: Worm.Tossed
    File: C:\Win98\TYPEDEF.INI

    File Trace: Default trojan filename: Worm.Tossed
    File: C:\WinNT\TYPEDEF.INI

    File Trace: Default trojan filename: Worm.Madcow
    File: C:\Win32\Envoie.bat

    File Trace: Default trojan filename: Worm.Madcow
    File: C:\Win32\Envoie.vbs

    File Trace: Default trojan filename: Worm.Repah
    File: C:\mail.vbs

    File Trace: Default trojan filename: Worm.Repah
    File: C:\weather.txt.exe

    File Trace: Default trojan filename: DDoS.RAT.Critical
    File: C:\Program Files\Accessories\Backup\System\Critical\Cons1.dll

    File Trace: Default trojan filename: DDoS.RAT.Critical
    File: C:\Program Files\Accessories\Backup\System\Critical\Deg326.dll

    File Trace: Default trojan filename: DDoS.RAT.Critical
    File: C:\Program Files\Accessories\Backup\System\Critical\Expl32.exe

    File Trace: Default trojan filename: DDoS.RAT.Critical
    File: C:\Program Files\Accessories\Backup\System\Critical\Explorer2.exe

    File Trace: Default trojan filename: DDoS.RAT.Critical
    File: C:\Program Files\Accessories\Backup\System\Critical\ins.dll

    File Trace: Default trojan filename: DDoS.RAT.Critical
    File: C:\Program Files\Accessories\Backup\System\Critical\Mir436.dll

    File Trace: Default trojan filename: DDoS.RAT.Critical
    File: C:\Program Files\Accessories\Backup\System\Critical\Mirc.ini

    File Trace: Default trojan filename: DDoS.RAT.Critical
    File: C:\Program Files\Accessories\Backup\System\Critical\Moo.dll

    File Trace: Default trojan filename: DDoS.RAT.Critical
    File: C:\Program Files\Accessories\Backup\System\Critical\Mstg1.dll

    File Trace: Default trojan filename: DDoS.RAT.Critical
    File: C:\Program Files\Accessories\Backup\System\Critical\Scan31.dll

    File Trace: Default trojan filename: DDoS.RAT.Critical
    File: C:\Program Files\Accessories\Backup\System\Critical\Updatex1.dll

    File Trace: Default trojan filename: DDoS.RAT.Critical
    File: C:\Program Files\Accessories\Backup\System\Critical\Win32x.dll

    File Trace: Default trojan filename: DDoS.RAT.Critical
    File: C:\Program Files\Accessories\Backup\System\Critical\Winexp32.dll

    File Trace: Default trojan filename: DDoS.RAT.Critical
    File: C:\Program Files\Accessories\Backup\System\Critical\Winvar32.dll

    File Trace: Default trojan filename: Worm.WTC (log)
    File: c:\email.mel

    File Trace: Default trojan filename: Worm.Prolin
    File: C:\creative.exe

    File Trace: Default trojan filename: RAT.Akosch
    File: C:\Systemstart.exe

    File Trace: Default trojan filename: Worm.Desire
    File: C:\Desire.exe

    File Trace: Default trojan filename: Worm.Zippy
    File: C:\FunJokes.exe

    File Trace: Default trojan filename: PSW.Getpassword
    File: C:\Password.txt

    File Trace: Default trojan filename: Worm.Flu
    File: C:\Napster.scr

    File Trace: Default trojan filename: Worm.Flu
    File: C:\NewFilmMATRIX2.scr

    File Trace: Default trojan filename: Worm.Flu
    File: C:\PornoChat.exe

    File Trace: Default trojan filename: PSW.AIM
    File: C:\aLog.txt

    File Trace: Default trojan filename: Worm.Eira
    File: C:\Eira\Quake4Demo.exe

    File Trace: Default trojan filename: RAT.Nemesis
    File: C:\FONTS\Server.exe

    File Trace: Default trojan filename: Worm.Backdoor
    File: C:\swp.dat

    File Trace: Default trojan filename: Keylog.PC Weasel
    File: C:\Program Files\PC Weasel\PCWeasel.exe

    File Trace: Default trojan filename: Keylog.PC Weasel
    File: C:\Program Files\PC Weasel\Mode.exe

    File Trace: Default trojan filename: Keylog.PC Weasel
    File: C:\Program Files\PC Weasel\ijl11.dll

    File Trace: Default trojan filename: Keylog.Impossible
    File: C:\WIN32DLL.exe

    File Trace: Default trojan filename: Keylog.Impossible (log)
    File: C:\kboard.dat

    File Trace: Default trojan filename: Keylog.Ghost Keylogger
    File: C:\Program Files\Sync Manager\agent\syncagent.dll

    File Trace: Default trojan filename: Keylog.Ghost Keylogger
    File: C:\Program Files\Sync Manager\agent\syncagent.exe

    File Trace: Default trojan filename: Keylog.Ghost Keylogger (Config)
    File: C:\Program Files\Sync Manager\syncconfig.exe

    File Trace: Default trojan filename: Keylog.Ghost Keylogger (log)
    File: C:\Program Files\Sync Manager\logfile.cip

    File Trace: Default trojan filename: RAT.Fraggle Rock Lite (keylog)
    File: C:\system.dll

    File Trace: Default trojan filename: RAT.SpyAnywhere
    File: C:\Program Files\Spytech Software\SpyAnywhere\SpyAnywhere.exe

    File Trace: Default trojan filename: RAT.AlexMessoMalex
    File: C:\Msdos.exe

    File Trace: Default trojan filename: Worm.Redesi
    File: c:\rede.exe

    File Trace: Default trojan filename: Worm.Redesi
    File: c:\disk.exe

    File Trace: Default trojan filename: Worm.MyParty
    File: c:\regctrl.exe

    File Trace: Default trojan filename: Worm.MyParty
    File: c:\recycled\regctrl.exe

    File Trace: Default trojan filename: RAT.NetAdmin
    File: C:\Program Files\NetAdmin\NetAdminServer.exe

    File Trace: Default trojan filename: Worm.Lentin
    File: c:\Recycled\msscra.exe

    File Trace: Default trojan filename: Worm.Lentin
    File: c:\Recycled\msmdm.exe

    File Trace: Default trojan filename: Worm.GOPWorm
    File: C:\Recycled\Notdelw.i.n.v.e.r.y.i.f.y.exe

    File Trace: Default trojan filename: Worm.Petik.b
    File: C:\Twin.vbs

    File Trace: Default trojan filename: PSW.Dummylock
    File: C:\dummyset.DAT

    File Trace: Default trojan filename: PSW.Dummylock (log)
    File: C:\passwords.dat

    File Trace: Default trojan filename: Keylog.Logger
    File: C:\Program Files\Win32\Win32.exe

    File Trace: Default trojan filename: Monitor.Chat Watch
    File: C:\Program Files\Chat Watch\ChatWatch.exe

    File Trace: Default trojan filename: Monitor.CyberVizion
    File: C:\Program Files\Moonlight Software\CyberVizion\netctrl.exe

    File Trace: Default trojan filename: Monitor.CyberVizion
    File: C:\Program Files\Moonlight Software\CyberVizion\tasksyn.exe

    File Trace: Default trojan filename: Monitor.FamilyCam
    File: C:\Program Files\FamilyCAM 3.0\fmcm.exe

    File Trace: Default trojan filename: Monitor.System Spy
    File: C:\Program Files\SS\SS.exe

    File Trace: Default trojan filename: Keylog.SilentLog (log)
    File: C:\SilentLog.txt

    File Trace: Default trojan filename: Keylog.SilentLog (log)
    File: C:\KeepSilent.log

    File Trace: Default trojan filename: Keylog.JanNet
    File: C:\keylogger.exe

    File Trace: Default trojan filename: Monitor.SafeNet
    File: C:\Program Files\SafeNet\Wbasesys.exe

    File Trace: Default trojan filename: Worm.Taz
    File: C:\Wally.exe

    File Trace: Default trojan filename: Worm.Taz
    File: C:\XXX.exe

    File Trace: Default trojan filename: I-Worm.Orkiz
    File: C:\system32 - Veronica la mejor!!!.exe

    File Trace: Default trojan filename: I-Worm.Orkiz
    File: C:\eurovision.vbs

    File Trace: Default trojan filename: I-Worm.Orkiz
    File: C:\Command.com.vbs

    File Trace: Default trojan filename: I-Worm.Orkiz
    File: C:\x.vbs

    File Trace: Default trojan filename: I-Worm.Orkiz
    File: C:\OperacionTriunfo.scr

    File Trace: Default trojan filename: Trojan.Win32.Sith
    File: C:\winsys.exe

    File Trace: Default trojan filename: RAT.OMPN Magic
    File: C:\run32.exe

    File Trace: Default trojan filename: RAT.Avone 2 Beta
    File: C:\Program Files\Mg\mg.exe

    File Trace: Default trojan filename: Worm.Alcaul
    File: c:\v.vbs

    File Trace: Default trojan filename: Worm.Alcaul
    File: c:\syra.scr

    File Trace: Default trojan filename: Worm.Alcaul
    File: c:\SexSound.exe

    File Trace: Default trojan filename: Worm.Alcaul
    File: C:\autorun.com

    File Trace: Default trojan filename: Worm.Alcaul
    File: C:\www.EcstasyRUs.com

    File Trace: Default trojan filename: Worm.Alcaul
    File: C:\alcopaul.html

    File Trace: Default trojan filename: Worm.Alcaul
    File: C:\dnserror1.html

    File Trace: Default trojan filename: Worm.Alcaul
    File: C:\free2joints.zip

    File Trace: Default trojan filename: Trojan.Virri
    File: c:\rgvmdv.exe

    File Trace: Default trojan filename: Worm.SecUpd
    File: C:\load.exe

    File Trace: Default trojan filename: Worm.Trillisa
    File: c:\shakira.scr

    File Trace: Default trojan filename: Worm.Trillisa
    File: c:\Bush_you_are_guilty!!!.scr

    File Trace: Default trojan filename: Worm.Trilisa
    File: c:\ .vbs

    File Trace: Default trojan filename: Worm.Trilisa
    File: c:\ .exe

    File Trace: Default trojan filename: RAT.KrAIMer
    File: c:\AOL70.exe

    File Trace: Default trojan filename: Worm.Sharp
    File: c:\Ms02-010.exe

    File Trace: Default trojan filename: RAT.NokNok
    File: C:\Program Files\WinSecurity\securpatch.exe

    File Trace: Default trojan filename: RAT.AntiYahoo
    File: C:\KcGame\kcgame.exe

    File Trace: Default trojan filename: RAT.Habibti
    File: c:\msn2003.exe

    File Trace: Default trojan filename: Dialer.a
    File: C:\Program Files\Webdialer\sddlr.exe

    File Trace: Default trojan filename: RAT.TheefLE
    File: c:\Lib32.exe

    File Trace: Default trojan filename: Worm.Duni
    File: c:\zero.exe

    File Trace: Default trojan filename: Keylog.Daniel (log)
    File: c:\Klgf.txt

    File Trace: Default trojan filename: RAT.Insider
    File: c:\MDIOCTL.EXE

    File Trace: Default trojan filename: Worm.Kitro
    File: c:\system32.exe

    File Trace: Default trojan filename: Worm.Kitro
    File: c:\archiv~1\psycho.scr

    File Trace: Default trojan filename: Worm.Kitro
    File: c:\zonavirus.Dll

    File Trace: Default trojan filename: Worm.Kitro
    File: c:\Bn.exe

    File Trace: Default trojan filename: Destruct.Main
    File: c:\antlvirii.exe

    File Trace: Default trojan filename: Destruct.Main
    File: c:\BIOSConfig\BiosFix.exe

    File Trace: Default trojan filename: RAT.Cabronator
    File: c:\MSWSIGX.DLL

    File Trace: Default trojan filename: Worm.Remat
    File: c:\dat0.exe

    File Trace: Default trojan filename: Worm.Remat
    File: c:\VQ.exe

    File Trace: Default trojan filename: Worm.Shorm
    File: c:\WORM.EXE

    File Trace: Default trojan filename: Worm.Southpak
    File: c:\Blade

    File Trace: Default trojan filename: Worm.Southpak
    File: c:\Pk.fuk

    File Trace: Default trojan filename: DDoS.CrackerBox
    File: C:\Program Files\CrackerBox\CrackerBox.exe

    File Trace: Default trojan filename: TrojanClicker.Win32.Setrix
    File: c:\My Documents\Command.exe

    File Trace: Default trojan filename: Trojan.Win32.Loveadot
    File: C:\Sysgo.bat

    File Trace: Default trojan filename: RAT.Cabronator Dropper
    File: C:\CheckSystem\Britney_spears_nude.exe

    File Trace: Default trojan filename: RAT.Cabronator Dropper
    File: C:\CheckSystem\CRACK_WINDOWS_XP.EXE

    File Trace: Default trojan filename: RAT.Cabronator Dropper
    File: C:\CheckSystem\GTA3_CRACK.EXE

    File Trace: Default trojan filename: Worm.Duksten
    File: C:\Netskudo.exe

    File Trace: Default trojan filename: PSW.FakeAOL
    File: c:\aolpass.txt

    File Trace: Default trojan filename: RAT.Brouser
    File: c:\winupt.dat

    File Trace: Default trojan filename: RAT.Retribution
    File: c:\autoexec.exe

    File Trace: Default trojan filename: Worm.Opasoft
    File: c:\ScrSin.dat

    File Trace: Default trojan filename: Worm.Opasoft
    File: c:\ScrSout.dat

    File Trace: Default trojan filename: Worm.Pelic
    File: C:\Program Files\KaZaA\My Shared Folder\Sex-free.exe.vbs

    File Trace: Default trojan filename: Worm.Pelic
    File: C:\Program Files\KaZaA\My Shared Folder\Mix-brazil.mp3.vbs

    File Trace: Default trojan filename: RAT.CiscoScan
    File: c:\Drivers\wserver.exe

    File Trace: Default trojan filename: Worm.Fleming
    File: c:\Update35784.exe

    File Trace: Default trojan filename: Worm.Fleming
    File: c:\Hehe2397824.exe

    File Trace: Default trojan filename: RAT.T.O.D
    File: C:\Program Files\Common Files\System\Explorer.exe

    File Trace: Default trojan filename: Worm.Veedna
    File: C:\Zephyr Song.mp3.EXe

    File Trace: Default trojan filename: Worm.Veedna
    File: C:\Fire.mp3.EXe

    File Trace: Default trojan filename: Worm.Veedna
    File: C:\ReignoFire.mp3.EXe

    File Trace: Default trojan filename: Worm.Veedna
    File: C:\HULK.mpg.EXe

    File Trace: Default trojan filename: Worm.Veedna
    File: C:\TheTuxedo.mpeg.EXe

    File Trace: Default trojan filename: Worm.Veedna
    File: C:\Reign of Fire.mpeg.EXe

    File Trace: Default trojan filename: Worm.Veedna
    File: C:\Pentium 5.doc.EXe

    File Trace: Default trojan filename: Worm.Veedna
    File: C:\Pentium 5.rtf.EXe

    File Trace: Default trojan filename: Worm.Veedna
    File: C:\How to make viruses.txt.EXe

    File Trace: Default trojan filename: Worm.Veedna
    File: C:\Playboy 9.mpeg.EXe

    File Trace: Default trojan filename: Worm.Veedna
    File: C:\Setup.exe.EXe

    File Trace: Default trojan filename: Worm.Wonna
    File: C:\Cool_File.exe

    File Trace: Default trojan filename: Worm.Wonna
    File: C:\KaZaA\My Shared Folder\MSN Crack.exe

    File Trace: Default trojan filename: Worm.Wonna
    File: C:\KaZaA\My Shared Folder\MSN Hack.exe

    File Trace: Default trojan filename: Worm.Wonna
    File: C:\KaZaA\My Shared Folder\ICQ Password

    File Trace: Default trojan filename: Worm.Wonna
    File: C:\KaZaA\My Shared Folder\HotMail

    File Trace: Default trojan filename: Worm.Wonna
    File: C:\KaZaA\My Shared Folder\SpiderMan-PC-Game-v2 FullDownloader.exe

    File Trace: Default trojan filename: Worm.Wonna
    File: C:\KaZaA\My Shared Folder\ICQ Hack.exe

    File Trace: Default trojan filename: Worm.Wonna
    File: C:\KaZaA\My Shared Folder\Windows (All Versions) KeyGen.exe

    File Trace: Default trojan filename: Worm.Wonna
    File: C:\Program Files\KaZaA\My Shared Folder\MSN Crack.exe

    File Trace: Default trojan filename: Worm.Wonna
    File: C:\Program Files\KaZaA\My Shared Folder\MSN Hack.exe

    File Trace: Default trojan filename: Worm.Wonna
    File: C:\Program Files\KaZaA\My Shared Folder\ICQ Password

    File Trace: Default trojan filename: Worm.Wonna
    File: C:\Program Files\KaZaA\My Shared Folder\HotMail

    And this is only half of it.

    Thanks .
     
  10. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    OK Frank, I'll have a nother guesss:)
    Download the latest radius file from here: http://tds.diamondcs.com.au/index.php?page=update
    Disconnect from the internet, modem whatever.
    Please uninstall TDS3 delete all the files in your TDS3 folder except for your keyfile.
    Re-boot and ensure that not other programmes are running including your AV,
    Re-install TDS3 copy the downloaded radius file to your TDS folder.
    Re-run the scans.
    I am hoping that you just have a corrupt installation so I want to make sure that it is corrected in the safest manner.

    Cheers. Pilli
     
  11. Grasshopper

    Grasshopper Registered Member

    Joined:
    Sep 30, 2002
    Posts:
    77
    Back again!!!!

    Pilli , I did as you asked ,
    Downloaded TDS install and update done manually after cleaning everything out . No problems with the scans this time but I really don't think it was a corrupt installation , it didn't start acting up until I installed Process Guard .

    Anyway we'll see what happens , hopefully you were right and no more problems . If there is I know where to go .

    Thanks for the help,
    Frank
     
  12. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Grasshopper, Your problem was unique regarding TDS3 as far as I know so I am pretty sure it was a corrupt install, hopefully all will be well now. Run a full scan with all options just to make sure. :)
    Please ask whatever questions you want, the unasked ones are the more dangerous.

    Pilli
     
  13. Grasshopper

    Grasshopper Registered Member

    Joined:
    Sep 30, 2002
    Posts:
    77
    Hello again ,

    My problem is back and it seems to be intermitant .
    sometimes when I boot up everything works fine other times TDS finds the files as shown in the log I posted , also now Outpost is booting up with an error ( sometimes ).
    All seems to point to Process Guard , non of this was happening before PGs install.

    Regards ,
    Frank
     
  14. Grasshopper

    Grasshopper Registered Member

    Joined:
    Sep 30, 2002
    Posts:
    77
    Sorry Pilli ,
    I did run that full scan again and found nothing.

    Thanks Again ,
    Frank
     
  15. FanJ

    FanJ Guest

    Hi,

    I really don't understand it......

    Are you really sure that you're not heavily infected?

    I see strange files, for example:

    File: c:\e_$.exe
    File: C:\Setup.exe.EXe
    File: C:\Playboy 9.mpeg.EXe
    File: C:\How to make viruses.txt.EXe
    File: C:\KaZaA\My Shared Folder\MSN Crack.exe

    etc etc etc

    o_O o_O o_O
     
  16. FanJ

    FanJ Guest

    Let's have a look at this:

    quote

    File Trace: Default trojan filename: Worm.Veedna
    File: C:\Zephyr Song.mp3.EXe

    File Trace: Default trojan filename: Worm.Veedna
    File: C:\Fire.mp3.EXe

    File Trace: Default trojan filename: Worm.Veedna
    File: C:\ReignoFire.mp3.EXe

    File Trace: Default trojan filename: Worm.Veedna
    File: C:\HULK.mpg.EXe

    File Trace: Default trojan filename: Worm.Veedna
    File: C:\TheTuxedo.mpeg.EXe

    File Trace: Default trojan filename: Worm.Veedna
    File: C:\Reign of Fire.mpeg.EXe

    File Trace: Default trojan filename: Worm.Veedna
    File: C:\Pentium 5.doc.EXe

    File Trace: Default trojan filename: Worm.Veedna
    File: C:\Pentium 5.rtf.EXe

    File Trace: Default trojan filename: Worm.Veedna
    File: C:\How to make viruses.txt.EXe

    File Trace: Default trojan filename: Worm.Veedna
    File: C:\Playboy 9.mpeg.EXe

    File Trace: Default trojan filename: Worm.Veedna
    File: C:\Setup.exe.EXe

    end quote


    Now look at this Symantec site:
    http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.veedna.c.html

    quote
    When W32.HLLW.Veedna.C runs, it does the following:


    Copies itself as the following files:
    C:\Tuxedo.mp3.scr
    C:\XMen 2.scr
    C:\Xmen 2.mp3.scr
    C:\ZephyrSong.mp3.scr
    C:\XFiles.mp3.scr
    C:\Matrix.avi.scr
    C:\Matrix.mpeg.scr
    C:\Matrix.scr
    C:\Matrix 2.mpeg.scr
    C:\Fire.mp3.scr
    C:\Reign of Fire.mp3.scr
    C:\XFiles.mpg.scr
    C:\The Tuxedo.mpeg.scr
    C:\Small Ville.scr
    C:\Small Ville .scr
    C:\Small Ville .scr
    C:\Small Ville .scr
    C:\Small Ville .scr
    C:\Small Ville .scr
    C:\Small Ville .scr
    C:\Small Ville .scr
    C:\Tuxedo.mpg .scr
    C:\Small Ville .scr
    C:\Reignof Fire.mpeg.scr
    C:\Pentium5.doc.scr
    C:\Pentium5.rtf.scr
    C:\Howtomakeviruses.txt.scr
    C:\Playboy10.mpeg.scr
    C:\Setup.exe.scr
    A:\TheIncredible Hulk.scr
    D:\TheRock.scr
    C:\vandEEd0.scr
    C:\Windows\start.scr
    C:\Windows\start.exe
    C:\WinNT\start.scr
    C:\WinNT\start.exe

    end quote

    A lot of those files mentioned at the Symantec site describing the Veedna worm I see also on your list.

    And you say "I swear my computer is clean".
    Sorry, I don't understand it!
    In my humble opinion your computer is heavily infected, or I must be making a real bad mistake...
     
  17. FanJ

    FanJ Guest

    Well, looking again at that Veedna worm, there are surely differences.

    For example:

    you have: C:\Pentium 5.doc.EXe

    Symantec speaks of: C:\Pentium5.doc.scr

    And that goes for more of these files.
    You have them ended as EXe, Symantec says scr

    But any file ending with the double extension .doc.exe should ring ALL alarm bells !!!

    Do you really have such a file on your system; please check it !
    And it is only one example...
     
  18. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Frank, If you can find any of those listed files, please copy them to a folder, zip them up and send them to submit@diamondcs.com.au for analysis.
    As Fanj says there sure appears to be something amiss.

    I am almost certain that PG is not responsible as nothing has ever been reported like your problem.

    Thanks. Pilli
     
  19. FanJ

    FanJ Guest

    Very good suggestion, Pilli !

    Frank,

    Do you have ExecutionProtection enabled in TDS-3 ?
    Do you see a line like this in your TDS-3 console:
    17:06:16 [Init] • Exec Protection : OK. Installed
    If not, then in TDS-3 go to TDS > Execution Protection > Install

    Look indeed if you have such files with those double extensions on your system.
    May I suggest, after you have send such file(s) to DiamondCS, this:

    Make sure you have the latest Radius-file for TDS-3.
    Uninstall ProcessGuard.
    Disconnect from the net.
    Disable NOD32 temporarily.
    Do a full system scan with TDS-3, with every scan-option enabled.
    What does TDS-3 tell you then?
     
  20. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Do you run TDS as an admin or user or power user?
     
  21. FanJ

    FanJ Guest

    thumbs up for you Jooske !

    There is indeed a problem, that may cause those false alarms with respect to "file traces", if you don't run TDS-3 with Admin privileges !

    To quote Gavin:

    "The trace scanner can have problems if and only if you dont have Admin privileges - and if TDS has no access to read files...."

    Right click the TDS shortcut and select properties, go to the advanced tab & run as admin.


    Frank,
    Does that solve your problem?
    Please let us know.
    Thanks !

    Regards, Jan.
     
  22. Grasshopper

    Grasshopper Registered Member

    Joined:
    Sep 30, 2002
    Posts:
    77
    Hi all,
    first of all I have already uninstalled PG and tested , everything worked fine , after the reinstall I'm back to problems .

    Second , I can't find any of the files TDS alerted on because they are on C:drive and my C: drive is a flash card reader , my OS and everything else is on G: drive

    Third , If all that crap was on my computer ( remember I only posted half of it ) I really don't think it would be running very well and believe me it is running well other than the little glitches with TDS and Outpost.

    I still think it is a list of blocked garbage from another program that TDS is mistakenly alerting on.

    I also tried with and without exec protection with no difference.

    I try very hard to keep a clean computer and I would know if it was infected especially with that much junk .

    I'll try a little more testing and see what I can come up with .


    Thanks again all ,
    Frank
     
  23. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Gavin indicated in another thread there are users thinking they are running as an admin but in reality as a poweruser, which can give such problems too. So make sure you run as an admin and in any other case to "run as" like described above.
    And make sure your hijackthis log is posted so the experts can look at it too!
     
  24. FanJ

    FanJ Guest

    Hi Frank,

    I apologize for all the confusion !

    There have indeed been other reports about alerts for "file traces".
    This is caused if TDS-3 does not run as admin.
    (Problem for me is that I have only W 98 SE; I need someone here with experience on XP and TDS-3).

    Sorry !!!!!!!!!!!

    Regards, Jan.
     
  25. Grasshopper

    Grasshopper Registered Member

    Joined:
    Sep 30, 2002
    Posts:
    77
    No apologies are needed , I appreciate your help .
    It's just a little frustrating not being able to understand what is going on .

    This system is set up for only one user and I assume that would make that one user the administrator , I don't think I would know how to set it up as a power user whatever that is.

    thanks and Cheers ,
    Frank
     
Thread Status:
Not open for further replies.