Guest Gladiator Posted December 31, 2002 Report Share Posted December 31, 2002 I am just making an update - because i am including the detection of netdevil trojans.....and it looks like you have this nasty - so post your scan report here (all 4 pages) and we will see.After this you need to download the update if i am ready Link to comment Share on other sites More sharing options...
Guest Gladiator Posted December 31, 2002 Report Share Posted December 31, 2002 Lets finish this scan - after this post here the report and then you can shut down kernel32.dlIOHHHHHHHHHHMoment.....You are making a default system scan ?If this is finish go to advanced options -> click on custom drives and folders then select "C:\Windows" and press on "SET PATH".After this pick from the GAV Menu the point "Custom Scan (all files) :) Link to comment Share on other sites More sharing options...
Guest Gladiator Posted December 31, 2002 Report Share Posted December 31, 2002 You are making a FULL SYSTEM SCAN or a default system scan ?if you make a FULL SYSTEM SCAN (all files) its ok - but this will take time Link to comment Share on other sites More sharing options...
Guest CalamityJane Posted December 31, 2002 Report Share Posted December 31, 2002 p2ccoloYou should have gotten a report at the end of the scan showing what was found - if you still have that open on your screen you can copy & paste the text to here.If you do not have that report still showing on your screen you can go to your Programs Folder, find the Gladiator Folder and look for a Reports Folder in there. You should see a file named Report.HTML and open it. It should be from this latest scan and you can copy and paste here. Link to comment Share on other sites More sharing options...
Guest CalamityJane Posted December 31, 2002 Report Share Posted December 31, 2002 Hmmm. That is the correct report document. From here, we should wait to see what Gladiator says. Link to comment Share on other sites More sharing options...
Guest CalamityJane Posted December 31, 2002 Report Share Posted December 31, 2002 Actually, it might be helpful to post all of the text to show what files were scanned. I pulled up an older one of mine ....that looks like this: Gladiator AntiVirus XXLInterface Version: 1.0.0 Engine Version: 0.8.5 Pattern Version: 0.6.1--------------------------------------------------------------------------------Scan Report (12/29/02 at 9:09:16 AM )--------------------------------------------------------------------------------Eicar-Test-Signature C:\Program Files\Juno\USER0000\mailbox.bdbFunLove.4099 C:\WINDOWS\Temporary Internet Files\Content.IE5\OP2R8XY3\viruslist[1].htmlEicar-Test-Signature C:\unzipped\eicar_com\eicar.com--------------------------------------------------------------------------------Scanned Folders : 1903 Scanned Files : 51678 Runtime-Packed : 6 Archive-Packed : 379 Infections found: 3 Warnings found : 2 Link to comment Share on other sites More sharing options...
Guest CalamityJane Posted December 31, 2002 Report Share Posted December 31, 2002 I have Win98, the reports on my machine are at:C:\Program Files\Gladiator Scanner\REPORTS\REPORT.HTMLI couldn't find Gladiator online, but will leave a message for him in case he comes back on.You might want to take the time to go back and do another online scan at Symantec or Panda to see if anything comes up there (with System restore disabled this time). I know the online Symantec scan doesn't scan compressed files so Panda might be better.http://www.pandasoftware.com/activescan/co...n_principal.htmAlso, did you download and run Spybot S&D (after getting the updates?) Link to comment Share on other sites More sharing options...
mark2 Posted December 31, 2002 Report Share Posted December 31, 2002 It will be in C /program files/gladiator scanner/reports there is a text and html report in that folder on my system Link to comment Share on other sites More sharing options...
Guest CalamityJane Posted December 31, 2002 Report Share Posted December 31, 2002 The second one in the first column. REPORT.HTML Link to comment Share on other sites More sharing options...
Guest CalamityJane Posted December 31, 2002 Report Share Posted December 31, 2002 Ok - just add the stuff you missed at the bottom ....says number of files scanned etc.:(something like this)Scanned Folders : 1903 Scanned Files : 51678 Runtime-Packed : 6 Archive-Packed : 379 Infections found: 3 Warnings found : 2 Link to comment Share on other sites More sharing options...
mark2 Posted December 31, 2002 Report Share Posted December 31, 2002 Is it possible you have opened the report in the INFECTED folder at all? Link to comment Share on other sites More sharing options...
Guest Gladiator Posted December 31, 2002 Report Share Posted December 31, 2002 i need the text of all HTML files in the folder reports.open them with the Internet Explorer and paste it here. Link to comment Share on other sites More sharing options...
Guest Gladiator Posted December 31, 2002 Report Share Posted December 31, 2002 Press on SKIP (ignore) - so your scan is not ready yet ?No wonder if the files are not correct in the report folder Link to comment Share on other sites More sharing options...
mark2 Posted December 31, 2002 Report Share Posted December 31, 2002 GAV will seem to hang when it is reading a large file . HTH Link to comment Share on other sites More sharing options...
Guest Gladiator Posted December 31, 2002 Report Share Posted December 31, 2002 its scanning a big file - dont disturb it with taskmanager Link to comment Share on other sites More sharing options...
mark2 Posted December 31, 2002 Report Share Posted December 31, 2002 It looks like you have a trojan still onboard Backdoor assasin, I found this little bit on it , will explain why Norton F/wall didn't do you much good, also i recommend you change all of your passwords when we have got rid of it.The trojan copies itself to the %WinDir% directory as MS SPOOL32.EXE and a registry run key is created to load the server at startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ Run\AntivirusAss=C:\WINDOWS\MS SPOOL32.EXE TCP Port 5695 is opened (though this is configurable through the trojan client) and a notification message is sent via ICP Pager, MSN Messenger, and a remote PHP page. This message contains the victim's IP Address, server password, computer name, and Windows username. A file, MS SPOOL32.DAT is saved to the %WinDir%. This file contains a list of executable filename. A file, MS SPOOL32k.DAT is saved to the %WinDir%. This file contains keylogging information (typed keystrokes and corresponding Window titles). The trojan also stores information in several registry keys using a random key. Such as: HKEY_LOCAL_MACHINE\Software\KU(QBX\Q\EU%T[EFN74+FZBThe server allows an attacker to perform the actions described in the Client component section of this description. Client componentBy connecting to the port opened by the trojan server, a remote attacker can use the trojan client to access the remote machine. Once connected, the attacker can perform these various functions: Turn on the victim's Webcam and view the output Capture screen shots Send messages to the screen Manage files and folders (upload, download, delete, rename) Send keystrokes to certain or all Windows Open additional server ports Get system information Get visited websites and Internet Explorer security settings Open specified URLs Update the server component Change the registry run key Change ICQ number to notify Change PHP page to send notification to Change trojan server password Log typed keystrokes View and terminate running processes Edit the registry Add/Remove network shares and mapped drives Open/close CD-ROM Hide/show desktop icons Hide/show Start Menu Hide/show system clock Hide/show taskbar Turn on/off monitor Turn on/off NUM and or CAPS lock Disable, enable, kill firewall programs A nasty piece of work this one Link to comment Share on other sites More sharing options...
Guest CalamityJane Posted December 31, 2002 Report Share Posted December 31, 2002 Ok - that is good the Panda got the Backdoor.optix. Go ahead and finish the GAV scan though to see if it finds anything else! Hang in there :) Link to comment Share on other sites More sharing options...
Guest CalamityJane Posted December 31, 2002 Report Share Posted December 31, 2002 :lol: GAV does take a long time because it is being very thorough. It is checking ALL your compressed files and not all the AVs can do that. Link to comment Share on other sites More sharing options...
Guest Gladiator Posted December 31, 2002 Report Share Posted December 31, 2002 Ignore all - i only need the path + filename of infected files. Link to comment Share on other sites More sharing options...
Guest Gladiator Posted December 31, 2002 Report Share Posted December 31, 2002 maybe you have more viruses than i have *ROFL* Link to comment Share on other sites More sharing options...
mark2 Posted December 31, 2002 Report Share Posted December 31, 2002 :D :D :D :D @ gladiator Link to comment Share on other sites More sharing options...
Guest Gladiator Posted December 31, 2002 Report Share Posted December 31, 2002 123120.dat seems to be a dropper or something - that means it has the backdoor inside and is the possible start-point of your problems.You can join different exe file together and during you execute (for instance a game) it installs in the background the backdoor/virus..DAT files are normaly *NEVER* UPX compressed --> as you can see GAV detects this s*** :) Link to comment Share on other sites More sharing options...
Guest Gladiator Posted December 31, 2002 Report Share Posted December 31, 2002 And.... most backdoors and other nasty things comes with cracks and keygens - i saw a lot in your GAV Runtime Packed Report *LOL* :lol: Link to comment Share on other sites More sharing options...
Guest Gladiator Posted December 31, 2002 Report Share Posted December 31, 2002 and now please the runtime packed log file Link to comment Share on other sites More sharing options...
Guest Gladiator Posted December 31, 2002 Report Share Posted December 31, 2002 Send me the following files via email to [email protected]UPX Runtime packed: C:\dialler.exeUPX Runtime packed: C:\Documents and Settings\me\Desktop\o.exeUPX Runtime packed: C:\WINDOWS\system32\MNCPrgBr.OCXUPX Runtime packed: C:\WINDOWS\system32\ActiveScan\qrvkrn.dllC:\Program Files\sc480sxu_winxp_full.exeC:\WINDOWS\inetconf.exeC:\WINDOWS\winampw.exeAND: This kernel32.dlI i needNote: its "I" at the end not Lso make a search for this file and turn "hidden+system" on (folder options) Link to comment Share on other sites More sharing options...
Recommended Posts