David,
I downloaded the Multi_AV.exe and ran all the included apps. Whew, took
like four hours! Anyhow, I did this in standard/normal Windows mode -- *not*
in Safe Mode yet as I had a couple questions.
I'm probably not as computer-savvy as I need to be to run this stuff; wasn't
sure about "killing" all running processes and probably had a few running in
the background. Will post the final summary logs below for all four
processes for your review; if you need to see the entire logs (some are quite
long, as I'm sure you know), I can post them.
About running in Safe Mode: I wasn't quite sure in the docs about the
explanation regarding a boot disc. I'm running XP under NTFS (I think those
are the correct letters!), and I'm assuming that the boot disc is *only*
necessary if one is having problems booting their PC because of the
viruses/trojans. I'm not having such a problem; PC boots fine. So do I
assume I just go into Safe Mode and run the apps from there? Hope I'm making
this all clear.
Anhow, here's the base results from the scans from the four apps in normal
mode:
KAV
Current object: c:\
Sector Objects : 0 Known viruses : 2
Files : 122323 Virus bodies : 3
Folders : 3330 Disinfected : 0
Archives : 14637 Deleted : 3
Packed : 747 Warnings : 0
Suspicious : 0
Scan speed (Kb/sec) : 0 Corrupted : 1
Scan time : 01:36:27 I/O Errors : 0
Scan process completed.
Result for all objects:
Sector Objects : 0 Known viruses : 2
Files : 122323 Virus bodies : 3
Folders : 3330 Disinfected : 0
Archives : 14637 Deleted : 3
Packed : 747 Warnings : 0
Suspicious : 0
Scan speed (Kb/sec) : 1388 Corrupted : 1
Scan time : 01:36:27 I/O Errors : 0
----------------------------------------------------
McAFEE
12/31/2005 15:55:23
Options: /ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL
/DEL /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML
"C:\AV-CLS\MCAFEE\SCANREPORT.HTML"
Scanning C: []
Scanning C:\*.*
C:\WINDOWS\cpbrkpie.ocx ... Found potentially unwanted program CouponBar.
The file or process has been deleted.
Summary report on C:\*.*
File(s)
Total files: ........... 50932
Clean: ................. 50882
Possibly Infected: ..... 0
Cleaned: ............... 0
Deleted: ............... 1
Non-critical Error(s): 1
Master Boot Record(s): ......... 3
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0
Time: 00:20.51
----------------------------------------------------
SOPHOS
4 master boot records swept.
33928 files swept in 1 hour, 4 minutes and 10 seconds.
76 errors were encountered.
3 viruses were discovered.
3 files out of 33928 were infected.
Please send infected samples to Sophos for analysis.
For advice consult
www.sophos.com, email (e-mail address removed)
or telephone +44 1235 559933
6 encrypted files were not checked.
Ending Sophos Anti-Virus.
----------------------------------------------------
TREND
2005-12-31, 15:48:24, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 12/31/2005 15:38:09
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 137 (117449 Patterns) (2005/12/29) (313700)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD
/LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend
32608 files have been read.
32608 files have been checked.
25658 files have been scanned.
32999 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/31/2005 15:48:24 10 minutes 14 seconds (613.88 seconds) has
elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2005-12-31, 15:48:24, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished
running.
David H. Lipman said:
From: "martyh" <
[email protected]>
| Is it possible to actually delete/remove an entry in Startup from MSCONFIG?
| I don't mean simply disable/uncheck the entry, but remove it completely. I
| suffered a Trojan hit on my PC, and spent like 5 hours dealing with it. The
| Trojan wrote an entry to Startup (ibm00003.exe). I've deleted the culprit in
| the registry, I've deleted all the nasty files, and all is (hopefully)
| copacetic -- but I still have this entry in Startup that I would like to go
| away.
| Thanks for your time and response.
| Cheers,
| - martyh
You have a Password Stealing Trojan !
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.
http://www.ik-cs.com/multi-av.htm
* * * Please report back your results * * *