Virus check question

[Lombardi]

Windows XP Pro SP2
I ran the Kaspersky on line virus check
http://usa.kaspersky.com/services/free-virus-scanner.php
& it showed 7 viruses & 17 infected objects but I couldn't find a way to get
rid of them with this program so I ran kaspersky in the multi av & it didn't
show anything then ran online virus check again & it showed the same 7
viruses &17 infectioned objects.Next ran Trend in the multi av & it was
ok.Ran on line check again & same thing.Ran sopho & it showed ok. Next ran
Raspersky 6 & found nothing So what am I to beleive ? Is the on line scan by
Kaspersky
a scare tactic or am I really infected & am not being cleaned by the other
programs?
All help is appreciated

Kaspersky online scan report

KASPERSKY ONLINE SCANNER REPORT
Thursday, August 10, 2006 7:06:06 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2
(Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 10/08/2006
Kaspersky Anti-Virus database records: 201047


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
K:\
L:\
M:\
N:\
O:\
P:\
Q:\
R:\

Scan Statistics
Total number of scanned objects 152683
Number of viruses found 7
Number of infected objects 17 / 0
Number of suspicious objects 0
Duration of the scan process 01:03:14

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Kaspersky
Lab\AVP6\Report\0efa_pdm_eventcritlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky
Lab\AVP6\Report\0efa_pdm_eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky
Lab\AVP6\Report\0efd_File_Monitoring_eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky
Lab\AVP6\Report\0f01_Web_Monitoring_eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky
Lab\AVP6\Report\detected.idx Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky
Lab\AVP6\Report\detected.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky
Lab\AVP6\Report\eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky
Lab\AVP6\Report\report.rpt Object is locked skipped

C:\Documents and Settings\J C Ames\Cookies\index.dat Object is locked
skipped

C:\Documents and Settings\J C Ames\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\J C Ames\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\J C Ames\Local
Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\J C Ames\Local
Settings\History\History.IE5\MSHist012006080920060810\index.dat Object is
locked skipped

C:\Documents and Settings\J C Ames\Local Settings\Temporary Internet
Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\J C Ames\ntuser.dat Object is locked
skipped

C:\Documents and Settings\J C Ames\NTUSER.DAT.LOG Object is locked
skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is
locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local
Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary
Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked
skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is
locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked
skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is
locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object
is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\ModemLog_U.S. Robotics 56K Fax Win.txt Object is locked
skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked
skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked
skipped

C:\WINDOWS\Temp\hsperfdata_SYSTEM\1240 Object is locked skipped

C:\WINDOWS\Temp\ib2 Object is locked skipped

C:\WINDOWS\Temp\ib3 Object is locked skipped

C:\WINDOWS\Temp\ib4 Object is locked skipped

C:\WINDOWS\Temp\~DFE6B7.tmp Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\AdobeCS2\Adobe Version Cue
CS2\config\configuration\org.eclipse.core.runtime\.manager\.tmp46172.instance
Object is locked skipped

D:\AdobeCS2\Adobe Version Cue CS2\data\database\data\ibdata1 Object
is locked skipped

D:\AdobeCS2\Adobe Version Cue CS2\data\database\data\ib_logfile0
Object is locked skipped

D:\AdobeCS2\Adobe Version Cue CS2\data\database\data\ib_logfile1
Object is locked skipped

D:\AdobeCS2\Adobe Version Cue
CS2\data\database\data\versioncue\bhasset.ibd Object is locked skipped

D:\AdobeCS2\Adobe Version Cue
CS2\data\database\data\versioncue\bhlabel.ibd Object is locked skipped

D:\AdobeCS2\Adobe Version Cue
CS2\data\database\data\versioncue\bhlabeltoversion.ibd Object is locked
skipped

D:\AdobeCS2\Adobe Version Cue
CS2\data\database\data\versioncue\bhpqentry.ibd Object is locked skipped

D:\AdobeCS2\Adobe Version Cue
CS2\data\database\data\versioncue\bhschemaversion.ibd Object is locked
skipped

D:\AdobeCS2\Adobe Version Cue
CS2\data\database\data\versioncue\bhserverglobals.ibd Object is locked
skipped

D:\AdobeCS2\Adobe Version Cue
CS2\data\database\data\versioncue\bhuser.ibd Object is locked skipped

D:\AdobeCS2\Adobe Version Cue CS2\logs\VersionCue.log Object is
locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object
is locked skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object
is locked skipped

F:\H-D & S\Documents and Settings\HP_Owner\Application
Data\Thunderbird\Profiles\2s7vcr3a.default\Mail\Local Folders\Inbox/[From
"Regions Bank" ][Date Mon, 21 Feb 2005 10:40:33 a.m. -0800]/UNNAMED/html
Infected: Trojan-Spy.HTML.Bankfraud.cr skipped

F:\H-D & S\Documents and Settings\HP_Owner\Application
Data\Thunderbird\Profiles\2s7vcr3a.default\Mail\Local Folders\Inbox/[From
"Regions Bank" ][Date Mon, 21 Feb 2005 10:40:33 a.m. -0800]/UNNAMED
Infected: Trojan-Spy.HTML.Bankfraud.cr skipped

F:\H-D & S\Documents and Settings\HP_Owner\Application
Data\Thunderbird\Profiles\2s7vcr3a.default\Mail\Local Folders\Inbox Mail
Berkeley mbox: infected - 2 skipped

F:\H-D & S\Documents and Settings\HP_Owner\Application
Data\Thunderbird\Profiles\2s7vcr3a.default\Mail\Local Folders\Trash/[From
"Cyril Barr" ][Date Fri, 18 Feb 2005 16:37:14 +0700]/text/[From
=?utf-8?q?Ruth Zkspw?= ][Date Fri, 18 Feb 2005 19:49:40 +0000]/UNNAMED/[From
"Regions Bank" ][Date Mon, 21 Feb 2005 10:40:33 a.m. -0800]/UNNAMED/html
Infected: Trojan-Spy.HTML.Bankfraud.cr skipped

F:\H-D & S\Documents and Settings\HP_Owner\Application
Data\Thunderbird\Profiles\2s7vcr3a.default\Mail\Local Folders\Trash/[From
"Cyril Barr" ][Date Fri, 18 Feb 2005 16:37:14 +0700]/text/[From
=?utf-8?q?Ruth Zkspw?= ][Date Fri, 18 Feb 2005 19:49:40 +0000]/UNNAMED/[From
"Regions Bank" ][Date Mon, 21 Feb 2005 10:40:33 a.m. -0800]/UNNAMED
Infected: Trojan-Spy.HTML.Bankfraud.cr skipped

F:\H-D & S\Documents and Settings\HP_Owner\Application
Data\Thunderbird\Profiles\2s7vcr3a.default\Mail\Local Folders\Trash/[From
"Cyril Barr" ][Date Fri, 18 Feb 2005 16:37:14 +0700]/text/[From
=?utf-8?q?Ruth Zkspw?= ][Date Fri, 18 Feb 2005 19:49:40 +0000]/UNNAMED
Infected: Trojan-Spy.HTML.Bankfraud.cr skipped

F:\H-D & S\Documents and Settings\HP_Owner\Application
Data\Thunderbird\Profiles\2s7vcr3a.default\Mail\Local Folders\Trash/[From
"Cyril Barr" ][Date Fri, 18 Feb 2005 16:37:14 +0700]/text Infected:
Trojan-Spy.HTML.Bankfraud.cr skipped

F:\H-D & S\Documents and Settings\HP_Owner\Application
Data\Thunderbird\Profiles\2s7vcr3a.default\Mail\Local Folders\Trash Mail
Berkeley mbox: infected - 4 skipped

F:\H-D & S\Documents and Settings\HP_Owner\Local Settings\Application
Data\Identities\{89EF8948-5C9E-47BA-AEF3-2DB634FD6694}\Microsoft\Outlook
Express\Inbox.dbx/[From "Jcames" ][Date Mon, 27 Jun 2005
15:16:31 -0800]/new.zip/f5434.exe Infected: Email-Worm.Win32.Bagle.br
skipped

F:\H-D & S\Documents and Settings\HP_Owner\Local Settings\Application
Data\Identities\{89EF8948-5C9E-47BA-AEF3-2DB634FD6694}\Microsoft\Outlook
Express\Inbox.dbx/[From "Jcames" ][Date Mon, 27 Jun 2005
15:16:31 -0800]/new.zip Infected: Email-Worm.Win32.Bagle.br skipped

F:\H-D & S\Documents and Settings\HP_Owner\Local Settings\Application
Data\Identities\{89EF8948-5C9E-47BA-AEF3-2DB634FD6694}\Microsoft\Outlook
Express\Inbox.dbx Mail MS Outlook 5: infected - 2 skipped

F:\H-D & S\Documents and Settings\HP_Owner.BUD\Application
Data\Thunderbird\Profiles\ss82ci2p.default\Mail\Local Folders\Inbox/[From
"(e-mail address removed)" ][Date Mon, 07 Feb 2005 18:54:40 -0200]/html
Infected: Trojan-Spy.HTML.Paylap.bz skipped

F:\H-D & S\Documents and Settings\HP_Owner.BUD\Application
Data\Thunderbird\Profiles\ss82ci2p.default\Mail\Local Folders\Inbox/[From
Washington Mutual ][Date Thu, 10 Feb 2005 08:42:09 +0300]/html Infected:
Trojan-Spy.HTML.Wamufraud.bo skipped

F:\H-D & S\Documents and Settings\HP_Owner.BUD\Application
Data\Thunderbird\Profiles\ss82ci2p.default\Mail\Local Folders\Inbox/[From
"PayPal.com" ][Date Sat, 12 Feb 2005 19:35:40 +0000]/html Infected:
Trojan-Spy.HTML.Paylap.cb skipped

F:\H-D & S\Documents and Settings\HP_Owner.BUD\Application
Data\Thunderbird\Profiles\ss82ci2p.default\Mail\Local Folders\Inbox/[From
Washington Mutual Online Banking][Date Sun, 13 Feb 2005 09:57:11 +1100]/html
Infected: Trojan-Spy.HTML.Bankfraud.bz skipped

F:\H-D & S\Documents and Settings\HP_Owner.BUD\Application
Data\Thunderbird\Profiles\ss82ci2p.default\Mail\Local Folders\Inbox/[From
"(e-mail address removed)"][Date Sat, 12 Feb 2005 23:01:31 -0200]/html Infected:
Trojan-Spy.HTML.Bayfraud.dm skipped

F:\H-D & S\Documents and Settings\HP_Owner.BUD\Application
Data\Thunderbird\Profiles\ss82ci2p.default\Mail\Local Folders\Inbox Mail
Berkeley mbox: infected - 5 skipped

F:\System Volume Information\MountPointManagerRemoteDatabase Object
is locked skipped

Scan process completed.

 

[Steven Burn]

Windows XP Pro SP2
I ran the Kaspersky on line virus check
http://usa.kaspersky.com/services/free-virus-scanner.php
& it showed 7 viruses & 17 infected objects but I couldn't find a way to get
rid of them with this program so I ran kaspersky in the multi av & it didn't
show anything then ran online virus check again & it showed the same 7
viruses &17 infectioned objects.Next ran Trend in the multi av & it was
ok.Ran on line check again & same thing.Ran sopho & it showed ok. Next ran
Raspersky 6 & found nothing So what am I to beleive ? Is the on line scan by
Kaspersky
a scare tactic or am I really infected & am not being cleaned by the other
programs?

</snipped>

If you look at the report, it shows they are in your e-mail clients
inbox/trash folder. Deleting them from there will get rid of them for you.

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

 

[Art]

Windows XP Pro SP2
I ran the Kaspersky on line virus check
http://usa.kaspersky.com/services/free-virus-scanner.php
& it showed 7 viruses & 17 infected objects but I couldn't find a way to get
rid of them with this program so I ran kaspersky in the multi av & it didn't
show anything then ran online virus check again & it showed the same 7
viruses &17 infectioned objects.Next ran Trend in the multi av & it was
ok.Ran on line check again & same thing.Ran sopho & it showed ok. Next ran
Raspersky 6 & found nothing So what am I to beleive ? Is the on line scan by
Kaspersky
a scare tactic or am I really infected & am not being cleaned by the other
programs?

No scare tactics apparent in the log at all. The KAV online scanner
simply found a couple of different malwares in Thunderbird Inbox
and trash and something in a OE email folder. The scanner isn't
telling you the machine is infested with active malware. It's finding
inactive malware embedded in the email folders/archives.

I don't know why David's Multi AV isn't finding them. KAVDOS32
should find the same items if it's set to scan email and email
archives ... and scan your drive F:\ The same goes for KAV 6.
It should find the same malware if you have email scanning activated
and scan drive F:\

Note that those scanners won't be able to delete the embedded
malware. You have to do that from within the email apps.

Art
http://home.epix.net/~artnpeg

 

[Gabriela Salvisberg]

Am Thu, 10 Aug 2006 08:44:57 -0500 schrieb Lombardi:

Windows XP Pro SP2
I ran the Kaspersky on line virus check
http://usa.kaspersky.com/services/free-virus-scanner.php & it showed 7
viruses & 17 infected objects but I couldn't find a way to get rid of
them

[snip]

If it finds malware in your Thunderbird profile, you have to do this:
1. Delete the mails which have malicious attachments
2. Empty Thunderbird trash
3. Compact all folders of all Thunderbird accounts (incl. local folders)

Many users forget to perform step 3.

Good luck

Gabriela

 

[David H. Lipman]

From: "Art" <[email protected]>

|
| No scare tactics apparent in the log at all. The KAV online scanner
| simply found a couple of different malwares in Thunderbird Inbox
| and trash and something in a OE email folder. The scanner isn't
| telling you the machine is infested with active malware. It's finding
| inactive malware embedded in the email folders/archives.
|
| I don't know why David's Multi AV isn't finding them. KAVDOS32
| should find the same items if it's set to scan email and email
| archives ... and scan your drive F:\ The same goes for KAV 6.
| It should find the same malware if you have email scanning activated
| and scan drive F:\
|
| Note that those scanners won't be able to delete the embedded
| malware. You have to do that from within the email apps.
|
| Art
| http://home.epix.net/~artnpeg

It is not programmed to scan mail stores.