Chaman
06-02-2005, 06:16 PM
Heres the log. Help me get rid of this stuff so no more annoying popups!
--------------------------------------------------------------------------------
Scan Control Dumped @ 15:20:03 02-06-05
Positive identification: TrojanDownloader.Win32.Small.aaq
File: c:\bla.exe
Positive identification: Adware.ToolBar.EliteBar.ac
File: c:\documents and settings\chase c\local settings\temp\suicidetb.exe
Suspicious Filename: Dual extensions
File: c:\documents and settings\chase c\local settings\temp\bellsouth\hcpatch2.0.1.exe
Positive identification (embedded in file): TrojanDropper.Win32.Small.gt
File: c:\documents and settings\chase c\my documents\desktop items\recorder\freecordersetup.exe
Positive identification (DLL): Adware.MiniBug (dll)
File: c:\program files\aws\weatherbug\minibugtransporter.dll
Suspicious Filename: Dual extensions
File: c:\program files\hewlett-packard\digital imaging\hpisinst\install.wse.exe
Suspicious Filename: HTA file in suspicious location
File: c:\program files\microsoft money\system\discover.hta
Suspicious Filename: HTA file in suspicious location
File: c:\program files\microsoft money\system\lnpg.hta
Suspicious Filename: Dual extensions
File: c:\program files\warcraft iii\revert to war3 1.16a.exe
Positive identification (DLL): Adware.Coupons (dll)
File: c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp284\a0068962.ocx
Positive identification (embedded in file): TrojanDropper.Win32.Small.gt
File: c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp290\a0069289.exe
Positive identification (DLL): TrojanDownloader.Win32.Rameh.c (dll)
File: c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp291\a0069642.dll
Positive identification (DLL): Adware.Coupons (dll)
File: c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp292\a0069686.dll
Positive identification: RAT.Ruledor.g
File: c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp292\a0069715.exe
Positive identification: RAT.Ruledor.g
File: c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp292\a0069725.exe
Positive identification: RAT.Ruledor.g
File: c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp293\a0069742.exe
Positive identification (DLL): Adware.NewDotNet.a (dll)
File: c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp317\a0075067.dll
Positive identification: RAT.Ruledor.g
File: c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp317\a0075089.exe
Positive identification (DLL): TrojanDownloader.Win32.Briss.a (dll)
File: c:\windows\downloaded program files\bridgex.dll
Positive identification: TrojanDropper.Win32.Small.gt
File: c:\windows\inetpal\29wu51rd.exe
Positive identification (embedded in file): TrojanDownloader.Win32.Keenval.e Dropper
File: c:\windows\system32\c17b6s.dll
Positive identification (DLL): Adware.ToolBar.EliteBar.ac (dll)
File: c:\windows\system32\shawn_1.dll
Positive identification: TrojanDownloader.Win32.Agent.am1
File: c:\windows\system32\shfolder.exe
--------------------------------------------------------------------------------
Scan Control Dumped @ 15:20:03 02-06-05
Positive identification: TrojanDownloader.Win32.Small.aaq
File: c:\bla.exe
Positive identification: Adware.ToolBar.EliteBar.ac
File: c:\documents and settings\chase c\local settings\temp\suicidetb.exe
Suspicious Filename: Dual extensions
File: c:\documents and settings\chase c\local settings\temp\bellsouth\hcpatch2.0.1.exe
Positive identification (embedded in file): TrojanDropper.Win32.Small.gt
File: c:\documents and settings\chase c\my documents\desktop items\recorder\freecordersetup.exe
Positive identification (DLL): Adware.MiniBug (dll)
File: c:\program files\aws\weatherbug\minibugtransporter.dll
Suspicious Filename: Dual extensions
File: c:\program files\hewlett-packard\digital imaging\hpisinst\install.wse.exe
Suspicious Filename: HTA file in suspicious location
File: c:\program files\microsoft money\system\discover.hta
Suspicious Filename: HTA file in suspicious location
File: c:\program files\microsoft money\system\lnpg.hta
Suspicious Filename: Dual extensions
File: c:\program files\warcraft iii\revert to war3 1.16a.exe
Positive identification (DLL): Adware.Coupons (dll)
File: c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp284\a0068962.ocx
Positive identification (embedded in file): TrojanDropper.Win32.Small.gt
File: c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp290\a0069289.exe
Positive identification (DLL): TrojanDownloader.Win32.Rameh.c (dll)
File: c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp291\a0069642.dll
Positive identification (DLL): Adware.Coupons (dll)
File: c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp292\a0069686.dll
Positive identification: RAT.Ruledor.g
File: c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp292\a0069715.exe
Positive identification: RAT.Ruledor.g
File: c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp292\a0069725.exe
Positive identification: RAT.Ruledor.g
File: c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp293\a0069742.exe
Positive identification (DLL): Adware.NewDotNet.a (dll)
File: c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp317\a0075067.dll
Positive identification: RAT.Ruledor.g
File: c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp317\a0075089.exe
Positive identification (DLL): TrojanDownloader.Win32.Briss.a (dll)
File: c:\windows\downloaded program files\bridgex.dll
Positive identification: TrojanDropper.Win32.Small.gt
File: c:\windows\inetpal\29wu51rd.exe
Positive identification (embedded in file): TrojanDownloader.Win32.Keenval.e Dropper
File: c:\windows\system32\c17b6s.dll
Positive identification (DLL): Adware.ToolBar.EliteBar.ac (dll)
File: c:\windows\system32\shawn_1.dll
Positive identification: TrojanDownloader.Win32.Agent.am1
File: c:\windows\system32\shfolder.exe