AV Help :-)

Sneezy

Hopefully this will be okay after this! Thank you for your help (i will listen to my dad next time...)

aliEnRIK

Sneezy wrote: »

Hopefully this will be okay after this! Thank you for your help (i will listen to my dad next time...)

haha ~ what did daddy say then?

Sneezy

These are the two computer related ones anyway...

Back up (when i first got this laptop Christmas 2005) didn't listen learnt the hard way twice lost everything twice!!!

Always have anti virus (prior to when it was wiped in july it did have) but i forgot to re-install it (my laptop is one of those ultraportable ones with no built in CD/DVD drive and i have an external one so i rarely use it...i think its a pain sometimes -i sometimes have new music CDs for three-four months before i put them on my MP3 player...)

Sneezy

Its saying i have a conficker worm, just near 99% now so will post the log soon

Sneezy

Avira AntiVir Personal
Report file date: 20 December 2009 17:31
Scanning for 1458162 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : charlotte
Computer name : CHARLOTT-4FB4B7
Version information:
BUILD.DAT : 9.0.0.418 21723 Bytes 02/12/2009 16:28:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 11:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 10:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 11:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 10:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 07:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 16:52:09
VBASE002.VDF : 7.10.1.1 2048 Bytes 19/11/2009 16:52:10
VBASE003.VDF : 7.10.1.2 2048 Bytes 19/11/2009 16:52:10
VBASE004.VDF : 7.10.1.3 2048 Bytes 19/11/2009 16:52:10
VBASE005.VDF : 7.10.1.4 2048 Bytes 19/11/2009 16:52:10
VBASE006.VDF : 7.10.1.5 2048 Bytes 19/11/2009 16:52:10
VBASE007.VDF : 7.10.1.6 2048 Bytes 19/11/2009 16:52:10
VBASE008.VDF : 7.10.1.7 2048 Bytes 19/11/2009 16:52:10
VBASE009.VDF : 7.10.1.8 2048 Bytes 19/11/2009 16:52:10
VBASE010.VDF : 7.10.1.9 2048 Bytes 19/11/2009 16:52:10
VBASE011.VDF : 7.10.1.10 2048 Bytes 19/11/2009 16:52:10
VBASE012.VDF : 7.10.1.11 2048 Bytes 19/11/2009 16:52:11
VBASE013.VDF : 7.10.1.79 209920 Bytes 25/11/2009 16:52:11
VBASE014.VDF : 7.10.1.128 197632 Bytes 30/11/2009 16:52:12
VBASE015.VDF : 7.10.1.178 195584 Bytes 07/12/2009 16:52:13
VBASE016.VDF : 7.10.1.224 183296 Bytes 14/12/2009 16:52:14
VBASE017.VDF : 7.10.1.247 182272 Bytes 15/12/2009 16:52:15
VBASE018.VDF : 7.10.1.248 2048 Bytes 15/12/2009 16:52:15
VBASE019.VDF : 7.10.1.249 2048 Bytes 15/12/2009 16:52:15
VBASE020.VDF : 7.10.1.250 2048 Bytes 15/12/2009 16:52:15
VBASE021.VDF : 7.10.1.251 2048 Bytes 15/12/2009 16:52:15
VBASE022.VDF : 7.10.1.252 2048 Bytes 15/12/2009 16:52:15
VBASE023.VDF : 7.10.1.253 2048 Bytes 15/12/2009 16:52:15
VBASE024.VDF : 7.10.1.254 2048 Bytes 15/12/2009 16:52:15
VBASE025.VDF : 7.10.1.255 2048 Bytes 15/12/2009 16:52:16
VBASE026.VDF : 7.10.2.0 2048 Bytes 15/12/2009 16:52:16
VBASE027.VDF : 7.10.2.1 2048 Bytes 15/12/2009 16:52:16
VBASE028.VDF : 7.10.2.2 2048 Bytes 15/12/2009 16:52:16
VBASE029.VDF : 7.10.2.3 2048 Bytes 15/12/2009 16:52:16
VBASE030.VDF : 7.10.2.4 2048 Bytes 15/12/2009 16:52:16
VBASE031.VDF : 7.10.2.22 173568 Bytes 18/12/2009 16:52:17
Engineversion : 8.2.1.114
AEVDF.DLL : 8.1.1.2 106867 Bytes 08/11/2009 07:38:52
AESCRIPT.DLL : 8.1.3.3 586106 Bytes 20/12/2009 16:52:25
AESCN.DLL : 8.1.3.0 127348 Bytes 20/12/2009 16:52:24
AESBX.DLL : 8.1.1.1 246132 Bytes 08/11/2009 07:38:44
AERDL.DLL : 8.1.3.4 479605 Bytes 20/12/2009 16:52:24
AEPACK.DLL : 8.2.0.3 422261 Bytes 08/11/2009 07:38:40
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 08/11/2009 07:38:38
AEHEUR.DLL : 8.1.0.186 2183544 Bytes 20/12/2009 16:52:23
AEHELP.DLL : 8.1.9.0 237943 Bytes 20/12/2009 16:52:19
AEGEN.DLL : 8.1.1.81 369014 Bytes 20/12/2009 16:52:18
AEEMU.DLL : 8.1.1.0 393587 Bytes 08/11/2009 07:38:26
AECORE.DLL : 8.1.9.1 180598 Bytes 20/12/2009 16:52:17
AEBB.DLL : 8.1.0.3 53618 Bytes 08/11/2009 07:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 08:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 15:14:02
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 14:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 10:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 15:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 10:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 15:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 08:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 10:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 15:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 13/10/2009 12:25:47
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,
Start of the scan: 20 December 2009 17:31
Starting search for hidden objects.
'40526' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ONENOTEM.EXE' - '1' Module(s) have been scanned
Scan process 'USR11G.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'PRISMSVR.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
35 processes with 35 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '65' files ).

Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\WINDOWS\system32\vngbjjs.dll
[DETECTION] Contains recognition pattern of the WORM/Conficker.AH worm
[WARNING] The file could not be opened!
Beginning disinfection:
C:\WINDOWS\system32\vngbjjs.dll
[DETECTION] Contains recognition pattern of the WORM/Conficker.AH worm
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4b9568f9.qua'!

End of the scan: 20 December 2009 18:10
Used time: 38:52 Minute(s)
The scan has been done completely.
3334 Scanned directories
180885 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
180882 Files not concerned
1701 Archives were scanned
2 Warnings
2 Notes
40526 Objects were scanned with rootkit scan
0 Hidden objects were found

Where the popup came up and said to repair it i clicked it, just going to run the host checking prog now...

Sneezy

Just completed the host thingy and i can access Norton AV website and MS update ok - just going to do all the recc updates - is there anything else i should do?

aliEnRIK

The conficker is particularly nasty. As a double check id suggest as follows ~


Download and run the FREE version of DR WEB
http://www.freedrweb.com/download+cureit/gr/
Turn your anti virus OFF
It will auto QUICK scan
After that set to scan the WHOLE computer and press the 'play' icon

(By the way, I assume you DO have windows firewall switched on?)

Sneezy

Hiya, yes firewall is switched on (the built in XP one)

just d/l DR WEB now - how do i switch the AVIRA AV off? (sorry stupid question its in the same place as the firewall)

Thank you again for all your help

aliEnRIK

Right click the white umbrella on the red background bottom right (Avira) and UNTICK Antivir GUARD ENABLE

spud17

I thought Conficker had faded away, but you can check to see if you are affected by going to the following page.

http://www.joestewart.org/cfeyechart.html