phish paypal.27959-Virus??

magsirl

Hi

I am running my Avira antivrus and it has picked up this
"phish paypal.27959".

I have tried to google more info about it but all I can find out is it is a name used by Avira.

Should I now change all passwords on my computer??? I have added the log of my scan in the next post.

I am now running Malwarebytes. Any advice please of what I need to do. Many thanks. Mags

magsirl

Avira AntiVir Personal
Report file date: 22 May 2011 10:14
Scanning for 2751735 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MAGS-HP
Version information:
BUILD.DAT : 10.0.0.648 31823 Bytes 01/04/2011 18:36:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 29/04/2011 16:48:02
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 13:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 08/12/2010 16:55:57
LUKERES.DLL : 10.0.0.1 12648 Bytes 11/02/2010 00:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 10:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 19:26:53
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 18:36:13
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07/04/2011 15:50:47
VBASE004.VDF : 7.11.5.226 2048 Bytes 07/04/2011 15:50:47
VBASE005.VDF : 7.11.5.227 2048 Bytes 07/04/2011 15:50:47
VBASE006.VDF : 7.11.5.228 2048 Bytes 07/04/2011 15:50:48
VBASE007.VDF : 7.11.5.229 2048 Bytes 07/04/2011 15:50:48
VBASE008.VDF : 7.11.5.230 2048 Bytes 07/04/2011 15:50:48
VBASE009.VDF : 7.11.5.231 2048 Bytes 07/04/2011 15:50:48
VBASE010.VDF : 7.11.5.232 2048 Bytes 07/04/2011 15:50:48
VBASE011.VDF : 7.11.5.233 2048 Bytes 07/04/2011 15:50:48
VBASE012.VDF : 7.11.5.234 2048 Bytes 07/04/2011 15:50:48
VBASE013.VDF : 7.11.6.28 158208 Bytes 11/04/2011 15:50:48
VBASE014.VDF : 7.11.6.74 116224 Bytes 13/04/2011 16:11:55
VBASE015.VDF : 7.11.6.113 137728 Bytes 14/04/2011 18:04:41
VBASE016.VDF : 7.11.6.150 146944 Bytes 18/04/2011 16:24:18
VBASE017.VDF : 7.11.6.192 138240 Bytes 20/04/2011 16:24:19
VBASE018.VDF : 7.11.6.237 156160 Bytes 22/04/2011 16:24:20
VBASE019.VDF : 7.11.7.45 427520 Bytes 27/04/2011 16:48:02
VBASE020.VDF : 7.11.7.64 192000 Bytes 28/04/2011 16:48:02
VBASE021.VDF : 7.11.7.97 182272 Bytes 02/05/2011 16:45:31
VBASE022.VDF : 7.11.7.127 467968 Bytes 04/05/2011 16:45:32
VBASE023.VDF : 7.11.7.183 185856 Bytes 09/05/2011 17:28:18
VBASE024.VDF : 7.11.7.218 133120 Bytes 11/05/2011 18:19:29
VBASE025.VDF : 7.11.7.234 139776 Bytes 11/05/2011 18:19:29
VBASE026.VDF : 7.11.8.16 147456 Bytes 13/05/2011 18:19:30
VBASE027.VDF : 7.11.8.46 169472 Bytes 17/05/2011 18:19:30
VBASE028.VDF : 7.11.8.47 2048 Bytes 17/05/2011 18:19:30
VBASE029.VDF : 7.11.8.48 2048 Bytes 17/05/2011 18:19:30
VBASE030.VDF : 7.11.8.49 2048 Bytes 17/05/2011 18:19:30
VBASE031.VDF : 7.11.8.89 125952 Bytes 21/05/2011 23:14:06
Engineversion : 8.2.4.242
AEVDF.DLL : 8.1.2.1 106868 Bytes 02/08/2010 16:09:54
AESCRIPT.DLL : 8.1.3.64 1606011 Bytes 21/05/2011 23:14:11
AESCN.DLL : 8.1.7.2 127349 Bytes 24/11/2010 20:39:47
AESBX.DLL : 8.1.3.2 254324 Bytes 24/11/2010 20:39:48
AERDL.DLL : 8.1.9.9 639347 Bytes 26/03/2011 17:40:18
AEPACK.DLL : 8.2.6.8 557430 Bytes 17/05/2011 18:19:37
AEOFFICE.DLL : 8.1.1.22 205178 Bytes 05/05/2011 17:22:31
AEHEUR.DLL : 8.1.2.119 3481976 Bytes 21/05/2011 23:14:10
AEHELP.DLL : 8.1.17.2 246135 Bytes 21/05/2011 23:14:07
AEGEN.DLL : 8.1.5.6 401780 Bytes 21/05/2011 23:14:07
AEEMU.DLL : 8.1.3.0 393589 Bytes 24/11/2010 20:39:42
AECORE.DLL : 8.1.20.5 196983 Bytes 21/05/2011 23:14:06
AEBB.DLL : 8.1.1.0 53618 Bytes 02/08/2010 16:09:48
AVWINLL.DLL : 10.0.0.0 19304 Bytes 02/08/2010 16:09:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 02/08/2010 16:09:55
AVREP.DLL : 10.0.0.10 174120 Bytes 17/05/2011 18:19:38
AVREG.DLL : 10.0.3.2 53096 Bytes 02/08/2010 16:09:55
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 29/04/2011 16:48:03
AVARKT.DLL : 10.0.22.6 231784 Bytes 08/12/2010 16:55:56
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 02/08/2010 16:09:55
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 15:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 02/08/2010 16:09:56
NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 15:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 14:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 02/08/2010 16:10:08
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, , Q:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: 22 May 2011 10:14
Starting search for hidden objects.
C:\Program Files\Common Files\Microsoft Shared\Windows Live
C:\Program Files\Common Files\Microsoft Shared\Windows Live
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\Flyout\381b4222-f694-41f0-9685-ff5bb260df2e
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\offlinedetectionpending
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\pendingfilerenameoperations
[NOTE] The registry entry is invisible.
The scan of running processes will be started
Scan process 'iexplore.exe' - '138' Module(s) have been scanned
Scan process 'OfficeVirt.exe' - '28' Module(s) have been scanned
Scan process 'FlashUtil10q_ActiveX.exe' - '35' Module(s) have been scanned
Scan process 'WebView-Process-Connector.exe' - '40' Module(s) have been scanned
Scan process 'MioNet.exe' - '85' Module(s) have been scanned
Scan process 'MSOSYNC.EXE' - '51' Module(s) have been scanned
Scan process 'iexplore.exe' - '154' Module(s) have been scanned
Scan process 'CVHSVC.EXE' - '60' Module(s) have been scanned
Scan process 'avscan.exe' - '74' Module(s) have been scanned
Scan process 'avscan.exe' - '29' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '48' Module(s) have been scanned
Scan process 'sftlist.exe' - '69' Module(s) have been scanned
Scan process 'avcenter.exe' - '94' Module(s) have been scanned
Scan process 'iexplore.exe' - '102' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '91' Module(s) have been scanned
Scan process 'WebView-Updater.exe' - '70' Module(s) have been scanned
Scan process 'WebView-Reporting.exe' - '43' Module(s) have been scanned
Scan process 'SearchSettings.exe' - '41' Module(s) have been scanned
Scan process 'sftvsa.exe' - '28' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '86' Module(s) have been scanned
Scan process 'avgnt.exe' - '55' Module(s) have been scanned
Scan process 'hpwuschd2.exe' - '20' Module(s) have been scanned
Scan process 'ASCTray.exe' - '41' Module(s) have been scanned
Scan process 'CVH.EXE' - '70' Module(s) have been scanned
Scan process 'dca-ua.exe' - '29' Module(s) have been scanned
Scan process 'PanelApp.exe' - '109' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '125' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '18' Module(s) have been scanned
Scan process 'SeaPort.EXE' - '49' Module(s) have been scanned
Scan process 'pdfsvc.exe' - '35' Module(s) have been scanned
Scan process 'MioNet.exe' - '97' Module(s) have been scanned
Scan process 'MioNetManager.exe' - '23' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '25' Module(s) have been scanned
Scan process 'HPDrvMntSvc.exe' - '19' Module(s) have been scanned
Scan process 'ezSharedSvcHost.exe' - '29' Module(s) have been scanned
Scan process 'BroadbandTestApp.exe' - '65' Module(s) have been scanned
Scan process 'ApplicationUpdater.exe' - '50' Module(s) have been scanned
Scan process 'avguard.exe' - '68' Module(s) have been scanned
Scan process 'PMonitor.exe' - '68' Module(s) have been scanned
Scan process 'BroadbandTestApp.exe' - '55' Module(s) have been scanned
Scan process 'ASCService.exe' - '39' Module(s) have been scanned
Scan process 'sched.exe' - '50' Module(s) have been scanned
Scan process 'a2service.exe' - '51' Module(s) have been scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'Q:\'
[INFO] No virus was found!
[INFO] Please restart the search with Administrator rights
Starting to scan executable files (registry).
The registry was scanned ( '91' files ).

Starting the file scan:
Begin scan in 'C:\' <COMPAQ>
C:\Users\Mags\AppData\Local\Microsoft\Windows Live Mail\Hotmail (br 11a\Deleted items\029200E5-000024C7.eml
[0] Archive type: MIME
[DETECTION] Contains recognition pattern of the PHISH/PayPal.27959 phishing file/email
--> Paypal ID PP-859-481-3971.htm
[DETECTION] Contains recognition pattern of the PHISH/PayPal.27959 phishing file/email
Begin scan in 'D:\' <FACTORY_IMAGE>
Begin scan in 'Q:\'
Search path Q:\ could not be opened!
System error [5]: Access is denied.
Beginning disinfection:
C:\Users\Mags\AppData\Local\Microsoft\Windows Live Mail\Hotmail (br 11a\Deleted items\029200E5-000024C7.eml
[DETECTION] Contains recognition pattern of the PHISH/PayPal.27959 phishing file/email
[NOTE] The file was moved to the quarantine directory under the name '4b004120.qua'.

End of the scan: 22 May 2011 11:28
Used time: 1:13:44 Hour(s)
The scan has been done completely.
31533 Scanned directories
425939 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
425938 Files not concerned
9276 Archives were scanned
0 Warnings
5 Notes
668337 Objects were scanned with rootkit scan
4 Hidden objects were found

Browntoa

let us see the malwarebytes log and we will let you know

looks like an emal attachment in hotmail so unless you opened it then no problem

magsirl

Many thanks for your very prompt reply Browntoa. As soon as malwarebytes finishes i will post that log. :-)

magsirl

Malwarebytes came back clean...

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6639
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
22/05/2011 12:04:13
mbam-log-2011-05-22 (12-04-13).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 317630
Time elapsed: 44 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

Browntoa

i'd say you have nothing to worry about then

magsirl

Many thanks Browntoa. I thought it was best to check with the experts here as I am not very well up with comps and I paniced when I saw that one...lol