neue nicht identifizierbare exen

derleu · 21.04.2005, 14:19

Kaspersky scan

MediaAccess.exe Infiziert: not-a-virus:AdWare.WinAD.am

MediaAccess.exe Infiziert: not-a-virus:AdWare.WinAD.am

repcale.exe Infiziert: not-a-virus:RiskWare.Tool.HideWindows

palsp.exe Infiziert: not-a-virus:RiskWare.mIRC.5.9.1

C:\WINNT\hibce.exe ----> kein ergebnis

C:\PROGRA~1\COMMON~1\rifr\rifrm.exe -----> kein ergebnis

wshield.exe Infiziert: not-a-virus:RiskWare.FTP.SlimFTPd.312b

Passat2002 · 21.04.2005, 14:24

hi

Virustotal <---wshield.exe

Passat2002 · 21.04.2005, 14:26

hi, vergiss es, wenn man dir alles aus der nase ziehen muss, macht das helfen keinen sinn.

irgendwie benötigt man schon ein wenig mehr escan-daten, also da wäre
wieviel dateien wurden geprüft,
wieviel dateien sind malware usw.

befürchte das

Zitat:

Der Wurm wird zunächst von einem selbst extrahierenden Archiv auf einem System installiert. Dieses Archiv legt zahlreiche schädliche Dateien im Unterordner EKRLGC des Windows-Systemordners ab. Folgende Dateien werden zu diesem Ordner hinzugefügt:

abo3ramconfit - Konfigurationsdatei
alte.exe - Troj/DComExp-L
c.bat - Batchdatei zum Aufspüren von "Run"-Registrierungseinträgen
cult.exe - sauberes Dienstprogramm namens "Prcview"
cygwin1.dll - saubere Systemdatei
dual.exe - mIRC ini-Datei, die von Troj/Mirchack-C verwendet wird
emoti.bat - Batchdatei zum Ausnutzen schwach geschützter Administrator-Netzwerkfreigaben. Diese Datei wird ebenfalls als W32/Randon-AK erkannt.
erkonmi.exe - Troj/Sdbot-RH
explorx.exe - Troj/RpcLsa-D
ger.exe - Systemdienstprogramm
hosts - veränderte HOSTS-Datei, um Zugriffe auf Antiviren-Websites zu verhindern
medo.dl - Textdatei, eine Liste mit möglichen Kennwörtern
ntcnsl.dll - Komponente im Zusammenhang mit mIRC
p0rd.exe - Troj/Mirchack-C
repcale.exe - Dienstprogramm namens Hidewindow
riqa - Textdatei mit IP-Bereichen
titlex.exe - Dienstprogramm namens Psexec
wshield.exe - gehackte Version der Serveranwendung SlimFTPd
ymnz.exe - Adware-Anwendung
yrtsiger.bat - Skriptdatei, die Einträge zur Registrierung hinzufügt
zema - schädliche Batchdatei, die auch als W32/Randon-AK erkannt wird.

derleu · 21.04.2005, 14:37

so, sorry, vielleicht fehlt mir nur das nötige fachwissen, um dir zufrieden- stellende antworten zu liefern.

Total scan, kann ich nach analyse nicht von der website kopieren, geht nicht.

grruß
jürgen

Passat2002 · 21.04.2005, 14:57

bitte überprüfe die folgende(n) datei(en) mit dem Jotti oder Virustotal
onlinescan,

Zitat:

ergebnis hier posten.(sollte so aussehen)
Service load: 0% 100%
File: tabbed.gif
Status: OK
Packers detected: None

AntiVir No viruses found (0.37 seconds taken)
Avast No viruses found (1.53 seconds taken)
AVG Antivirus No viruses found (0.44 seconds taken)
BitDefender No viruses found (0.46 seconds taken)
ClamAV No viruses found (0.59 seconds taken)
Dr.Web No viruses found (0.87 seconds taken)
F-Prot Antivirus No viruses found (0.08 seconds taken)
Fortinet No viruses found (0.41 seconds taken)
Kaspersky Anti-Virus No viruses found (0.98 seconds taken)
mks_vir No viruses found (0.21 seconds taken)
NOD32 No viruses found (0.46 seconds taken)
Norman Virus Control No viruses found (0.19 seconds taken)

einfach markieren und rechte maustaste -> kopieren -> hier ein neues eingabefenster öffnen und einfügen

das fehlt beim escan

Zitat:

Wed Oct 06 03:19:24 2004 => Total Number of Files Scanned: 54651
Wed Oct 06 03:19:24 2004 => Total Number of Virus(es) Found: 0
Wed Oct 06 03:19:24 2004 => Total Number of Disinfected Files: 0
Wed Oct 06 03:19:24 2004 => Total Number of Files Renamed: 0
Wed Oct 06 03:19:24 2004 => Total Number of Deleted Files: 0
Wed Oct 06 03:19:24 2004 => Total Number of Errors: 0
Wed Oct 06 03:19:24 2004 => Time Elapsed: 01:13:32
Wed Oct 06 03:19:24 2004 => Virus Database Date: 2004/10/05
Wed Oct 06 03:19:24 2004 => Virus Database Count: 105164

Wed Oct 06 03:19:24 2004 => Scan Completed.

derleu · 21.04.2005, 15:08

nu alles da ??? Virus total

This is a report processed by VirusTotal on 04/21/2005 at 15:26:22 (CET) after scanning the file "wshield.exe" file.
Antivirus Version Update Result
AntiVir 6.30.0.7 04.21.2005 TR/Flood.BI
AVG 718 04.20.2005 no virus found
BitDefender 7.0 04.21.2005 Application.SlimFTP.A
ClamAV devel-20050307 04.21.2005 no virus found
DrWeb 4.32b 04.21.2005 BackDoor.IRC.Critical
eTrust-Iris 7.1.194.0 04.19.2005 Win32/IRCFlood.18944!Trojan
eTrust-Vet 11.7.0.0 04.21.2005 Win32.IRCFlood
Fortinet 2.51 04.20.2005 Misc/SlimFTP
F-Prot 3.16b 04.20.2005 no virus found
Ikarus 2.32 04.20.2005 no virus found
Kaspersky 4.0.2.24 04.21.2005 not-a-virus:RiskWare.FTP.SlimFTPd.312b
McAfee 4473 04.20.2005 potentially unwanted program SlimFTP
NOD32v2 1.1073 04.20.2005 Win32/SlimFTP
Norman 5.70.10 04.20.2005 no virus found
Panda 8.02.00 04.21.2005 Application/SlimFTP.C
Sybari 7.5.1314 04.21.2005 Win32/IRCFlood.18944!Trojan
Symantec 8.0 04.20.2005 no virus found
VBA32 3.10.3 04.20.2005 RiskWare.FTP.SlimFTPd.312b

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.> Go to: Home Contact En español
--------------------------------------------------------------------------------
www.virustotal.com :: @ Hispasec Sistemas 2004 :: e-mail info@virustotal.com

derleu · 21.04.2005, 15:21

im mom läuft gerade e-scan durch, brauch ja wirklich fast ne std.
hat jetzt nach 30min ung. die hälfte durch.

gruß
jürgen

derleu · 21.04.2005, 17:52

hab den scan im normalen und im abgesicherten modus mit escan gemacht.
hier das ergebnis:

normal:

Thu Apr 21 15:53:09 2005 => File C:\PROGRA~2\MEDIAA~1\MEDIAA~1.EXE infected by "not-a-virus:AdWare.WinAD.am" Virus. Action Taken: No Action Taken.

Thu Apr 21 15:53:09 2005 => File C:\PROGRA~2\MEDIAA~1\MEDIAA~1.DLL infected by "not-a-virus:AdWare.WinAD.am" Virus. Action Taken: No Action Taken.

Thu Apr 21 15:53:09 2005 => File C:\PROGRA~2\MEDIAA~1\MEDIAA~1.DLL infected by "not-a-virus:AdWare.WinAD.am" Virus. Action Taken: No Action Taken.

Thu Apr 21 15:55:12 2005 => File C:\PROGRA~2\MEDIAA~1\MEDIAA~2.EXE infected by "not-a-virus:AdWare.WinAD.am" Virus. Action Taken: No Action Taken.

Thu Apr 21 15:55:57 2005 => System found infected with SideFind Spyware/Adware ({8cba1b49-8144-4721-a7b1-64c578c9eed7})! Action taken: No Action Taken

Thu Apr 21 15:55:57 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.

Thu Apr 21 15:55:58 2005 => System found infected with SideFind Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken.
Thu Apr 21 15:55:58 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.

Thu Apr 21 15:56:08 2005 => Offending value found in HKLM\Software\istbar !!!
Thu Apr 21 15:56:08 2005 => System found infected with istbar Spyware/Adware! Action taken: No Action Taken.
Thu Apr 21 15:56:08 2005 => File System Found infected by "istbar Spyware/Adware" Virus. Action Taken: No Action Taken.

Thu Apr 21 15:56:08 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\policies\ameopt !!!
Thu Apr 21 15:56:08 2005 => System found infected with ameopt Spyware/Adware! Action taken: No Action Taken.
Thu Apr 21 15:56:08 2005 => File System Found infected by "ameopt Spyware/Adware" Virus. Action Taken: No Action Taken.

Thu Apr 21 15:56:08 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\tsa !!!
Thu Apr 21 15:56:08 2005 => Offending value found in HKLM\Software\tsa !!!
Thu Apr 21 15:56:08 2005 => System found infected with tsa Spyware/Adware! Action taken: No Action Taken.
Thu Apr 21 15:56:08 2005 => File System Found infected by "tsa Spyware/Adware" Virus. Action Taken: No Action Taken.

Thu Apr 21 15:56:10 2005 => Offending value found in HKCU\Software\microsoft\Narrator !!!
Thu Apr 21 15:56:10 2005 => System found infected with Narrator Spyware/Adware! Action taken: No Action Taken.
Thu Apr 21 15:56:10 2005 => File System Found infected by "Narrator Spyware/Adware" Virus. Action Taken: No Action Taken.

Thu Apr 21 16:03:30 2005 => File C:\WINNT\system32\alte.exe infected by "Exploit.Win32.DCom.w" Virus. Action Taken: No Action Taken.

Thu Apr 21 16:03:42 2005 => File C:\WINNT\system32\emoti.bat infected by "Trojan.BAT.Zapchast" Virus. Action Taken: No Action Taken.

Thu Apr 21 16:05:54 2005 => File C:\WINNT\system32\q17i9a4j.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.

Thu Apr 21 16:05:55 2005 => File C:\WINNT\system32\hochkaod3.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.

Thu Apr 21 16:12:19 2005 => File C:\DOKUME~1\ARS-CU~1\LOKALE~1\TEMPOR~1\Content.IE5\QDEPKH4V\send_car_int[1].htm infected by "Exploit.HTML.CodeBaseExec" Virus. Action Taken: No Action Taken.

Thu Apr 21 16:23:46 2005 => Total Objects Scanned: 16198
Thu Apr 21 16:23:46 2005 => Total Virus(es) Found: 21
Thu Apr 21 16:23:46 2005 => Total Disinfected Files: 0
Thu Apr 21 16:23:46 2005 => Total Files Renamed: 0
Thu Apr 21 16:23:46 2005 => Total Deleted Objects: 0
Thu Apr 21 16:23:46 2005 => Total Errors: 6
Thu Apr 21 16:23:46 2005 => Time Elapsed: 00:35:08
Thu Apr 21 16:23:46 2005 => Virus Database Date: 2005/04/20
Thu Apr 21 16:23:47 2005 => Virus Database Count: 126821

im abgesicherten modus:

Thu Apr 21 17:38:15 2005 => File C:\PROGRA~2\MEDIAA~1\MEDIAA~2.EXE infected by "not-a-virus:AdWare.WinAD.am" Virus. Action Taken: No Action Taken.

Thu Apr 21 17:38:34 2005 => System found infected with SideFind Spyware/Adware ({8cba1b49-8144-4721-a7b1-64c578c9eed7})! Action taken: No Action Taken.
Thu Apr 21 17:38:34 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.

Thu Apr 21 17:38:34 2005 => System found infected with SideFind Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken.
Thu Apr 21 17:38:34 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.

Thu Apr 21 17:38:35 2005 => System found infected with XXXToolbar Spyware/Adware ({7C559105-9ECF-42B8-B3F7-832E75EDD959})! Action taken: No Action Taken.
Thu Apr 21 17:38:35 2005 => File System Found infected by "XXXToolbar Spyware/Adware" Virus. Action Taken: No Action Taken.

hu Apr 21 17:38:35 2005 => Offending value found in HKLM\Software\istbar !!!
Thu Apr 21 17:38:35 2005 => System found infected with istbar Spyware/Adware! Action taken: No Action Taken.
Thu Apr 21 17:38:35 2005 => File System Found infected by "istbar Spyware/Adware" Virus. Action Taken: No Action Taken.

Thu Apr 21 17:38:35 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\policies\ameopt !!!
Thu Apr 21 17:38:35 2005 => System found infected with ameopt Spyware/Adware! Action taken: No Action Taken.
Thu Apr 21 17:38:35 2005 => File System Found infected by "ameopt Spyware/Adware" Virus. Action Taken: No Action Taken.

Thu Apr 21 17:38:35 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\tsa !!!
Thu Apr 21 17:38:35 2005 => Offending value found in HKLM\Software\tsa !!!
Thu Apr 21 17:38:35 2005 => System found infected with tsa Spyware/Adware! Action taken: No Action Taken.
Thu Apr 21 17:38:35 2005 => File System Found infected by "tsa Spyware/Adware" Virus. Action Taken: No Action Taken.

Thu Apr 21 17:38:36 2005 => Offending value found in HKCU\Software\microsoft\Narrator !!!
Thu Apr 21 17:38:36 2005 => System found infected with Narrator Spyware/Adware! Action taken: No Action Taken.
Thu Apr 21 17:38:36 2005 => File System Found infected by "Narrator Spyware/Adware" Virus. Action Taken: No Action Taken.

Thu Apr 21 17:38:44 2005 => System found infected with WindUpdate Spyware/Adware (ide21201.vxd)! Action taken: No Action Taken.
Thu Apr 21 17:38:44 2005 => File System Found infected by "WindUpdate Spyware/Adware" Virus. Action Taken: No Action Taken.

Thu Apr 21 17:41:08 2005 => File C:\WINNT\system32\alte.exe infected by "Exploit.Win32.DCom.w" Virus. Action Taken: No Action Taken.

Thu Apr 21 17:41:10 2005 => File C:\WINNT\system32\emoti.bat infected by "Trojan.BAT.Zapchast" Virus. Action Taken: No Action Taken.

Thu Apr 21 17:42:06 2005 => File C:\WINNT\system32\q17i9a4j.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.

Thu Apr 21 17:42:06 2005 => File C:\WINNT\system32\hochkaod3.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.

Thu Apr 21 17:42:25 2005 => Total Objects Scanned: 2946
Thu Apr 21 17:42:25 2005 => Total Virus(es) Found: 17
Thu Apr 21 17:42:25 2005 => Total Disinfected Files: 0
Thu Apr 21 17:42:25 2005 => Total Files Renamed: 0
Thu Apr 21 17:42:25 2005 => Total Deleted Objects: 0
Thu Apr 21 17:42:25 2005 => Total Errors: 0
Thu Apr 21 17:42:25 2005 => Time Elapsed: 00:05:12
Thu Apr 21 17:42:25 2005 => Virus Database Date: 2005/04/20
Thu Apr 21 17:42:25 2005 => Virus Database Count: 126821

Thu Apr 21 17:42:25 2005 => Scan Completed.

Thu Apr 21 17:44:54 2005 => Virus Database Date: 2005/04/20
Thu Apr 21 17:44:54 2005 => Virus Database Count: 126821
Thu Apr 21 17:45:51 2005 => AV Library Unloaded (3)...

Puh, das war schon aufregend.

Ok so, oder hab ich was falsch gemacht.

gruß
jürgen

PS. wie werd ich die dinger wieder los ????????????????????

Passat2002 · 21.04.2005, 23:37

hi jürgen!

ein ? reicht

du hast ja den escan installiert, bitte nimm die einstellungen so vor, wie sie hier auf diesem bild vorgenommen wurden, auch im abgesicherten modus ! unter 20000 dateien, da dürfte der rechner gerade frisch aufgesetzt sein.

Zitat:

Wed Oct 06 03:19:24 2004 => Total Number of Files Scanned: 54651
Wed Oct 06 03:19:24 2004 => Total Number of Virus(es) Found: 0
Wed Oct 06 03:19:24 2004 => Total Number of Disinfected Files: 0
Wed Oct 06 03:19:24 2004 => Total Number of Files Renamed: 0
Wed Oct 06 03:19:24 2004 => Total Number of Deleted Files: 0
Wed Oct 06 03:19:24 2004 => Total Number of Errors: 0
Wed Oct 06 03:19:24 2004 => Time Elapsed: 01:13:32
Wed Oct 06 03:19:24 2004 => Virus Database Date: 2004/10/05
Wed Oct 06 03:19:24 2004 => Virus Database Count: 105164

Wed Oct 06 03:19:24 2004 => Scan Completed.

Zitat:

Es gibt von Seeker ein kleines Tool, welches die Escan-Funde löscht. Allerdings ist es noch nicht 'empirisch' getestet. Du kannst -wenn Du magst- es hier herunterladen: http://derbilk.de/eScanCheckb8_sfx.exe. Nach dem Download die Datei ausführen und das Programm wird installiert. Danach solltest Du alle anderen Anwendungen beenden und das Programm starten und über Datei -> eScan-Log öffnen das Log von eScan einlesen.
Markiere dann unterhalb der eingelesenen Logdatei alle vier Optionen und klicke auf Dateien löschen.

Der Form halber:
Das Tool befindet sich noch in der Entwicklung. Für evtl. Schäden wird also keine Haftung übernommen!

Poste anschließend bitte ein neu erstelltes Log von HijackThis.

dartus · 21.04.2005, 23:51

Zitat:

Zitat von Passat2002

irgendwie benötigt man schon ein wenig mehr escan-daten, also da wäre
wieviel dateien wurden geprüft,
wieviel dateien sind malware usw.

FULL ACK!

Was nützt das Scannen von Einzeldateien, die eher "unauffällige" Registry-Eintäge haben.

dartus

derleu · 22.04.2005, 13:25

so escan die 3., diesesmal hoffentlich korrekt.

Fri Apr 22 11:28:33 2005 => Scanning File C:\PROGRA~2\MEDIAA~1\MEDIAA~2.EXE
Fri Apr 22 11:28:33 2005 => File C:\PROGRA~2\MEDIAA~1\MEDIAA~2.EXE infected by "not-a-virus:AdWare.WinAD.am" Virus. Action Taken: No Action Taken.

Fri Apr 22 11:28:53 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD
Fri Apr 22 11:28:53 2005 => Scanning File C:\WINNT\system32\JAVASUP.VXD
Fri Apr 22 11:28:53 2005 => System found infected with SideFind Spyware/Adware ({8cba1b49-8144-4721-a7b1-64c578c9eed7})! Action taken: No Action Taken.
Fri Apr 22 11:28:53 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.

Fri Apr 22 11:28:53 2005 => System found infected with SideFind Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken.
Fri Apr 22 11:28:53 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.

Fri Apr 22 11:28:53 2005 => System found infected with XXXToolbar Spyware/Adware ({7C559105-9ECF-42B8-B3F7-832E75EDD959})! Action taken: No Action Taken.
Fri Apr 22 11:28:53 2005 => File System Found infected by "XXXToolbar Spyware/Adware" Virus. Action Taken: No Action Taken.

Fri Apr 22 11:28:54 2005 => Offending value found in HKLM\Software\istbar !!!
Fri Apr 22 11:28:54 2005 => System found infected with istbar Spyware/Adware! Action taken: No Action Taken.
Fri Apr 22 11:28:54 2005 => File System Found infected by "istbar Spyware/Adware" Virus. Action Taken: No Action Taken.

Fri Apr 22 11:28:54 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\policies\ameopt !!!
Fri Apr 22 11:28:54 2005 => System found infected with ameopt Spyware/Adware! Action taken: No Action Taken.
Fri Apr 22 11:28:54 2005 => File System Found infected by "ameopt Spyware/Adware" Virus. Action Taken: No Action Taken.

Fri Apr 22 11:28:54 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\tsa !!!
Fri Apr 22 11:28:54 2005 => Offending value found in HKLM\Software\tsa !!!
Fri Apr 22 11:28:54 2005 => System found infected with tsa Spyware/Adware! Action taken: No Action Taken.
Fri Apr 22 11:28:54 2005 => File System Found infected by "tsa Spyware/Adware" Virus. Action Taken: No Action Taken.

Fri Apr 22 11:28:54 2005 => Offending value found in HKCU\Software\microsoft\Narrator !!!
Fri Apr 22 11:28:54 2005 => System found infected with Narrator Spyware/Adware! Action taken: No Action Taken.
Fri Apr 22 11:28:54 2005 => File System Found infected by "Narrator Spyware/Adware" Virus. Action Taken: No Action Taken.

Fri Apr 22 11:29:02 2005 => System found infected with WindUpdate Spyware/Adware (ide21201.vxd)! Action taken: No Action Taken.
Fri Apr 22 11:29:02 2005 => File System Found infected by "WindUpdate Spyware/Adware" Virus. Action Taken: No Action Taken.

Fri Apr 22 11:31:39 2005 => Scanning File C:\WINNT\system32\alte.exe
Fri Apr 22 11:31:39 2005 => File C:\WINNT\system32\alte.exe infected by "Exploit.Win32.DCom.w" Virus. Action Taken: No Action Taken.

Fri Apr 22 11:31:41 2005 => Scanning File C:\WINNT\system32\dlcl.edp
Fri Apr 22 11:31:41 2005 => File C:\WINNT\system32\dlcl.edp infected by "Net-Worm.Win32.Randon.an" Virus. Action Taken: No Action Taken.

Fri Apr 22 11:31:41 2005 => Scanning File C:\WINNT\system32\emoti.bat
Fri Apr 22 11:31:41 2005 => File C:\WINNT\system32\emoti.bat infected by "Trojan.BAT.Zapchast" Virus. Action Taken: No Action Taken.

Fri Apr 22 11:31:43 2005 => Scanning File C:\WINNT\system32\hosts
Fri Apr 22 11:31:43 2005 => File C:\WINNT\system32\hosts infected by "Trojan.Win32.Qhost" Virus. Action Taken: No Action Taken.

Fri Apr 22 11:31:53 2005 => Scanning File C:\WINNT\system32\DISKCOPY.COM
Fri Apr 22 11:31:53 2005 => Scanning File C:\WINNT\system32\zema
Fri Apr 22 11:31:53 2005 => File C:\WINNT\system32\zema infected by "Net-Worm.Win32.Randon" Virus. Action Taken: No Action Taken.

Fri Apr 22 11:32:39 2005 => Scanning File C:\WINNT\system32\q17i9a4j.exe
Fri Apr 22 11:32:39 2005 => File C:\WINNT\system32\q17i9a4j.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.

Fri Apr 22 11:32:39 2005 => Scanning File C:\WINNT\system32\hochkaod3.exe
Fri Apr 22 11:32:39 2005 => File C:\WINNT\system32\hochkaod3.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.

Fri Apr 22 11:40:53 2005 => Scanning File C:\WINNT\system32\alte.exe
Fri Apr 22 11:40:53 2005 => File C:\WINNT\system32\alte.exe infected by "Exploit.Win32.DCom.w" Virus. Action Taken: No Action Taken.

Fri Apr 22 11:40:55 2005 => Scanning File C:\WINNT\system32\dlcl.edp
Fri Apr 22 11:40:55 2005 => File C:\WINNT\system32\dlcl.edp infected by "Net-Worm.Win32.Randon.an" Virus. Action Taken: No Action Taken.

Fri Apr 22 11:40:56 2005 => Scanning File C:\WINNT\system32\emoti.bat
Fri Apr 22 11:40:56 2005 => File C:\WINNT\system32\emoti.bat infected by "Trojan.BAT.Zapchast" Virus. Action Taken: No Action Taken.

Fri Apr 22 11:40:57 2005 => Scanning File C:\WINNT\system32\hosts
Fri Apr 22 11:40:57 2005 => File C:\WINNT\system32\hosts infected by "Trojan.Win32.Qhost" Virus. Action Taken: No Action Taken.

Fri Apr 22 11:41:07 2005 => Scanning File C:\WINNT\system32\zema
Fri Apr 22 11:41:07 2005 => File C:\WINNT\system32\zema infected by "Net-Worm.Win32.Randon" Virus. Action Taken: No Action Taken.

Fri Apr 22 11:42:14 2005 => Scanning File C:\WINNT\system32\q17i9a4j.exe
Fri Apr 22 11:42:15 2005 => File C:\WINNT\system32\q17i9a4j.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.

Fri Apr 22 11:42:15 2005 => Scanning File C:\WINNT\system32\hochkaod3.exe
Fri Apr 22 11:42:15 2005 => File C:\WINNT\system32\hochkaod3.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.

Fri Apr 22 11:52:23 2005 => Scanning File C:\WINNT\Downloaded Program Files\HbInstIE.dll
Fri Apr 22 11:52:23 2005 => File C:\WINNT\Downloaded Program Files\HbInstIE.dll infected by "not-a-virus:AdWare.HotBar.ap" Virus. Action Taken: No Action Taken.

Fri Apr 22 11:52:24 2005 => Scanning File C:\WINNT\Downloaded Program Files\MediaAccX.dll
Fri Apr 22 11:52:24 2005 => File C:\WINNT\Downloaded Program Files\MediaAccX.dll infected by "not-a-virus:AdWare.WinAD.ak" Virus. Action Taken: No Action Taken.

Fri Apr 22 12:04:47 2005 => Scanning File C:\Dokumente und Einstellungen\ars-cultura\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv479.jar-22d4df3e-4ceb4de9.zip
Fri Apr 22 12:04:47 2005 => File C:\Dokumente und Einstellungen\ars-cultura\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv479.jar-22d4df3e-4ceb4de9.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus. Action Taken: No Action Taken.

Fri Apr 22 12:43:05 2005 => Scanning File C:\Program Files\Media Access\MediaAccess.exe
Fri Apr 22 12:43:05 2005 => File C:\Program Files\Media Access\MediaAccess.exe infected by "not-a-virus:AdWare.WinAD.am" Virus. Action Taken: No Action Taken.

Fri Apr 22 12:43:05 2005 => Scanning File C:\Program Files\Media Access\MediaAccK.exe
Fri Apr 22 12:43:05 2005 => Scanning File C:\Program Files\Media Access\MediaAccC.dll
Fri Apr 22 12:43:06 2005 => File C:\Program Files\Media Access\MediaAccC.dll infected by "not-a-virus:AdWare.WinAD.am" Virus. Action Taken: No Action Taken.

Fri Apr 22 12:49:15 2005 => Scanning File C:\WINNT\system32\alte.exe
Fri Apr 22 12:49:15 2005 => File C:\WINNT\system32\alte.exe infected by "Exploit.Win32.DCom.w" Virus. Action Taken: No Action Taken.

Fri Apr 22 12:49:17 2005 => Scanning File C:\WINNT\system32\dlcl.edp
Fri Apr 22 12:49:17 2005 => File C:\WINNT\system32\dlcl.edp infected by "Net-Worm.Win32.Randon.an" Virus. Action Taken: No Action Taken.

Fri Apr 22 12:49:18 2005 => Scanning File C:\WINNT\system32\emoti.bat
Fri Apr 22 12:49:18 2005 => File C:\WINNT\system32\emoti.bat infected by "Trojan.BAT.Zapchast" Virus. Action Taken: No Action Taken.

Fri Apr 22 12:49:19 2005 => Scanning File C:\WINNT\system32\hosts
Fri Apr 22 12:49:19 2005 => File C:\WINNT\system32\hosts infected by "Trojan.Win32.Qhost" Virus. Action Taken: No Action Taken.

Fri Apr 22 12:49:29 2005 => Scanning File C:\WINNT\system32\DISKCOPY.COM
Fri Apr 22 12:49:29 2005 => Scanning File C:\WINNT\system32\zema
Fri Apr 22 12:49:29 2005 => File C:\WINNT\system32\zema infected by "Net-Worm.Win32.Randon" Virus. Action Taken: No Action Taken.

Fri Apr 22 12:50:37 2005 => Scanning File C:\WINNT\system32\q17i9a4j.exe
Fri Apr 22 12:50:37 2005 => File C:\WINNT\system32\q17i9a4j.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.

Fri Apr 22 12:50:37 2005 => Scanning File C:\WINNT\system32\hochkaod3.exe
Fri Apr 22 12:50:37 2005 => File C:\WINNT\system32\hochkaod3.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Take

Fri Apr 22 13:00:43 2005 => Scanning File C:\WINNT\Downloaded Program Files\HbInstIE.dll
Fri Apr 22 13:00:43 2005 => File C:\WINNT\Downloaded Program Files\HbInstIE.dll infected by "not-a-virus:AdWare.HotBar.ap" Virus. Action Taken: No Action Taken.

Fri Apr 22 13:00:44 2005 => Scanning File C:\WINNT\Downloaded Program Files\MediaAccX.dll
Fri Apr 22 13:00:44 2005 => File C:\WINNT\Downloaded Program Files\MediaAccX.dll infected by "not-a-virus:AdWare.WinAD.ak" Virus. Action Taken: No Action Taken.

Fri Apr 22 13:05:09 2005 => ***** Scanning complete. *****

Fri Apr 22 13:05:09 2005 => Total Objects Scanned: 40277
Fri Apr 22 13:05:09 2005 => Total Virus(es) Found: 47
Fri Apr 22 13:05:09 2005 => Total Disinfected Files: 0
Fri Apr 22 13:05:09 2005 => Total Files Renamed: 0
Fri Apr 22 13:05:09 2005 => Total Deleted Objects: 0
Fri Apr 22 13:05:09 2005 => Total Errors: 5
Fri Apr 22 13:05:09 2005 => Time Elapsed: 01:37:20
Fri Apr 22 13:05:09 2005 => Virus Database Date: 2005/04/20
Fri Apr 22 13:05:09 2005 => Virus Database Count: 126821

Fri Apr 22 13:05:09 2005 => Scan Completed.

Fri Apr 22 13:20:56 2005 => Virus Database Date: 2005/04/20
Fri Apr 22 13:20:56 2005 => Virus Database Count: 126821
Fri Apr 22 13:21:04 2005 => AV Library Unloaded (3)...

so, und nun, wie geht es weiter, will die biesterchen ja wieder los werden.

Vorerst mal ein kleiner zwischendank für eure aufgebrachte zeit und mühe.

grüßels
jürgen

derleu · 24.04.2005, 00:28

ok danke,war dann auch wohl sehr hilfreich.
find es recht lustig das man hier das große hintergrundwissen voraussetzt.
Vielleicht beteilige ich mich dann auch mal in diesem forum, wenn ich diesem großen hintergrundwissens mächtig bin und nehme mich der probs der newbies an.

grüßels
jürgen

neue nicht identifizierbare exen

Log-Analyse und Auswertung: neue nicht identifizierbare exen