Re: SCAN.EXE - McAfee AntiVirus Software

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 01/16/04

• Next message: Patrick Casher: "Re: HELP - virus/spyware intrusion on my computer"
• Previous message: Bill Sanderson: "Re: Have TR/TalkStocks virus"
• In reply to: JohnNews: "SCAN.EXE - McAfee AntiVirus Software"
• Next in thread: JohnNews: "Re: SCAN.EXE - McAfee AntiVirus Software"
• Reply: JohnNews: "Re: SCAN.EXE - McAfee AntiVirus Software"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 15 Jan 2004 21:26:02 -0500

Replies are inline...

Dave

"JohnNews" <johncarryl@comcast.net> wrote in message
news:ObuuIc82DHA.2060@TK2MSFTNGP10.phx.gbl...
| Folks:
|
|
| You will need to maximize your browser window to see the results of this
| virus scan properly
|
| I have McAfee AntiVirus software (Version 6.02.3000.1) installed on my Lap
| Top. I have been experimenting with writing a DOS script to run and
| generate an HTML report to be mailed to me at
| 6:00 am so that I can read same on the train on my way to work. I am
| investigating the possibility of running this script in parallel on a bunch
| of network computers and have only report summaries sent to be via email.

If this is a corporate LAN, you are using the wrong product. v6.x is a retail product and
you should be using v4.5.1 SP1 corporate or v7.1 Enterprise. What you should be doing is
having Alert Manager receive alerts and send selected personnel NetBIOS pop-ups upon
detection or certain errors. Alert Manager is a built in product in Netshield (NT Server or
Netware) or a separate product used with v7.1 enterprise. there is no reason to receive a
daily scan report for each PC. What is important is that events are logged and support
personnel are notified on a event.

| The basic syntax of the script is SCAN.EXE /OPTION1 /OPTION2 /OPTION3 ...
| /OPTIONn
|
| Here are some of the issues that arise after studying the entire report:
|
| * I would love know if others have investigated a similar task or do you
| think this is all just a waste of time ?

I do what you are doing all the time. not a waste. Only it is done for remediation and
rarely detection.

| * How come I am using "Scan engine v4.2.60 for Win32", I thought I had
| McAfee AntiVirus software (Version 6.02.3000.1) installed on my machine ?

There are three parts to McAfee: Kernel, ENGINE and DAT.
The product you are using is the Kernel - Version 6.02.3000.1
The ENGINE is v4260 (ENGINE v4320 was just released last week)
The DAT is v4314
You are using not the GUI but the McAfee Command Line Scanner. There are three versions;
SCAN.EXE, SCANPM.EXE and SCAN86.EXE. SCAN.EXE is a mixed DOS/Win32 program.

| * The # of SWITCHES used in basic SCAN command is huge. Is there a more
| efficient choice to accomplish basically the same goals ?

You don't need the following
/RPTCOR
/MAILBOX
/RPTERR
/CONTACTFILE SCANCONTACT1.TXT
/REPORT SCANREPORT1.TXT you already are creating a HTML report, /HTML HTMLREPORT1 I
suggest redoing as.../HTML "HTMLREPORT1.HTML"
Replace; /AD /ADN with /ADL

| * How to solve these problems: "File could not be opened", "File is
| password protected" ?

You can't. You can't scan password protected files or files w/Open File Handles.

| * Is there a way to speed up running time of this script ?

Remove extraneous switches otherwise, no you can't speed up the process w/o a faster CPU.

| * Feel free to raise any other issues that you think would be
| relevant/beneficial to members of this newsgroup.

I use the following command...

SCAN.EXE /ADL /program /sub /mime /unzip /clean /del /html "C:\ScanReport.HTML"

|
|
| Thanks,
| John.
|
|
|
| Virus Scan Report File
|
| ----------------------------------------------------------------------------
| ----
| Virus Scan Information
| ----------------------------------------------------------------------------
| ----
|
| McAfee VirusScan for Win32 v4.26.0
| Copyright (c) 1992-2003 Networks Associates Technology Inc. All rights
| reserved.
| (408) 988-3832 LICENSED COPY - May 16 2003
|
| Scan engine v4.2.60 for Win32.
| Virus data file v4314 created Jan 14 2004
| Scanning for 84549 viruses, trojans and variants.
|
| ----------------------------------------------------------------------------
| ----
| Virus Scan Results
| ----------------------------------------------------------------------------
| ----
|
|
|
| 01/15/2004 13:33:29
|
|
| Options:
| /ALL /AD /ADN /ANALYZE /CLEAN /APPEND /UNZIP /SUB /MANALYZE /MIME /MAILBOX
| /PROGRAM /CONTACTFILE SCANCONTACT1.TXT /HTML HTMLREPORT1 /REPORT
| SCANREPORT1.TXT /RPTCOR /RPTERR
|
| Scanning C: []
| Scanning C:\*.*
| C:\1 John Data Backup\Download Apps\isa presentation.exe\SETUP.MSI ... is
| corrupted.
| C:\1 John Data Backup\Download Apps\PMG -Toolkit2_4.exe\TOOLKIT.CAB ... is
| password-protected.
| C:\1 John Data Backup\Download Apps\PMG -Toolkit2_4.exe\SETUP.LST ... is
| password-protected.
| C:\1 John Data Backup\Download Apps\PMG -Toolkit2_4.exe\SETUP.EXE ... is
| password-protected.
| C:\1 John Data Backup\ISA 2000 Server Materials\isa
| presentation.exe\SETUP.MSI ... is corrupted.
| C:\1 John Data Backup\PMG Visio Stencil.zip\PMG DOCUNET STENCIL.VSS ... is
| password-protected.
| C:\1 John Data Backup\PMG whitepaper 1.zip\WP_PARADIGMS2002.PDF ... is
| password-protected.
| C:\1 John Data Backup\PMG whitepaper_response 2.zip\RESPONSE.PDF ... is
| password-protected.
| C:\1 John Data Backup\PMG_docunet sample-2003.zip\PMG_DOCUNET
| SAMPLE-2003.VSD ... is password-protected.
| C:\1 John Data Backup\Visual Basic Issues\Text Book - Hands On - VB6 For Web
| Development\WinZip\SETUP.WZ\WINZIP32.EX_ ... is password-protected.
| C:\1 John Data Backup\Visual Basic Issues\Text Book - Hands On - VB6 For Web
| Development\WinZip\winzip95.exe\SETUP.WZ\WINZIP32.EX_ ... is
| password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\AlexaRelated.zip\RELATED.HTM ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite1.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite10.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite11.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite12.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite13.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite14.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite15.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite16.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite17.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite18.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite19.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite2.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite20.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite21.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite22.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite23.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite24.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite25.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite26.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite27.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite28.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite29.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite3.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite30.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite31.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite32.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite33.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite34.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite35.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite36.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite37.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite38.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite39.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite4.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite40.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite41.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite42.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite43.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite44.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite45.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite46.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite47.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite48.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite49.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite5.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite50.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite51.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite52.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite53.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite54.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite55.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite56.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite57.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite58.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite59.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite6.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite60.zip\BACKWEB-8876480.EXE ... is
| password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite61.zip\BACKWEB-8876480.EXE ... is
| password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite7.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite8.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\BackWeblite9.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\DoubleClick.zip\JOHN@DOUBLECLICK[1].TXT ... is
| password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\DSOExploit.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\DSOExploit1.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\DSOExploit2.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\DSOExploit3.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\DSOExploit4.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\DSOExploit5.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\eBayToolbar.zip\EBAYTBAR.EXE ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\eBayToolbar1.zip\EBAYHTML.DLL ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\eBayToolbar2.zip\EBAYBAND.DLL ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\eBayToolbar3.zip\EBAYBAND.DLL ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\eBayToolbar4.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\eBayToolbar5.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\eBayToolbar6.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\eBayToolbar7.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\Gator.zip\GSTARTUP.LNK ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\Gator1.zip\SBRECOVERY.REG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\Gator2.zip\GATORPLUGIN.LOG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\Gator3.zip\DATE MANAGER WEBSITE.LNK ... is
| password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\Gator4.zip\PRECISIONTIME.LNK ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\Gator5.zip\ABOUT GAIN.LNK ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\Gator6.zip\GATORPDPSETUP.LOG ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\HitsLink.zip\JOHN@COUNTER.HITSLINK[1].TXT ... is
| password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\HitsLink1.zip\JOHN@COUNTER.HITSLINK[1].TXT ... is
| password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\HitsLink2.zip\JOHN@COUNTER.HITSLINK[2].TXT ... is
| password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\IPinsight.zip\IPINSIGT.DLL ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\VXf.zip\MSVIEW.DLL ... is password-protected.
| C:\Documents and Settings\All Users\Application Data\Spybot - Search &
| Destroy\Recovery\WhenUClockSync.zip\CLOCKSYNC.LNK ... is password-protected.
| C:\Documents and Settings\John\Local Settings\Application
| Data\Microsoft\Windows\UsrClass.dat ... file could not be opened.
| C:\Documents and Settings\John\Local Settings\Application
| Data\Microsoft\Windows\UsrClass.dat.LOG ... file could not be opened.
| C:\Documents and Settings\John\Local Settings\Temp\Perflib_Perfdata_d8.dat
| ... file could not be opened.
| C:\Documents and Settings\John\Local Settings\Temp\~DF5640.tmp ... file
| could not be opened.
| C:\Documents and Settings\John\Local Settings\Temp\~DF603F.tmp ... file
| could not be opened.
| C:\Documents and Settings\John\Local Settings\Temp\~DF6095.tmp ... file
| could not be opened.
| C:\Documents and Settings\John\Local Settings\Temp\~DF60FA.tmp ... file
| could not be opened.
| C:\Documents and Settings\John\Local Settings\Temp\~DFA980.tmp ... file
| could not be opened.
| C:\Documents and Settings\John\Local Settings\Temp\~DFB1D4.tmp ... file
| could not be opened.
| C:\Documents and Settings\John\Local Settings\Temp\~DFB203.tmp ... file
| could not be opened.
| C:\Documents and Settings\John\Local Settings\Temporary Internet
| Files\Content.IE5\61H0MV9A\wbk21C.tmp ... Found application
| Exploit-MIME.gen.c.
| The file has been deleted.
| C:\Documents and Settings\John\ntuser.dat ... file could not be opened.
| C:\Documents and Settings\John\ntuser.dat.LOG ... file could not be opened.
| C:\Documents and Settings\LocalService\Local Settings\Application
| Data\Microsoft\Windows\UsrClass.dat ... file could not be opened.
| C:\Documents and Settings\LocalService\Local Settings\Application
| Data\Microsoft\Windows\UsrClass.dat.LOG ... file could not be opened.
| C:\Documents and Settings\LocalService\ntuser.dat ... file could not be
| opened.
| C:\Documents and Settings\LocalService\ntuser.dat.LOG ... file could not be
| opened.
| C:\Documents and Settings\NetworkService\Local Settings\Application
| Data\Microsoft\Windows\UsrClass.dat ... file could not be opened.
| C:\Documents and Settings\NetworkService\Local Settings\Application
| Data\Microsoft\Windows\UsrClass.dat.LOG ... file could not be opened.
| C:\Documents and Settings\NetworkService\ntuser.dat ... file could not be
| opened.
| C:\Documents and Settings\NetworkService\ntuser.dat.LOG ... file could not
| be opened.
| C:\pagefile.sys ... file could not be opened.
| C:\Program Files\Microsoft SQL Server\data\MSSQL\Data\master.mdf ... file
| could not be opened.
| C:\Program Files\Microsoft SQL Server\data\MSSQL\Data\mastlog.ldf ... file
| could not be opened.
| C:\Program Files\Microsoft SQL Server\data\MSSQL\Data\model.mdf ... file
| could not be opened.
| C:\Program Files\Microsoft SQL Server\data\MSSQL\Data\modellog.ldf ... file
| could not be opened.
| C:\Program Files\Microsoft SQL Server\data\MSSQL\Data\msdbdata.mdf ... file
| could not be opened.
| C:\Program Files\Microsoft SQL Server\data\MSSQL\Data\msdblog.ldf ... file
| could not be opened.
| C:\Program Files\Microsoft SQL Server\data\MSSQL\Data\tempdb.mdf ... file
| could not be opened.
| C:\Program Files\Microsoft SQL Server\data\MSSQL\Data\templog.ldf ... file
| could not be opened.
| C:\psexec.exe\00012438.EXE ... Found application RemoteProcessLaunch.
| C:\Scripting - Landes\psexec.exe\00012438.EXE ... Found application
| RemoteProcessLaunch.
| C:\Scripting - Landes\psexec.zip\PSEXEC.EXE\00012438.EXE ... Found
| application RemoteProcessLaunch.
| File not renamed - could be archive or compound file.
| C:\Scripting - Landes\psTOOLS\psexec.exe\00012438.EXE ... Found application
| RemoteProcessLaunch.
| C:\Scripting - Landes\psTOOLS\pskill.exe ... Found application PSKill.
| The file has been renamed.
| C:\Scripting - Landes\Pstools.zip\PSKILL.EXE ... Found application PSKill.
| C:\Scripting - Landes\Pstools.zip\PSEXEC.EXE\00012438.EXE ... Found
| application RemoteProcessLaunch.
| C:\WINDOWS\$NtUninstallQ307274$\shgina.dll ... file could not be opened.
| C:\WINDOWS\$NtUninstallQ307274$\spuninst\spuninst.exe ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ307274$\spuninst\spuninst.inf ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ308131$\migrate.js ... file could not be opened.
| C:\WINDOWS\$NtUninstallQ308131$\spuninst\spuninst.exe ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ308131$\spuninst\spuninst.inf ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ308402$\spuninst\spuninst.exe ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ308402$\spuninst\spuninst.inf ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ308402$\srrstr.dll ... file could not be opened.
| C:\WINDOWS\$NtUninstallQ308677$\spuninst\spuninst.exe ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ308677$\spuninst\spuninst.inf ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ308677$\userenv.dll ... file could not be opened.
| C:\WINDOWS\$NtUninstallQ309521$\dxmasf.dll ... file could not be opened.
| C:\WINDOWS\$NtUninstallQ309521$\lsasrv.dll ... file could not be opened.
| C:\WINDOWS\$NtUninstallQ309521$\msdxm.ocx ... file could not be opened.
| C:\WINDOWS\$NtUninstallQ309521$\sfcfiles.dll ... file could not be opened.
| C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.exe ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.inf ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ310601$\mstask.dll ... file could not be opened.
| C:\WINDOWS\$NtUninstallQ310601$\mstinit.exe ... file could not be opened.
| C:\WINDOWS\$NtUninstallQ310601$\schedsvc.dll ... file could not be opened.
| C:\WINDOWS\$NtUninstallQ310601$\spuninst\spuninst.exe ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ310601$\spuninst\spuninst.inf ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ310601$\srsvc.dll ... file could not be opened.
| C:\WINDOWS\$NtUninstallQ311345$\msobmain.dll ... file could not be opened.
| C:\WINDOWS\$NtUninstallQ311345$\spuninst\spuninst.exe ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ311345$\spuninst\spuninst.inf ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ311455$\shell32.dll ... file could not be opened.
| C:\WINDOWS\$NtUninstallQ311455$\spuninst\spuninst.exe ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ311455$\spuninst\spuninst.inf ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ311785$\spuninst\spuninst.exe ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ311785$\spuninst\spuninst.inf ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ311785$\w32time.dll ... file could not be opened.
| C:\WINDOWS\$NtUninstallQ311889$\spuninst\spuninst.exe ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ311889$\spuninst\spuninst.inf ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ311889$\termsrv.dll ... file could not be opened.
| C:\WINDOWS\$NtUninstallQ312368$\spuninst\spuninst.exe ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ312368$\spuninst\spuninst.inf ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ312368$\syssetup.dll ... file could not be opened.
| C:\WINDOWS\$NtUninstallQ312370$\spuninst\spuninst.exe ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ312370$\spuninst\spuninst.inf ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ312370$\usbhub.sys ... file could not be opened.
| C:\WINDOWS\$NtUninstallQ312370$\usbport.sys ... file could not be opened.
| C:\WINDOWS\$NtUninstallQ314412$\msgina.dll ... file could not be opened.
| C:\WINDOWS\$NtUninstallQ314412$\spuninst\spuninst.exe ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ314412$\spuninst\spuninst.inf ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ314862$\qmgr.dll ... file could not be opened.
| C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.exe ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.inf ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ315000$\netsetup.exe ... file could not be opened.
| C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.exe ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.inf ... file could not be
| opened.
| C:\WINDOWS\$NtUninstallQ315000$\ssdpapi.dll ... file could not be opened.
| C:\WINDOWS\$NtUninstallQ315000$\ssdpsrv.dll ... file could not be opened.
| C:\WINDOWS\$NtUninstallQ315000$\upnp.dll ... file could not be opened.
| C:\WINDOWS\system32\config\default ... file could not be opened.
| C:\WINDOWS\system32\config\default.LOG ... file could not be opened.
| C:\WINDOWS\system32\config\SAM ... file could not be opened.
| C:\WINDOWS\system32\config\SAM.LOG ... file could not be opened.
| C:\WINDOWS\system32\config\SECURITY ... file could not be opened.
| C:\WINDOWS\system32\config\SECURITY.LOG ... file could not be opened.
| C:\WINDOWS\system32\config\software ... file could not be opened.
| C:\WINDOWS\system32\config\software.LOG ... file could not be opened.
| C:\WINDOWS\system32\config\system ... file could not be opened.
| C:\WINDOWS\system32\config\system.LOG ... file could not be opened.
| C:\WINDOWS\Temp\JET2672.tmp ... file could not be opened.
| C:\WINDOWS\Temp\Perflib_Perfdata_2a0.dat ... file could not be opened.
| C:\WINDOWS\Temp\Perflib_Perfdata_63c.dat ... file could not be opened.
| C:\WINDOWS\Temp\WebPoolFileFile ... file could not be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\msoe.hlp ... file could not be
| opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\msoe50.inf ... file could not
| be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\msoe.txt ... file could not be
| opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\aleabanr.gif ... file could
| not be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\amaizrul.gif ... file could
| not be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\anabnr2.gif ... file could not
| be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\aswrule.gif ... file could not
| be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\blank.htm ... file could not
| be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\blankbkg.gif ... file could
| not be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\btzhsepa.gif ... file could
| not be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\citbanna.gif ... file could
| not be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\citrbkg.gif ... file could not
| be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\citrpun.htm ... file could not
| be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\clearday.htm ... file could
| not be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\clrdaybg.jpg ... file could
| not be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\fieruld.gif ... file could not
| be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\fiesta.htm ... file could not
| be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\fiestabg.jpg ... file could
| not be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\glacier.htm ... file could not
| be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\glacrbkg.jpg ... file could
| not be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\ivy.gif ... file could not be
| opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\ivy.htm ... file could not be
| opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\leaves.htm ... file could not
| be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\leavesbg.jpg ... file could
| not be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\maize.htm ... file could not
| be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\maizebkg.jpg ... file could
| not be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\nature.htm ... file could not
| be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\naturebg.jpg ... file could
| not be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\netblitz.htm ... file could
| not be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\netblzbg.gif ... file could
| not be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\piechtbg.jpg ... file could
| not be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\piechts.htm ... file could not
| be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\sunbanna.gif ... file could
| not be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\sunfbkg.jpg ... file could not
| be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\sunflowr.htm ... file could
| not be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\sweets.htm ... file could not
| be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\sweetsbg.gif ... file could
| not be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\tech.gif ... file could not be
| opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\tech.htm ... file could not be
| opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\msoe.dll ... file could not be
| opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\oemig50.exe ... file could not
| be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\oeimport.dll ... file could
| not be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\setup50.exe ... file could not
| be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\msimn.exe ... file could not
| be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\inetcomm.dll ... file could
| not be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\mapistub.dll ... file could
| not be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\msoeres.dll ... file could not
| be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\inetres.dll ... file could not
| be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\csapi3t1.dll ... file could
| not be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\oemiglib.dll ... file could
| not be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\fixmapi.exe ... file could not
| be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\directdb.dll ... file could
| not be opened.
| C:\workssetup\MSWORKS\REDIST\IE6\TEMPFILE.CAB\9xmig.dll ... file could not
| be opened.
|
| Summary report on C:\*.*
| File(s)
| Total files: ........... 639680
| Clean: ................. 639427
| Possibly Infected: ..... 0
| Cleaned: ............... 0
| Deleted: ............... 1
| Non-critical Error(s): 3
| Master Boot Record(s): ......... 1
| Possibly Infected: ..... 0
| Boot Sector(s): ................ 1
| Possibly Infected: ..... 0
|
|
| Time: 02:25.46
|
|
| ----------------------------------------------------------------------------
| ----
|
| Visit the Network Associates Online Web Site
| Need some help or advice? Send email to Technical Support.
|
|

---

• Next message: Patrick Casher: "Re: HELP - virus/spyware intrusion on my computer"
• Previous message: Bill Sanderson: "Re: Have TR/TalkStocks virus"
• In reply to: JohnNews: "SCAN.EXE - McAfee AntiVirus Software"
• Next in thread: JohnNews: "Re: SCAN.EXE - McAfee AntiVirus Software"
• Reply: JohnNews: "Re: SCAN.EXE - McAfee AntiVirus Software"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: SPyware/Malware help needed ... Virus Scan Report File ... Scan engine v4.4.00 for Win32. ... Visit the McAfee Online Web Site ... (microsoft.public.windowsxp.security_admin) Re: Desktop display problem, but solutions not working ... but it couldn't find a backup WININT.dll or a McAfee ... Virus Scan Report File ... Scanning for 169582 viruses, trojans and variants. ... (microsoft.public.windowsxp.help_and_support) Re: Got Alemon Trojan... deleted but cant change wallpaper ... Here's the information in the Virus Scan Report File ... Visit the McAfee Online Web Site ... | wallpaper to an .html file. ... (microsoft.public.windowsxp.help_and_support) Re: annoying pop up message ... Virus Scan Report File ... McAfee VirusScan for Win32 v4.40.0 ... It is suggested that you execute each tool in Normal Mode then in Safe Mode. ... (microsoft.public.windowsxp.general) Just a minor screw up by the WHO ... a distinct chance of spawning the doomsday virus outbreak prematurely. ... Either via international wild bird flights or other less clear means of importation. ... Officials spooked by bird flu mix-up Public health officials in Europe are taking steps to make sure there's no repeat of a recent incident in which the lethal H5N1 virus ... GLOBE - Scientists who analyzed 67 H5N1 avian influenza viruses from across Africa report that the viruses fall into three distinct sublineages, ... (rec.martial-arts)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.security.virus  > 2004-01