Re: Probable virus of some sort...

From: Derek D... (D..._at_discussions.microsoft.com)
Date: 04/24/05

• Next message: Derek D...: "Re: Probable virus of some sort..."
• Previous message: Derek D...: "Re: Probable virus of some sort..."
• In reply to: David H. Lipman: "Re: Probable virus of some sort..."
• Next in thread: Derek D...: "Re: Probable virus of some sort..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sun, 24 Apr 2005 06:24:02 -0700

The AD-Aware log is as follows (i removed the tracking cookie logs as the log
exceeded the word limit of this post):

Ad-Aware SE Build 1.05
Logfile Created on:Sunday, 24 April 2005 8:59:23 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005

References detected during the scan:

AltnetBDE(TAC index:4):4 total references
MRU List(TAC index:0):26 total references
Tracking Cookie(TAC index:3):42 total references

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

24-04-2005 8:59:23 PM - Scan started. (Full System Scan)

 MRU List Object Recognized!
    Location: : C:\Documents and Settings\Administrator\Application
Data\microsoft\office\recent
    Description : list of recently opened documents using microsoft
office

 MRU List Object Recognized!
    Location: : C:\Documents and Settings\Administrator\recent
    Description : list of recently opened documents

 MRU List Object Recognized!
    Location: :
S-1-5-21-436374069-1202660629-725345543-500\software\microsoft\windows\currentversion\applets\paint\recent file list
    Description : list of files recently opened using microsoft paint

 MRU List Object Recognized!
    Location: :
S-1-5-21-436374069-1202660629-725345543-500\software\microsoft\windows\currentversion\explorer\runmru
    Description : mru list for items opened in start | run

 MRU List Object Recognized!
    Location: :
S-1-5-21-436374069-1202660629-725345543-500\software\microsoft\search
assistant\acmru
    Description : list of recent search terms used with the search
assistant

 MRU List Object Recognized!
    Location: :
S-1-5-21-436374069-1202660629-725345543-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
    Description : list of recently saved files, stored according to
file extension

 MRU List Object Recognized!
    Location: :
S-1-5-21-436374069-1202660629-725345543-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
    Description : list of recent programs opened

 MRU List Object Recognized!
    Location: :
S-1-5-21-436374069-1202660629-725345543-500\software\microsoft\windows\currentversion\explorer\recentdocs
    Description : list of recent documents opened

 MRU List Object Recognized!
    Location: :
S-1-5-21-436374069-1202660629-725345543-500\software\microsoft\office\11.0\powerpoint\recent file list
    Description : list of recent files used by microsoft powerpoint

 MRU List Object Recognized!
    Location: :
S-1-5-21-436374069-1202660629-725345543-500\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru
    Description : list of recent documents saved by microsoft word

 MRU List Object Recognized!
    Location: :
S-1-5-21-436374069-1202660629-725345543-500\software\microsoft\office\11.0\publisher\recent file list
    Description : list of recent files used by microsoft publisher

 MRU List Object Recognized!
    Location: :
S-1-5-21-436374069-1202660629-725345543-500\software\microsoft\internet
explorer\main
    Description : last save directory used in microsoft internet
explorer

 MRU List Object Recognized!
    Location: :
S-1-5-21-436374069-1202660629-725345543-500\software\realnetworks\realplayer\6.0\preferences
    Description : list of recent skins in realplayer

 MRU List Object Recognized!
    Location: :
S-1-5-21-436374069-1202660629-725345543-500\software\microsoft\internet
explorer
    Description : last download directory used in microsoft internet
explorer

 MRU List Object Recognized!
    Location: : software\microsoft\directdraw\mostrecentapplication
    Description : most recent application to use microsoft directdraw

 MRU List Object Recognized!
    Location: :
S-1-5-21-436374069-1202660629-725345543-500\software\microsoft\microsoft
management console\recent file list
    Description : list of recent snap-ins used in the microsoft
management console

 MRU List Object Recognized!
    Location: :
S-1-5-21-436374069-1202660629-725345543-500\software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct3d

 MRU List Object Recognized!
    Location: : software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct3d

 MRU List Object Recognized!
    Location: :
S-1-5-21-436374069-1202660629-725345543-500\software\microsoft\mediaplayer\preferences
    Description : last playlist index loaded in microsoft windows
media player

 MRU List Object Recognized!
    Location: :
S-1-5-21-436374069-1202660629-725345543-500\software\realnetworks\realplayer\6.0\preferences
    Description : list of recent clips in realplayer

 MRU List Object Recognized!
    Location: :
S-1-5-21-436374069-1202660629-725345543-500\software\microsoft\mediaplayer\preferences
    Description : last playlist loaded in microsoft windows media
player

 MRU List Object Recognized!
    Location: :
S-1-5-21-436374069-1202660629-725345543-500\software\realnetworks\realplayer\6.0\preferences
    Description : last login time in realplayer

 MRU List Object Recognized!
    Location: :
S-1-5-21-436374069-1202660629-725345543-500\software\microsoft\mediaplayer\medialibraryui
    Description : last selected node in the microsoft windows media
player media library

 MRU List Object Recognized!
    Location: :
S-1-5-21-436374069-1202660629-725345543-500\software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct X

 MRU List Object Recognized!
    Location: : software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct X

 MRU List Object Recognized!
    Location: :
S-1-5-21-436374069-1202660629-725345543-500\software\microsoft\windows
media\wmsdk\general
    Description : windows media sdk

Listing running processes
»»»»»»»»»»»»»»

#:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ProcessID : 156
    ThreadCreationTime : 24-04-2005 11:24:22 AM
    BasePriority : Normal

#:2 [csrss.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 208
    ThreadCreationTime : 24-04-2005 11:24:32 AM
    BasePriority : Normal

#:3 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 232
    ThreadCreationTime : 24-04-2005 11:24:33 AM
    BasePriority : High

#:4 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 276
    ThreadCreationTime : 24-04-2005 11:24:36 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Services and Controller app
    InternalName : services.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : services.exe

#:5 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 288
    ThreadCreationTime : 24-04-2005 11:24:36 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : lsass.exe

#:6 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 440
    ThreadCreationTime : 24-04-2005 11:24:39 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

#:7 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 484
    ThreadCreationTime : 24-04-2005 11:24:40 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

#:8 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 544
    ThreadCreationTime : 24-04-2005 11:24:41 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

#:9 [explorer.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 732
    ThreadCreationTime : 24-04-2005 11:24:45 AM
    BasePriority : Normal
    FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 6.00.2900.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : EXPLORER.EXE

#:10 [ad-aware.exe]
    FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
    ProcessID : 992
    ThreadCreationTime : 24-04-2005 11:29:02 AM
    BasePriority : Normal
    FileVersion : 6.2.0.206
    ProductVersion : VI.Second Edition
    ProductName : Lavasoft Ad-Aware SE
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-Aware SE Core application
    InternalName : Ad-Aware.exe
    LegalCopyright : Copyright © Lavasoft Sweden
    OriginalFilename : Ad-Aware.exe
    Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 26

Started registry scan
»»»»»»»»»

 AltnetBDE Object Recognized!
    Type : Regkey
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : software\classes\appid\adm.exe

 AltnetBDE Object Recognized!
    Type : RegValue
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : software\classes\appid\adm.exe
    Value : AppID

 AltnetBDE Object Recognized!
    Type : Regkey
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : software\classes\appid\altnet signing module.exe

 AltnetBDE Object Recognized!
    Type : RegValue
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : software\classes\appid\altnet signing module.exe
    Value : AppID

Registry Scan result:
»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 30

Started deep registry scan
»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 30

Started Tracking Cookie scan
»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»
New critical objects: 42
Objects found so far: 72

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 72

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

Hosts file scan result:
1 entries scanned.
New critical objects:0
Objects found so far: 72

Performing conditional scans...

Conditional scan result:
New critical objects: 0
Objects found so far: 72

9:04:12 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:48.891
Objects scanned:76037
Objects identified:46
Objects ignored:0
New critical objects:46

---

• Next message: Derek D...: "Re: Probable virus of some sort..."
• Previous message: Derek D...: "Re: Probable virus of some sort..."
• In reply to: David H. Lipman: "Re: Probable virus of some sort..."
• Next in thread: Derek D...: "Re: Probable virus of some sort..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.security.virus  > 2005-04