Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ZollyMonsta

2906 posts

Uber Geek

Trusted
Subscriber

#20511 28-Mar-2008 19:42
Send private message

Hi All,

I've had a scare with an msn virus and just want to check something.  I've installed Zonealarm just so I can see what's trying to access the internet.  msn.com is a process listed in task manager which is trying to access the internet.  I've never seen this process before.  Especially odd as I had uninstalled msn live when this was coming up.

Anything to be worried about?




 

 

Media DevOps Engineer (TV) @ Vodafone
Check out my LPFM Radio Station at www.thecheese.co.nz cool


Create new topic
ZollyMonsta

2906 posts

Uber Geek

Trusted
Subscriber

  #119743 30-Mar-2008 20:53
Send private message

Anyone?




 

 

Media DevOps Engineer (TV) @ Vodafone
Check out my LPFM Radio Station at www.thecheese.co.nz cool


freitasm
BDFL - Memuneh
68796 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

#119764 30-Mar-2008 22:05
Send private message

Can you find msn.com and check properties to see what's the signature for this file?




 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Coinbase | TheMarket | My technology disclosure


 
 
 
 


manhinli
2483 posts

Uber Geek

Trusted

  #119776 30-Mar-2008 22:29
Send private message

Could be some kind of Trojan, never heard of "msn.com" before.

If "msn.com" is running as a process, Spybot S&D could come in handy as the Process List under the Advanced / Tools section lists what network ports it uses, what IP it's connected to, where the program is situated, and other program information like author and description.




Find me on Twitter!

I posted 1, 2 x 10^3 times!

ZollyMonsta

2906 posts

Uber Geek

Trusted
Subscriber

  #119777 30-Mar-2008 22:32
Send private message

Well, I did a search of windows for msn.com and got the following

a html file in my documents and settings (favourites) pointing to: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=IStart
and a file called msn.com-3785A040.pf  under windows/prefetch

I would expect my default browser to be accessing the internet, not an html documents.  My browser of choice is also Firefox and msn.com tries to access the internet when I don't have a browser open... or am I on a wild goose chase here? :)

I've deleted the above files for now to see if it makes any difference (msn.com trying to access the internet)





 

 

Media DevOps Engineer (TV) @ Vodafone
Check out my LPFM Radio Station at www.thecheese.co.nz cool


ZollyMonsta

2906 posts

Uber Geek

Trusted
Subscriber

  #119780 30-Mar-2008 22:35
Send private message

Nope.. Still seeing it trying to access the internet.
Only programmes open are live messenger, firefox (open on geekzone) and thunderbird).

Here's what zonealarm is telling me...


ZollyMonsta

2906 posts

Uber Geek

Trusted
Subscriber

  #119781 30-Mar-2008 22:39
Send private message

manhinli: Could be some kind of Trojan, never heard of "msn.com" before.

If "msn.com" is running as a process, Spybot S&D could come in handy as the Process List under the Advanced / Tools section lists what network ports it uses, what IP it's connected to, where the program is situated, and other program information like author and description.



  MD5: 403D87C7F9940A1532EE10E8B2247AD8
PID: 3648 (2464) C:\WINDOWS\msn.com
 size: 38400

Though there is no file in C:\WINDOWS called this...




 

 

Media DevOps Engineer (TV) @ Vodafone
Check out my LPFM Radio Station at www.thecheese.co.nz cool


manhinli
2483 posts

Uber Geek

Trusted

  #119782 30-Mar-2008 22:40
Send private message

A quick Google on the IP: 72.167.82.11 turned out to be a US company called GoDaddy.com, Inc.

Hmm...

ZoneAlarm says it is a program, so could you check out the process in Task Manager (or even better a Process List like Spybot and track down where it mysteriously comes from?)




Find me on Twitter!

I posted 1, 2 x 10^3 times!

 
 
 
 


ZollyMonsta

2906 posts

Uber Geek

Trusted
Subscriber

  #119783 30-Mar-2008 22:46
Send private message

Well its sitting in task manager... but not sure what else task manager can tell me.

using 3,460K of ram..  its not to do with messenger because I've just shut that down and it's still present in the list.




 

 

Media DevOps Engineer (TV) @ Vodafone
Check out my LPFM Radio Station at www.thecheese.co.nz cool


manhinli
2483 posts

Uber Geek

Trusted

  #119785 30-Mar-2008 22:48
Send private message

Have you enabled the View Hidden Files option? (Though I doubt it... Laughing)

The best way I think to view files is to use CMD.exe... and use DIR (use dir /p for a page by page view, instead of a whole long list)



Hmm... scanned with Spybot yet?




Find me on Twitter!

I posted 1, 2 x 10^3 times!

ZollyMonsta

2906 posts

Uber Geek

Trusted
Subscriber

  #119789 30-Mar-2008 23:19
Send private message

Yep. did a scan and it found virtumonde... and other cookies.

Did a reboot and a re-scan... virtumonde not showing now.. but still getting msn.com wanting net access..

This time to IP 168.215.74.5

Tracing route to dc1-c17-fc-netflame-cc.digitalriver.com [168.215.74.5]

Odd.. very odd.. I'm nearly at the point where I'm thinking of formatting and reinstalling!




 

 

Media DevOps Engineer (TV) @ Vodafone
Check out my LPFM Radio Station at www.thecheese.co.nz cool


tknz
171 posts

Master Geek


  #121036 4-Apr-2008 12:43
Send private message

THIS IS A VIRUS! and it is EXTREMELY annoying to get rid of, we have disable numerous accounts from the network of a client that we manage until onsite engineers have removed it from the PC's

freitasm
BDFL - Memuneh
68796 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

#121038 4-Apr-2008 12:47
Send private message

Perhaps you could then share with the others what software finds and removes it?




 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Coinbase | TheMarket | My technology disclosure


tknz
171 posts

Master Geek


  #121053 4-Apr-2008 13:25
Send private message

we submitted it to mcafee they had a dat for us in a copule of hours, i will copy threat log below of my personal machine - its been rather infectious, even today I have had stuff come up, you need to delete most by using command prompt on startup I just wrote a batch file to do it and ran the batch. - but all the files below originate from it. The thing you must take particular interest is the "newly created files" the virus it appears binds with lsass, and explorer, (you might notice explorer crashing from time to time) most of it is spyware. Definitions should arrive soon.

Time Module Object Name Threat Action User Information
4/04/2008 12:14:07 p.m. AMON file C:\WINDOWS\SYSTEM32\FRPFGHAT.DLL Win32/BHO.NCC trojan deleted NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
2/04/2008 17:34:05 p.m. AMON file C:\WINDOWS\SYSTEM32\THVDOGNX.DLL Win32/BHO.NDF trojan deleted NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
2/04/2008 17:33:33 p.m. AMON file C:\WINDOWS\SYSTEM32\MJQIGVNC.DLL Win32/BHO.NDF trojan deleted NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
2/04/2008 17:33:29 p.m. AMON file C:\WINDOWS\SYSTEM32\OFELCJDY.DLL Win32/BHO.NDF trojan deleted NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
2/04/2008 17:28:36 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application deleted (after the next restart) Event occurred at an attempt to access the file by the application: C:\Windows\Explorer.EXE.
2/04/2008 17:28:34 p.m. AMON file C:\WINDOWS\SYSTEM32\DMQDKWJL.DLL Win32/BHO.NDF trojan deleted Event occurred at an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
2/04/2008 17:28:18 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application deleted Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:28:04 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:26:37 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:26:26 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:26:25 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:26:24 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:26:23 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:26:22 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:26:21 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:26:19 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:26:18 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:26:17 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:24:47 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:24:46 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:24:45 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:24:44 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:24:42 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:24:41 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:24:40 p.m. AMON file C:\WINDOWS\SYSTEM32\DMQDKWJL.DLL Win32/BHO.NDF trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
2/04/2008 17:24:40 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:24:16 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:23:55 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:23:50 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:23:44 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:23:34 p.m. AMON file C:\Windows\system32\gplwddyo.dll Win32/Adware.AdMedia application deleted (after the next restart) Tui-Laptop6\Tui Kapo Event occurred at an attempt to access the file by the application: C:\Program Files\Sony\ISB Utility\ISBMgr.exe.
2/04/2008 17:23:29 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:23:25 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:23:21 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:23:11 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:23:06 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:23:04 p.m. Kernel file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application Alert was generated during the system startup file check.
2/04/2008 17:23:01 p.m. Kernel file c:\windows\system32\urqngawx.dll Win32/Adware.Virtumonde.FP application Alert was generated during the system startup file check.
2/04/2008 17:23:01 p.m. Kernel file c:\windows\system32\dmqdkwjl.dll Win32/BHO.NDF trojan Alert was generated during the system startup file check.
2/04/2008 17:22:45 p.m. AMON file C:\Windows\system32\gplwddyo.dll Win32/Adware.AdMedia application Tui-Laptop6\Tui Kapo Event occurred at an attempt to access the file by the application: C:\Program Files\Sony\ISB Utility\ISBMgr.exe.
2/04/2008 17:22:44 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:22:43 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:22:42 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:22:40 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:22:39 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:22:36 p.m. AMON file C:\Windows\system32\gplwddyo.dll Win32/Adware.AdMedia application Tui-Laptop6\Tui Kapo Event occurred at an attempt to access the file by the application: C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe.
2/04/2008 17:22:36 p.m. AMON file C:\Windows\system32\gplwddyo.dll Win32/Adware.AdMedia application Tui-Laptop6\Tui Kapo Event occurred at an attempt to access the file by the application: C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe.
2/04/2008 17:22:36 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:22:36 p.m. Kernel file c:\windows\system32\gplwddyo.dll Win32/Adware.AdMedia application Alert was generated during the system startup file check.
2/04/2008 17:22:35 p.m. AMON file C:\Windows\system32\gplwddyo.dll Win32/Adware.AdMedia application Tui-Laptop6\Tui Kapo Event occurred at an attempt to access the file by the application: C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe.
2/04/2008 17:22:35 p.m. AMON file C:\Windows\system32\gplwddyo.dll Win32/Adware.AdMedia application Tui-Laptop6\Tui Kapo Event occurred at an attempt to access the file by the application: C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe.
2/04/2008 17:22:35 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:22:33 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:22:30 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:22:29 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:22:29 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:22:28 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
2/04/2008 17:22:28 p.m. AMON file C:\Windows\system32\gplwddyo.dll Win32/Adware.AdMedia application Tui-Laptop6\Tui Kapo Event occurred at an attempt to access the file by the application: C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe.
2/04/2008 17:22:27 p.m. AMON file C:\Windows\system32\urqNGawx.dll Win32/Adware.Virtumonde.FP application NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Windows\system32\lsass.exe.
1/04/2008 22:14:40 p.m. AMON file C:\Users\TUIKAP~1\AppData\Local\Temp\lvrtwvtc.dll Win32/TrojanDownloader.Agent.NWY trojan deleted Tui-Laptop6\Tui Kapo Event occurred on a new file created by the application: C:\Windows\explorer.exe.
1/04/2008 22:14:39 p.m. AMON file C:\Users\Tui Kapo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JAT4Q6W5\c_uz[1] Win32/TrojanDownloader.Agent.NWY trojan deleted Tui-Laptop6\Tui Kapo Event occurred on a new file created by the application: C:\Windows\explorer.exe.
1/04/2008 10:36:20 a.m. Kernel file C:\Windows\explorer.exe quarantined
1/04/2008 10:34:24 a.m. AMON file C:\Users\TUIKAP~1\AppData\Local\Temp\csthtxqv.dll Win32/TrojanDownloader.Agent.NWY trojan quarantined - deleted Tui-Laptop6\Tui Kapo Event occurred on a new file created by the application: C:\Windows\explorer.exe. The file was moved to quarantine. You may close this window.
1/04/2008 10:34:20 a.m. AMON file C:\Users\Tui Kapo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZ52Y6IY\c_uz[1] Win32/TrojanDownloader.Agent.NWY trojan quarantined - deleted Tui-Laptop6\Tui Kapo Event occurred on a new file created by the application: C:\Windows\explorer.exe. The file was moved to quarantine. You may close this window.
31/03/2008 22:10:14 p.m. AMON file C:\Users\TUIKAP~1\AppData\Local\Temp\cllxhmxe.dll Win32/TrojanDownloader.Agent.NWY trojan quarantined - deleted Tui-Laptop6\Tui Kapo Event occurred on a new file created by the application: C:\Windows\explorer.exe. The file was moved to quarantine. You may close this window.
31/03/2008 22:10:08 p.m. AMON file C:\Users\Tui Kapo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZ52Y6IY\c_uz[2] Win32/TrojanDownloader.Agent.NWY trojan quarantined - deleted Tui-Laptop6\Tui Kapo Event occurred on a new file created by the application: C:\Windows\explorer.exe. The file was moved to quarantine. You may close this window.
31/03/2008 21:23:28 p.m. AMON file C:\Users\TUIKAP~1\AppData\Local\Temp\brkpfsdc.dll Win32/TrojanDownloader.Agent.NWY trojan quarantined - deleted Tui-Laptop6\Tui Kapo Event occurred on a new file created by the application: C:\Windows\explorer.exe. The file was moved to quarantine. You may close this window.
31/03/2008 21:23:21 p.m. AMON file C:\Users\Tui Kapo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZ52Y6IY\c_uz[1] Win32/TrojanDownloader.Agent.NWY trojan quarantined - deleted Tui-Laptop6\Tui Kapo Event occurred on a new file created by the application: C:\Windows\explorer.exe. The file was moved to quarantine. You may close this window.
30/03/2008 20:17:49 p.m. AMON file C:\Users\Tui Kapo\Downloads\Setup Files\IMG00231.JPG-live.messenger.com Win32/IRCBot.AEG trojan deleted NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe.
30/03/2008 19:26:54 p.m. AMON file C:\Users\TUIKAP~1\AppData\Local\Temp\gvifpfss.dll Win32/TrojanDownloader.Agent.NWY trojan quarantined - deleted Tui-Laptop6\Tui Kapo Event occurred on a new file created by the application: C:\Windows\EXPLORER.exe. The file was moved to quarantine. You may close this window.
30/03/2008 19:26:52 p.m. AMON file C:\Users\Tui Kapo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\71GBS32N\c_uz[1] Win32/TrojanDownloader.Agent.NWY trojan quarantined - deleted Tui-Laptop6\Tui Kapo Event occurred on a new file created by the application: C:\Windows\EXPLORER.exe. The file was moved to quarantine. You may close this window.
30/03/2008 15:03:47 p.m. AMON file C:\Users\TUIKAP~1\AppData\Local\Temp\sxflrmbh.dll Win32/TrojanDownloader.Agent.NWY trojan quarantined - deleted Tui-Laptop6\Tui Kapo Event occurred on a new file created by the application: C:\Windows\Explorer.EXE. The file was moved to quarantine. You may close this window.
30/03/2008 15:03:42 p.m. AMON file C:\Users\Tui Kapo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZ52Y6IY\c_uz[1] Win32/TrojanDownloader.Agent.NWY trojan quarantined - deleted Tui-Laptop6\Tui Kapo Event occurred on a new file created by the application: C:\Windows\Explorer.EXE. The file was moved to quarantine. You may close this window.
29/03/2008 13:41:38 p.m. AMON file C:\Users\Tui Kapo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\71GBS32N\css4[1] Win32/Adware.Virtumonde application quarantined - deleted Tui-Laptop6\Tui Kapo Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
29/03/2008 13:41:38 p.m. AMON file C:\Windows\system32\byXPIbax.dll Win32/Adware.Virtumonde application quarantined - deleted Tui-Laptop6\Tui Kapo Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
28/03/2008 12:10:27 p.m. AMON file C:\WINDOWS\MSN.COM Win32/IRCBot.AEG trojan deleted Tui-Laptop6\Tui Kapo Event occurred when attempting to access the file.
28/03/2008 0:09:04 a.m. AMON file C:\Users\TUIKAP~1\AppData\Local\Temp\removalfile.bat Win32/Adware.Virtumonde application quarantined - deleted Tui-Laptop6\Tui Kapo Event occurred on a newly created file. The file was moved to quarantine. You may close this window.

ZollyMonsta

2906 posts

Uber Geek

Trusted
Subscriber

  #121063 4-Apr-2008 13:49
Send private message

I fixed it on a temp basis by installing a firewall so it couldnt access the net.
Anyhow, my PC fault reared its ugly head again and corrupted windows so I had to reinstall windows again
(Third time in as many months).  PC then died again so its off back to ascent for diagnosis.

Dont believe the msn.com and the disk corruption issue are related.  Just a coincidence as the windows
corruption has been ongoing for the last couple of months.

Cheers,
Grant




 

 

Media DevOps Engineer (TV) @ Vodafone
Check out my LPFM Radio Station at www.thecheese.co.nz cool


Create new topic





News »

Nanoleaf enhances lighting line with launch of Triangles and Mini Triangles
Posted 17-Oct-2020 20:18


Synology unveils DS1621+ 
Posted 17-Oct-2020 20:12


Ingram Micro introduces FootfallCam to New Zealand channel
Posted 17-Oct-2020 20:06


Dropbox adopts Virtual First working policy
Posted 17-Oct-2020 19:47


OPPO announces Reno4 Series 5G line-up in NZ
Posted 16-Oct-2020 08:52


Microsoft Highway to a Hundred expands to Asia Pacific
Posted 14-Oct-2020 09:34


Spark turns on 5G in Auckland
Posted 14-Oct-2020 09:29


AMD Launches AMD Ryzen 5000 Series Desktop Processors
Posted 9-Oct-2020 10:13


Teletrac Navman launches integrated multi-camera solution for transport and logistics industry
Posted 8-Oct-2020 10:57


Farmside hits 10,000 RBI customers
Posted 7-Oct-2020 15:32


NordVPN starts deploying colocated servers
Posted 7-Oct-2020 09:00


Google introduces Nest Wifi routers in New Zealand
Posted 7-Oct-2020 05:00


Orcon to bundle Google Nest Wifi router with new accounts
Posted 7-Oct-2020 05:00


Epay and Centrapay partner to create digital gift cards
Posted 2-Oct-2020 17:34


Inseego launches 5G MiFi M2000 mobile hotspot
Posted 2-Oct-2020 14:53









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.