From: "FromTheRafters" erratic on
"ship" <shiphen(a)gmail.com> wrote in message
news:3ee6f41b-a549-4bcf-a8c9-559c2cf79d34(a)a32g2000yqm.googlegroups.com...

Sheesh!

After wiping and reinstalling from known clean media, I would even give
the *room* it is in a good scrubbing with bleach. :o)

Use the EISA partition to restore to factory specifications, then get
all the updates installed. Scan any backup data and programs for malware
before returning them to the freshly rejuvenated system.


From: David H. Lipman on
From: "ship" <shiphen(a)gmail.com>

| Well here is a selection of what was reported - but the came so thick
| and fast I didnt take note of them all:



| AVAST:
Win32::Tibs-AFH [Trj] C:\documents and settings\XXXX\local settings
| \temp\X1Server\U.S. Secretary of State Condoleezza Rice has kicked
| German Chancellor Angela Merkel.msg
Win32::Tibs-AFX [Trj] C:\documents and settings\XXXX\local settings
| \temp\X1Server\The Kiss.msg
Win32::Tibs-AFX [Trj] C:\documents and settings\XXXX\local settings
| \temp\X1Server\The Kiss.msg
Win32::Tibs-AGA [Wrm] C:\documents and settings\XXXX\local settings
| \temp\X1Server\Forever in Love.msg
Win32::Tibs-AIE [Trj] C:\documents and settings\XXXX\local settings
| \temp\X1Server\I Would Give you Anything.msg
Win32::Tibs-AFH [Trj]


| Nuwar.N(a)mm!CME-711 C:\DOCUME~1\ALECST~1\LOCALS~1\Temp\_avast4_
| \unp28372.tmp

| Trojan: Win32/Vxidl.gen!B File:C:\DOCUME~1\ALECST~1\LOCALS~1\Temp
| \_avast4_\unp69768409.tmp
| Trojan: Win32/Vxidl.gen!dam File:C:\DOCUME~1\ALECST~1\LOCALS~1\Temp
| \_avast4_\unp142407802.tmp

Win32::Small-JBK [Trj] C:\documents and settings\XXXX\local settings
| \temp\X1Server\Sadam Hussein safe and sound!.msg
Win32::Tibs-AFA [Trj] C:\documents and settings\XXXX\local settings
| \temp\X1Server\Happy World Religion Day!.msg
Win32::Tibs-AFP [Trj] C:\documents and settings\XXXX\local settings
| \temp\X1Server\I Love Thee.msg

Win32::Tibs-AFX [Trj] C:\documents and settings\XXXX\local settings
| \temp\X1Server\The Kiss.msg
Win32::Tibs-AFX [Trj] C:\documents and settings\XXXX\local settings
| \temp\X1Server\Unmatchable Beauty.msg
Win32::Tibs-AGA [Wrm] C:\documents and settings\XXXX\local settings
| \temp\X1Server\Forever in Love.msg


| Backdoor:Win32/Ryknos.BC (Alert level: *Severe")

| AVAST:
Win32::Small-JBK [Trj] C:\documents and settings\XXXX\local settings
| \temp\X1Server\Sadam Hussein safe and sound!.msg
Win32::Tibs-AFA [Trj] C:\documents and settings\XXXX\local settings
| \temp\X1Server\Happy World Religion Day!.msg
Win32::Tibs-AFP [Trj] C:\documents and settings\XXXX\local settings
| \temp\X1Server\I Love Thee.msg


| Backdoor:Win32/Ryknos.BC (Alert level: *Severe") file:C:\Documents and
| Settings\XXXX\Local Settings\Temp\ARC70F.tmp
| Worm:Win32/Mtob.NP(a)mm (Alert level: *Severe") file:C:\Documents and
| Settings\XXXX\Local Settings\Temp\ARC1405.tmp Description: This
| program is dangerous and self-propagates over a network connection.
| Backdoor:Win32/Ryknos.BC [AGAIN] (Alert level: *Severe") file:C:
| \Documents and Settings\XXXX\Local Settings\Temp\ARC1B59.tmp
| Worm:Win32/Mtob.NP(a)mm file:C:\Documents and Settings\XXXX\Local
| Settings\Temp\ARC285D.tmp

| Does that help?


| Ship


No file infecting viruses nor MBR/Disk Sector Infectors were noted. A simple reformat of
the HD and re-install of the OS is all that's needed IFF that's how you want to proceed.

Interestingly, NONE in the log excerpts your provided were shown to have malware actually
in the OS. All were in the TEMP folder.

Also interesting was "Trojan: Win32/Vxidl.gen" and "Nuwar mass mailer" found in...
%TEMP%\_avast4_\*.tmp files.

Where did you get your copy of Avast ?

What are teh .MSG file as in "Sadam Hussein safe and sound!.msg" ?
Are they email related ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


From: ship on
> Also, he made another post
> and I'm pretty sure there was no evidence his OS even had an infection;
> that is, his AV program found suspect files in the the temp directory
> and unopened e-mail attachments.

How can I discover *for sure* whether I have an actual infection or
whether
the above a just viruses that have been lying dormant (e.g. in emails)
and which have never
actually been exectuted?

Ship (OP)
From: ship on
From carmel:
> It has some information that might prove useful to you. You might be
> interested in: DriverMax <http://www.innovative-sol.com/drivermax/>
> also. It could save you a lot of time. Prior to running it, do insure
> that you have the latest drivers installed.

Driver max sounds like it allows you to upload your current drivers
onto
their website and then download them again into your freshly formatted
computer.

But surely this is extremely dangerous in my case where I have been
infected, because a virus could burn itself into one of my drivers and
would then be unwittingly re-installed, no?

Ship
From: "FromTheRafters" erratic on
"ship" <shiphen(a)gmail.com> wrote in message
news:f75bd367-13c9-4a0b-8bc3-a07f31d4d3e6(a)14g2000yqp.googlegroups.com...
>> Also, he made another post
>> and I'm pretty sure there was no evidence his OS even had an
>> infection;
>> that is, his AV program found suspect files in the the temp directory
>> and unopened e-mail attachments.
>
> How can I discover *for sure* whether I have an actual infection or
> whether
> the above a just viruses that have been lying dormant (e.g. in emails)
> and which have never
> actually been exectuted?

The fact that they reside in temp files is no guarantee that they don't
exist elsewhere as well.

You can attempt to fix your computer by using the various antimalware
programs available, but if you want to feel confident about the results
it is best to restore to factory specifications and rebuild from there.
My gut feeling, in view of how many things were reportedly found, is
that safe practices were not in place on this computer - all the more
reason to flatten and rebuild at this point.

The lying thief "The Real Truth MVP" (even its moniker is a lie) may be
right about the temp files. If you clear the temp files out, a
subsequent scan may come up clean. If you are happy with that as a
result, then so be it. Personally, I feel that you should familiarize
yourself with the use of the restore partition and getting the updates
installed.