odb Posted May 27, 2011 Author Posted May 27, 2011 as i was doing the eset scan. avira picked up 2 viruses. this is the report of avira: Avira AntiVir Personal Report file date: 27 May 2011 23:36 Scanning for 2770518 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : YOUR-Q7FWQX3NCP Version information: BUILD.DAT : 10.0.0.648 31823 Bytes 4/1/2011 18:36:00 AVSCAN.EXE : 10.0.4.2 442024 Bytes 4/1/2011 16:07:43 AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2011 16:07:57 LUKE.DLL : 10.0.3.2 104296 Bytes 4/1/2011 16:07:53 LUKERES.DLL : 10.0.0.1 12648 Bytes 2/10/2010 23:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 09:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 15:15:47 VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 15:15:47 VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 19:25:32 VBASE004.VDF : 7.11.5.226 2048 Bytes 4/7/2011 19:25:32 VBASE005.VDF : 7.11.5.227 2048 Bytes 4/7/2011 19:25:32 VBASE006.VDF : 7.11.5.228 2048 Bytes 4/7/2011 19:25:32 VBASE007.VDF : 7.11.5.229 2048 Bytes 4/7/2011 19:25:32 VBASE008.VDF : 7.11.5.230 2048 Bytes 4/7/2011 19:25:32 VBASE009.VDF : 7.11.5.231 2048 Bytes 4/7/2011 19:25:32 VBASE010.VDF : 7.11.5.232 2048 Bytes 4/7/2011 19:25:32 VBASE011.VDF : 7.11.5.233 2048 Bytes 4/7/2011 19:25:32 VBASE012.VDF : 7.11.5.234 2048 Bytes 4/7/2011 19:25:33 VBASE013.VDF : 7.11.6.28 158208 Bytes 4/11/2011 19:25:33 VBASE014.VDF : 7.11.6.74 116224 Bytes 4/13/2011 19:25:33 VBASE015.VDF : 7.11.6.113 137728 Bytes 4/14/2011 19:25:34 VBASE016.VDF : 7.11.6.150 146944 Bytes 4/18/2011 19:25:34 VBASE017.VDF : 7.11.6.192 138240 Bytes 4/20/2011 19:25:35 VBASE018.VDF : 7.11.6.237 156160 Bytes 4/22/2011 19:25:35 VBASE019.VDF : 7.11.7.45 427520 Bytes 4/27/2011 19:25:36 VBASE020.VDF : 7.11.7.64 192000 Bytes 4/28/2011 19:25:37 VBASE021.VDF : 7.11.7.97 182272 Bytes 5/2/2011 19:25:37 VBASE022.VDF : 7.11.7.127 467968 Bytes 5/4/2011 19:25:38 VBASE023.VDF : 7.11.7.183 185856 Bytes 5/9/2011 19:25:39 VBASE024.VDF : 7.11.7.218 133120 Bytes 5/11/2011 19:25:39 VBASE025.VDF : 7.11.7.234 139776 Bytes 5/11/2011 19:25:39 VBASE026.VDF : 7.11.8.16 147456 Bytes 5/13/2011 19:25:40 VBASE027.VDF : 7.11.8.46 169472 Bytes 5/17/2011 19:25:40 VBASE028.VDF : 7.11.8.109 181760 Bytes 5/24/2011 19:03:40 VBASE029.VDF : 7.11.8.158 191488 Bytes 5/27/2011 17:13:46 VBASE030.VDF : 7.11.8.159 2048 Bytes 5/27/2011 17:13:46 VBASE031.VDF : 7.11.8.160 2048 Bytes 5/27/2011 17:13:46 Engineversion : 8.2.5.6 AEVDF.DLL : 8.1.2.1 106868 Bytes 3/28/2011 15:15:27 AESCRIPT.DLL : 8.1.3.65 1606010 Bytes 5/27/2011 17:14:49 AESCN.DLL : 8.1.7.2 127349 Bytes 3/28/2011 15:15:27 AESBX.DLL : 8.2.1.33 323956 Bytes 5/24/2011 19:04:33 AERDL.DLL : 8.1.9.9 639347 Bytes 3/25/2011 11:21:38 AEPACK.DLL : 8.2.6.8 557430 Bytes 5/18/2011 19:25:47 AEOFFICE.DLL : 8.1.1.23 205178 Bytes 5/27/2011 17:14:40 AEHEUR.DLL : 8.1.2.122 3494263 Bytes 5/27/2011 17:14:37 AEHELP.DLL : 8.1.17.2 246135 Bytes 5/20/2011 18:20:14 AEGEN.DLL : 8.1.5.6 401780 Bytes 5/20/2011 18:20:14 AEEMU.DLL : 8.1.3.0 393589 Bytes 3/28/2011 15:15:19 AECORE.DLL : 8.1.21.1 196983 Bytes 5/24/2011 19:03:45 AEBB.DLL : 8.1.1.0 53618 Bytes 3/28/2011 15:15:19 AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/28/2011 15:15:31 AVPREF.DLL : 10.0.0.0 44904 Bytes 4/1/2011 16:07:42 AVREP.DLL : 10.0.0.10 174120 Bytes 5/18/2011 19:25:50 AVREG.DLL : 10.0.3.2 53096 Bytes 4/1/2011 16:07:42 AVSCPLR.DLL : 10.0.4.2 84840 Bytes 4/1/2011 16:07:43 AVARKT.DLL : 10.0.22.6 231784 Bytes 4/1/2011 16:07:38 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 4/1/2011 16:07:41 SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 14:27:22 AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/28/2011 15:15:30 NETNT.DLL : 10.0.0.0 11624 Bytes 3/28/2011 15:15:39 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 4/1/2011 16:07:58 RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/28/2011 15:15:52 Configuration settings for the scan: Jobname.............................: avguard_async_scan Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4e19b462\guard_slideup.avp Logging.............................: low Primary action......................: repair Secondary action....................: quarantine Scan master boot sector.............: on Scan boot sector....................: off Process scan........................: on Scan registry.......................: off Search for rootkits.................: off Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: high Start of the scan: 27 May 2011 23:36 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'OnlineCmdLineScanner.exe' - '1' Module(s) have been scanned Scan process 'OnlineScannerApp.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'taskmgr.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'avshadow.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned Starting the file scan: Begin scan in 'C:\System Volume Information\_restore{69EE390C-99FC-4477-AB84-45CF4B9BFD7E}\RP401\A0029186.dll' C:\System Volume Information\_restore{69EE390C-99FC-4477-AB84-45CF4B9BFD7E}\RP401\A0029186.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '4c0986c9.qua'. Begin scan in 'C:\System Volume Information\_restore{69EE390C-99FC-4477-AB84-45CF4B9BFD7E}\RP401\A0029187.exe' C:\System Volume Information\_restore{69EE390C-99FC-4477-AB84-45CF4B9BFD7E}\RP401\A0029187.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '549ea96e.qua'. End of the scan: 27 May 2011 23:36 Used time: 00:30 Minute(s) The scan has been done completely. 0 Scanned directories 34 Files were scanned 2 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 2 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 32 Files not concerned 0 Archives were scanned 0 Warnings 2 Notes The scan results will be transferred to the Guard. Quote
etavares Posted May 27, 2011 Posted May 27, 2011 Thanks for posting the log. Those are leftovers in an old Restore Point. We'll purge that at the end to be safe, but no worries there. how is the ESET scan going? Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
odb Posted May 27, 2011 Author Posted May 27, 2011 scan took over 3 hours cpu memory was at 100% most of the time. here is the report: C:\Documents and Settings\Owner\My Documents\Downloads\cbbleepingregistrybooster.exe a variant of Win32/RegistryBooster application C:\Documents and Settings\Owner\My Documents\Downloads\registrybooster.exe Win32/RegistryBooster application C:\System Volume Information\_restore{69EE390C-99FC-4477-AB84-45CF4B9BFD7E}\RP399\A0029101.rbf Win32/RegistryBooster application C:\System Volume Information\_restore{69EE390C-99FC-4477-AB84-45CF4B9BFD7E}\RP399\A0029126.rbf Win32/RegistryBooster application C:\System Volume Information\_restore{69EE390C-99FC-4477-AB84-45CF4B9BFD7E}\RP399\A0029127.rbf Win32/RegistryBooster application C:\System Volume Information\_restore{69EE390C-99FC-4477-AB84-45CF4B9BFD7E}\RP399\A0029128.rbf Win32/RegistryBooster application C:\System Volume Information\_restore{69EE390C-99FC-4477-AB84-45CF4B9BFD7E}\RP399\A0029129.rbf Win32/RegistryBooster application C:\System Volume Information\_restore{69EE390C-99FC-4477-AB84-45CF4B9BFD7E}\RP399\A0029130.rbf Win32/RegistryBooster application C:\System Volume Information\_restore{69EE390C-99FC-4477-AB84-45CF4B9BFD7E}\RP399\A0029158.rbf Win32/RegistryBooster application Quote
odb Posted May 27, 2011 Author Posted May 27, 2011 9 infected and 0 removed. do i run it again? Quote
etavares Posted May 28, 2011 Posted May 28, 2011 No need to run again. We can manually remove these entries if you want simply by deleting the first two files. It is up to you...I warned you about registry cleaners earlier in this thread and that is what was detected by ESET. They are not a virus, but still not a good idea as there is very limited benefit and a very bad potential downside to running them. If you want to remove them, just delete those two files, they are leftover installers you had previously downloaded. Is everything else running OK at this point? Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
odb Posted May 30, 2011 Author Posted May 30, 2011 ran the scan again and removed the infected files. computer is running OK but every now and then cpu is still showing 100%. may b its just getting old. Quote
etavares Posted May 30, 2011 Posted May 30, 2011 Which process is using 100%? Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
odb Posted May 30, 2011 Author Posted May 30, 2011 msmpeng uses a lot its not one particular process. Quote
etavares Posted May 31, 2011 Posted May 31, 2011 If you use safe mode, do you still have the high CPU usage? Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
odb Posted June 4, 2011 Author Posted June 4, 2011 i have not tried safe mode but right now the cpu mem usage is around 70/80% see attached picscreenshot.doc Quote
RandyL Posted June 4, 2011 Posted June 4, 2011 That picture shows 24% not 70/80%. Quite normal. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
etavares Posted June 5, 2011 Posted June 5, 2011 RandyL is correct, that's well within normal range. Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.