;*********************************************************************************************************************************************************************************** ANALYSIS: 2008-05-09 02:06:57 PROTECTIONS: 1 MALWARE: 27 SUSPECTS: 0 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== Panda Antivirus 2008 3.01.00 Yes Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Bram\Cookies\bram@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Bram\Cookies\bram@atdmt[2].txt 00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP5\A0000369.EXE 00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP3\A0000167.EXE 00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP3\A0000032.EXE 00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP4\A0000190.EXE 00139535 Application/Processor HackTools No 0 No No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP3\A0000104.EXE[SDFix\apps\Process.exe] 00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP3\A0000031.EXE 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bram\Cookies\bram@serving-sys[1].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bram\Cookies\bram@bs.serving-sys[2].txt 00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Documents and Settings\Bram\Cookies\bram@metriweb[1].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Bram\Cookies\bram@bluestreak[1].txt 00521370 Spyware/Iehelp Spyware No 1 No No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP9\A0000576.EXE[iWinGamesSetup2.exe][iWinGamesHookIE.dll] 01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Documents and Settings\Bram\Bureaublad\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe] 01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP4\A0000268.EXE 01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP35\A0005093.EXE 01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP4\A0000269.EXE 01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP16\A0001002.EXE 02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP5\A0000350.EXE 02893775 Spyware/Iehelp Spyware No 1 No No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP9\A0000576.EXE[iWinGamesSetup2.exe][iWinArcadeLauncher.exe] 02907124 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP3\A0000123.DLL 02907124 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP7\A0000395.DLL 02907124 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP7\A0000394.DLL 02907127 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP3\A0000121.EXE 02907135 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP3\A0000113.EXE 02907138 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP3\A0000119.EXE 02907145 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP3\A0000144.EXE 02907145 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP3\A0000120.EXE 02907149 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP3\A0000114.EXE 02907154 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP3\A0000112.EXE 02909544 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP4\A0000213.DLL 02909900 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\catchme2008-03-28_151750.75.zip[yayvUnmj.dll] 02909900 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP16\A0001052.DLL 02909900 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP16\A0001051.DLL 02910793 Adware/VapSup Adware No 0 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP16\A0001050.EXE 02913356 Adware/VapSup Adware No 0 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP16\A0000987.DLL 02913356 Adware/VapSup Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\qvdntlmw.dll.vir 02913357 Adware/VapSup Adware No 0 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP24\A0003165.EXE 02913361 Trj/Alanchum.XK Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP24\A0003166.EXE 02914163 Adware/VapSup Adware No 0 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP16\A0000989.DLL 02914163 Adware/VapSup Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\dwnrpofk.dll.vir 02921155 Adware/VapSup Adware No 0 Yes No C:\System Volume Information\_restore{014758D0-959E-4CA4-9FEE-495BF67A5523}\RP24\A0003164.DLL ;=================================================================================================================================================================================== SUSPECTS Sent Location •à ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description •à ;=================================================================================================================================================================================== 108742 MEDIUM MS06-006 •à ;===================================================================================================================================================================================