[Solved]Virus which will not go away.

sodabonesodabone
edited November 2006 in Spyware & Virus Removal
BitDefender Online Scanner







Scan report generated at: Sun, Nov 19, 2006 - 17:31:24









Scan path: C:\;D:\;















Statistics

Time


02:44:25

Files


718267

Folders


7802

Boot Sectors


2

Archives


3679

Packed Files


75805







Results

Identified Viruses


2

Infected Files


6

Suspect Files


1

Warnings


0

Disinfected


0

Deleted Files


8







Engines Info

Virus Definitions


316797

Engine build


AVCORE v1.0 (build 2355) (i386) (Sep 25 2006 13:46:24)

Scan plugins


13

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\4N0D0PA2\popup_code[1].htm=>(JAVASCRIPT 1)


Infected with: Trojan.Downloader.JS.Istbar.B

C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\4N0D0PA2\popup_code[1].htm=>(JAVASCRIPT 1)


Disinfection failed

C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\4N0D0PA2\popup_code[1].htm=>(JAVASCRIPT 1)


Deleted

C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\4N0D0PA2\popup_code[1].htm


Updated

C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\8JF74NOY\popup_code[1].htm=>(JAVASCRIPT 1)


Infected with: Trojan.Downloader.JS.Istbar.B

C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\8JF74NOY\popup_code[1].htm=>(JAVASCRIPT 1)


Disinfection failed

C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\8JF74NOY\popup_code[1].htm=>(JAVASCRIPT 1)


Deleted

C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\8JF74NOY\popup_code[1].htm


Updated

C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\WO8UHNV6\id_detail[1].htm


Suspected of: Exploit.ADODB.Stream.AN

C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\WO8UHNV6\id_detail[1].htm


Disinfection failed

C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\WO8UHNV6\id_detail[1].htm


Deleted

C:\Program Files\Eset\infected\H0SCSSDA.NQF=>(Quarantine-PE)


Infected with: Backdoor.Virkel.A

C:\Program Files\Eset\infected\H0SCSSDA.NQF=>(Quarantine-PE)


Disinfection failed

C:\Program Files\Eset\infected\H0SCSSDA.NQF=>(Quarantine-PE)


Deleted

C:\Program Files\Eset\infected\L30NUGAA.NQF=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0002


Infected with: Backdoor.Virkel.A

C:\Program Files\Eset\infected\L30NUGAA.NQF=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0002


Disinfection failed

C:\Program Files\Eset\infected\L30NUGAA.NQF=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0002


Deleted

C:\Program Files\Eset\infected\L30NUGAA.NQF=>(Quarantine-PE)=>(NSIS o)


Update failed

C:\Program Files\Eset\infected\YVS0VADA.NQF=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0006


Infected with: Backdoor.Virkel.A

C:\Program Files\Eset\infected\YVS0VADA.NQF=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0006


Disinfection failed

C:\Program Files\Eset\infected\YVS0VADA.NQF=>(Quarantine-PE)=>(NSIS o)=>lzma_solid_nsis0006


Deleted

C:\Program Files\Eset\infected\YVS0VADA.NQF=>(Quarantine-PE)=>(NSIS o)


Update failed

C:\System Volume Information\_restore{0E83D52F-B946-4A94-8165-7B5F3E71D76B}\RP238\A0050126.exe=>(NSIS o)=>lzma_solid_nsis0006


Infected with: Backdoor.Virkel.A

C:\System Volume Information\_restore{0E83D52F-B946-4A94-8165-7B5F3E71D76B}\RP238\A0050126.exe=>(NSIS o)=>lzma_solid_nsis0006


Disinfection failed

C:\System Volume Information\_restore{0E83D52F-B946-4A94-8165-7B5F3E71D76B}\RP238\A0050126.exe=>(NSIS o)=>lzma_solid_nsis0006


Deleted

C:\System Volume Information\_restore{0E83D52F-B946-4A94-8165-7B5F3E71D76B}\RP238\A0050126.exe=>(NSIS o)


Update failed

edit: I have tried jotti scan, but it cannot find the file. NOD32 keeps on finding the file. The virus is called: Win32/Tool.EvlD4226 application.

It has something to do with PPLive p2p software. I have deleted the software and removed the file folder from program files.

Comments

  • TroganTrogan London, UK
    edited November 2006
    Do the following...

    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
    This program is for XP and Windows 2000 only!

    Double-click ATF Cleaner.exe to open it.

    Under Main select the following:
      Windows Temp
      Current User Temp
      All Users Temp
      Temporary Internet Files
      Prefetch
      Java Cache      *The other boxes are optional*
      Then click the Empty Selected button.

      Click Exit on the Main menu to close the program.
      ______________________

      The others are in the System Restore. You can remove them by doing the following...
      • Click Start | Help and Support | Undo changes to your computer with System Restore.
      • Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
      • Close the Help and Support Center box.
      • Click Start | Run and type Cleanmgr
      • Select (C: ) then click OK.
      • Click the More Options tab.
      • Click Clean Up in the System Restore Section.
      This will remove all previous restore points except the newly created one.


      Let me know if that works.
    • sodabonesodabone
      edited November 2006
      Trogan_1000 wrote:

      The others are in the System Restore. You can remove them by doing the following...
      • Click Start | Help and Support | Undo changes to your computer with System Restore.
      • Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
      • Close the Help and Support Center box.
      • Click Start | Run and type Cleanmgr
      • Select (C: ) then click OK.
      • Click the More Options tab.
      • Click Clean Up in the System Restore Section.
      This will remove all previous restore points except the newly created one.


      Let me know if that works.

      Unfortuately, when I click help and support, it goes straight to a compaq help file.

      errorxw8.jpg
    • TroganTrogan London, UK
      edited November 2006
      Lets do it the other way:

      Click Start > Right-click My Computer and select Properties.

      Click on the System Restore tab

      Uncheck the box: Turn off System Restore

      Click Apply > OK and restart your computer

      After the computer has restarted, turn System Restore back on.


      Create a new System point by going to Start > All Programs > Accessories > System Tools > System Restore

      In System Restore, select Crate a new restore point and hit Next. Follow the instructions from there.


      Let me know how that goes.
    • sodabonesodabone
      edited November 2006
      ok, I have done the above and I am currently running a NOD scan
    • sodabonesodabone
      edited November 2006
      Solved!
    • TroganTrogan London, UK
      edited November 2006
      Thread resolved!
    This discussion has been closed.