Bootable Antivirus Scan Log Sample
If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
I thought I'd upload the stats from one of today's clients. This client complained of "security alerts" which were just rogue anti-privacy applications.
I cleaned this PC with my bootable antimalware (avira and superantispyware) disc. I added the log below for your viewing pleasure (these infections are fresh)!
Happy Hunting:
=================================
Begin scan in 'C:\'
C:\Documents and Settings\All Users\Application Data\kfwluzmr\afypazgp.exe
[DETECTION] Is the Trojan horse TR/Obfuscated.GX.577
[NOTE] A backup was created as '493e1a7c.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\Roger Rolper\Local Settings\Temp\163.tmp.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.wah
[NOTE] A backup was created as '48f81b36.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\Roger Rolper\Local Settings\Temp\164.tmp
[0] Archive type: RAR SFX (self extracting)
--> sav.exe
[DETECTION] Is the Trojan horse TR/Fake.UltimaAV.bh
--> sav.cpl
[DETECTION] Is the Trojan horse TR/FakeAV.BC.2
[DETECTION] Contains detection pattern of the dropper DR/FraudTool.MSAntivirus.V.1
[NOTE] A backup was created as '48f91b37.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\Roger Rolper\Local Settings\Temp\a.exe
[DETECTION] Is the Trojan horse TR/Drop.Zlob.waf
[NOTE] A backup was created as '492a1b31.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\Roger Rolper\Local Settings\Temp\b.exe.bak
[DETECTION] Is the Trojan horse TR/Obfuscated.GX.577
[NOTE] A backup was created as '4881845a.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\Roger Rolper\Local Settings\Temp\c.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The fund was classified as suspicious.
[NOTE] A backup was created as '492a1b32.qua' ( QUARANTINE )
C:\Documents and Settings\Roger Rolper\Local Settings\Temp\file.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The fund was classified as suspicious.
[NOTE] A backup was created as '49311b6f.qua' ( QUARANTINE )
C:\Documents and Settings\Roger Rolper\Local Settings\Temporary Internet Files\Content.IE5\OXG6II6L\file[1].exe
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The fund was classified as suspicious.
[NOTE] A backup was created as '49311c37.qua' ( QUARANTINE )
C:\Program Files\AntiMalwareGuard\amg.exe
[DETECTION] Is the Trojan horse TR/Fakealert.abf
[NOTE] A backup was created as '492c1db7.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Program Files\DIGStream\digstream.exe
[DETECTION] Contains detection pattern of the SPR/Dldr.DigStream program
[NOTE] A backup was created as '492c1e00.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Program Files\SAV\sav.cpl
[DETECTION] Is the Trojan horse TR/FakeAV.BC.2
[NOTE] A backup was created as '493b203d.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Program Files\SecureExpertCleaner\Reminder.exe
[DETECTION] Contains detection pattern of the SPR/SecExpClean.A.1 program
[NOTE] A backup was created as '49322041.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1126\A0054947.cpl
[DETECTION] Is the Trojan horse TR/FakeAV.AR
[NOTE] A backup was created as '48f52075.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1139\A0056657.dll
[DETECTION] Is the Trojan horse TR/Zlob.waf
[NOTE] A backup was created as '48f520a1.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\etc\hosts.20071029-122133.backup
[DETECTION] Is the Trojan horse TR/Qhost.MY.3
[NOTE] A backup was created as '4938236f.qua' ( QUARANTINE )
[NOTE] The file was deleted!
======================================
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Thanks for sharing this! I’ll try to make a bootable antivirus myself.
By the way, Norton 2009 is now available! It would be nice to see its review.