Troj/Bdoor-YP poisto?

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by windy78, Dec 18, 2006.

  1. windy78

    windy78 Member

    Joined:
    Feb 11, 2005
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    16
    Osaisiko kukaan auttaa tämän viruksen poistamisessa. Olen koittanut googlettaa ja etsiä täältä keskusteluista vinkkejä. Myöskään Nortonin sivuilla olevat ohjeet eivät oikein ole auenneet. Norton ilmoittaa viruksen nimeksi Backdoor.Trojan ja file sijaitsee C:\WINDOWS\system32\ldapi32.exe, mutta Norton ei pysty tuhoamaan virusta, vaan on vain laittanut sen karanteeniin. Myöskään Spyware Doctor ei löydä kyseistä virusta. Miten siis saan poistettua tuon viruksen? Joissain ohjeissa sanotaa, että pitää poistaa järjestelmän palauttaminen käytöstä, mutta kone ei jostain syystä suostu asettamaan tätä toimintoa pois päältä. Nyt tarvittaisiin vinkkejä ja step by step -tyyliin.
     
    windy78, Dec 18, 2006
    #1
  2. Hujo

    Hujo Guest

    tuosta hjt loki
     
    Hujo, Dec 18, 2006
    #2
  3. windy78

    windy78 Member

    Joined:
    Feb 11, 2005
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    16
    Onko tosiaan niin, että Symantecin sivuilta ei löydy suoraan mitään ohjelmaa tuon viruksen poistamiseen. Itse kun en ole mikään mestari näissä koneasioissa, niin tuollaisten lokitiedostojen silmäily tuntuu aika vaikealta. Eli onko tuon viruksen poistamiseen mitään yksinkertaista konstia?
     
    windy78, Dec 18, 2006
    #3
  4. Hujo

    Hujo Guest

    Virukset on helppo saada koneelle mutta se poistaminen ei ole yksinkertaista.
    hjt loki tänne.
     
    Hujo, Dec 19, 2006
    #4
  5. windy78

    windy78 Member

    Joined:
    Feb 11, 2005
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    16
    Logfile of HijackThis v1.99.1
    Scan saved at 9:34:03, on 22.12.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\WINDOWS\system32\E_S00RP1.EXE
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\CameraAssistant.exe
    C:\WINDOWS\system32\ElkCtrl.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\WINDOWS\system32\vssms32.exe
    C:\Program Files\ICQLite\ICQLite.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live Toolbar\msn_sl.exe
    C:\Documents and Settings\Timo\Local Settings\Temporary Internet Files\Content.IE5\OD09QJ0X\HijackThis_v1.99.1[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O5 "COM1:" /M "Stylus D88"
    O4 - HKLM\..\Run: [EPSON Stylus D88 Series (Kopioi 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P34 "EPSON Stylus D88 Series (Kopioi 1)" /O6 "USB001" /M "Stylus D88"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe
    O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?ea052ba8c92a44478fa40e838d02348d
    O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?ea052ba8c92a44478fa40e838d02348d
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

     
    windy78, Dec 21, 2006
    #5
  6. windy78

    windy78 Member

    Joined:
    Feb 11, 2005
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    16
    Eli osaako joku tuon lokin perusteella sanoa, että mitä mun pitäisi tehdä. Nyt Norton ilmoittaa, että virus sijaitsee tiedostossa File: C:\WINDOWS\system32\ntcvx32.dll (Virus name: Backdoor.Trojan)
     
    windy78, Dec 21, 2006
    #6
  7. windy78

    windy78 Member

    Joined:
    Feb 11, 2005
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    16
    O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe

    Eli tuollainen löytyi, mutta miten sen saa pois?
     
    windy78, Dec 21, 2006
    #7
  8. Hujo

    Hujo Guest

    scannaa hjt:llä merkkaa paina Fix checked

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe

    Ohjeet tuolla sivulla.
    http://koti.mbnet.fi/pattaya1/escanmwav.htm
    lataa tuosta
    http://www.spywareinfo.dk/download/mwav.exe
    päivitä tuosta
    http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
    laita täpit merkkauksien mukaan
    http://koti.mbnet.fi/pattaya1/eScan6.jpg

    scannaa

    jos ala luukkuun tulee jotain niin kopioi se näin:
    Käytä komentoa Ctrl+A.
    Kopioi rivit komennolla Ctrl+C.
    Liitä rivit komennolla Ctrl+V.

    Laita virus log tänne.

     
    Hujo, Dec 22, 2006
    #8
  9. ripa22

    ripa22 Guest

    jos sama kun mulla backdoor trojan,aukaise kone vikasietotilassa.
    etsi tiedosto irdvxc.exe.
    poista roskakoriin ja tyhjää se pitäis kadota.
    sit normaali käynnistys
     
    ripa22, Dec 23, 2006
    #9
  10. windy78

    windy78 Member

    Joined:
    Feb 11, 2005
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    16
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01AC0000.VBN infected by "Backdoor.Win32.Cakl.a" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01BC0000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01CC0000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\053C0000.VBN infected by "Backdoor.Win32.Cakl.a" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05900000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05940000.VBN infected by "Backdoor.Win32.Cakl.a" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05980000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05A40000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B00000.VBN infected by "Backdoor.Win32.Cakl.a" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B40000.VBN infected by "Backdoor.Win32.Cakl.a" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05C00000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D00000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D40000.VBN infected by "Backdoor.Win32.Cakl.a" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05F80000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06000000.VBN infected by "Backdoor.Win32.Cakl.a" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06080000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\060C0000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06200000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\063C0000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06480000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06EC0000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06F00000.VBN infected by "Backdoor.Win32.Cakl.a" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07200000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\073C0000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08380000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08400000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08440000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08480000.VBN infected by "Backdoor.Win32.Cakl.a" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\084C0000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\084C0001.VBN infected by "Backdoor.Win32.Cakl.a" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08540000.VBN infected by "Backdoor.Win32.Cakl.a" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08580000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\085C0000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08600000.VBN infected by "Backdoor.Win32.Cakl.a" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08680000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\086C0000.VBN infected by "Backdoor.Win32.Cakl.a" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\086C0001.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08700000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08740000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08840000.VBN infected by "Backdoor.Win32.Cakl.a" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\088C0000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08900000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09D40000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09EC0000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09F00000.VBN infected by "Backdoor.Win32.Cakl.a" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A500000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A580000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A600000.VBN infected by "Backdoor.Win32.Cakl.a" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AF40000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AF80000.VBN infected by "Backdoor.Win32.Cakl.a" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B000000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B740000.VBN infected by "Backdoor.Win32.Cakl.a" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B7C0000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B800000.VBN infected by "Backdoor.Win32.Cakl.d" Virus. Action Taken: File Renamed:

    Eli tuo viittaa pelkästään tuohon Nortonin Antivirus-ohjelmaan. Mitäs nyt pitäisi tehdä?
     
    windy78, Dec 26, 2006
    #10

Share This Page