Is it a worm?

Question

I own a couple of Dell machines, and I am experiencing a problem on one of them, I'm sure it isn't a machine fault but I'm at a loss to find out what I should do so I thought that you might be able to help.

In the last couple of days I have started to receive 100's of 'returned message' e mails to messages that I haven't sent. I own the domain name 'biscoes.co.uk' and I use this as my e mail address (there is no web site associated with this domain name yet). All of these returned e-mail messages that I receive are coming through to the 'biscoes.co.uk' address as oppose to the 'real' e-mail address (drew@biscoe23.freeserve.co.uk) . I did open an e-mail attachment (a PowerPoint presentation) a couple of days ago that I thought was from a trusted source and this seems to be when the trouble started. I assumed that I had picked up a worm but I have scanned the machine several times with various scans (inc MacAfee etc) and they all say that they can find no problem at all ... but I know that there is ....

So I was hoping that with your vast knowledge of computers etc that you might be able to help me.

Thanks

Andrew Biscoe

1972vet · Answer

Visit Kaspersky on-Line Scanner.

1) Scroll down to the bottom of the page and click the "Accept" button.

2) Wait while the Active X control needed to run the scan is downloaded.

3) When the installation and update completes click the "Next" button
at the bottom then click "My Computer" to start the scan.

4) When the scan completes, click "Save as Text" and note the location in the save box. Name the file "Kaspersky scan" and click "save".

5) Navigate to the location where you just saved the report and copy the contents of the .txt file. Paste those contents in this thread on your next
reply.

Butler63 · Answer

Thanks for all of this

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, June 13, 2007 1:05:04 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 13/06/2007
Kaspersky Anti-Virus database records: 342781
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 84551
Number of viruses found: 2
Number of infected objects: 7
Number of suspicious objects: 0
Duration of the scan process: 01:13:33

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{D635A5BA-FE49-4FF7-94E4-85E36B72254E}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\RBLDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFRA.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Andrew\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\AUPNP.log Object is locked skipped
C:\Documents and Settings\Andrew\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Andrew\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Andrew\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Andrew\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Andrew\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Andrew\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Andrew\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Andrew\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andrew\Local Settings\History\History.IE5\MSHist012007061220070613\index.dat Object is locked skipped
C:\Documents and Settings\Andrew\Local Settings\Temp\~DF51CD.tmp Object is locked skipped
C:\Documents and Settings\Andrew\Local Settings\Temp\~DF51DE.tmp Object is locked skipped
C:\Documents and Settings\Andrew\Local Settings\Temp\~DF537E.tmp Object is locked skipped
C:\Documents and Settings\Andrew\Local Settings\Temp\~DF538F.tmp Object is locked skipped
C:\Documents and Settings\Andrew\Local Settings\Temp\~DF5425.tmp Object is locked skipped
C:\Documents and Settings\Andrew\Local Settings\Temp\~DF5436.tmp Object is locked skipped
C:\Documents and Settings\Andrew\Local Settings\Temp\~DF5453.tmp Object is locked skipped
C:\Documents and Settings\Andrew\Local Settings\Temp\~DF5478.tmp Object is locked skipped
C:\Documents and Settings\Andrew\Local Settings\Temp\~DF5A33.tmp Object is locked skipped
C:\Documents and Settings\Andrew\Local Settings\Temp\~DF5A44.tmp Object is locked skipped
C:\Documents and Settings\Andrew\Local Settings\Temp\~DF5A5F.tmp Object is locked skipped
C:\Documents and Settings\Andrew\Local Settings\Temp\~DF5A70.tmp Object is locked skipped
C:\Documents and Settings\Andrew\Local Settings\Temp\~DF5E55.tmp Object is locked skipped
C:\Documents and Settings\Andrew\Local Settings\Temp\~DF5E66.tmp Object is locked skipped
C:\Documents and Settings\Andrew\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andrew\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Andrew\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\aztecrichesMPP\Logger\aztecriches86.lgr Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_BVtUW8AomidYamf Object is locked skipped
C:\WINDOWS\Temp\mcafee_iVUz5gzZmZpOP3G Object is locked skipped
C:\WINDOWS\Temp\mcmsc_dCRDcxjN5eUC9PI Object is locked skipped
C:\WINDOWS\Temp\mcmsc_HO41soZF4pUWz4l Object is locked skipped
C:\WINDOWS\Temp\mcmsc_N9Vg1w7dTJwx1Hf Object is locked skipped
C:\WINDOWS\Temp\mcmsc_RERw9E7wMekEHx5 Object is locked skipped
C:\WINDOWS\Temp\sqlite_1HeFQ5jX3HslOjY Object is locked skipped
C:\WINDOWS\Temp\sqlite_4OOkaPc2DLOZSZW Object is locked skipped
C:\WINDOWS\Temp\sqlite_GdUlkqTVe0qoUpg Object is locked skipped
C:\WINDOWS\Temp\sqlite_Oubw22OHpLaEban Object is locked skipped
C:\WINDOWS\Temp\sqlite_U4FnpXYC3aLNx4S Object is locked skipped
C:\WINDOWS\Temp\sqlite_ZKNzFJLsD0ZafzD Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\change.log Object is locked skipped
F:\Andrew\ZallaNayver\freeripmp3.exe/Stream/data0037 Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped
F:\Andrew\ZallaNayver\freeripmp3.exe/Stream Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped
F:\Andrew\ZallaNayver\freeripmp3.exe Inno: infected - 2 skipped
F:\Andrew\Andrew's Bits and Bobs\(Better Version) zallanayver 39.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
F:\Andrew\Desktop\ZallaNayver\freeripmp3.exe/Stream/data0037 Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped
F:\Andrew\Desktop\ZallaNayver\freeripmp3.exe/Stream Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped
F:\Andrew\Desktop\ZallaNayver\freeripmp3.exe Inno: infected - 2 skipped

Scan process completed.

1972vet · Answer

You have some problems that remain. You should post a HijackThis log Here. When you do, please post a link to this thread so the helper there can see that you still have a trojan downloader that Kaspersky couldn't deal with.

Butler63 · Answer

Ok, thanks for all of the help, trust me to pick up an awkward trojan, not much easy in this world!!

Virus & Spyware

Is it a worm?

Was this post helpful?