PDA

Просмотр полной версии : Infection in network



copperray
28.04.2007, 11:12
Hi all,

I have 3 PC connected via router. At least 2 are definitively infected (e.g. no connection to antivirus sites possible).
The 3rd PC (Win2k) seems less or not affected. I only found that AVG Antispy is unable to perform its updates. I would like to know if this PC is really clean or am I wrong. I followed the instructions and got following LOG's.
Pls., investigated the attached LOG files.
Thanks in advance for your assistance.

NickGolovko
28.04.2007, 11:16
Please run AVZ, go to File - Custom scripts, copy the Code, paste it to Custom scripts window and Run the script.


begin
QuarantineFile('D:\WINNT\winstart.bat','');
end.

After that please upload quarantined file(s) according to the Rules.

Telling the truth, I don't see anything severe - but let's see the Quarantine.

copperray
28.04.2007, 16:06
Sounds good. I uploaded the requested file.

AndreyKa
28.04.2007, 16:35
Did you upload it from Upload quarantined files (http://virusinfo.info/upload_virus.php?tid=9348) link or not?

copperray
28.04.2007, 17:11
Did you upload it from Upload quarantined files (http://virusinfo.info/upload_virus.php?tid=9348) link or not?

EDIT: Sorry, I found that I did not upload with the correct procedure.
I will do it again.

drongo
28.04.2007, 17:14
Strange, why i can't see that? . Could you please upload it one more time.

Numb
28.04.2007, 17:37
Quarantine was recieved. File D:\WINNT\winstart.bat consist of two commands:
if not exist D:\WINNT\INF\TTIUN.INF deltree /y D:\WINNT\TTIUN206.EXE
del D:\WINNT\WINSTART.BAT Do you know what TTIUN206.EXE is? If no, please run AVZ, go to File - Custom scripts, copy the Code, paste it to Custom scripts window and Run the script.
begin
QuarantineFile('D:\WINNT\INF\TTIUN.INF','');
QuarantineFile('D:\WINNT\INF\TTIUN206.EXE','');
end. After that please upload quarantined files according to the Rules.

copperray
28.04.2007, 18:25
Uploaded as virus2.zip

copperray
28.04.2007, 18:30
I have now found the program where ttiun206.exe is link to. It's a driver for a scanner from boeder, now tamarack.

drongo
28.04.2007, 18:58
Well, i recommend you to delete the rule of the " AVG Antispy" in ZoneAlram firewall and make a new one ;) Please,also check settings in your router .And ,we are waiting from you for 2 more topics( you did told us , that you have 2 more computers) with logs according to our rules.