is it clean?

Printable View

16.03.2007, 12:48
parufka

Вложений: 3

is it clean?

Hi,
at first thanks for all help, I'm sure about one computer:
(maybe it could be AV - I forgot tell user to disable AV)
[code]
Function kernel32.dll:CreateProcessA (198) intercepted, method ProcAddressHijack.GetProcAddress ->BFF77741->C008CEEE
Function kernel32.dll:LoadLibraryExA (554) intercepted, method ProcAddressHijack.GetProcAddress ->BFF91318->C008CF05
Function kernel32.dll:WinExec (812) intercepted, method ProcAddressHijack.GetProcAddress ->BFFA0DA8->C008CEE6
[/code]

and AVZ found some suspicious files.

Could You take a look?

Parufka
16.03.2007, 13:12
drongo

Please download [url=http://z-oleg.com/avz4en.zip] the last version of the AVZ(4.24 ) [/url] update it and create 2 logs of avz .
Please copy these files to zip archive with password : virus
[code]
c:\WINDOWS\SYSTEM\CMSFIXLD.EXE
c:\Program Files\Linksys\Wireless-G Notebook Adapter\InstallDrv.exe
[/code]
and upload it using [url]http://virusinfo.info/upload_virus.php?tid=8445[/url]
for future investigation .
16.03.2007, 14:56
parufka

>I'm sure about one computer:
Should be: I'm not sure about one computer :)

I uploaded files but logs should arrive on monday

Parufka
16.03.2007, 16:48
NickGolovko

c:\WINDOWS\SYSTEM\CMSFIXLD.EXE

was detected by Ikarus antivirus only. This looks like a false alarm.

The other file seems to be clean either.
20.03.2007, 12:30
parufka

Вложений: 2

>Please download [URL="http://z-oleg.com/avz4en.zip"]the last version of the AVZ(4.24 ) [/URL]update it and create >2 logs of avz .

logs are uploaded
parufka
20.03.2007, 12:55
NickGolovko

No active infection is visible.

Please send us the quarantine contents according to the rules.
22.02.2009, 01:40
CyberHelper

Итог лечения

Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]2[/B][*]Обработано файлов: [B]12[/B][*]В ходе лечения вредоносные программы в карантинах не обнаружены[/LIST]