So I should have known better. File-sharing was never safe and I shouldn’t have gone where I did, but it’s happened and now I’m paying the price.
According to Avast!, Ewido, and TrendMicro’s HouseCall my computer is clean, but I’m still getting a load of random archives (all .rar, some labelled as american movies, foreign movies, porn, or music files) cropping up in my c:/documents and settings/user/complete folder. I’ve gone in three times now and deleted them - first time there were 20, second time there were over eighty and this last time there was one hundred and eight.
Again, I ran all three scans (and used the Avast! Virus Cleaner just to be safe) and all tell me I’m clean. I ran Hijack This and had the log analyzed over at http://hijackthis.de/index.php, and everything came back as safe… so why am I still getting these archives?!
my avast! log states:
2/10/2006 4:26:59 PM SYSTEM 776 Sign of “Win32:Trojan-gen. {Other}” has been found in “C:\Documents and Settings\Sparrow\Local Settings\Temporary Internet Files\Content.IE5\4LNY4PBH\inst_0004[1].exe” file.
2/10/2006 4:27:30 PM SYSTEM 776 Sign of “Win32:Trojan-gen. {Other}” has been found in “C:\inst_0004.exe” file.
2/10/2006 4:28:37 PM SYSTEM 776 Sign of “Win32:Trojan-gen. {UPX!}” has been found in “C:\Documents and Settings\Sparrow\Local Settings\Temporary Internet Files\Content.IE5\4LNY4PBH\drdata[1].avi” file.
2/10/2006 4:28:37 PM SYSTEM 776 Sign of “Win32:Trojan-gen. {UPX!}” has been found in “C:\Program Files\Common Files\InetGet\mc-110-12-0000140.exe” file.
2/10/2006 4:28:37 PM SYSTEM 776 Sign of “Win32:Trojan-gen. {UPX!}” has been found in “C:\Program Files\Common Files\InetGet\mc-110-12-0000140.exe” file.
2/10/2006 4:29:24 PM SYSTEM 776 Sign of “Win32:Trojano-2873 [Trj]” has been found in “C:\Documents and Settings\Sparrow\Local Settings\Temporary Internet Files\Content.IE5\Z2EG808G\MTE3NDI6ODoxNg[1].exe” file.
2/10/2006 4:29:24 PM SYSTEM 776 Sign of “Win32:Trojano-2873 [Trj]” has been found in “C:\MTE3NDI6ODoxNg.exe” file.
2/10/2006 4:29:24 PM SYSTEM 776 Sign of “Win32:Trojano-2873 [Trj]” has been found in “C:\MTE3NDI6ODoxNg.exe” file.
2/10/2006 4:33:46 PM Sparrow 2744 Sign of “Win32:Trojan-gen. {UPX!}” has been found in “C:\Documents and Settings\Sparrow\Local Settings\Temporary Internet Files\Content.IE5\4LNY4PBH\drdata[1].avi” file.
2/10/2006 4:34:06 PM Sparrow 2744 Sign of “Win32:Trojano-2873 [Trj]” has been found in “C:\Documents and Settings\Sparrow\Local Settings\Temporary Internet Files\Content.IE5\Z2EG808G\MTE3NDI6ODoxNg[1].exe” file.
2/10/2006 4:41:00 PM Sparrow 2744 Sign of “Win32:Trojano-2873 [Trj]” has been found in “C:\MTE3NDI6ODoxNg.exe” file.
2/10/2006 4:43:50 PM Sparrow 2744 Sign of “Win32:Trojan-gen. {UPX!}” has been found in “C:\Program Files\Common Files\InetGet\mc-110-12-0000140.exe” file.
2/10/2006 5:27:20 PM Sparrow 560 Sign of “Win32:Trojan-gen. {UPX!}” has been found in “C:\Documents and Settings\Sparrow\Local Settings\Temporary Internet Files\Content.IE5\4LNY4PBH\drdata[1].avi” file.
2/10/2006 5:27:24 PM Sparrow 560 Sign of “Win32:Trojan-gen. {UPX!}” has been found in “C:\Program Files\Common Files\InetGet\mc-110-12-0000137.exe” file.
2/10/2006 5:28:07 PM Sparrow 560 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\Documents and Settings\Sparrow\Local Settings\Temporary Internet Files\Content.IE5\QRQTQPUH\freeprodtb[2].exe” file.
2/10/2006 5:28:13 PM Sparrow 560 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\Documents and Settings\Sparrow\Desktop\freeprodtb.exe” file.
I moved everything to the chest, deleted/cleaned what I could on my own/with TrendMicro, ran avast! again and got no alerts at all…
I’m attaching my HijackThis log because I don’t know exactly if these posts will hold that much :\