examples of suspicious files

Viruses and worms
1

7/06/2008 7:24:57 AM John 1248 Sign of “Win32:CTX” has been found in “C:\WINDOWS\system32\ActiveScan\pskavs.dll” file.
7/06/2008 7:33:14 AM John 1248 Sign of “Win32:Adware-gen [Adw]” has been found in “C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll” file.
28/06/2008 8:55:08 AM John 816 Sign of “Win32:Trojan-gen {Other}” has been found in “D:\Backups\WinRAR33b4\wrar33b4.exe” file.

6/12/2008 7:51:00 AM John 1412 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\spoolss.dll\drivers\w32x86\3\CNBJDRS.DLL” file.
6/12/2008 7:51:03 AM John 1412 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\spoolss.dll\drivers\w32x86\3\CNBJDRC.DLL” file.

6/12/2008 7:54:35 AM John 1412 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\setup.bmp\msdtcstp.dll” file.
6/12/2008 7:54:39 AM John 1412 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\setup.bmp\ntoc.dll” file.
6/12/2008 7:54:42 AM John 1412 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\setup.bmp\zoneoc.dll” file.
6/12/2008 7:54:45 AM John 1412 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\setup.bmp\fsconins.dll” file.
6/12/2008 7:54:48 AM John 1412 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\setup.bmp\fp40ext.dll” file.
6/12/2008 7:54:51 AM John 1412 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\setup.bmp\fxsocm.dll” file.
6/12/2008 7:54:55 AM John 1412 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\setup.bmp\iis.dll” file.
7/12/2008 7:54:53 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\wbem\xml.xsl\wmi2xml.dll” file.
7/12/2008 7:54:58 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\setupapi.dll\comsetup.dll” file.
7/12/2008 7:56:13 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\spoolsv.exe\drivers\w32x86\3\CNBJDRV2.DLL” file.

7/12/2008 7:56:16 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\spoolsv.exe\drivers\w32x86\3\CNBJUI2.DLL” file.
7/12/2008 7:56:20 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\spoolsv.exe\drivers\w32x86\3\CNBOSTD.DLL” file.
7/12/2008 7:56:23 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\spoolsv.exe\drivers\w32x86\3\CNBPGR01.DLL” file.
7/12/2008 7:56:28 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\spoolsv.exe\drivers\w32x86\3\CNB255SP.DLL” file.
7/12/2008 7:56:31 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\spoolsv.exe\drivers\w32x86\3\CNBJDRS.DLL” file.
7/12/2008 7:56:34 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\spoolsv.exe\drivers\w32x86\3\CNBJDRC.DLL” file.
7/12/2008 7:56:37 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\spoolsv.exe\drivers\w32x86\3\CNBJUI.DLL” file.
7/12/2008 7:56:43 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\spoolsv.exe\drivers\w32x86\3\unidrv.dll” file.
7/12/2008 7:56:47 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\spoolsv.exe\drivers\w32x86\3\unidrvui.dll” file.
7/12/2008 7:56:51 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\spoolsv.exe\drivers\w32x86\3\unires.dll” file.
7/12/2008 7:57:29 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\spoolss.dll\drivers\w32x86\3\CNB265SP.DLL” file.
7/12/2008 7:57:32 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\spoolss.dll\drivers\w32x86\3\CNBJDRV2.DLL” file.
7/12/2008 7:57:35 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\spoolss.dll\drivers\w32x86\3\CNBJUI2.DLL” file.
7/12/2008 7:57:40 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\spoolss.dll\drivers\w32x86\3\CNBOSTD.DLL” file.
7/12/2008 7:57:42 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\spoolss.dll\drivers\w32x86\3\CNBPGR01.DLL” file.
7/12/2008 7:57:47 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\spoolss.dll\drivers\w32x86\3\CNB255SP.DLL” file.
7/12/2008 7:57:50 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\spoolss.dll\drivers\w32x86\3\CNBJDRS.DLL” file.
7/12/2008 7:57:53 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\spoolss.dll\drivers\w32x86\3\CNBJDRC.DLL” file.
7/12/2008 7:57:55 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\spoolss.dll\drivers\w32x86\3\CNBJUI.DLL” file.
7/12/2008 7:58:01 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\spoolss.dll\drivers\w32x86\3\unidrv.dll” file.
7/12/2008 7:58:05 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\spoolss.dll\drivers\w32x86\3\unidrvui.dll” file.
7/12/2008 7:58:09 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\spoolss.dll\drivers\w32x86\3\unires.dll” file.
7/12/2008 7:59:32 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\npptools.dll\ndisnpp.dll” file.
7/12/2008 7:59:36 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\npptools.dll\nppagent.exe” file.
7/12/2008 8:01:14 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\setup.bmp\comsetup.dll” file.
7/12/2008 8:02:16 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\setupdll.dll\comsetup.dll” file.
7/12/2008 8:02:19 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\setupdll.dll\imsinsnt.dll” file.
7/12/2008 8:02:23 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\setupdll.dll\msdtcstp.dll” file.
7/12/2008 8:02:26 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\setupdll.dll\ntoc.dll” file.
7/12/2008 8:04:03 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\COMMTB32.HLP\comrepl.exe” file.
7/12/2008 8:04:08 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\COMMTB32.HLP\comrereg.exe” file.
7/12/2008 8:04:12 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\COMMTB32.HLP\mtsadmin.tlb” file.
7/12/2008 8:04:15 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\COMMTB32.HLP\comadmin.dll” file.
7/12/2008 8:04:20 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\COMMTB32.DLL\comrepl.exe” file.
7/12/2008 8:04:24 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\COMMTB32.DLL\comrereg.exe” file.
7/12/2008 8:04:28 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\COMMTB32.DLL\mtsadmin.tlb” file.
7/12/2008 8:04:32 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\COMMTB32.DLL\comadmin.dll” file.

7/12/2008 8:08:07 AM John 1568 Sign of “” has been found in "C:\WINDOWS\system32\wbem\xml.xsl\wmi2xml.dll||AntiRootkit [FILE

7/12/2008 8:21:06 AM John 1568 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\wbem\xml.xsl\wmi2xml.dll” file.

2

what is your avast version (exact build)? are you an Acer user?

3

This one, shows you have been using Panda’s on-line scanner or Panda AV ?

7/06/2008 7:24:57 AM John 1248 Sign of “Win32:CTX” has been found in “C:\WINDOWS\system32\ActiveScan\pskavs.dll” file.

I hate that because a) it doesn’t encrypt its virus signatures and that’s why avast alerted, b) it dumps all its junk in the system32 folder and when removes a copy is likely to end up in he system volume information folder by system restore and c) avast is then likely to detect it in the system volume information folder also.

4

Sometime ago i used panda(not since as found it fairly useless) and the file rerence you quote I looked for manually to try and delete it manually but couldn’t find it.

Not an Acer user I use the avast home version online scanner 4.8 and receive all daily updates automatically.

5

Maybe you can use Panda removal tool: http://www.pandasoftware.com/resources/sop/UNINST_v1012.exe