Avast cannot delete this file is it really infected?
hiberfil.sys is infected by win32:zbot-avh [Trj]
Delete: Error 0xC0000043 {A file cannot be opened because the share access flags are incompatible.}
Avast cannot delete this file is it really infected?
hiberfil.sys is infected by win32:zbot-avh [Trj]
Delete: Error 0xC0000043 {A file cannot be opened because the share access flags are incompatible.}
Try
Boot time Avast Antivirus Scanning
http://www.digitalred.com/avast-boot-time.php
MBAM http://filehippo.com/download_malwarebytes_anti_malware/
update and run quick scan, click the button “remove selected” to quarantine anything found
SAS http://filehippo.com/download_superantispyware/
Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26
come back and post scan logs here
I would like to first say thank you! Still need to do new boottime scan with avast.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 12/13/2009 at 05:07 PM
Application Version : 4.31.1000
Core Rules Database Version : 4365
Trace Rules Database Version: 2207
Scan type : Quick Scan
Total Scan Time : 00:19:35
Memory items scanned : 612
Memory threats detected : 0
Registry items scanned : 593
Registry threats detected : 32
File items scanned : 8240
File threats detected : 12
Unclassified.Oreans32
HKLM\System\ControlSet001\Services\oreans32
C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS
HKLM\System\ControlSet001\Enum\Root\LEGACY_oreans32
HKLM\System\ControlSet002\Services\oreans32
HKLM\System\ControlSet002\Enum\Root\LEGACY_oreans32
HKLM\System\ControlSet003\Services\oreans32
HKLM\System\ControlSet003\Enum\Root\LEGACY_oreans32
HKLM\System\CurrentControlSet\Services\oreans32
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_oreans32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Driver
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#ActiveService
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance
Trojan.Agent/Gen
C:\WINDOWS\system32\lowsec\local.ds
C:\WINDOWS\system32\lowsec\user.ds
C:\WINDOWS\system32\lowsec\user.ds.lll
C:\WINDOWS\system32\lowsec
Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@windowsmedia[1].txt
C:\Documents and Settings\Shannon Prata\Cookies\shannon prata@atwola[1].txt
C:\Documents and Settings\Shannon Prata\Cookies\shannon prata@insightexpress[1].txt
C:\Documents and Settings\Shannon Prata\Cookies\shannon prata@adinterax[1].txt
C:\Documents and Settings\Shannon Prata\Cookies\shannon prata@sales.liveperson[1].txt
C:\Documents and Settings\Shannon Prata\Cookies\shannon prata@burstnet[2].txt
C:\Documents and Settings\Shannon Prata\Cookies\shannon prata@www.burstbeacon[1].txt
Malwarebytes’ Anti-Malware 1.42
Database version: 3356
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/13/2009 5:28:26 PM
mbam-log-2009-12-13 (17-28-18).txt
Scan type: Quick Scan
Objects scanned: 146223
Time elapsed: 14 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) → No action taken.
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) → No action taken.
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) → No action taken.
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) → No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) → No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) → No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) → No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) → No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) → No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) → No action taken.
Files Infected:
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) → No action taken.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) → No action taken.
C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) → No action taken.
If you haven’t already done so - Run MBAM again and this time when the scan is complete, all detections should have a check mark in the box to the left of the entry, leave them selected (or select if not selected). At the bottom of the window there is a button, Remove Selected, click that and the items will be removed.