not sure what to do! HELP!!!!

system · January 5, 2005, 2:11am

:-\ ???
I just installed avast, I scanned everything and this is what came up.

aklsp.dll C\WINDOWS\SYSTEM32\aklsp.dll Win32:Trojano3
Calsp.dll same Win32:Trojan-ge
M3tsp8.exe C\WINDOWS\INETPAL\m3tsp8.exe win32:Trojan-ge
Sed.exe C\program files\sed\sedexe. win32trojan-ge

I have them in my chest. I clicked to repair after scan was done it said an error occered.
what do i do? do delete them or what? I realy hope someone can help I thought this would be
kind of easy. right now im a bit stumped…

Lisandro · January 5, 2005, 11:00am

Welcome
Are all that files into Chest?
If so, don’t worry… you’re safe.
Are your computer working well? Which is your operational system?

Eddy · January 5, 2005, 11:11am

I have them in my chest.

Contact a surgion. ;D ;D ;D (sorry, couldn't resist this one)

But seriously,
the files you mentioned are part of malware. I suggest you click on the link in my signature and follow the instructions in the malware removal section to make sure your system is clean.

If you have any doubts about removing things:

use HijackThis
use my HJT log analyzer
use the online log analyzer
and read the links/info on my website in the HijackThis section.

Good luck and remember… we are always willing to help!

system · January 6, 2005, 11:37pm

yes the files r in the chest.
I am running windows xp
Thank you for the warm welcome.

Thanks eddie i`ll find a surgion (lol)

computer is running just fine. no problems.
what happens if they were deleted? ???
I hope we didnt mess something up!

Lisandro · January 6, 2005, 11:58pm

Nothing… In fact, the size of the Chest will be small and you’ll have more free space into your HDD

system · January 7, 2005, 12:02am

so it was ok that we deleted them?

Lisandro · January 7, 2005, 12:06am

How many days passed since you send the files to Chest?
Is your system working well since then?

system · January 7, 2005, 12:10am

they were in the chest for 2 days i think nothing longer and they were deleted yesterday!

system · January 7, 2005, 12:10am

computer was running fine and still is…

Lisandro · January 7, 2005, 12:13am

If you already deleted, why did you ask? ;D
You can let the file 10 - 15 days into Chest to confirm it’s a virus file… It won’t harm your system and you won’t throw away a clean file that you think is infected (the so called false positives)

system · January 7, 2005, 12:17am

ok, i posted this befor they were deleted then my husban went and deleted them.
so im just double checking on things to make sure we didnt mess things up.
this is the first time i have ran an anti virus and am new to all this…

system · January 7, 2005, 12:26am

Thank You for your help i will keep what u said in mind…

  THANKS AGAIN

Lisandro · January 7, 2005, 12:38am

You’re welcome…
Try to learn more about avast, browse the forum and enjoy 8)

system · January 14, 2005, 10:58pm

??? ??? I HAVE A NEW VIRUS WARNING TODAY;
Win32-Lookme-C(Trj)
C:\windows\VT00.exe

I HAVE GONE OVER THE WEB PG. BUT COULDNT FIND IT POSTED, IT IS IN THE CHEST IS IT REPAIRABLE? DO I DELETE IT OR WHAT. AND WHAT IS IS? I WAS RUNNING SPYBOT WHEN IT DETECTED IT! THANKS

DavidR · January 15, 2005, 12:47am

Trojans are generally not repairable as the complete file is malicious, rather than a virus infecting a small part of a windows file, that small part may be able to be removed/repaired.

The fact that avast caught this, hopefully before it became established, so you are likely to be ok. However, you would be advised to run hijackthis again.

A google searchs for both lookme-c and vt100.exe returned many hits and provides information on this. Learn to use google it is your friend.

gmer · May 9, 2006, 9:17pm

Hi.

I sent this new rootkit-virus to VirusTotal .

VirusTotal report:

STATUS: FINISHED
Complete scanning result of "cmd.exe_vt100.zip", received in VirusTotal at 05.06.2006, 08:57:36 (CET).

Antivirus Version Update Result 
AntiVir 6.34.0.24 04.20.2006 Heuristic/Virus.Win32 
Avast 4.6.695.0 05.05.2006 Win32:Virtob 
AVG 386 05.05.2006  no virus found 
Avira 6.34.1.58 05.05.2006  no virus found 
BitDefender 7.2 05.06.2006 Win32.Virtob.Gen 
CAT-QuickHeal 8.00 05.05.2006 W95.TenRobot.B 
ClamAV devel-20060426 05.05.2006  no virus found 
DrWeb 4.33 05.05.2006  no virus found 
eTrust-InoculateIT 23.72.1 05.06.2006  no virus found 
eTrust-Vet 12.4.2194 05.04.2006  no virus found 
Ewido 3.5 05.05.2006  no virus found 
Fortinet 2.71.0.0 05.06.2006 suspicious 
F-Prot 3.16c 05.05.2006  no virus found 
Ikarus 0.2.65.0 05.05.2006  no virus found 
Kaspersky 4.0.2.24 05.06.2006 Type_Win32 
McAfee 4756 05.05.2006 New Win32 
Microsoft 1.1372 05.06.2006  no virus found 
NOD32v2 1.1523 05.05.2006  no virus found 
Norman 5.90.17 05.05.2006  no virus found 
Panda 9.0.0.4 05.05.2006  no virus found 
Sophos 4.05.0 05.06.2006  no virus found 
Symantec 8.0 05.06.2006  no virus found 
TheHacker 5.9.7.139 05.05.2006  no virus found 
UNA 1.83 05.05.2006 Win32.virus 
VBA32 3.11.0 05.05.2006  no virus found 


Aditional Information 
File size: 109061 bytes 
MD5: 1e0bed4a2c0c9d4bb11a8fb41ba07e8b 
SHA1: 4203774f2fc854364287a289104011d5a5cc2c38

STATUS: FINISHED
Complete scanning result of "vt100.zip", received in VirusTotal at 05.09.2006, 18:30:15 (CET).

Antivirus Version Update Result 
AntiVir 6.34.1.27 05.09.2006 Heuristic/Backdoor.Generic 
Avast 4.6.695.0 05.08.2006 Win32:Virtob 
AVG 386 05.09.2006  no virus found 
BitDefender 7.2 05.09.2006 Backdoor.VirtobVT.A 
CAT-QuickHeal 8.00 05.09.2006 W95.TenRobot.B 
ClamAV devel-20060426 05.09.2006  no virus found 
DrWeb 4.33 05.09.2006 BACKDOOR.Trojan 
eTrust-InoculateIT 23.72.3 05.09.2006  no virus found 
eTrust-Vet 12.4.2201 05.09.2006  no virus found 
Ewido 3.5 05.09.2006  no virus found 
Fortinet 2.76.0.0 05.09.2006 suspicious 
F-Prot 3.16c 05.09.2006  no virus found 
Ikarus 0.2.65.0 05.09.2006  no virus found 
Kaspersky 4.0.2.24 05.09.2006  no virus found 
McAfee 4758 05.09.2006 New Win32 
Microsoft 1.1372 05.09.2006  no virus found 
NOD32v2 1.1527 05.09.2006 probably unknown NewHeur_PE virus 
Norman 5.90.17 05.09.2006  no virus found 
Panda 9.0.0.4 05.09.2006 Suspicious file 
Sophos 4.05.0 05.09.2006  no virus found 
Symantec 8.0 05.09.2006  no virus found 
TheHacker 5.9.7.140 05.08.2006  no virus found 
UNA 1.83 05.06.2006 Win32.virus 
VBA32 3.11.0 05.08.2006  no virus found 


Aditional Information 
File size: 48436 bytes 
MD5: 42a18043fd9c04254a259124379740cc

cmd_vt100.exe is infected windows cmd.exe file.
vt100.exe is proper virus-rootkit .

Here is the log from my program :
( this tool was created to detect and delete rootkits, hiden services and processes, hidden files and hidden registry keys. Another log samples: http://www.gmer.net/rootkits.php ).

GMER 1.0.10.9819 - http://www.gmer.net
Rootkit 2006-05-04 18:30:25
Windows 5.1.2600 Dodatek Service Pack 2


---- Processes - GMER 1.0.10 ----

Process  C:\WINDOWS\system32\VT100.EXE (*** hidden *** ) 3004 <-- ROOTKIT !!!
Library  C:\WINDOWS\system32\VT100.EXE (*** hidden *** ) @ C:\WINDOWS\system32\VT100.EXE [3004] 0x00400000 <-- ROOTKIT !!!

---- Registry - GMER 1.0.10 ----

Reg      \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@VT100 Emulator C:\WINDOWS\system32\VT100.EXE

---- Files - GMER 1.0.10 ----

File     C:\WINDOWS\system32\VT100.EXE

---- EOF - GMER 1.0.10 ----

As you can see, virus-rootkit hides its process, file, and registry key.
After start, vt100.exe infects almost all files on all possible disks.
Virus also send some data over network to the same ip address.

Here is another report written in polish:

http://www.gmer.net/vt100.exe.php

Regards

not sure what to do! HELP!!!!

Announcements