What is this?

been getting some warnings lately:

8/9/2004 6:08:53 AM NT AUTHORITY\SYSTEM 1800 Sign of “Win32:Trojano-246 [Trj]” has been found in “C:\Program Files\WindUpdates\WinKA.exe” file.

8/13/2004 5:28:24 PM NT AUTHORITY\SYSTEM 1804 Sign of “Win32:Trojano-246 [Trj]” has been found in “C:\Program Files\WindUpdates\WinKA.exe” file.

8/13/2004 5:28:25 PM NT AUTHORITY\SYSTEM 1804 Sign of “Win32:Trojano-246 [Trj]” has been found in “C:\PROGRA~1\WINDUP~1\WinKA.exe” file.

8/13/2004 5:28:29 PM NT AUTHORITY\SYSTEM 1804 Sign of “Win32:Trojano-247 [Trj]” has been found in “C:\PROGRAM FILES\WINDUPDATES\COMM.DLL” file.

8/14/2004 5:09:34 AM NT AUTHORITY\SYSTEM 1800 Sign of “Win32:Trojano-246 [Trj]” has been found in “C:\Program Files\WindUpdates\WinKA.exe” file.

8/14/2004 5:09:38 AM NT AUTHORITY\SYSTEM 1800 Sign of “Win32:Trojano-247 [Trj]” has been found in “C:\PROGRAM FILES\WINDUPDATES\COMM.DLL” file.

8/14/2004 3:04:02 PM NT AUTHORITY\SYSTEM 1804 Sign of “Win32:Trojano-246 [Trj]” has been found in “C:\Program Files\WindUpdates\WinKA.exe” file.

8/15/2004 4:10:34 AM NT AUTHORITY\SYSTEM 1800 Sign of “Win32:Trojano-246 [Trj]” has been found in “C:\Program Files\WindUpdates\WinKA.exe” file.

8/15/2004 7:27:26 AM NT AUTHORITY\SYSTEM 1800 Sign of “Win32:Trojano-246 [Trj]” has been found in “C:\Program Files\WindUpdates\WinKA.exe” file.

8/15/2004 8:10:07 AM NT AUTHORITY\SYSTEM 1800 Sign of “Win32:Trojano-246 [Trj]” has been found in “C:\Program Files\WindUpdates\WinKA.exe” file.

8/15/2004 9:18:53 AM NT AUTHORITY\SYSTEM 1800 Sign of “Win32:Trojano-246 [Trj]” has been found in “C:\Program Files\WindUpdates\WinKA.exe” file.

8/15/2004 11:05:03 AM NT AUTHORITY\SYSTEM 1800 Sign of “Win32:Trojano-247 [Trj]” has been found in “C:\System Volume Information_restore{CBBCF61B-BBED-4BDC-B279-A0044CE04DCA}\RP89\A0015979.dll” file.

Any idea where these might be coming from and what type of viruses these are?

Thanks
WW(5.0)

It is obviously spyware/trojan horse who has infiltrated in your windows registry… Try to remove it with a anti-spywarekiller or prevent it with “spywareblaster”

http://www.techsupportforum.com/computer/topic/11911-1.htm

for further details,… check link above,…

remember: always try to prevent,…

Please run HijackThis and post the log here.

Ok…I just did a scan of C and moved five files to the chest, then Adaware found another which I deleted.
But here is the log from HijackThis:

Logfile of HijackThis v1.98.2
Scan saved at 4:06:21 PM, on 8/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\USBToolbox\ResModify.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\HDD Thermometer\HDD Thermometer.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\WINDOWS\explorer.exe
I:\XP_Downloads\HiJackThis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fidalgo.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM..\Run: [MBM 5] “C:\Program Files\Motherboard Monitor 5\MBM5.EXE”
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 “EPSON Stylus C84 Series” /O6 “USB001” /M “Stylus C84”
O4 - HKLM..\Run: [CloneCDTray] “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s
O4 - HKLM..\Run: [ResModify] C:\Program Files\USBToolbox\ResModify.EXE
O4 - HKLM..\Run: [Zone Labs Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKCU..\Run: [RSD_HDDThermo] C:\Program Files\HDD Thermometer\HDD Thermometer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=e685f42af16b4ae133fb6395c0ae1826074370b6ef2ab58c7b394a46b7785ed02dcd1d18afd71cf37a3273507e405440345a19b4981e02e4ec71b0834b3328:522a1c137ec85ca995271ab95b94951b
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O17 - HKLM\System\CCS\Services\Tcpip..{7F23708F-E338-45F0-AD8F-658D49A242E2}: NameServer = 66.218.206.85 66.218.206.13

WW(5.0)

Just one thing to fix, the rest is clean.

o4 - hklm..\run: [windupdates] c:\program files\windupdates\winupdt.exe

Done…thanks!

And the above means that you must disable System RESTORE and reboot, then reenable it:

see link VirusRemoval" below in my sig on how to do ti… :wink: