|
Posted by =?Utf-8?B?QW5u?= on November 23, 2005, 12:48 am
If you were Registered and logged in, you could reply and use other advanced thread options
My computer behaves like it has a Trojan. I scanned it with Trend Micro,
which found no viruses. However, some log entries were peculiar. I have
Windows XP on Dell Dimension 2400. I have networking disabled. I didn't
assign permissions. I'm Owner and should have access to everything. Yet, the
virus scan could not access the files below and therefore couldn't scan them.
What virus would do this? Is there any way I can make these files
accessible? If I format my disk, will this inaccessibility go away?
The affected files and the reason the scan gave for not being able to access
them are listed below.
Thank you for any information you can provide.
LOG SAID ERROR OCCURRED WHILE SCANNING FILE
C:\Documents and Settings\LocalService\NTUSER.DAT
C:\Documents and Settings\LocalService\ntuser.dat.LOG
C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG
C:\Documents and Settings\NetworkService\NTUSER.DAT
C:\Documents and Settings\NetworkService\ntuser.dat.LOG
C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG
C:\Documents and Settings\Owner\NTUSER.DAT
C:\Documents and Settings\Owner\ntuser.dat.LOG
C:\Documents and Settings\Owner\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\Owner\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
LOG SAID AN ERROR WAS DETECTED
C:\System Volume Information\*.*
LOG SAID COULD NOT SET FILE FOR READING
C:\WINDOWS\Prefetch\AAWSEPERSONAL.EXE-36D1614A.pf
C:\WINDOWS\Prefetch\ACRORD32.EXE-13285B88.pf
C:\WINDOWS\Prefetch\AD-AWARE.EXE-0A62CF06.pf
C:\WINDOWS\Prefetch\ALEUPDAT.EXE-1ED60CC5.pf
C:\WINDOWS\Prefetch\AUPATCH.DAT-21251CC6.pf
C:\WINDOWS\Prefetch\AUPDATE.EXE-2253CB60.pf
C:\WINDOWS\Prefetch\AUTORUN.EXE-055703AF.pf
C:\WINDOWS\Prefetch\AUUNZIP.DAT-09B6AED1.pf
C:\WINDOWS\Prefetch\AUUPDATE.DAT-183E5F6E.pf
C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf
C:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf
C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf
C:\WINDOWS\Prefetch\DEMO32.EXE-25E7AF5B.pf
C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf
C:\WINDOWS\Prefetch\DMADMIN.EXE-00BCB146.pf
C:\WINDOWS\Prefetch\DMREMOTE.EXE-2F82CB90.pf
C:\WINDOWS\Prefetch\DRVMAP.EXE-0DEA7804.pf
C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf
C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf
C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf
C:\WINDOWS\Prefetch\FLOPPY.EXE-206ACEFF.pf
C:\WINDOWS\Prefetch\GSS.EXE-006E30E6.pf
C:\WINDOWS\Prefetch\HELPCTR.EXE-3862B6F5.pf
C:\WINDOWS\Prefetch\HELPHOST.EXE-247D2792.pf
C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf
C:\WINDOWS\Prefetch\IDRIVER.EXE-09BCEA7D.pf
C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf
C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf
C:\WINDOWS\Prefetch\IPCONFIG.EXE-2395F30B.pf
C:\WINDOWS\Prefetch\Layout.ini
C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf
C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf
Could not set file for reading on "C:\WINDOWS\Prefetch\LUALL.EXE-30AC8E48.pf
C:\WINDOWS\Prefetch\LUCOMS~1.EXE-02DB5950.pf
C:\WINDOWS\Prefetch\MMC.EXE-2523E022.pf
C:\WINDOWS\Prefetch\MSCONFIG.EXE-35E4DAE9.pf
C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf
C:\WINDOWS\Prefetch\MSIMN.EXE-38BA891D.pf
C:\WINDOWS\Prefetch\MSMSGS.EXE-2B6052DE.pf
C:\WINDOWS\Prefetch\NAVW32.EXE-24F56911.pf
C:\WINDOWS\Prefetch\NAVW32.EXE-2F9B64D1.pf
C:\WINDOWS\Prefetch\NDETECT.EXE-16E64095.pf
C:\WINDOWS\Prefetch\NETSTAT.EXE-2B2B4428.pf
C:\WINDOWS\Prefetch\NMAIN.EXE-2BA406E0.pf
C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf
C:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf
C:\WINDOWS\Prefetch\PARTIN.EXE-278BE0B0.pf
C:\WINDOWS\Prefetch\PARTINNT.EXE-189E221B.pf
C:\WINDOWS\Prefetch\PATCH.EXE-1DE617D3.pf
C:\WINDOWS\Prefetch\PM8FLASH.EXE-29A2E154.pf
C:\WINDOWS\Prefetch\PQBOOT32.EXE-004782FD.pf
C:\WINDOWS\Prefetch\PQPE.EXE-156FFA02.pf
C:\WINDOWS\Prefetch\PQPENT.EXE-31E964DB.pf
C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf
C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf
C:\WINDOWS\Prefetch\RSTRUI.EXE-03C49A96.pf
C:\WINDOWS\Prefetch\RUNDLL32.EXE-13E68835.pf
C:\WINDOWS\Prefetch\RUNDLL32.EXE-147710F4.pf
C:\WINDOWS\Prefetch\RUNDLL32.EXE-16B6E1C5.pf
C:\WINDOWS\Prefetch\RUNDLL32.EXE-1831A4F3.pf
C:\WINDOWS\Prefetch\RUNDLL32.EXE-1BC55A4F.pf
C:\WINDOWS\Prefetch\RUNDLL32.EXE-1BC79741.pf
C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf
C:\WINDOWS\Prefetch\RUNDLL32.EXE-3D381A1E.pf
C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf
C:\WINDOWS\Prefetch\SETUP.EXE-1F96B645.pf
C:\WINDOWS\Prefetch\SETUP.EXE-25947D5F.pf
C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1344276B.pf
C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf
C:\WINDOWS\Prefetch\SYSCLEAN.COM-03F5AA35.pf
C:\WINDOWS\Prefetch\SYSCLEAN.EXE-16B1DEFF.pf
C:\WINDOWS\Prefetch\S_T_I_N_G_E_R.EXE-20D66C56.pf
C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf
C:\WINDOWS\Prefetch\TSC.BIN-1CE4A19A.pf
C:\WINDOWS\Prefetch\TSC.EXE-2B4C0858.pf
C:\WINDOWS\Prefetch\UNINS000.EXE-260D7493.pf
C:\WINDOWS\Prefetch\UNINS000.EXE-26B508AE.pf
C:\WINDOWS\Prefetch\UPHCLEAN.EXE-1B5600D5.pf
C:\WINDOWS\Prefetch\WINHLP32.EXE-2C18E975.pf
C:\WINDOWS\Prefetch\WINWORD.EXE-29F5CB89.pf
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf
C:\WINDOWS\Prefetch\WORDPAD.EXE-24533991.pf
C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf
C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf
C:\WINDOWS\Prefetch\_IU14D2N.TMP-05E5CB2B.pf
LOG SAID ERROR OCCURRED WHILE SCANNING
C:\WINDOWS\system32\config\default
C:\WINDOWS\system32\config\default.LOG
C:\WINDOWS\system32\config\SAM
C:\WINDOWS\system32\config\SAM.LOG
C:\WINDOWS\system32\config\SECURITY
C:\WINDOWS\system32\config\SECURITY.LOG
C:\WINDOWS\system32\config\software
C:\WINDOWS\system32\config\software.LOG
C:\WINDOWS\system32\config\system
C:\WINDOWS\system32\config\system.LOG
|
|
Posted by David H. Lipman on November 23, 2005, 1:03 am
If you were Registered and logged in, you could reply and use other advanced thread options
| My computer behaves like it has a Trojan. I scanned it with Trend Micro,
| which found no viruses. However, some log entries were peculiar. I have
| Windows XP on Dell Dimension 2400. I have networking disabled. I didn't
| assign permissions. I'm Owner and should have access to everything. Yet, the
| virus scan could not access the files below and therefore couldn't scan them.
|
| What virus would do this? Is there any way I can make these files
| accessible? If I format my disk, will this inaccessibility go away?
|
| The affected files and the reason the scan gave for not being able to access
| them are listed below.
|
| Thank you for any information you can provide.
|
| LOG SAID ERROR OCCURRED WHILE SCANNING FILE |
< scan log snipped >
DO NOT REFORMAT !
That would be a knee jerk reaction to what is sofar a non-event !
That's a total misinterpretation of the log. It means the File Handles of the
respective
files are held open by the OS thus the files can't be scanned. Other cases it
could be a
situation that are protected by the OS. In any case, this looks like a normal
Trend Micro
scan log to me and I have viewed many generated by the Trend Micro's Sysclean
utility. I
have also replied to this question numerous times. If you were to reformat the
hard disk, a
new report would look extremely similar to the log you posted.
You stated "My computer behaves like it has a Trojan"
What makes you come to that conclusion. You didn't post anything to
substantiate that
claim.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
| Similar Threads | Posted | | Re: Puzzling log file contents | November 24, 2005, 11:21 am |
| Re: Puzzling log file contents | November 23, 2005, 11:35 am |
| Re: Puzzling log file contents | November 24, 2005, 8:25 am |
| HOSTS File FAQ - Testing the HOSTS File | November 4, 2005, 11:21 pm |
| Zip File Virus *HELP* | June 28, 2006, 1:05 pm |
| File disappeared | May 21, 2007, 6:01 pm |
| unknown file... | April 12, 2008, 7:15 pm |
| cannot delete trojan file | July 6, 2005, 5:08 pm |
| hosts file "missing" | February 21, 2006, 3:48 pm |
| Possible Hosts File Hijack | June 2, 2006, 8:37 pm |
|
XML site map