WholeFunShow

Members
  • Content Count

    2
  • Joined

  • Last visited

Community Reputation

0 Neutral

About WholeFunShow

  • Rank
    Newbie
  1. [quote name='CeciliaB' timestamp='1336468208' post='135292'] Hi WholeFunShow, You have to zip the file before uploading it. [/quote] Whoops, Sorry about that, I've read the guide now, thanks. I forgot to say in last post it's Ad Aware 9.6.0 that I'm using. PFA Infected file.
  2. I had a problem submitting through the form on this site, so excuse me if I over elaborate here. I got a Bluesoleil (a Bluetooth Stack company) install CD with a Bluetooth Dongle from Veho, (I think the only one they make: "VB-5881 Micro Bluetooth Dongle") the contents of which are available at their support/download page here: [url="http://www.veho-uk.com/main/downloads.aspx"]http://www.veho-uk.c.../downloads.aspx[/url] under Drivers and Software > 1) Bluetooth Dongles > VB-5881 Micro Bluetooth Dongle > VB-5881.zip . I unarachived, clicked Autorun and selected the XP install, this creates three suspicious looking .exe's in the install folder: BlueSoleil.exe, BlueSoleil_.exe and BlueSoleil__.exe and the one w two underscores gets quarantined as Trojan. I tried to submit it here but get informed "You aren't permitted to upload this kind of file". My ESET marks it (and everything) as clean, and VirusTotal.com lists 4/43 tagging it trojan. Thanks. Log: Logfile created: 08/05/2012 00:57:38 Ad-Aware version: 9.6.0 Extended engine: 3 Extended engine version: 3.1.2770 User performing scan: Aidan *********************** Definitions database information *********************** Lavasoft definition file: 150.827 Genotype definition file version: 2012/02/13 12:34:34 Extended engine definition file: 11889.0 ******************************** Scan results: ********************************* Scan profile name: Context menu scan (ID: contextmenuscan) Objects scanned: 3 Objects detected: 1 Type Detected ========================== Processes.......: 0 Registry entries: 0 Hostfile entries: 0 Files...........: 1 Folders.........: 0 LSPs............: 0 Cookies.........: 0 Browser hijacks.: 0 MRU objects.....: 0 Quarantined items: Description: d:\program files\ivt corporation\bluesoleil\bluesoleil__.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: e74031cde24cf2b012bdb3c2ffa3d706 Scan and cleaning complete: Finished correctly after 2 seconds *********************************** Settings *********************************** Scan profile: ID: contextmenuscan, enabled:1, value: Context menu scan ID: folderstoscan, enabled:1, value: ID: useantivirus, enabled:1, value: true ID: sections, enabled:1 ID: scancriticalareas, enabled:1, value: false ID: scanrunningapps, enabled:1, value: false ID: scanregistry, enabled:1, value: false ID: scanlsp, enabled:1, value: false ID: scanads, enabled:1, value: false ID: scanhostsfile, enabled:1, value: false ID: scanmru, enabled:1, value: false ID: scanbrowserhijacks, enabled:1, value: false ID: scantrackingcookies, enabled:1, value: false ID: closebrowsers, enabled:0, value: false ID: filescanningoptions, enabled:1 ID: archives, enabled:1, value: true ID: onlyexecutables, enabled:1, value: false ID: skiplargerthan, enabled:1, value: 20480 ID: scanrootkits, enabled:1, value: false ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict ID: usespywareheuristics, enabled:1, value: true Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: N/A Scheduled scan settings: <Empty> Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: silently, domain: normal,off,silently ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily1, enabled:1, value: Daily 1 ID: time, enabled:1, value: Tue Sep 06 22:28:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily2, enabled:1, value: Daily 2 ID: time, enabled:1, value: Tue Sep 06 04:28:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily3, enabled:1, value: Daily 3 ID: time, enabled:1, value: Tue Sep 06 10:28:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily4, enabled:1, value: Daily 4 ID: time, enabled:1, value: Tue Sep 06 16:28:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly1, enabled:1, value: Weekly ID: time, enabled:1, value: Tue Sep 06 22:28:00 2011 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: true ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: true ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: autoentertainmentmode, enabled:1, value: true ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language Realtime protection settings: ID: realtime, enabled:1 ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ID: layers, enabled:1 ID: useantivirus, enabled:1, value: true ID: usespywareheuristics, enabled:1, value: true ID: maintainbackup, enabled:1, value: true ID: modules, enabled:1 ID: processprotection, enabled:1, value: true ID: onaccessprotection, enabled:1, value: true ID: registryprotection, enabled:1, value: true ID: networkprotection, enabled:1, value: true ****************************** System information ****************************** Computer name: PRIOR Processor name: Intel® Core™2 CPU 6300 @ 1.86GHz Processor identifier: x86 Family 6 Model 15 Stepping 6 Processor speed: ~1861MHZ Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3846, number of processors 2, processor features: [MMX,SSE,SSE2] Physical memory available: 251600896 bytes Physical memory total: 2145824768 bytes Virtual memory available: 1930240000 bytes Virtual memory total: 2147352576 bytes Memory load: 88% Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Windows startup mode: Running processes: PID: 800 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY PID: 860 name: C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 892 name: C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY PID: 936 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY PID: 948 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY PID: 1128 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1192 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1288 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1328 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1376 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1528 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1716 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY PID: 356 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 620 name: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe owner: SYSTEM domain: NT AUTHORITY PID: 792 name: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY PID: 848 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1072 name: C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe owner: SYSTEM domain: NT AUTHORITY PID: 1412 name: C:\WINDOWS\system32\nvsvc32.exe owner: SYSTEM domain: NT AUTHORITY PID: 1460 name: C:\WINDOWS\Explorer.EXE owner: Aidan domain: PRIOR PID: 1076 name: C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe owner: UpdatusUser domain: PRIOR PID: 1920 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 248 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 320 name: D:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe owner: SYSTEM domain: NT AUTHORITY PID: 1388 name: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE owner: SYSTEM domain: NT AUTHORITY PID: 1940 name: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe owner: SYSTEM domain: NT AUTHORITY PID: 2084 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY PID: 2372 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY PID: 3224 name: C:\Program Files\ActivBoard\ABoard.exe owner: Aidan domain: PRIOR PID: 3248 name: C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe owner: Aidan domain: PRIOR PID: 3256 name: C:\Program Files\ActivBoard\AOSD.exe owner: Aidan domain: PRIOR PID: 3264 name: C:\WINDOWS\RTHDCPL.EXE owner: Aidan domain: PRIOR PID: 3324 name: C:\WINDOWS\system32\RunDLL32.exe owner: Aidan domain: PRIOR PID: 3484 name: C:\WINDOWS\system32\ctfmon.exe owner: Aidan domain: PRIOR PID: 3604 name: D:\Program Files\EXPERTool 7.14\TBPanel.exe owner: Aidan domain: PRIOR PID: 3748 name: D:\Documents and Settings\Aidan\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe owner: Aidan domain: PRIOR PID: 1160 name: C:\WINDOWS\system32\taskmgr.exe owner: Aidan domain: PRIOR PID: 2932 name: D:\Documents and Settings\Aidan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe owner: Aidan domain: PRIOR PID: 3368 name: D:\Documents and Settings\Aidan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe owner: Aidan domain: PRIOR PID: 700 name: D:\Documents and Settings\Aidan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe owner: Aidan domain: PRIOR PID: 3968 name: D:\Documents and Settings\Aidan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe owner: Aidan domain: PRIOR PID: 1660 name: D:\Documents and Settings\Aidan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe owner: Aidan domain: PRIOR PID: 3908 name: D:\Documents and Settings\Aidan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe owner: Aidan domain: PRIOR PID: 4088 name: D:\Documents and Settings\Aidan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe owner: Aidan domain: PRIOR PID: 2996 name: D:\Documents and Settings\Aidan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe owner: Aidan domain: PRIOR PID: 312 name: D:\Documents and Settings\Aidan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe owner: Aidan domain: PRIOR PID: 1368 name: D:\Documents and Settings\Aidan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe owner: Aidan domain: PRIOR PID: 4012 name: D:\Documents and Settings\Aidan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe owner: Aidan domain: PRIOR PID: 3212 name: D:\Documents and Settings\Aidan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe owner: Aidan domain: PRIOR PID: 764 name: D:\Documents and Settings\Aidan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe owner: Aidan domain: PRIOR PID: 1500 name: D:\Documents and Settings\Aidan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe owner: Aidan domain: PRIOR PID: 2196 name: D:\Documents and Settings\Aidan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe owner: Aidan domain: PRIOR PID: 2708 name: D:\Documents and Settings\Aidan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe owner: Aidan domain: PRIOR PID: 3660 name: D:\Documents and Settings\Aidan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe owner: Aidan domain: PRIOR PID: 3396 name: D:\Documents and Settings\Aidan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe owner: Aidan domain: PRIOR PID: 4072 name: D:\Documents and Settings\Aidan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe owner: Aidan domain: PRIOR PID: 692 name: D:\Documents and Settings\Aidan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe owner: Aidan domain: PRIOR PID: 4040 name: D:\Documents and Settings\Aidan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe owner: Aidan domain: PRIOR PID: 1304 name: D:\Documents and Settings\Aidan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe owner: Aidan domain: PRIOR PID: 2604 name: D:\Documents and Settings\Aidan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe owner: Aidan domain: PRIOR PID: 2564 name: D:\Documents and Settings\Aidan\My Documents\Chrome\VB-5881\autorun.exe owner: Aidan domain: PRIOR PID: 3200 name: C:\WINDOWS\system32\msiexec.exe owner: SYSTEM domain: NT AUTHORITY PID: 216 name: D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY PID: 3440 name: D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Aidan domain: PRIOR PID: 3208 name: D:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe owner: Aidan domain: PRIOR Startup items: Name: CTFMON.EXE imagepath: C:\WINDOWS\system32\CTFMON.EXE Name: NVIDIA nTune imagepath: "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear Name: PostBootReminder imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9} Name: CDBurn imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9} Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: SysTray imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153} Name: WPDShServiceObj imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} Name: PHIME2002ASync imagepath: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC Name: PHIME2002A imagepath: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName Name: IMJPMIG8.1 imagepath: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" Name: ActivBoard imagepath: C:\Program Files\ActivBoard\ABoard.exe Name: egui imagepath: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice Name: RTHDCPL imagepath: RTHDCPL.EXE Name: APSDaemon imagepath: "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" Name: BluetoothAuthenticationAgent imagepath: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent Name: Adobe Reader Speed Launcher imagepath: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" Name: Adobe ARM imagepath: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" Name: NvCplDaemon imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup Name: NvMediaCenter imagepath: RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login Name: nwiz imagepath: C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet Name: iTunesHelper imagepath: "D:\Program Files\iTunes\iTunesHelper.exe" Name: SunJavaUpdateSched imagepath: "C:\Program Files\Common Files\Java\Java Update\jusched.exe" Name: amd_dc_opt imagepath: C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} imagepath: Browseui preloader Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Component Categories cache daemon Name: imagepath: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini Bootexecute items: Name: imagepath: autocheck autochk * Name: imagepath: lsdelete Running services: Name: Alerter displayname: Alerter Name: AudioSrv displayname: Windows Audio Name: BITS displayname: Background Intelligent Transfer Service Name: CryptSvc displayname: Cryptographic Services Name: DcomLaunch displayname: DCOM Server Process Launcher Name: Dhcp displayname: DHCP Client Name: Dnscache displayname: DNS Client Name: ekrn displayname: ESET Service Name: ERSvc displayname: Error Reporting Service Name: Eventlog displayname: Event Log Name: EventSystem displayname: COM+ Event System Name: FastUserSwitchingCompatibility displayname: Fast User Switching Compatibility Name: helpsvc displayname: Help and Support Name: JavaQuickStarterService displayname: Java Quick Starter Name: lanmanserver displayname: Server Name: lanmanworkstation displayname: Workstation Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service Name: LmHosts displayname: TCP/IP NetBIOS Helper Name: MSIServer displayname: Windows Installer Name: Net Driver HPZ12 displayname: Net Driver HPZ12 Name: Netman displayname: Network Connections Name: Nla displayname: Network Location Awareness (NLA) Name: nTuneService displayname: nTune Service Name: NVSvc displayname: NVIDIA Driver Helper Service Name: nvUpdatusService displayname: NVIDIA Update Service Daemon Name: PlugPlay displayname: Plug and Play Name: Pml Driver HPZ12 displayname: Pml Driver HPZ12 Name: PolicyAgent displayname: IPSEC Services Name: ProtectedStorage displayname: Protected Storage Name: RasMan displayname: Remote Access Connection Manager Name: RpcSs displayname: Remote Procedure Call (RPC) Name: SamSs displayname: Security Accounts Manager Name: Schedule displayname: Task Scheduler Name: seclogon displayname: Secondary Logon Name: SENS displayname: System Event Notification Name: SharedAccess displayname: Windows Firewall/Internet Connection Sharing (ICS) Name: ShellHWDetection displayname: Shell Hardware Detection Name: Spooler displayname: Print Spooler Name: srservice displayname: System Restore Service Name: SSDPSRV displayname: SSDP Discovery Service Name: stisvc displayname: Windows Image Acquisition (WIA) Name: TapiSrv displayname: Telephony Name: TermService displayname: Terminal Services Name: Themes displayname: Themes Name: TrkWks displayname: Distributed Link Tracking Client Name: UpdateCenterService displayname: Update Center Service Name: upnphost displayname: Universal Plug and Play Device Host Name: W32Time displayname: Windows Time Name: WebClient displayname: WebClient Name: winmgmt displayname: Windows Management Instrumentation Name: wlidsvc displayname: Windows Live ID Sign-in Assistant Name: wscsvc displayname: Security Center Name: wuauserv displayname: Automatic Updates Name: WudfSvc displayname: Windows Driver Foundation - User-mode Driver Framework Name: WZCSVC displayname: Wireless Zero Configuration