Repeatedly attempting to delete same adwares

  • Thread starter Thread starter John S
  • Start date Start date
J

John S

I have a persistent adware problem that AntiSpyware (Beta
1) indicates it repeatedly deletes. Steps to repeat:
1. run AntiSpyware, remove 3 problems
(Threats Vx2.Narrator Toolbar (removed)
Possible Hosts File Hijack Spyware (removed)
Trojan.Unclassified.ContextMenuHandler.A Trojan (removed)

2. run AntiSpyware again (with Internet disconnecte) -
shows clean (nothing found).

3. Re-connect Internet, open IE, get repeated pop ups
again. Run AntiSpyware and receive the same 3 errors.

Anyone have any idea what to try next? SpyBot attempts to
remove, but has similar results. Ad-aware6 does not
recognize at all.

See Log Below:
--------------
2/19/2005 6:47:48 PM::------------------------------------
------------------------------
2/19/2005 6:47:48 PM::Initializing Clean - (ScanID: 0)
2/19/2005 6:47:48 PM::Clean Threat Vx2.Narrator (ID:15207)
2/19/2005 6:47:48 PM::Generating threat
2/19/2005 6:47:50 PM::Removing file c:\windows\system32
\vuoqqi.exe
2/19/2005 6:47:50 PM::Disable file c:\windows\system32
\vuoqqi.exe and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\09A5839C-D2BD-4D86-891E-597547
\34BAD01B-6992-41FD-8044-92794B
2/19/2005 6:47:50 PM::Delete registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Run [Narrator=C:\WINDOWS\system32\vuoqqi.exe]
2/19/2005 6:47:50 PM::Clean Threat Vx2.Narrator
(ID:15207) Complete
2/19/2005 6:48:02 PM::Unititializing Clean
2/19/2005 6:48:02 PM::------------------------------------
------------------------------
2/19/2005 6:53:32 PM::------------------------------------
------------------------------
2/19/2005 6:53:32 PM::Initializing Clean - (ScanID:
F758001B-D8DC-47B7-9BCA-763C29)
2/19/2005 6:53:32 PM::Remove Threat (ID:15213)
2/19/2005 6:53:32 PM::Clean Threat
Trojan.Unclassified.ContextMenuHandler.A (ID:15213)
2/19/2005 6:53:33 PM::Removing file c:\windows\system32
\luziiy.dll
2/19/2005 6:53:36 PM::Disable file c:\windows\system32
\luziiy.dll and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\BCDC8DB4-732E-4A4D-BF0E-3BEAF3
\10DFB2A6-BA4F-4D39-B4F0-EC361F
2/19/2005 6:53:36 PM::Clean Threat
Trojan.Unclassified.ContextMenuHandler.A (ID:15213)
Complete
2/19/2005 6:53:36 PM::Remove Threat (ID:15213) Complete
2/19/2005 6:53:36 PM::Remove Threat (ID:15207)
2/19/2005 6:53:36 PM::Clean Threat Vx2.Narrator (ID:15207)
2/19/2005 6:53:36 PM::Removing file c:\windows\system32
\wuygga.dat
2/19/2005 6:53:36 PM::Disable file c:\windows\system32
\wuygga.dat and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\D5EF7A24-4D7F-4D44-98E7-
2A016D\61F0515A-C71A-407E-822D-32C743
2/19/2005 6:53:36 PM::Clean Threat Vx2.Narrator
(ID:15207) Complete
2/19/2005 6:53:36 PM::Remove Threat (ID:15207) Complete
2/19/2005 6:53:36 PM::Remove Threat (ID:14994)
2/19/2005 6:53:36 PM::Clean Threat Possible Hosts File
Hijack (ID:14994)
2/19/2005 6:53:36 PM::Run custom cleaner Host file
redirection of 69.20.16.183 auto.search.msn.com (149941)
2/19/2005 6:53:36 PM::Restore host file host
auto.search.msn.com
2/19/2005 6:53:36 PM::Clean Threat Possible Hosts File
Hijack (ID:14994) Complete
2/19/2005 6:53:36 PM::Remove Threat (ID:14994) Complete
2/19/2005 6:53:36 PM::Unititializing Clean
2/19/2005 6:53:36 PM::------------------------------------
------------------------------
2/19/2005 7:37:33 PM::------------------------------------
------------------------------
2/19/2005 7:37:33 PM::Initializing Clean - (ScanID:
4908DC7D-F6D4-44C9-9C1E-DE61D1)
2/19/2005 7:37:33 PM::Remove Threat (ID:15213)
2/19/2005 7:37:33 PM::Clean Threat
Trojan.Unclassified.ContextMenuHandler.A (ID:15213)
2/19/2005 7:37:33 PM::Removing file c:\windows\system32
\luziiy.dll
2/19/2005 7:37:37 PM::Disable file c:\windows\system32
\luziiy.dll and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\2BAC23D9-8E15-49B2-BD6F-
7E27BE\B395C875-3F3E-433B-BD58-9ED0F1
2/19/2005 7:37:37 PM::Clean Threat
Trojan.Unclassified.ContextMenuHandler.A (ID:15213)
Complete
2/19/2005 7:37:38 PM::Remove Threat (ID:15213) Complete
2/19/2005 7:37:38 PM::Remove Threat (ID:15207)
2/19/2005 7:37:38 PM::Clean Threat Vx2.Narrator (ID:15207)
2/19/2005 7:37:38 PM::Removing file c:\windows\system32
\wuygga.dat
2/19/2005 7:37:38 PM::Disable file c:\windows\system32
\wuygga.dat and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\32908E64-85F6-4F0C-9128-782F52
\C74F2378-D7CB-40FD-8B29-1E4955
2/19/2005 7:37:38 PM::Removing file c:\windows\system32
\vuoqqi.exe
2/19/2005 7:37:39 PM::Disable file c:\windows\system32
\vuoqqi.exe and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\32908E64-85F6-4F0C-9128-782F52
\18274F52-EFB5-47CF-AB72-452BB8
2/19/2005 7:37:39 PM::Delete registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Run [Narrator=C:\WINDOWS\system32\vuoqqi.exe]
2/19/2005 7:37:39 PM::Clean Threat Vx2.Narrator
(ID:15207) Complete
2/19/2005 7:37:40 PM::Remove Threat (ID:15207) Complete
2/19/2005 7:37:40 PM::Remove Threat (ID:14994)
2/19/2005 7:37:40 PM::Clean Threat Possible Hosts File
Hijack (ID:14994)
2/19/2005 7:37:40 PM::Run custom cleaner Host file
redirection of 69.20.16.183 ieautosearch (149941)
2/19/2005 7:37:40 PM::Restore host file host ieautosearch
2/19/2005 7:37:40 PM::Clean Threat Possible Hosts File
Hijack (ID:14994) Complete
2/19/2005 7:37:40 PM::Remove Threat (ID:14994) Complete
2/19/2005 7:37:41 PM::Unititializing Clean
2/19/2005 7:37:41 PM::------------------------------------
------------------------------
2/19/2005 7:43:31 PM::------------------------------------
------------------------------
2/19/2005 7:43:31 PM::Initializing Clean - (ScanID:
E1CF838C-3193-4217-B10B-5F8F07)
2/19/2005 7:43:31 PM::Remove Threat (ID:14994)
2/19/2005 7:43:31 PM::Clean Threat Possible Hosts File
Hijack (ID:14994)
2/19/2005 7:43:32 PM::Run custom cleaner Host file
redirection of 69.20.16.183 search.netscape.com (149941)
2/19/2005 7:43:32 PM::Restore host file host
search.netscape.com
2/19/2005 7:43:32 PM::Clean Threat Possible Hosts File
Hijack (ID:14994) Complete
2/19/2005 7:43:32 PM::Remove Threat (ID:14994) Complete
2/19/2005 7:43:32 PM::Unititializing Clean
2/19/2005 7:43:32 PM::------------------------------------
------------------------------
2/19/2005 8:00:07 PM::------------------------------------
------------------------------
2/19/2005 8:00:07 PM::Initializing Clean - (ScanID:
7A22B242-D8D2-4FB9-9691-5842F0)
2/19/2005 8:00:07 PM::Remove Threat (ID:15213)
2/19/2005 8:00:07 PM::Clean Threat
Trojan.Unclassified.ContextMenuHandler.A (ID:15213)
2/19/2005 8:00:07 PM::Removing file c:\windows\system32
\luziiy.dll
2/19/2005 8:00:11 PM::Disable file c:\windows\system32
\luziiy.dll and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\92F2DC8C-64B1-452C-9B7B-997392
\94F71974-A8BF-41C3-A222-A97CDE
2/19/2005 8:00:11 PM::Clean Threat
Trojan.Unclassified.ContextMenuHandler.A (ID:15213)
Complete
2/19/2005 8:00:11 PM::Remove Threat (ID:15213) Complete
2/19/2005 8:00:11 PM::Remove Threat (ID:15207)
2/19/2005 8:00:11 PM::Clean Threat Vx2.Narrator (ID:15207)
2/19/2005 8:00:11 PM::Removing file c:\windows\system32
\wuygga.dat
2/19/2005 8:00:11 PM::Disable file c:\windows\system32
\wuygga.dat and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\17D51E07-D8DD-4113-AD4E-416334
\3B681BF7-1351-488B-B08A-8408E7
2/19/2005 8:00:11 PM::Removing file c:\windows\system32
\vuoqqi.exe
2/19/2005 8:00:13 PM::Disable file c:\windows\system32
\vuoqqi.exe and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\17D51E07-D8DD-4113-AD4E-416334
\8487F151-666A-4B14-827C-D5ADC5
2/19/2005 8:00:13 PM::Delete registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Run [Narrator=C:\WINDOWS\system32\vuoqqi.exe]
2/19/2005 8:00:13 PM::Clean Threat Vx2.Narrator
(ID:15207) Complete
2/19/2005 8:00:13 PM::Remove Threat (ID:15207) Complete
2/19/2005 8:00:13 PM::Remove Threat (ID:14994)
2/19/2005 8:00:13 PM::Clean Threat Possible Hosts File
Hijack (ID:14994)
2/19/2005 8:00:14 PM::Run custom cleaner Host file
redirection of 69.20.16.183 auto.search.msn.com (149941)
2/19/2005 8:00:14 PM::Restore host file host
auto.search.msn.com
2/19/2005 8:00:14 PM::Clean Threat Possible Hosts File
Hijack (ID:14994) Complete
2/19/2005 8:00:14 PM::Remove Threat (ID:14994) Complete
2/19/2005 8:00:14 PM::Unititializing Clean
2/19/2005 8:00:14 PM::------------------------------------
------------------------------
2/19/2005 8:17:41 PM::------------------------------------
------------------------------
2/19/2005 8:17:41 PM::Initializing Clean - (ScanID:
A8D9A56C-BE27-4ABB-BBFE-3911BC)
2/19/2005 8:17:41 PM::Remove Threat (ID:15213)
2/19/2005 8:17:41 PM::Clean Threat
Trojan.Unclassified.ContextMenuHandler.A (ID:15213)
2/19/2005 8:17:46 PM::Removing file c:\windows\system32
\luziiy.dll
2/19/2005 8:17:50 PM::Disable file c:\windows\system32
\luziiy.dll and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\2FC234ED-5355-412D-A326-
1ABE1D\C2107A53-BD0A-4D95-97C3-4EE7F5
2/19/2005 8:17:50 PM::Clean Threat
Trojan.Unclassified.ContextMenuHandler.A (ID:15213)
Complete
2/19/2005 8:17:50 PM::Remove Threat (ID:15213) Complete
2/19/2005 8:17:50 PM::Remove Threat (ID:15207)
2/19/2005 8:17:50 PM::Clean Threat Vx2.Narrator (ID:15207)
2/19/2005 8:17:52 PM::Removing file c:\windows\system32
\wuygga.dat
2/19/2005 8:17:52 PM::Disable file c:\windows\system32
\wuygga.dat and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\98FE55F5-0546-4CF8-BE2E-
375A0D\F5F4E69A-3BF5-42D0-BDA6-EE9EE2
2/19/2005 8:17:52 PM::Removing file c:\windows\system32
\vuoqqi.exe
2/19/2005 8:17:55 PM::Disable file c:\windows\system32
\vuoqqi.exe and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\98FE55F5-0546-4CF8-BE2E-
375A0D\11C5997E-A67C-4B84-B16F-BC44DA
2/19/2005 8:17:55 PM::Delete registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Run [Narrator=C:\WINDOWS\system32\vuoqqi.exe]
2/19/2005 8:17:55 PM::Clean Threat Vx2.Narrator
(ID:15207) Complete
2/19/2005 8:17:55 PM::Remove Threat (ID:15207) Complete
2/19/2005 8:17:55 PM::Remove Threat (ID:14994)
2/19/2005 8:17:55 PM::Clean Threat Possible Hosts File
Hijack (ID:14994)
2/19/2005 8:17:57 PM::Run custom cleaner Host file
redirection of 69.20.16.183 auto.search.msn.com (149941)
2/19/2005 8:17:57 PM::Restore host file host
auto.search.msn.com
2/19/2005 8:17:57 PM::Clean Threat Possible Hosts File
Hijack (ID:14994) Complete
2/19/2005 8:17:57 PM::Remove Threat (ID:14994) Complete
2/19/2005 8:17:57 PM::Unititializing Clean
2/19/2005 8:17:57 PM::------------------------------------
------------------------------
2/19/2005 9:26:26 PM::------------------------------------
------------------------------
2/19/2005 9:26:26 PM::Initializing Clean - (ScanID:
DC5C1732-EEBC-45F3-8523-48953A)
2/19/2005 9:26:26 PM::Remove Threat (ID:15213)
2/19/2005 9:26:26 PM::Clean Threat
Trojan.Unclassified.ContextMenuHandler.A (ID:15213)
2/19/2005 9:26:27 PM::Terminating IE
2/19/2005 9:26:27 PM::Removing file c:\windows\system32
\luziiy.dll
2/19/2005 9:26:31 PM::Disable file c:\windows\system32
\luziiy.dll and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\B40A2220-6F40-49EA-8DD1-
F6D53B\9D7B16C0-1740-4CFC-83AC-D0F262
2/19/2005 9:26:31 PM::Clean Threat
Trojan.Unclassified.ContextMenuHandler.A (ID:15213)
Complete
2/19/2005 9:26:31 PM::Remove Threat (ID:15213) Complete
2/19/2005 9:26:31 PM::Remove Threat (ID:15207)
2/19/2005 9:26:31 PM::Clean Threat Vx2.Narrator (ID:15207)
2/19/2005 9:26:32 PM::Removing file c:\windows\system32
\wuygga.dat
2/19/2005 9:26:32 PM::Disable file c:\windows\system32
\wuygga.dat and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\AD2CE35E-C5F3-4B65-B6E2-
3060BD\79CA35DA-990C-4F6F-8B3E-BF4C82
2/19/2005 9:26:32 PM::Removing file c:\windows\system32
\vuoqqi.exe
2/19/2005 9:26:33 PM::Disable file c:\windows\system32
\vuoqqi.exe and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\AD2CE35E-C5F3-4B65-B6E2-
3060BD\8226F0B3-EF3C-4225-A674-D10D00
2/19/2005 9:26:33 PM::Delete registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Run [Narrator=C:\WINDOWS\system32\vuoqqi.exe]
2/19/2005 9:26:33 PM::Clean Threat Vx2.Narrator
(ID:15207) Complete
2/19/2005 9:26:33 PM::Remove Threat (ID:15207) Complete
2/19/2005 9:26:33 PM::Remove Threat (ID:14994)
2/19/2005 9:26:33 PM::Clean Threat Possible Hosts File
Hijack (ID:14994)
2/19/2005 9:26:33 PM::Run custom cleaner Host file
redirection of 69.20.16.183 auto.search.msn.com (149941)
2/19/2005 9:26:33 PM::Restore host file host
auto.search.msn.com
2/19/2005 9:26:33 PM::Clean Threat Possible Hosts File
Hijack (ID:14994) Complete
2/19/2005 9:26:33 PM::Remove Threat (ID:14994) Complete
2/19/2005 9:26:34 PM::Unititializing Clean
2/19/2005 9:26:34 PM::------------------------------------
------------------------------
 
John,

There's a Guardian file or a phantom Service reinfesting the system from
a concealed source. Show hidden files, folders and system files :
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Disconnect from the internet. Run MSAS again and choose Full System
Scan. Make sure all 3 boxes are checked and click the Scan/drive folder
link if there is more than one partition or HD.

If there is more than one created User Profile than you'll have to log
off and on again as the other Users and do scans from within those
Profiles also.

Then boot to Safe Mode, log on as Admin, and do a Full System Scan
again. Do another one just to ensure the malware is removed.

Reboot to Normal mode, connect to the net, and see if IE is reinfested.

Steve Wechsler (akaMowGreen)

MS-MVP 2004-2005
Windows Server - Software Distribution
Windows - Security


John said:
I have a persistent adware problem that AntiSpyware (Beta
1) indicates it repeatedly deletes. Steps to repeat:
1. run AntiSpyware, remove 3 problems
(Threats Vx2.Narrator Toolbar (removed)
Possible Hosts File Hijack Spyware (removed)
Trojan.Unclassified.ContextMenuHandler.A Trojan (removed)

2. run AntiSpyware again (with Internet disconnecte) -
shows clean (nothing found).

3. Re-connect Internet, open IE, get repeated pop ups
again. Run AntiSpyware and receive the same 3 errors.

Anyone have any idea what to try next? SpyBot attempts to
remove, but has similar results. Ad-aware6 does not
recognize at all.

See Log Below:
--------------
2/19/2005 6:47:48 PM::------------------------------------
------------------------------
2/19/2005 6:47:48 PM::Initializing Clean - (ScanID: 0)
2/19/2005 6:47:48 PM::Clean Threat Vx2.Narrator (ID:15207)
2/19/2005 6:47:48 PM::Generating threat
2/19/2005 6:47:50 PM::Removing file c:\windows\system32
\vuoqqi.exe
2/19/2005 6:47:50 PM::Disable file c:\windows\system32
\vuoqqi.exe and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\09A5839C-D2BD-4D86-891E-597547
\34BAD01B-6992-41FD-8044-92794B
2/19/2005 6:47:50 PM::Delete registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Run [Narrator=C:\WINDOWS\system32\vuoqqi.exe]
2/19/2005 6:47:50 PM::Clean Threat Vx2.Narrator
(ID:15207) Complete
2/19/2005 6:48:02 PM::Unititializing Clean
2/19/2005 6:48:02 PM::------------------------------------
------------------------------
2/19/2005 6:53:32 PM::------------------------------------
------------------------------
2/19/2005 6:53:32 PM::Initializing Clean - (ScanID:
F758001B-D8DC-47B7-9BCA-763C29)
2/19/2005 6:53:32 PM::Remove Threat (ID:15213)
2/19/2005 6:53:32 PM::Clean Threat
Trojan.Unclassified.ContextMenuHandler.A (ID:15213)
2/19/2005 6:53:33 PM::Removing file c:\windows\system32
\luziiy.dll
2/19/2005 6:53:36 PM::Disable file c:\windows\system32
\luziiy.dll and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\BCDC8DB4-732E-4A4D-BF0E-3BEAF3
\10DFB2A6-BA4F-4D39-B4F0-EC361F
2/19/2005 6:53:36 PM::Clean Threat
Trojan.Unclassified.ContextMenuHandler.A (ID:15213)
Complete
2/19/2005 6:53:36 PM::Remove Threat (ID:15213) Complete
2/19/2005 6:53:36 PM::Remove Threat (ID:15207)
2/19/2005 6:53:36 PM::Clean Threat Vx2.Narrator (ID:15207)
2/19/2005 6:53:36 PM::Removing file c:\windows\system32
\wuygga.dat
2/19/2005 6:53:36 PM::Disable file c:\windows\system32
\wuygga.dat and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\D5EF7A24-4D7F-4D44-98E7-
2A016D\61F0515A-C71A-407E-822D-32C743
2/19/2005 6:53:36 PM::Clean Threat Vx2.Narrator
(ID:15207) Complete
2/19/2005 6:53:36 PM::Remove Threat (ID:15207) Complete
2/19/2005 6:53:36 PM::Remove Threat (ID:14994)
2/19/2005 6:53:36 PM::Clean Threat Possible Hosts File
Hijack (ID:14994)
2/19/2005 6:53:36 PM::Run custom cleaner Host file
redirection of 69.20.16.183 auto.search.msn.com (149941)
2/19/2005 6:53:36 PM::Restore host file host
auto.search.msn.com
2/19/2005 6:53:36 PM::Clean Threat Possible Hosts File
Hijack (ID:14994) Complete
2/19/2005 6:53:36 PM::Remove Threat (ID:14994) Complete
2/19/2005 6:53:36 PM::Unititializing Clean
2/19/2005 6:53:36 PM::------------------------------------
------------------------------
2/19/2005 7:37:33 PM::------------------------------------
------------------------------
2/19/2005 7:37:33 PM::Initializing Clean - (ScanID:
4908DC7D-F6D4-44C9-9C1E-DE61D1)
2/19/2005 7:37:33 PM::Remove Threat (ID:15213)
2/19/2005 7:37:33 PM::Clean Threat
Trojan.Unclassified.ContextMenuHandler.A (ID:15213)
2/19/2005 7:37:33 PM::Removing file c:\windows\system32
\luziiy.dll
2/19/2005 7:37:37 PM::Disable file c:\windows\system32
\luziiy.dll and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\2BAC23D9-8E15-49B2-BD6F-
7E27BE\B395C875-3F3E-433B-BD58-9ED0F1
2/19/2005 7:37:37 PM::Clean Threat
Trojan.Unclassified.ContextMenuHandler.A (ID:15213)
Complete
2/19/2005 7:37:38 PM::Remove Threat (ID:15213) Complete
2/19/2005 7:37:38 PM::Remove Threat (ID:15207)
2/19/2005 7:37:38 PM::Clean Threat Vx2.Narrator (ID:15207)
2/19/2005 7:37:38 PM::Removing file c:\windows\system32
\wuygga.dat
2/19/2005 7:37:38 PM::Disable file c:\windows\system32
\wuygga.dat and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\32908E64-85F6-4F0C-9128-782F52
\C74F2378-D7CB-40FD-8B29-1E4955
2/19/2005 7:37:38 PM::Removing file c:\windows\system32
\vuoqqi.exe
2/19/2005 7:37:39 PM::Disable file c:\windows\system32
\vuoqqi.exe and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\32908E64-85F6-4F0C-9128-782F52
\18274F52-EFB5-47CF-AB72-452BB8
2/19/2005 7:37:39 PM::Delete registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Run [Narrator=C:\WINDOWS\system32\vuoqqi.exe]
2/19/2005 7:37:39 PM::Clean Threat Vx2.Narrator
(ID:15207) Complete
2/19/2005 7:37:40 PM::Remove Threat (ID:15207) Complete
2/19/2005 7:37:40 PM::Remove Threat (ID:14994)
2/19/2005 7:37:40 PM::Clean Threat Possible Hosts File
Hijack (ID:14994)
2/19/2005 7:37:40 PM::Run custom cleaner Host file
redirection of 69.20.16.183 ieautosearch (149941)
2/19/2005 7:37:40 PM::Restore host file host ieautosearch
2/19/2005 7:37:40 PM::Clean Threat Possible Hosts File
Hijack (ID:14994) Complete
2/19/2005 7:37:40 PM::Remove Threat (ID:14994) Complete
2/19/2005 7:37:41 PM::Unititializing Clean
2/19/2005 7:37:41 PM::------------------------------------
------------------------------
2/19/2005 7:43:31 PM::------------------------------------
------------------------------
2/19/2005 7:43:31 PM::Initializing Clean - (ScanID:
E1CF838C-3193-4217-B10B-5F8F07)
2/19/2005 7:43:31 PM::Remove Threat (ID:14994)
2/19/2005 7:43:31 PM::Clean Threat Possible Hosts File
Hijack (ID:14994)
2/19/2005 7:43:32 PM::Run custom cleaner Host file
redirection of 69.20.16.183 search.netscape.com (149941)
2/19/2005 7:43:32 PM::Restore host file host
search.netscape.com
2/19/2005 7:43:32 PM::Clean Threat Possible Hosts File
Hijack (ID:14994) Complete
2/19/2005 7:43:32 PM::Remove Threat (ID:14994) Complete
2/19/2005 7:43:32 PM::Unititializing Clean
2/19/2005 7:43:32 PM::------------------------------------
------------------------------
2/19/2005 8:00:07 PM::------------------------------------
------------------------------
2/19/2005 8:00:07 PM::Initializing Clean - (ScanID:
7A22B242-D8D2-4FB9-9691-5842F0)
2/19/2005 8:00:07 PM::Remove Threat (ID:15213)
2/19/2005 8:00:07 PM::Clean Threat
Trojan.Unclassified.ContextMenuHandler.A (ID:15213)
2/19/2005 8:00:07 PM::Removing file c:\windows\system32
\luziiy.dll
2/19/2005 8:00:11 PM::Disable file c:\windows\system32
\luziiy.dll and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\92F2DC8C-64B1-452C-9B7B-997392
\94F71974-A8BF-41C3-A222-A97CDE
2/19/2005 8:00:11 PM::Clean Threat
Trojan.Unclassified.ContextMenuHandler.A (ID:15213)
Complete
2/19/2005 8:00:11 PM::Remove Threat (ID:15213) Complete
2/19/2005 8:00:11 PM::Remove Threat (ID:15207)
2/19/2005 8:00:11 PM::Clean Threat Vx2.Narrator (ID:15207)
2/19/2005 8:00:11 PM::Removing file c:\windows\system32
\wuygga.dat
2/19/2005 8:00:11 PM::Disable file c:\windows\system32
\wuygga.dat and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\17D51E07-D8DD-4113-AD4E-416334
\3B681BF7-1351-488B-B08A-8408E7
2/19/2005 8:00:11 PM::Removing file c:\windows\system32
\vuoqqi.exe
2/19/2005 8:00:13 PM::Disable file c:\windows\system32
\vuoqqi.exe and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\17D51E07-D8DD-4113-AD4E-416334
\8487F151-666A-4B14-827C-D5ADC5
2/19/2005 8:00:13 PM::Delete registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Run [Narrator=C:\WINDOWS\system32\vuoqqi.exe]
2/19/2005 8:00:13 PM::Clean Threat Vx2.Narrator
(ID:15207) Complete
2/19/2005 8:00:13 PM::Remove Threat (ID:15207) Complete
2/19/2005 8:00:13 PM::Remove Threat (ID:14994)
2/19/2005 8:00:13 PM::Clean Threat Possible Hosts File
Hijack (ID:14994)
2/19/2005 8:00:14 PM::Run custom cleaner Host file
redirection of 69.20.16.183 auto.search.msn.com (149941)
2/19/2005 8:00:14 PM::Restore host file host
auto.search.msn.com
2/19/2005 8:00:14 PM::Clean Threat Possible Hosts File
Hijack (ID:14994) Complete
2/19/2005 8:00:14 PM::Remove Threat (ID:14994) Complete
2/19/2005 8:00:14 PM::Unititializing Clean
2/19/2005 8:00:14 PM::------------------------------------
------------------------------
2/19/2005 8:17:41 PM::------------------------------------
------------------------------
2/19/2005 8:17:41 PM::Initializing Clean - (ScanID:
A8D9A56C-BE27-4ABB-BBFE-3911BC)
2/19/2005 8:17:41 PM::Remove Threat (ID:15213)
2/19/2005 8:17:41 PM::Clean Threat
Trojan.Unclassified.ContextMenuHandler.A (ID:15213)
2/19/2005 8:17:46 PM::Removing file c:\windows\system32
\luziiy.dll
2/19/2005 8:17:50 PM::Disable file c:\windows\system32
\luziiy.dll and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\2FC234ED-5355-412D-A326-
1ABE1D\C2107A53-BD0A-4D95-97C3-4EE7F5
2/19/2005 8:17:50 PM::Clean Threat
Trojan.Unclassified.ContextMenuHandler.A (ID:15213)
Complete
2/19/2005 8:17:50 PM::Remove Threat (ID:15213) Complete
2/19/2005 8:17:50 PM::Remove Threat (ID:15207)
2/19/2005 8:17:50 PM::Clean Threat Vx2.Narrator (ID:15207)
2/19/2005 8:17:52 PM::Removing file c:\windows\system32
\wuygga.dat
2/19/2005 8:17:52 PM::Disable file c:\windows\system32
\wuygga.dat and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\98FE55F5-0546-4CF8-BE2E-
375A0D\F5F4E69A-3BF5-42D0-BDA6-EE9EE2
2/19/2005 8:17:52 PM::Removing file c:\windows\system32
\vuoqqi.exe
2/19/2005 8:17:55 PM::Disable file c:\windows\system32
\vuoqqi.exe and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\98FE55F5-0546-4CF8-BE2E-
375A0D\11C5997E-A67C-4B84-B16F-BC44DA
2/19/2005 8:17:55 PM::Delete registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Run [Narrator=C:\WINDOWS\system32\vuoqqi.exe]
2/19/2005 8:17:55 PM::Clean Threat Vx2.Narrator
(ID:15207) Complete
2/19/2005 8:17:55 PM::Remove Threat (ID:15207) Complete
2/19/2005 8:17:55 PM::Remove Threat (ID:14994)
2/19/2005 8:17:55 PM::Clean Threat Possible Hosts File
Hijack (ID:14994)
2/19/2005 8:17:57 PM::Run custom cleaner Host file
redirection of 69.20.16.183 auto.search.msn.com (149941)
2/19/2005 8:17:57 PM::Restore host file host
auto.search.msn.com
2/19/2005 8:17:57 PM::Clean Threat Possible Hosts File
Hijack (ID:14994) Complete
2/19/2005 8:17:57 PM::Remove Threat (ID:14994) Complete
2/19/2005 8:17:57 PM::Unititializing Clean
2/19/2005 8:17:57 PM::------------------------------------
------------------------------
2/19/2005 9:26:26 PM::------------------------------------
------------------------------
2/19/2005 9:26:26 PM::Initializing Clean - (ScanID:
DC5C1732-EEBC-45F3-8523-48953A)
2/19/2005 9:26:26 PM::Remove Threat (ID:15213)
2/19/2005 9:26:26 PM::Clean Threat
Trojan.Unclassified.ContextMenuHandler.A (ID:15213)
2/19/2005 9:26:27 PM::Terminating IE
2/19/2005 9:26:27 PM::Removing file c:\windows\system32
\luziiy.dll
2/19/2005 9:26:31 PM::Disable file c:\windows\system32
\luziiy.dll and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\B40A2220-6F40-49EA-8DD1-
F6D53B\9D7B16C0-1740-4CFC-83AC-D0F262
2/19/2005 9:26:31 PM::Clean Threat
Trojan.Unclassified.ContextMenuHandler.A (ID:15213)
Complete
2/19/2005 9:26:31 PM::Remove Threat (ID:15213) Complete
2/19/2005 9:26:31 PM::Remove Threat (ID:15207)
2/19/2005 9:26:31 PM::Clean Threat Vx2.Narrator (ID:15207)
2/19/2005 9:26:32 PM::Removing file c:\windows\system32
\wuygga.dat
2/19/2005 9:26:32 PM::Disable file c:\windows\system32
\wuygga.dat and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\AD2CE35E-C5F3-4B65-B6E2-
3060BD\79CA35DA-990C-4F6F-8B3E-BF4C82
2/19/2005 9:26:32 PM::Removing file c:\windows\system32
\vuoqqi.exe
2/19/2005 9:26:33 PM::Disable file c:\windows\system32
\vuoqqi.exe and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\AD2CE35E-C5F3-4B65-B6E2-
3060BD\8226F0B3-EF3C-4225-A674-D10D00
2/19/2005 9:26:33 PM::Delete registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Run [Narrator=C:\WINDOWS\system32\vuoqqi.exe]
2/19/2005 9:26:33 PM::Clean Threat Vx2.Narrator
(ID:15207) Complete
2/19/2005 9:26:33 PM::Remove Threat (ID:15207) Complete
2/19/2005 9:26:33 PM::Remove Threat (ID:14994)
2/19/2005 9:26:33 PM::Clean Threat Possible Hosts File
Hijack (ID:14994)
2/19/2005 9:26:33 PM::Run custom cleaner Host file
redirection of 69.20.16.183 auto.search.msn.com (149941)
2/19/2005 9:26:33 PM::Restore host file host
auto.search.msn.com
2/19/2005 9:26:33 PM::Clean Threat Possible Hosts File
Hijack (ID:14994) Complete
2/19/2005 9:26:33 PM::Remove Threat (ID:14994) Complete
2/19/2005 9:26:34 PM::Unititializing Clean
2/19/2005 9:26:34 PM::------------------------------------
Click to expand...
 
Back
Top