Quick Question about my Kapersky Scan Log

Discussion in 'Malware Help (A Specialist Will Reply)' started by ComfortablyDumb, Aug 13, 2006.

  1. ComfortablyDumb

    ComfortablyDumb Private E-2

    I have a question about my scan log from the Kapersky online scanner (attached).

    On the files that say object is locked is that because they are necessary files for windows, Or is it safe to remove them (or try to) using killbox?

    Thank you for your time
     
    Last edited: Aug 13, 2006
    ComfortablyDumb, Aug 13, 2006
    #1
  2. ComfortablyDumb

    ComfortablyDumb Private E-2

    I apparently cant attach the log when editing, or just can't figure it out. It keeps saying upload errors and posting before I am done.
     
    ComfortablyDumb, Aug 13, 2006
    #2
  3. ComfortablyDumb

    ComfortablyDumb Private E-2

    Ok I know we aren't supposed to put inline logs, so since I can't upload mine for some reason, I am going to just copy and paste a section of it that shows what I am asking about and hope, by doing so, I'm not breaking any major rules and going to get sent to the "Principal's Office" over it.

    C:\Documents and Settings\Michael\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\Michael\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.dll Infected: Trojan-PSW.Win32.Sinowal.am skipped

    C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00005.dll Infected: Trojan-PSW.Win32.Sinowal.am skipped
     
    ComfortablyDumb, Aug 13, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Some of the files you are questioning are system files that Windows is protecting. But the last couple like this one C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.dll are serious issues!

    See this links for what you have: http://www.liutilities.com/products/wintaskspro/processlibrary/ibm00001/


    You are strongly advised to do the following immediately:
    1. Disconnect infected computer from the internet and from any networked computers until the computer can be cleaned. If you have network compters, start checking them for problems too.
    2. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
    3. From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
    Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passords and transaction information.


    Now you really need to follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    Downloading, Installing, and Running HijackThis

    Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.


    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

      • [*]runkeys.txt - the log from GetRunKey.bat
        [*]newfiles.txt - the log from ShowNew.bat
      • CounterSpy - ONLY IF you were not able to run Windows Defender
      • Bitdefender - from step 6
      • Panda Scan - from step 6
      • HijackThis
    NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
     
    chaslang, Aug 14, 2006
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds