the gates of hell has been unleashed upon my pc for the 2nd time this month.
trojans, spyware and viruses made their way onto my pc as soon as i clicked on
csi link from bt.chat.com and their friggin advertisers. this has happened
despite a dozen's worth of applications protecting me and objects continue to
do as they please on my pc.
please also advise the people their of this and the results. i will post the
eset nod32 log files results below.
time scanner object name threat user information
5/8/2008 9:41:09 pm http filter file http://adxanet.net/snapsnet.exe
a variant of win32/trojandownloader.vb.aw trojan
connection terminated - quarantined monster2\c threat was detected
upon access to web by the application: c:\documents and
settings\c\local settings\temp\xrun.exe.
5/8/2008 9:41:43 pm http filter file
http://adxanet.net/yazzsnet.exeprobably a variant of
win32/trojandownloader.purityscan trojan connection terminated -
quarantined monster2\c threat was detected upon
access to web by the application: c:\documents and settings\c\local
settings\temp\xrun.exe.
5/8/2008 9:42:39 pm real-time file system protection file
c:\docume~1\c\locals~1\temp\yazzsnet.exe probably a
variant of win32/trojandownloader.purityscan trojan deleted - quarantined
nt authority\system event occurred on a new file
created by the application: c:\docume~1\c\locals~1\temp\xrun.exe.
5/8/2008 9:42:54 pm real-time file system protection file
c:\documents and settings\c\local settings\temporary
internet files\content.ie5\by8nb18t\yazzsnet[1].exe probably a variant of
win32/trojandownloader.purityscan trojan deleted
(after the next restart) - quarantined nt authority\system event occurred
on a new file created by the application:
c:\docume~1\c\locals~1\temp\xrun.exe.
5/8/2008 9:43:10 pm http filter file
http://ymq.a572.wrs.mcboo.com/17pholmes.cmt probably a variant of
win32/trojandownloader.agent.bls trojan connection terminated - quarantined
monster2\c threat was detected upon access to
web by the application: c:\documents and settings\c\local
settings\temp\wavvsnet.exe.
5/8/2008 9:43:32 pm http filter file
http://ymq.a572.wrs.mcboo.com/17pholmes.cmt probably a variant of
win32/trojandownloader.agent.bls trojan connection terminated - quarantined
monster2\c threat was detected upon access to
web by the application: c:\documents and settings\c\local
settings\temp\wavvsnet.exe.
5/8/2008 9:44:16 pm real-time file system protection file
c:\docume~1\c\locals~1\temp\removalfile.bat
win32/adware.virtumonde application cleaned by deleting - quarantined
nt authority\system event occurred on a file
modified by the application: c:\docume~1\c\locals~1\temp\rasesnet.exe.
5/8/2008 9:44:16 pm real-time file system protection file
c:\docume~1\c\locals~1\temp\removalfile.bat
win32/adware.virtumonde application cleaned by deleting - quarantined
nt authority\system event occurred on a new file
created by the application: c:\docume~1\c\locals~1\temp\rasesnet.exe.
5/8/2008 9:48:34 pm http filter file http://download-
av.com/avsystemcare.com/avsystemcare/install_en.exe
win32/adware.avsystemcare application connection terminated - quarantined
monster2\c threat was detected upon access to
web by the application: c:\documents and settings\c\local
settings\temp\xpre.exe.
5/8/2008 9:49:09 pm http filter file
http://ymq.a572.wrs.mcboo.com/17pholmes.cmt probably a variant of
win32/trojandownloader.agent.bls trojan connection terminated - quarantined
monster2\c threat was detected upon access to
web by the application: c:\documents and settings\c\local
settings\temp\wavvsnet.exe.
5/8/2008 9:49:36 pm http filter file http://download-
av.com/antispywaremaster.com/antispywaremaster/install_en.cab
win32/adware.avsystemcare application connection terminated - quarantined
monster2\c threat was detected upon access to
web by the application: c:\windows\system32\mshta.exe.
5/8/2008 9:50:06 pm real-time file system protection file
c:\docume~1\c\locals~1\temp\removalfile.bat
win32/adware.virtumonde application cleaned by deleting - quarantined
nt authority\system event occurred on a new file
created by the application: c:\docume~1\c\locals~1\temp\rasesnet.exe.
5/8/2008 10:25:44 pm real-time file system protection file
c:\docume~1\c\locals~1\temp\aawtmp\c649233
\f3c4a\uga6p_0001_n122m2802netinstaller.exe win32/adware.avsystemcare
application
cleaned by deleting - quarantined nt authority\system event occurred
on a new file created by the application: c:\program
files\lavasoft\ad-aware se professional\ad-aware.exe.
trojans, spyware and viruses made their way onto my pc as soon as i clicked on
csi link from bt.chat.com and their friggin advertisers. this has happened
despite a dozen's worth of applications protecting me and objects continue to
do as they please on my pc.
please also advise the people their of this and the results. i will post the
eset nod32 log files results below.
time scanner object name threat user information
5/8/2008 9:41:09 pm http filter file http://adxanet.net/snapsnet.exe
a variant of win32/trojandownloader.vb.aw trojan
connection terminated - quarantined monster2\c threat was detected
upon access to web by the application: c:\documents and
settings\c\local settings\temp\xrun.exe.
5/8/2008 9:41:43 pm http filter file
http://adxanet.net/yazzsnet.exeprobably
a variant of win32/trojandownloader.purityscan trojan connection terminated -
quarantined monster2\c threat was detected upon
access to web by the application: c:\documents and settings\c\local
settings\temp\xrun.exe.
5/8/2008 9:42:39 pm real-time file system protection file
c:\docume~1\c\locals~1\temp\yazzsnet.exe probably a
variant of win32/trojandownloader.purityscan trojan deleted - quarantined
nt authority\system event occurred on a new file
created by the application: c:\docume~1\c\locals~1\temp\xrun.exe.
5/8/2008 9:42:54 pm real-time file system protection file
c:\documents and settings\c\local settings\temporary
internet files\content.ie5\by8nb18t\yazzsnet[1].exe probably a variant of
win32/trojandownloader.purityscan trojan deleted
(after the next restart) - quarantined nt authority\system event occurred
on a new file created by the application:
c:\docume~1\c\locals~1\temp\xrun.exe.
5/8/2008 9:43:10 pm http filter file
http://ymq.a572.wrs.mcboo.com/17pholmes.cmt
probably a variant of win32/trojandownloader.agent.bls trojan connection terminated - quarantined
monster2\c threat was detected upon access to
web by the application: c:\documents and settings\c\local
settings\temp\wavvsnet.exe.
5/8/2008 9:43:32 pm http filter file
http://ymq.a572.wrs.mcboo.com/17pholmes.cmt
probably a variant of win32/trojandownloader.agent.bls trojan connection terminated - quarantined
monster2\c threat was detected upon access to
web by the application: c:\documents and settings\c\local
settings\temp\wavvsnet.exe.
5/8/2008 9:44:16 pm real-time file system protection file
c:\docume~1\c\locals~1\temp\removalfile.bat
win32/adware.virtumonde application cleaned by deleting - quarantined
nt authority\system event occurred on a file
modified by the application: c:\docume~1\c\locals~1\temp\rasesnet.exe.
5/8/2008 9:44:16 pm real-time file system protection file
c:\docume~1\c\locals~1\temp\removalfile.bat
win32/adware.virtumonde application cleaned by deleting - quarantined
nt authority\system event occurred on a new file
created by the application: c:\docume~1\c\locals~1\temp\rasesnet.exe.
5/8/2008 9:48:34 pm http filter file http://download-
av.com/avsystemcare.com/avsystemcare/install_en.exe
win32/adware.avsystemcare application connection terminated - quarantined
monster2\c threat was detected upon access to
web by the application: c:\documents and settings\c\local
settings\temp\xpre.exe.
5/8/2008 9:49:09 pm http filter file
http://ymq.a572.wrs.mcboo.com/17pholmes.cmt
probably a variant of win32/trojandownloader.agent.bls trojan connection terminated - quarantined
monster2\c threat was detected upon access to
web by the application: c:\documents and settings\c\local
settings\temp\wavvsnet.exe.
5/8/2008 9:49:36 pm http filter file http://download-
av.com/antispywaremaster.com/antispywaremaster/install_en.cab
win32/adware.avsystemcare application connection terminated - quarantined
monster2\c threat was detected upon access to
web by the application: c:\windows\system32\mshta.exe.
5/8/2008 9:50:06 pm real-time file system protection file
c:\docume~1\c\locals~1\temp\removalfile.bat
win32/adware.virtumonde application cleaned by deleting - quarantined
nt authority\system event occurred on a new file
created by the application: c:\docume~1\c\locals~1\temp\rasesnet.exe.
5/8/2008 10:25:44 pm real-time file system protection file
c:\docume~1\c\locals~1\temp\aawtmp\c649233
\f3c4a\uga6p_0001_n122m2802netinstaller.exe win32/adware.avsystemcare
application
cleaned by deleting - quarantined nt authority\system event occurred
on a new file created by the application: c:\program
files\lavasoft\ad-aware se professional\ad-aware.exe.
