ClamWin Free Antivirus :: View topic

Posted: Fri Feb 15, 2008 2:32 pm

Hi

My machine is infected with a virus which clamwin cannot remove nor unload from memory.
Below is the report from a scanning which was done with reporting only, however on activating remove/delete the infected files were still in the system. Bear in mind they are not mails but duplicates of the virus.

Scan Started Fri Feb 15 09:53:06 2008

-------------------------------------------------------------------------------

WARNING: Can't open file \\?\C:\Documents and Settings\Admin\Local Settings\Temp\nsd2.tmp, Permission denied

WARNING: Can't open file \\?\C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\KDUJOLYN\activity;src=1035625;met=1;v=1;pid=23167347;aid=172855059;ko=0;cid=24240168;rid=24258021;rv=1;&timestamp=1201348268796;eid1=2;ecn1=0;etm1=10;eid3=12;ecn3=1;e[1].gi;e[1].gi&? ?O@@, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\KDUJOLYN\activity;src=998766;met=1;v=1;pid=23780696;aid=174849155;ko=0;cid=24341809;rid=24359662;rv=1;&timestamp=1201177431656;eid1=2;ecn1=1;etm1=10;eid2=10;ecn2=1;et[1].giet[1].gi&? ?O@@, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\ODMRC12B\activity;src=1035625;met=1;v=1;pid=23167347;aid=172855059;ko=0;cid=24240168;rid=24258021;rv=1;&timestamp=1201348258796;eid1=2;ecn1=1;etm1=10;eid2=11;ecn2=1;e[1].gi;e[1].gi&? ?O@@, No such file or directory

WARNING: Can't open file \\?\C:\hiberfil.sys, Permission denied

WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied

C:\Documents and Settings\Admin\Desktop\50 CENT MASSACRE\smss.exe: Trojan.Bakaki FOUND

C:\Documents and Settings\Admin\Desktop\Black on both Sides\smss.exe: Trojan.Bakaki FOUND

C:\Documents and Settings\Admin\Desktop\Dexta Stuff\Dexta\smss.exe: Trojan.Bakaki FOUND

C:\Documents and Settings\Admin\Desktop\Dexta Stuff\InProgress\smss.exe: Trojan.Bakaki FOUND

C:\Documents and Settings\Admin\Desktop\Dexta Stuff\Inventory\Db\smss.exe: Trojan.Bakaki FOUND

C:\Documents and Settings\Admin\Desktop\Dexta Stuff\iscs site CAPTCHA\smss.exe: Trojan.Bakaki FOUND

C:\Documents and Settings\Admin\Desktop\flash\Site\images\smss.exe: Trojan.Bakaki FOUND

C:\Documents and Settings\Admin\Desktop\flash\Site\smss.exe: Trojan.Bakaki FOUND

C:\Documents and Settings\Admin\Desktop\forex e-books\smss.exe: Trojan.Bakaki FOUND

C:\Documents and Settings\Admin\Desktop\Net_SMPP\Net_SMPP_Client-0.3.2\docs\examples\smss.exe: Trojan.Bakaki FOUND

C:\Documents and Settings\Admin\Desktop\Net_SMPP\Net_SMPP_Client-0.3.2\smss.exe: Trojan.Bakaki FOUND

C:\Documents and Settings\Admin\Desktop\Net_SMPP\smss.exe: Trojan.Bakaki FOUND

C:\Documents and Settings\Admin\Desktop\smss.exe: Trojan.Bakaki FOUND

C:\Documents and Settings\Admin\Desktop\trans\smss.exe: Trojan.Bakaki FOUND

C:\Documents and Settings\Admin\My Documents\downloads\CODE_UPLOAD1074510182000\smss.exe: Trojan.Bakaki FOUND

C:\Documents and Settings\Admin\My Documents\downloads\downloads\Hustler.Girls.Nr01.2007.SWEDiSH.XXX.eBooK-sEbook\smss.exe: Trojan.Bakaki FOUND

C:\Documents and Settings\Admin\My Documents\downloads\downloads\smss.exe: Trojan.Bakaki FOUND

C:\Documents and Settings\Admin\My Documents\downloads\images\smss.exe: Trojan.Bakaki FOUND

C:\Documents and Settings\Admin\My Documents\downloads\smss.exe: Trojan.Bakaki FOUND

C:\Documents and Settings\Admin\My Documents\My Music\soul\Untitled - 12-17-07\smss.exe: Trojan.Bakaki FOUND

C:\Documents and Settings\Admin\My Documents\sms\smss.exe: Trojan.Bakaki FOUND

C:\Documents and Settings\Admin\My Documents\smss.exe: Trojan.Bakaki FOUND

C:\Documents and Settings\All Users\Application Data\smss.exe: Trojan.Bakaki FOUND

C:\Documents and Settings\All Users\Documents\InProgress\smss.exe: Trojan.Bakaki FOUND

C:\Documents and Settings\All Users\Documents\My Music\smss.exe: Trojan.Bakaki FOUND

C:\Documents and Settings\Guest\Desktop\center11\smss.exe: Trojan.Bakaki FOUND

C:\Documents and Settings\Guest\Desktop\smss.exe: Trojan.Bakaki FOUND

C:\Documents and Settings\Guest\Local Settings\Application Data\smss.exe: Trojan.Bakaki FOUND

C:\Documents and Settings\Guest\My Documents\smss.exe: Trojan.Bakaki FOUND

C:\Program Files\Common Files\smss.exe: Trojan.Bakaki FOUND

C:\Program Files\Microsoft Visual Studio\Common\ClassList\smss.exe: Trojan.Bakaki FOUND

C:\Program Files\smss.exe: Trojan.Bakaki FOUND

C:\Program Files\Tramigo\M1 PC\smss.exe: Trojan.Bakaki FOUND

C:\smss.exe: Trojan.Bakaki FOUND

C:\wamp\www\ajaxibm\smss.exe: Trojan.Bakaki FOUND

C:\wamp\www\ajax_datagrid\includes\smss.exe: Trojan.Bakaki FOUND

C:\wamp\www\ajax_datagrid\smss.exe: Trojan.Bakaki FOUND

C:\wamp\www\forex\Images\smss.exe: Trojan.Bakaki FOUND

C:\wamp\www\image-gallery\library\smss.exe: Trojan.Bakaki FOUND

C:\wamp\www\silly\smss.exe: Trojan.Bakaki FOUND

C:\wamp\www\Site\images\smss.exe: Trojan.Bakaki FOUND

C:\wamp\www\Site\Scripts\smss.exe: Trojan.Bakaki FOUND

C:\wamp\www\transcriber\includes\smss.exe: Trojan.Bakaki FOUND

C:\wamp\www\transcriber\smss.exe: Trojan.Bakaki FOUND

C:\wamp\www\zach\smss.exe: Trojan.Bakaki FOUND

C:\WINDOWS\Resources\smss.exe: Trojan.Bakaki FOUND

----------- SCAN SUMMARY -----------

Known viruses: 210964

Engine version: 0.92

Scanned directories: 7803

Scanned files: 93115

Skipped non-executable files: 1070

Infected files: 46

Data scanned: 24809.95 MB

Time: 13321.016 sec (222 m 1 s)

--------------------------------------

Completed

--------------------------------------

Something else about the virus, it has also "deleted" the following files:
- task manager -> when i try opening it through run it says such file dont exist but when i search it is there
- regedit

I also cannot eject flush disk and when system starts it automatically opens C drive on new window

Can somebody please help me, I have already lost data in one PC and cannot afford to loose data n the server.

Thank you in advance