virus:w32/bagle.dy

[gcr1970]

I'm having problems with my pc.I can't recieve emails. Started running scans and found this site with some of the same problems. here is my log.

Code:

Logfile of HijackThis v1.99.1
Scan saved at 3:16:15 PM, on 12/8/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\CCURE800DLC\bin\ProSrvc.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O1 - Hosts: 172.16.1.56 mike_k # Machine running CCURE800 Server
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\ih40mj4.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [NPDTray] C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe /server"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Program Files\Yahoo!\YPSR\ppclean.exe" "clean" "cws" "2"
O4 - HKLM\..\RunOnce: [exthvfe.exe] C:\WINDOWS\System32\exthvfe.exe /k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lit.adventsystems.com
O17 - HKLM\Software\..\Telephony: DomainName = lit.adventsystems.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lit.adventsystems.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = lit.adventsystems.com
O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
O21 - SSODL: ANflhlJFzhXkqiDWBtL - {0CEEED4B-A644-47E1-E6CB-3D86500D7977} - C:\WINDOWS\System32\ucm.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CCURE800 System Service (CCURE800) - Unknown owner - C:\CCURE800\BIN\CCURE800.EXE
O23 - Service: CCURE800 Automatic Backup Service (CCUREAutoBackup) - Unknown owner - C:\CCURE800\BIN\CCUREAutoBackup.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ProService for 9.1D (ProService9.1D) - Progress Software - C:\CCURE800DLC\bin\ProSrvc.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[Ruby]

Welcome to HijackThis.de @ gcr1970

Please use vB Code as you are posting Logfiles.
You need to set [ CODE] at the beginning of the logfile and [ /CODE] at the end of the logfile.

Make sure you set windows to see the hidden files and folders.

Please load the following unknown files

C:\WINDOWS\System32\exthvfe.exe
C:\WINDOWS\System32\ucm.dll

1. ->up to Upload malicious software.
2. ->up to ST-Adware-Upload

If you need a zip-tool we suggest zipgenius (It is free).

Scan these files with Virustotal and Jotti

C:\CCURE800DLC\bin\ProSrvc.exe
C:\WINDOWS\System32\exthvfe.exe
C:\WINDOWS\System32\ucm.dll
C:\CCURE800\BIN\CCURE800.EXE
C:\CCURE800DLC\bin\ProSrvc.exe

Please make us know if you succeeded in uploading the files to both the URLs
and make us know every result of the Online Scans by copy&paste.


__________________

Please help us to keep this Free Service online

Konto EN - PayPal-US - PayPal-DE - Konto DE

you are welcome
Ruby

[gcr1970]

the ccure files are ok i know what they do. I have uploaded the files and here are the scans i ran.

Code:

This is a report processed by VirusTotal on 12/08/2005 at 23:50:14 (CET) after scanning the file "exthvfe.exe" file.
Antivirus Version Update Result 
AntiVir 6.33.0.61 12.08.2005 no virus found 
Avast 4.6.695.0 12.07.2005 no virus found 
AVG 718 12.08.2005 Generic.DWN 
Avira 6.33.0.61 12.08.2005 no virus found 
BitDefender 7.2 12.08.2005 no virus found 
CAT-QuickHeal 8.00 12.08.2005 (Suspicious) - DNAScan 
ClamAV devel-20051108 12.08.2005 no virus found 
DrWeb 4.33 12.08.2005 Trojan.Click.767 
eTrust-Iris 7.1.194.0 12.07.2005 no virus found 
eTrust-Vet 11.9.1.0 12.08.2005 no virus found 
Fortinet 2.54.0.0 12.08.2005 no virus found 
F-Prot 3.16c 12.07.2005 security risk named W32/Backdoor.HIY 
Ikarus 0.2.59.0 12.08.2005 no virus found 
Kaspersky 4.0.2.24 12.08.2005 Trojan.Win32.Kolweb.g 
McAfee 4646 12.08.2005 no virus found 
NOD32v2 1.1316 12.08.2005 Win32/Kolweb.G 
Norman 5.70.10 12.08.2005 W32/Kolweb.G 
Panda 8.02.00 12.08.2005 Adware/Adtomi 
Sophos 4.00.0 12.08.2005 no virus found 
Symantec 8.0 12.07.2005 no virus found 
TheHacker 5.9.1.051 12.08.2005 no virus found 
VBA32 3.10.5 12.08.2005 Trojan.Win32.Kolweb.g 



VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.> Go to: Home Contact En español 
--------------------------------------------------------------------------------
www.virustotal.com :: ©Hispasec Sistemas 2004,05 :: e-mail info@virustotal.com


This is a report processed by VirusTotal on 12/08/2005 at 23:55:38 (CET) after scanning the file "Copy_of_ucm.zip" file.
Antivirus Version Update Result 
AntiVir 6.33.0.61 12.08.2005 TR/Proxy.Agent.DF.14 
Avast 4.6.695.0 12.07.2005 Win32:Trojano-2801 
AVG 718 12.08.2005 Proxy.AMP 
Avira 6.33.0.61 12.08.2005 TR/Proxy.Agent.DF.14 
BitDefender 7.2 12.08.2005 no virus found 
CAT-QuickHeal 8.00 12.08.2005 TrojanProxy.Agent.df 
ClamAV devel-20051108 12.08.2005 no virus found 
DrWeb 4.33 12.08.2005 Trojan.DownLoader.4998 
eTrust-Iris 7.1.194.0 12.07.2005 no virus found 
eTrust-Vet 11.9.1.0 12.08.2005 no virus found 
Fortinet 2.54.0.0 12.08.2005 W32/Agent.DF-tr 
F-Prot 3.16c 12.07.2005 no virus found 
Ikarus 0.2.59.0 12.08.2005 no virus found 
Kaspersky 4.0.2.24 12.08.2005 Trojan-Proxy.Win32.Agent.df 
McAfee 4646 12.08.2005 no virus found 
NOD32v2 1.1316 12.08.2005 Win32/TrojanProxy.Agent.NAK 
Norman 5.70.10 12.08.2005 W32/Agent.ICJ 
Panda 8.02.00 12.08.2005 Trj/Agent.AEA 
Sophos 4.00.0 12.08.2005 no virus found 
Symantec 8.0 12.07.2005 Backdoor.Trojan 
TheHacker 5.9.1.051 12.08.2005 no virus found 
VBA32 3.10.5 12.08.2005 Trojan-Proxy.Win32.Agent.df 



VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.> Go to: Home Contact En español 
--------------------------------------------------------------------------------
www.virustotal.com :: ©Hispasec Sistemas 2004,05 :: e-mail info@virustotal.com

[Ruby]

=> Please read again

Please load the following unknown files

C:\WINDOWS\System32\exthvfe.exe
C:\WINDOWS\System32\ucm.dll

1. ->up to Upload malicious software.
2. ->up to ST-Adware-Upload

If you need a zip-tool we suggest zipgenius (It is free).

Scan these files with Virustotal and Jotti

C:\CCURE800DLC\bin\ProSrvc.exe
C:\CCURE800\BIN\CCURE800.EXE
C:\CCURE800DLC\bin\ProSrvc.exe

Please make us know if you succeeded in uploading the files to both the URLs
and make us know every result of the Online Scans by copy&paste.

__________________

Please help us to keep this Free Service online

Konto EN - PayPal-US - PayPal-DE - Konto DE

you are welcome
Ruby

[gcr1970]

ok i got the files uploaded to the second site and here are the logs.

Code:

This is a report processed by VirusTotal on 12/09/2005 at 14:27:22 (CET) after scanning the file "prosrvc.exe" file.
Antivirus Version Update Result 
AntiVir 6.33.0.61 12.09.2005 no virus found 
Avast 4.6.695.0 12.09.2005 no virus found 
AVG 718 12.08.2005 no virus found 
Avira 6.33.0.61 12.09.2005 no virus found 
BitDefender 7.2 12.09.2005 no virus found 
CAT-QuickHeal 8.00 12.08.2005 no virus found 
ClamAV devel-20051108 12.08.2005 no virus found 
DrWeb 4.33 12.09.2005 no virus found 
eTrust-Iris 7.1.194.0 12.09.2005 no virus found 
eTrust-Vet 11.9.1.0 12.09.2005 no virus found 
Fortinet 2.54.0.0 12.09.2005 no virus found 
F-Prot 3.16c 12.07.2005 no virus found 
Ikarus 0.2.59.0 12.09.2005 no virus found 
Kaspersky 4.0.2.24 12.09.2005 no virus found 
McAfee 4646 12.08.2005 no virus found 
NOD32v2 1.1316 12.08.2005 no virus found 
Norman 5.70.10 12.09.2005 no virus found 
Panda 8.02.00 12.08.2005 no virus found 
Sophos 4.00.0 12.09.2005 no virus found 
Symantec 8.0 12.07.2005 no virus found 
TheHacker 5.9.1.052 12.09.2005 no virus found 
VBA32 3.10.5 12.09.2005 no virus found 



VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.> Go to: Home Contact En español 
--------------------------------------------------------------------------------
www.virustotal.com :: ©Hispasec Sistemas 2004,05 :: e-mail info@virustotal.com



This is a report processed by VirusTotal on 12/09/2005 at 14:30:55 (CET) after scanning the file "ccure800.exe" file.
Antivirus Version Update Result 
AntiVir 6.33.0.61 12.09.2005 no virus found 
Avast 4.6.695.0 12.09.2005 no virus found 
AVG 718 12.08.2005 no virus found 
Avira 6.33.0.61 12.09.2005 no virus found 
BitDefender 7.2 12.09.2005 no virus found 
CAT-QuickHeal 8.00 12.08.2005 no virus found 
ClamAV devel-20051108 12.08.2005 no virus found 
DrWeb 4.33 12.09.2005 no virus found 
eTrust-Iris 7.1.194.0 12.09.2005 no virus found 
eTrust-Vet 11.9.1.0 12.09.2005 no virus found 
Fortinet 2.54.0.0 12.09.2005 no virus found 
F-Prot 3.16c 12.07.2005 no virus found 
Ikarus 0.2.59.0 12.09.2005 no virus found 
Kaspersky 4.0.2.24 12.09.2005 no virus found 
McAfee 4646 12.08.2005 no virus found 
NOD32v2 1.1316 12.08.2005 no virus found 
Norman 5.70.10 12.09.2005 no virus found 
Panda 8.02.00 12.08.2005 no virus found 
Sophos 4.00.0 12.09.2005 no virus found 
Symantec 8.0 12.07.2005 no virus found 
TheHacker 5.9.1.052 12.09.2005 no virus found 
VBA32 3.10.5 12.09.2005 no virus found 



VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Do not reply to this message. It has been generated by an automatic address that will not handle any reply. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware

[Ruby]

Hello Guest

As you want to get help of us, please load these files up:

C:\WINDOWS\System32\exthvfe.exe
C:\WINDOWS\System32\ucm.dll

->to Upload malicious software.
Please make us know if you succeeded in uploading the files.

Thank you.

[gcr1970]

here are the results email to me from malicious sotware.

Hello,
We have checked your file ucm.zip an get the following result:
Trojan-Proxy.Agent


Hello,
We have checked your file exthvfe.zip an get the following result:
Trojan.Kolweb

Im going to be out of town this weekend i will be back on this monday i really want to thank you for your help.

[Ruby]

Hello gcr1970

You will want to copy the text from this post and save it as a text file (*.txt) or print it because you will be working offline (in safemode) to resolve your problem and not have access to this forum.

Follow these STEPS.

STEP 1
You must turn off System Restore during this process. You will keep it off until we are done fixing your system.

STEP 2

1. Download mwavscan (It is free), if you don't have a zip-tool we suggest zipgenius (It is free).
2. You MUST Unzip mwavscan to 'C:\bases' (case sensitive, any other folder and it won't work properly)
3. After installing some systems automatically start up the program, if this happens close it, you don't want to run it now.
4. Open 'My Computer'
5. Double click on 'C:'
6. Double click on the folder 'bases'
7. Now in that root folder look for 'kavupd.exe' and double click on it. (We are updating mwavscan to the latest definitions.)
8. NOTE: Occasionally users receive an error that 'signatures are more then 30 days old'. If you receive this keep trying to run kavupd.exe, it means the definition server is busy, but you will eventually get through.

STEP 3

1. Now turn off your computer and remove the network cable/phone line from your machine.
2. Reboot your computer into Safe Mode

STEP 4

1. Open 'My Computer'
2. Double click on 'C:'
3. Double click on the folder 'bases'
4. Double click on 'mwavscan.com'
5. Now close all other windows, browsers, and programs other then Mwavscan before continuing
6. Checkmark: Memory, StartUp-Folders, Drives, All Local Drives, Registry and INI Files, System Folders, Services
7. Now select 'Scan All Files'
8. Finally, click on 'Scan Clean' (The program will take several hours to run)
9. When the scan is complete, click 'View Log' and Save it!

STEP 5

1. Reconnect your network cable/phone line
2. Reboot your system into normal mode.

STEP 6

1. Open 'My Computer'
2. Double click on 'C:'
3. Double click on the folder 'bases'
4. Find the log file in the directory.
5. Open it with an editor (Notepad will do fine)
6. Look for the files which are tagged as "virus" or "infected"
7. Copy&paste all these files tagged as "virus" or "infected" in a new document and save to your desktop

STEP 7
Run Hijackthis again and have it save a new log file.

Step 8

Post every file of mwavscan by looking for "infected" and "tagged as" to this thread:

It looks like this:

File C:\WINDOWS\sssasasb32.exe infected by "Trojan-Downloader.Win32.Agent.ig" Virus. Action Taken

File C:\Documents and Settings\Name\Local Settings\Application Data\Wildtangent\0F.dat tagged as not-a-virus:AdWare.WildTangent.b. No Action Taken.

Also post the total results:

=>Total Number of Files Scanned:
=>Total Number of Virus(es) Found:
=>Total Number of Disinfected Files:
=>Total Number of Files Renamed:
=>Total Number of Deleted Files:
=>Total Number of Errors:
***** Scanning complete. *****

Finally, post the new Hijackthis logfile!