Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Jan 8th, 2009, 10:20am
   Mischel Internet Security Forum
   TrojanHunter
   TrojanHunter Scanner (Moderators: Helena, Gavin_Coe, Magnus)
   Scan Results		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Scan Results  (Read 380 times)
Confuesed_X_2
Newbie
*





   


Posts: 3
Scan Results
« on: Jul 28th, 2007, 2:56pm »		 Quote Quote  Modify Modify
I did a full scan and found the following results. I'm not sure want to do about them or even if they are bad. Could someone give it a quick look and advise the best action to take. Thanks.
 
 
Registry scan
No suspicious entries found
Inifile scan
No suspicious entries found
Port scan
No suspicious open ports found
Memory scan
No trojans found in memory
File scan
Found NTFS alternate data stream: C:\Documents and Settings\Desktop\free_tv.zip:Zone.Identifier:$DATA (View ADS stream...) (Delete ADS stream)
Found NTFS alternate data stream: C:\Documents and Settings\Desktop\unused\ChannelerInst.exe:Zone.Identifier:$DATA (View ADS stream...) (Delete ADS stream)
Found NTFS alternate data stream: C:\Documents and Settings\Desktop\unused\iss3_en.exe:Zone.Identifier:$DATA (View ADS stream...) (Delete ADS stream)
Found NTFS alternate data stream: C:\Documents and Settings\Desktop\unused\optimize-2001.exe:Zone.Identifier:$DATA (View ADS stream...) (Delete ADS stream)
Found NTFS alternate data stream: C:\Documents and Settings\Desktop\unused\ParentalControls.exe:Zone.Identifier:$DATA (View ADS stream...) (Delete ADS stream)
Found NTFS alternate data stream: C:\Documents and Settings\Desktop\unused\pscan13.exe:Zone.Identifier:$DATA (View ADS stream...) (Delete ADS stream)
Found NTFS alternate data stream: C:\Documents and Settings\Desktop\unused\TMASInstall_DR_US.exe:Zone.Identifier:$DATA (View ADS stream...) (Delete ADS stream)
Found NTFS alternate data stream: C:\Documents and Settings\My Documents\My Videos\RUSH\red_skeltons_special_pledge.member.htm:Zone.Identifier:$DATA  (View ADS stream...) (Delete ADS stream)
Found NTFS alternate data stream: C:\Documents and Settings\My Documents\My Videos\RUSH\ronald_reagan_pt_2.member.htm:Zone.Identifier:$DATA (View ADS stream...) (Delete ADS stream)
Found NTFS alternate data stream: C:\Documents and Settings\My Documents\My Videos\RUSH\ronald_reagan_writes_rush.member.htm:Zone.Identifier:$DATA (View ADS stream...) (Delete ADS stream)
Found NTFS alternate data stream: C:\Documents and Settings\My Documents\My Videos\RUSH\rush_s_tribute_to_reagan_part_i.member.htm:Zone.Identifier:$ DATA (View ADS stream...) (Delete ADS stream)
Found NTFS alternate data stream: C:\Documents and Settings\My Documents\My Videos\RUSH\rush_s_tribute_to_ronald_reagan__part_iii_.member.htm:Zone.I dentifier:$DATA (View ADS stream...) (Delete ADS stream)
Found NTFS alternate data stream: C:\Documents and Settings\My Documents\My Videos\RUSH\rush_s_tribute_to_ronald_reagan__part_iv_.member.htm:Zone.Id entifier:$DATA (View ADS stream...) (Delete ADS stream)
Found NTFS alternate data stream: C:\Documents and Settings\My Documents\SC_NGX_R60_HFA1_598001019.exe:Zone.Identifier:$DATA (View ADS stream...) (Delete ADS stream)
Warning: Unable to unpack UPX-packed file C:\I386\usbuhci.sys (Add to ignore list)
C:\pagefile.sys  Not scanned (in use by another application)
Found NTFS alternate data stream: C:\Program Files\Gold Miner\GoldMiner.exe:{229CFD18-7A65-A87D-8C87-2B9433C762DF}:$DATA (View ADS stream...) (Delete ADS stream)
Warning: Executable file with double extensions found: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IO.Log.dll
Warning: Unable to unpack UPX-packed file C:\Program Files\TrojanHunter 4.6\Tools\LiveUpdate\LiveUpdate.exe (Add to ignore list)
Found NTFS alternate data stream: C:\WINDOWS\$NtServicePackUninstall$\svchost.exe:<5>SummaryInformation:$D ATA (View ADS stream...) (Delete ADS stream)
Found NTFS alternate data stream: C:\WINDOWS\$NtServicePackUninstall$\svchost.exe:{4c8cc155-6c1e-11d1-8e41 -00c04fb9386d}:$DATA (View ADS stream...) (Delete ADS stream)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\$NtServicePackUninstall$\usbuhci.sys (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\$NtUninstallKB822603$\usbuhci.sys (Add to ignore list)
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.3300.0__b03f5f7f11 d50a3a\Microsoft.VisualBasic.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11 d50a3a\Microsoft.VisualBasic.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Micro soft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Micro soft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.W eb.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.W eb.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\System.Xml\1.0.3300.0__b77a5c561934e089\System.X ML.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.X ML.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b0 3f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.W eb.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f 11d50a3a\Microsoft.VisualBasic.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Mic rosoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\Sys tem.IO.Log.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System .XML.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5 c561934e089_1f6980b1\System.Xml.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5 c561934e089_642467f6\System.Xml.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.VisualBasic.Vsa.d ll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.XML.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.d ll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa. dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
While scanning C:\WINDOWS\SYSTEM32\devmgr.dll: File C:\WINDOWS\SYSTEM32\DevMngr.vxd not found
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\i386\usbuhci.sys (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\usbuhci.sys (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\usbuhci.sys (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\SYSTEM32\ReinstallBackups\0008\DriverFiles\i386\usbuhci.sys (Add to ignore list)
Warning: Executable file with double extensions found: C:\WINDOWS\SYSTEM32\ZoneLabs\lib\ConfigWizard.zip.dll
Warning: Executable file with double extensions found: C:\WINDOWS\SYSTEM32\ZoneLabs\lib\licenseui.zip.dll
Warning: Executable file with double extensions found: C:\WINDOWS\SYSTEM32\ZoneLabs\lib\zlsvc.zip.dll
Warning: Executable file with double extensions found: C:\WINDOWS\SYSTEM32\ZoneLabs\lib\zpy.zip.dll
Warning: Executable file with double extensions found: C:\WINDOWS\SYSTEM32\ZoneLabs\lib\zui.zip.dll
No trojan files found
21732 files scanned in 1708 seconds
 
« Last Edit: Jul 28th, 2007, 4:27pm by Confuesed_X_2 » IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5960
Re: Scan Results
« Reply #1 on: Jul 28th, 2007, 4:41pm »		 Quote Quote  Modify Modify
Welcome to the forum Confuesed_x_2  Cheesy
 
The links below in the FAQ section of the forum hopefully will answer most of your questions on the scan results you have.
 
-  Double Extensions
http://www.misec.net/forum/board/FAQ/1139255660
 
-  Alternate Data Streams
http://www.misec.net/forum/board/FAQ/1139255678
 
Basically,
 
-  On each of the items with an Alternate Data Stream, click on Delete ADS Stream and let TH remove the ADS.  Once the ADS is removed, it will no longer show up in subsequent scans....it is gone...the main file itself remains intact and okay.
 
-  On the line items that state "Unable to unpack UPX-packed file", just add these to your Ignore list.  These drivers are part of the USB subsystem and are okay.
 
-  On examining the items with double extensions, these are all well documented benign files.  I recommend that you uncheck the option in TH scanner that logs files that have double extensions.  It will still scan them for infections; it will just not display the double extension item in your scan log
 
a.  Open TH Scanner
b.  Click on the Options icon on the left menu bar
c.  Uncheck the very last option "Log executable files with double extensions"  (All other options should be checked).  
 
 
 
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Confuesed_X_2
Newbie
*





   


Posts: 3
Re: Scan Results
« Reply #2 on: Jul 28th, 2007, 9:12pm »		 Quote Quote  Modify Modify
Thanks much! I will Get-R-Done.
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5960
Re: Scan Results
« Reply #3 on: Jul 29th, 2007, 1:01am »		 Quote Quote  Modify Modify
Also:
 
Quote:
Warning: Unable to unpack UPX-packed file C:\Program Files\TrojanHunter 4.6\Tools\LiveUpdate\LiveUpdate.exe (Add to ignore list)  

 
The above indicates that you are running an out-of-date version of TH.  The latest version is V4.7.932.  
 
The link below describes how to uninstall/install TrojanHunter.
 
http://www.misec.net/forum/board/FAQ/1139255716
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register