Yes, I read the rules, but this is a business computer with sensitive information and I am not comfortable with posting information in a public forum. At this point I'm just trying to determine if there is cause for concern or it's just false positives and typical windows (XP sp3) issues.
I have run eset's online scanner and it found:
C:\EudoraPro4\Attach\Security_Support_Form.htm HTML/Phishing.Gen trojan
C:\EudoraPro4\AttachOld\account.html HTML/Phishing.Gen trojan
C:\EudoraPro4\AttachOld\PayPal_Limited_From.html HTML/Phishing.Gen trojan
C:\EudoraPro4\AttachOld\restore.html HTML/Phishing.Gen trojan
C:\EudoraPro4\AttachOld\Warning. Still could not deliver email1.htm HTML/Refresh.AD trojan
all old email attachments. No problem.
AVG found:
"";"PCIIDEX.SYS, hooked import HAL.dll WRITE_PORT_UCHAR -> spli.sys +0x2F9C, C:\WINDOWS\system32\drivers\spli.sys";"Infected"
"";"PCIIDEX.SYS, hooked import HAL.dll WRITE_PORT_ULONG -> spli.sys +0x23E6, C:\WINDOWS\system32\drivers\spli.sys";"Infected"
"";"i8042prt.sys, hooked import HAL.dll READ_PORT_UCHAR -> spli.sys +0x13976, C:\WINDOWS\system32\drivers\spli.sys";"Infected"
"";"atapi.sys, hooked import HAL.dll WRITE_PORT_UCHAR -> spli.sys +0x2F9C, C:\WINDOWS\system32\drivers\spli.sys";"Infected"
"";"atapi.sys, hooked import HAL.dll WRITE_PORT_BUFFER_USHORT -> spli.sys +0x3178, C:\WINDOWS\system32\drivers\spli.sys";"Infected"
"";"atapi.sys, hooked import HAL.dll READ_PORT_USHORT -> spli.sys +0x2116, C:\WINDOWS\system32\drivers\spli.sys";"Infected"
"";"atapi.sys, hooked import HAL.dll READ_PORT_BUFFER_USHORT -> spli.sys +0x21D4, C:\WINDOWS\system32\drivers\spli.sys";"Infected"
"";"atapi.sys, hooked import HAL.dll READ_PORT_UCHAR -> spli.sys +0x290E, C:\WINDOWS\system32\drivers\spli.sys";"Infected"
Trend Micro's Housecall found:
MAL_HIFRM and HTML_REDIR.BGS , not in memory, but in some files on the drive. one an email old attachment and the other as an eml file under data/mcfee/spamkiller/2/..... I can't get the logs into plain text so I'm just approx what it shows. I moved these files to a safe folder and renamed them.
(I've never had Mcfee on this computer, except it might have some with some trial version from Dell.)
Forticlient shows:
Scan started at Tuesday, August 20, 2013 2:49:23 PM.
av_engine: 5.146; mdare: 2.0.37.0; vir_sig: 19.059; vir_ext: 19.046;
C:\Program Files\Common Files\Acronis\UniversalRestore\DriversPack\MSSCSI\msvmscsi.sys, virus found: W32/Sasfis.COFD!tr, action: Remove/quarantine
C:\WINDOWS\$NtServicePackUninstall$\HAL.DLL.000, virus found: W32/Dialer.MD!tr, action: Remove/quarantine
C:\WINDOWS\$NtServicePackUninstall$\HAL.DLL.001, virus found: W32/Dialer.MD!tr, action: Remove/quarantine
C:\WINDOWS\hfold\KB941644\SP2QFE\TCPIP.SYS, virus found: W32/Jorik_Vobfus.DZID!tr, action: Remove/quarantine
Scan finished at Tuesday, August 20, 2013 3:41:07 PM.
Total files scanned 131095, infected 4. Total boot blocks scanned 9, infected 0.
The current scan type is [Custom Scan].
The path being scanned is [C:\].
What "symptoms" are we expeiencing?
1. icons on the desktop are forced to auto arrange to the grid, no matter what the setting.
2. after the computer has sat idle for about 30 minutes, trying to start a new process (open a window/ application, ie browser etc) takes about 30 seconds to a couple of minutes just to start. If we stay working on the computer this does not happen.
3. the network is "weird." By that I mean sometimes it'll find computers and sometimes not. I can always ping them if I know their IP but relying on the name of the computer is hit or miss. Sometimes it'll work sometimes not. one time it'll work fine, and 10 minutes later it'll not find that same computer.
4. MS updates will sometimes fail or take several attemps to get installed. One (SQL update) will fail every time not matter what. Some fail and I will manually do the update and then the updates will try to reinstall the same update and say it failed.
So the question is: is this computer infected? How can I solve the problem if it is?
Thank you.
I have run eset's online scanner and it found:
C:\EudoraPro4\Attach\Security_Support_Form.htm HTML/Phishing.Gen trojan
C:\EudoraPro4\AttachOld\account.html HTML/Phishing.Gen trojan
C:\EudoraPro4\AttachOld\PayPal_Limited_From.html HTML/Phishing.Gen trojan
C:\EudoraPro4\AttachOld\restore.html HTML/Phishing.Gen trojan
C:\EudoraPro4\AttachOld\Warning. Still could not deliver email1.htm HTML/Refresh.AD trojan
all old email attachments. No problem.
AVG found:
"";"PCIIDEX.SYS, hooked import HAL.dll WRITE_PORT_UCHAR -> spli.sys +0x2F9C, C:\WINDOWS\system32\drivers\spli.sys";"Infected"
"";"PCIIDEX.SYS, hooked import HAL.dll WRITE_PORT_ULONG -> spli.sys +0x23E6, C:\WINDOWS\system32\drivers\spli.sys";"Infected"
"";"i8042prt.sys, hooked import HAL.dll READ_PORT_UCHAR -> spli.sys +0x13976, C:\WINDOWS\system32\drivers\spli.sys";"Infected"
"";"atapi.sys, hooked import HAL.dll WRITE_PORT_UCHAR -> spli.sys +0x2F9C, C:\WINDOWS\system32\drivers\spli.sys";"Infected"
"";"atapi.sys, hooked import HAL.dll WRITE_PORT_BUFFER_USHORT -> spli.sys +0x3178, C:\WINDOWS\system32\drivers\spli.sys";"Infected"
"";"atapi.sys, hooked import HAL.dll READ_PORT_USHORT -> spli.sys +0x2116, C:\WINDOWS\system32\drivers\spli.sys";"Infected"
"";"atapi.sys, hooked import HAL.dll READ_PORT_BUFFER_USHORT -> spli.sys +0x21D4, C:\WINDOWS\system32\drivers\spli.sys";"Infected"
"";"atapi.sys, hooked import HAL.dll READ_PORT_UCHAR -> spli.sys +0x290E, C:\WINDOWS\system32\drivers\spli.sys";"Infected"
Trend Micro's Housecall found:
MAL_HIFRM and HTML_REDIR.BGS , not in memory, but in some files on the drive. one an email old attachment and the other as an eml file under data/mcfee/spamkiller/2/..... I can't get the logs into plain text so I'm just approx what it shows. I moved these files to a safe folder and renamed them.
(I've never had Mcfee on this computer, except it might have some with some trial version from Dell.)
Forticlient shows:
Scan started at Tuesday, August 20, 2013 2:49:23 PM.
av_engine: 5.146; mdare: 2.0.37.0; vir_sig: 19.059; vir_ext: 19.046;
C:\Program Files\Common Files\Acronis\UniversalRestore\DriversPack\MSSCSI\msvmscsi.sys, virus found: W32/Sasfis.COFD!tr, action: Remove/quarantine
C:\WINDOWS\$NtServicePackUninstall$\HAL.DLL.000, virus found: W32/Dialer.MD!tr, action: Remove/quarantine
C:\WINDOWS\$NtServicePackUninstall$\HAL.DLL.001, virus found: W32/Dialer.MD!tr, action: Remove/quarantine
C:\WINDOWS\hfold\KB941644\SP2QFE\TCPIP.SYS, virus found: W32/Jorik_Vobfus.DZID!tr, action: Remove/quarantine
Scan finished at Tuesday, August 20, 2013 3:41:07 PM.
Total files scanned 131095, infected 4. Total boot blocks scanned 9, infected 0.
The current scan type is [Custom Scan].
The path being scanned is [C:\].
What "symptoms" are we expeiencing?
1. icons on the desktop are forced to auto arrange to the grid, no matter what the setting.
2. after the computer has sat idle for about 30 minutes, trying to start a new process (open a window/ application, ie browser etc) takes about 30 seconds to a couple of minutes just to start. If we stay working on the computer this does not happen.
3. the network is "weird." By that I mean sometimes it'll find computers and sometimes not. I can always ping them if I know their IP but relying on the name of the computer is hit or miss. Sometimes it'll work sometimes not. one time it'll work fine, and 10 minutes later it'll not find that same computer.
4. MS updates will sometimes fail or take several attemps to get installed. One (SQL update) will fail every time not matter what. Some fail and I will manually do the update and then the updates will try to reinstall the same update and say it failed.
So the question is: is this computer infected? How can I solve the problem if it is?
Thank you.