Broadband Tech → Security → Security Cleanup > Tower infected

Re: Tower infected

Hoping you are on. I can do this but I can not for the life of me find the 3 video's on the download page. Is it that important?

No, don't worry about that.

2013-09-25 20:36:49 Sophos Virus Removal Tool version 2.4
2013-09-25 20:36:49 Copyright (c) 2009-2013 Sophos Limited. All rights reserved.

2013-09-25 20:36:49 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-09-25 20:36:49 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
2013-09-25 20:36:49 Checking for updates...
2013-09-25 20:36:53 Update progress: proxy server not available
2013-09-25 20:37:03 Option all = no
2013-09-25 20:37:03 Option recurse = yes
2013-09-25 20:37:03 Option archive = no
2013-09-25 20:37:03 Option service = yes
2013-09-25 20:37:03 Option confirm = yes
2013-09-25 20:37:03 Option sxl = yes
2013-09-25 20:37:03 Option max-data-age = 35
2013-09-25 20:37:03 Option EnableSafeClean = yes
2013-09-25 20:37:05 Component SVRTcli.exe version 2.4
2013-09-25 20:37:05 Component control.dll version 2.4
2013-09-25 20:37:05 Component SVRTservice.exe version 2.4
2013-09-25 20:37:05 Component engine\osdp.dll version 1.44.0.2120
2013-09-25 20:37:05 Component engine\veex.dll version 3.47.3.2120
2013-09-25 20:37:05 Component engine\savi.dll version 8.0.0.2120
2013-09-25 20:37:05 Component rkdisk.dll version 1.5.30.0
2013-09-25 20:37:05 Version info: Product version 2.4
2013-09-25 20:37:05 Version info: Detection engine 3.47.3
2013-09-25 20:37:05 Version info: Detection data 4.93
2013-09-25 20:37:05 Version info: Build date 9/11/2013
2013-09-25 20:37:05 Version info: Data files added 376
2013-09-25 20:37:05 Version info: Last successful update (not yet updated)
2013-09-25 20:38:06 Downloading updates...
2013-09-25 20:38:06 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2013-09-25 20:38:06 Update progress: [I49502] Found supplement SAVIW32 LATEST 4
2013-09-25 20:38:06 Update progress: [I49502] Found supplement IDE494 LATEST
2013-09-25 20:38:06 Update progress: [I49502] Found supplement IDE495 LATEST
2013-09-25 20:38:06 Update progress: [I49502] Found supplement IDE496 LATEST
2013-09-25 20:38:06 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2013-09-25 20:38:06 Update progress: [I19463] Syncing product SAVIW32 33
2013-09-25 20:38:17 Update progress: [I19463] Syncing product IDE494 183
2013-09-25 20:38:19 Installing updates...
2013-09-25 20:38:20 Update progress: [I19463] Syncing product IDE495 203
2013-09-25 20:38:20 Update progress: [I19463] Syncing product IDE496 1
2013-09-25 20:38:35 Update successful
2013-09-25 20:38:48 Option all = no
2013-09-25 20:38:48 Option recurse = yes
2013-09-25 20:38:48 Option archive = no
2013-09-25 20:38:48 Option service = yes
2013-09-25 20:38:48 Option confirm = yes
2013-09-25 20:38:48 Option sxl = yes
2013-09-25 20:38:48 Option max-data-age = 35
2013-09-25 20:38:48 Option EnableSafeClean = yes
2013-09-25 20:38:48 Component SVRTcli.exe version 2.4
2013-09-25 20:38:48 Component control.dll version 2.4
2013-09-25 20:38:48 Component SVRTservice.exe version 2.4
2013-09-25 20:38:48 Component engine\osdp.dll version 1.44.0.2120
2013-09-25 20:38:48 Component engine\veex.dll version 3.47.3.2120
2013-09-25 20:38:48 Component engine\savi.dll version 8.0.0.2120
2013-09-25 20:38:48 Component rkdisk.dll version 1.5.30.0
2013-09-25 20:38:48 Version info: Product version 2.4
2013-09-25 20:38:48 Version info: Detection engine 3.47.3
2013-09-25 20:38:48 Version info: Detection data 4.93G
2013-09-25 20:38:48 Version info: Build date 9/11/2013
2013-09-25 20:38:48 Version info: Data files added 376
2013-09-25 20:38:48 Version info: Last successful update 9/25/2013 8:38:35 PM

2013-09-25 20:39:22 Scan completed.
2013-09-25 20:39:22

------------------------------------------------------------

2013-09-26 13:44:06 Sophos Virus Removal Tool version 2.4
2013-09-26 13:44:06 Copyright (c) 2009-2013 Sophos Limited. All rights reserved.

2013-09-26 13:44:06 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-09-26 13:44:06 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
2013-09-26 13:44:06 Checking for updates...
2013-09-26 13:44:09 Update progress: proxy server not available
2013-09-26 13:45:43 Downloading updates...
2013-09-26 13:45:43 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2013-09-26 13:45:43 Update progress: [I49502] Found supplement SAVIW32 LATEST 4
2013-09-26 13:45:43 Update progress: [I49502] Found supplement IDE494 LATEST
2013-09-26 13:45:43 Update progress: [I49502] Found supplement IDE495 LATEST
2013-09-26 13:45:43 Update progress: [I49502] Found supplement IDE496 LATEST
2013-09-26 13:45:43 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2013-09-26 13:45:43 Update progress: [I19463] Syncing product SAVIW32 33
2013-09-26 13:45:43 Update progress: [I19463] Syncing product IDE494 183
2013-09-26 13:45:43 Option all = no
2013-09-26 13:45:43 Option recurse = yes
2013-09-26 13:45:43 Option archive = no
2013-09-26 13:45:43 Option service = yes
2013-09-26 13:45:43 Option confirm = yes
2013-09-26 13:45:43 Option sxl = yes
2013-09-26 13:45:43 Option max-data-age = 35
2013-09-26 13:45:43 Option EnableSafeClean = yes
2013-09-26 13:45:43 Update progress: [I19463] Syncing product IDE495 209
2013-09-26 13:45:44 Component SVRTcli.exe version 2.4
2013-09-26 13:45:44 Component control.dll version 2.4
2013-09-26 13:45:44 Component SVRTservice.exe version 2.4
2013-09-26 13:45:44 Component engine\osdp.dll version 1.44.0.2120
2013-09-26 13:45:44 Component engine\veex.dll version 3.47.3.2120
2013-09-26 13:45:44 Component engine\savi.dll version 8.0.0.2120
2013-09-26 13:45:44 Component rkdisk.dll version 1.5.30.0
2013-09-26 13:45:44 Version info: Product version 2.4
2013-09-26 13:45:44 Version info: Detection engine 3.47.3
2013-09-26 13:45:44 Version info: Detection data 4.93G
2013-09-26 13:45:44 Version info: Build date 9/11/2013
2013-09-26 13:45:44 Version info: Data files added 376
2013-09-26 13:45:44 Version info: Last successful update 9/25/2013 8:38:35 PM
2013-09-26 13:45:44 Installing updates...
2013-09-26 13:45:45 Update progress: [I19463] Syncing product IDE496 1
2013-09-26 13:45:45 Update successful
2013-09-26 13:45:56 Option all = no
2013-09-26 13:45:56 Option recurse = yes
2013-09-26 13:45:56 Option archive = no
2013-09-26 13:45:56 Option service = yes
2013-09-26 13:45:56 Option confirm = yes
2013-09-26 13:45:56 Option sxl = yes
2013-09-26 13:45:56 Option max-data-age = 35
2013-09-26 13:45:56 Option EnableSafeClean = yes
2013-09-26 13:45:56 Component SVRTcli.exe version 2.4
2013-09-26 13:45:56 Component control.dll version 2.4
2013-09-26 13:45:56 Component SVRTservice.exe version 2.4
2013-09-26 13:45:56 Component engine\osdp.dll version 1.44.0.2120
2013-09-26 13:45:56 Component engine\veex.dll version 3.47.3.2120
2013-09-26 13:45:56 Component engine\savi.dll version 8.0.0.2120
2013-09-26 13:45:56 Component rkdisk.dll version 1.5.30.0
2013-09-26 13:45:56 Version info: Product version 2.4
2013-09-26 13:45:56 Version info: Detection engine 3.47.3
2013-09-26 13:45:56 Version info: Detection data 4.93G
2013-09-26 13:45:56 Version info: Build date 9/11/2013
2013-09-26 13:45:56 Version info: Data files added 382
2013-09-26 13:45:56 Version info: Last successful update 9/26/2013 1:45:45 PM

2013-09-26 14:12:47 >>> Virus 'Mal/LnkFkAV-F' found in file C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP670\A0174798.lnk
2013-09-26 14:12:47 >>> Virus 'Mal/LnkFkAV-F' found in file HKU\S-1-5-21-2025429265-884357618-1417001333-1003\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures
2013-09-26 14:26:54 The following items will be cleaned up:
2013-09-26 14:26:54 Mal/LnkFkAV-F
2013-09-26 14:27:47 Threat 'Mal/LnkFkAV-F' has been cleaned up.
2013-09-26 14:27:47 File "C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP670\A0174798.lnk" belongs to malware 'Mal/LnkFkAV-F'.
2013-09-26 14:27:47 File "C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP670\A0174798.lnk" has been cleaned up.
2013-09-26 14:27:47 Registry value "HKU\S-1-5-21-2025429265-884357618-1417001333-1003\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures" belongs to malware 'Mal/LnkFkAV-F'.
2013-09-26 14:27:47 Registry value "HKU\S-1-5-21-2025429265-884357618-1417001333-1003\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures" has been cleaned up.
2013-09-26 14:27:47 Removal successful
2013-09-26 14:27:47 Contents of SafeClean bin directory:
2013-09-26 14:27:47 {
2013-09-26 14:27:47 RecordID : "0000000000000001",
2013-09-26 14:27:47 ItemType : "1",
2013-09-26 14:27:47 Location : "C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP670\",
2013-09-26 14:27:47 FileName : "A0174798.lnk",
2013-09-26 14:27:47 ThreatName : "Mal/LnkFkAV-F",
2013-09-26 14:27:47 Checksum : "8a3fca84a1e8b64ef1fa073179548e36fbac60c2bb090d212e92d7baf203de1a",
2013-09-26 14:27:47 TimeStamp : "Thu Sep 26 14:27:42 2013"
2013-09-26 14:27:47 }

2013-09-26 14:29:02 Scan completed.
2013-09-26 14:29:02

------------------------------------------------------------

That's not something that was actively running, it was an infected file that had been saved in a Restore Point. How is the system running now? If OK, We should be done.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010