Pete

intrafoundation.com!A2

Recommended Posts

I ran a scan and got this intrafoundation.com!A2 caught by A squared. I tried to quarantine it but I got this message: you cannot delete c:\inetpub go to the forums for help from the experts to remove this manually.

Here is my scan Log.

a-squared Free - Version 4.5

Last update: 10/1/2009 6:58:01 PM

Scan settings:

Scan type: Deep Scan

Objects: Memory, Traces, Cookies, C:\

Scan archives: On

Heuristics: Off

ADS Scan: On

Scan start: 10/1/2009 6:58:32 PM

c:\inetpub detected: Trace.Directory.intrafoundation.com!A2

c:\inetpub\wwwroot detected: Trace.Directory.intrafoundation.com!A2

Scanned

Files: 218983

Traces: 680786

Cookies: 5

Processes: 31

Found

Files: 0

Traces: 2

Cookies: 0

Processes: 0

Registry keys: 0

Scan end: 10/1/2009 8:26:33 PM

Scan time: 1:28:01

c:\inetpub Quarantined Trace.Directory.intrafoundation.com!A2

c:\inetpub\wwwroot Quarantined Trace.Directory.intrafoundation.com!A2

c:\inetpub Quarantined Trace.Directory.intrafoundation.com!A2

c:\inetpub\wwwroot Quarantined Trace.Directory.intrafoundation.com!A2

Quarantined

Files: 0

Traces: 4

Cookies: 0

what and where do i go from here?

Share this post


Link to post
Share on other sites

I started to download the programs in the link you sent me, but my anti virus flagged a bunch of them including ISeeYouXP as a worm and blocked them. I used the sites that in the post.

Share this post


Link to post
Share on other sites

Pete,

Disable the resident of your AV - flagging of ISeeYouXP

and/or others from the list are False Positives

the same may apply to other Utilities used by malware fighters.

There are several reasons (e.g. software can be packed; Utility can use the same code as some malware using; etc.)

My regards

Share this post


Link to post
Share on other sites

Hi Pete,

I am adding this info in addition to the above

Irrespectively please submit the entry from the detection list to EMSI developers for analysis in order to find out whether that is False Positive flagging or not?

c:\inetpub folder and c:\inetpub\wwwroot respectively usually are created when Microsoft IIS (Internet Information Services) are used

Update a-squared and rescan. I think there was an update of a-squared signatures (!A2) since you posted.

My regards

Share this post


Link to post
Share on other sites

here is the first scan that told me i had something:

a-squared Free - Version 4.5
Last update: 10/1/2009 6:58:01 PM

Scan settings:

Scan type: Deep Scan
Objects: Memory, Traces, Cookies, C:\
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start: 10/1/2009 6:58:32 PM

c:\inetpub detected: Trace.Directory.intrafoundation.com!A2
c:\inetpub\wwwroot detected: Trace.Directory.intrafoundation.com!A2

Scanned

Files: 218983
Traces: 680786
Cookies: 5
Processes: 31

Found

Files: 0
Traces: 2
Cookies: 0
Processes: 0
Registry keys: 0

Scan end: 10/1/2009 8:26:33 PM
Scan time: 1:28:01

c:\inetpub Quarantined Trace.Directory.intrafoundation.com!A2
c:\inetpub\wwwroot Quarantined Trace.Directory.intrafoundation.com!A2
c:\inetpub Quarantined Trace.Directory.intrafoundation.com!A2
c:\inetpub\wwwroot Quarantined Trace.Directory.intrafoundation.com!A2

Quarantined

Files: 0
Traces: 4
Cookies: 0

Share this post


Link to post
Share on other sites

here is today deep scan of asquared:

a-squared Free - Version 4.5
Last update: 10/1/2009 9:50:17 PM

Scan settings:

Scan type: Deep Scan
Objects: Memory, Traces, Cookies, C:\
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start:	10/2/2009 2:50:44 PM


Scanned

Files: 	219320
Traces: 	680786
Cookies: 	10
Processes: 	32

Found

Files: 	0
Traces: 	0
Cookies: 	0
Processes: 	0
Registry keys: 	0

Scan end:	10/2/2009 4:18:30 PM
Scan time:	1:27:46

Share this post


Link to post
Share on other sites

here is the highjack log:

Logfile of HiJackFree v3.0
Scan saved at 10:03:20 PM, on 10/1/2009
Platform: Windows XP Service Pack 3 (Windows NT 5.1.2600)
MSIE: Internet Explorer v 8.0 Service Pack 3 (8.0.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a-squared Free\a2free.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\a-squared HiJackFree\a2hijackfree.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO:  - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - 
O2 - BHO:  - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO:  - {7E853D72-626A-48EC-A868-BA8D5E23E045} - 
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DmwClient] "dmwclient.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKLM\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O7 - Regedit - Enabled
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra "Tools" menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
O14 - IERESET.INF: SEARCH_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
O14 - IERESET.INF: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\System32\WgaLogon.dll
O21 - ShellServiceObjectDelayLoad: PostBootReminder - 
O21 - ShellServiceObjectDelayLoad: CDBurn - 
O21 - ShellServiceObjectDelayLoad: WebCheck - 
O21 - ShellServiceObjectDelayLoad: SysTray - 
O21 - ShellServiceObjectDelayLoad: WPDShServiceObj - 
O22 - SharedTaskScheduler: Browseui preloader - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll
O23 - Service: IPv6 Helper Service - C:\WINDOWS\system32\svchost.exe
O23 - Service: a-squared Free Service - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Alerter - C:\WINDOWS\system32\svchost.exe
O23 - Service: Application Layer Gateway Service - C:\WINDOWS\System32\alg.exe
O23 - Service: Avira AntiVir Scheduler - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Management - C:\WINDOWS\system32\svchost.exe
O23 - Service: ASP.NET State Service - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Service: Windows Audio - C:\WINDOWS\System32\svchost.exe
O23 - Service: Background Intelligent Transfer Service - C:\WINDOWS\system32\svchost.exe
O23 - Service: Computer Browser - C:\WINDOWS\system32\svchost.exe
O23 - Service: Indexing Service - C:\WINDOWS\system32\cisvc.exe
O23 - Service: ClipBook - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: COM+ System Application - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Cryptographic Services - C:\WINDOWS\system32\svchost.exe
O23 - Service: DCOM Server Process Launcher - C:\WINDOWS\system32\svchost
O23 - Service: DHCP Client - C:\WINDOWS\system32\svchost.exe
O23 - Service: Logical Disk Manager Administrative Service - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Logical Disk Manager - C:\WINDOWS\System32\svchost.exe
O23 - Service: DNS Client - C:\WINDOWS\system32\svchost.exe
O23 - Service: Wired AutoConfig - C:\WINDOWS\System32\svchost.exe
O23 - Service: Extensible Authentication Protocol Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: Error Reporting Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: Event Log - C:\WINDOWS\system32\services.exe
O23 - Service: COM+ Event System - C:\WINDOWS\system32\svchost.exe
O23 - Service: Fast User Switching Compatibility - C:\WINDOWS\System32\svchost.exe
O23 - Service: Windows Presentation Foundation Font Cache 3.0.0.0 - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
O23 - Service: Google Updater Service - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Help and Support - C:\WINDOWS\System32\svchost.exe
O23 - Service: HID Input Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: Health Key and Certificate Management Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: HTTP SSL - C:\WINDOWS\System32\svchost.exe
O23 - Service: Windows CardSpace - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
O23 - Service: IMAPI CD-Burning COM Service - C:\WINDOWS\system32\imapi.exe
O23 - Service: Server - C:\WINDOWS\system32\svchost.exe
O23 - Service: Workstation - C:\WINDOWS\system32\svchost.exe
O23 - Service: TCP/IP NetBIOS Helper - C:\WINDOWS\system32\svchost.exe
O23 - Service: McciCMService - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Messenger - C:\WINDOWS\system32\svchost.exe
O23 - Service: NetMeeting Remote Desktop Sharing - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator - C:\WINDOWS\system32\msdtc.exe
O23 - Service: Windows Installer - C:\WINDOWS\system32\msiexec.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
O23 - Service: MSSQLServerADHelper - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
O23 - Service: Network DDE - C:\WINDOWS\system32\netdde.exe
O23 - Service: Network DDE DSDM - C:\WINDOWS\system32\netdde.exe
O23 - Service: Net Logon - C:\WINDOWS\system32\lsass.exe
O23 - Service: Network Connections - C:\WINDOWS\System32\svchost.exe
O23 - Service: Net.Tcp Port Sharing Service - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
O23 - Service: nHancer Support - C:\Program Files\KSE\nHancer 32bit\nHancerService.exe
O23 - Service: Network Location Awareness (NLA) - C:\WINDOWS\system32\svchost.exe
O23 - Service: NT LM Security Support Provider - C:\WINDOWS\system32\lsass.exe
O23 - Service: Removable Storage - C:\WINDOWS\system32\svchost.exe
O23 - Service: NVIDIA Display Driver Service - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: IPSEC Services - C:\WINDOWS\system32\lsass.exe
O23 - Service: Protected Storage - C:\WINDOWS\system32\lsass.exe
O23 - Service: Remote Access Auto Connection Manager - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Access Connection Manager - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Desktop Help Session Manager - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Routing and Remote Access - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Registry - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Procedure Call (RPC) Locator - C:\WINDOWS\system32\locator.exe
O23 - Service: Remote Procedure Call (RPC) - C:\WINDOWS\system32\svchost
O23 - Service: QoS RSVP - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Security Accounts Manager - C:\WINDOWS\system32\lsass.exe
O23 - Service: Smart Card - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Task Scheduler - C:\WINDOWS\System32\svchost.exe
O23 - Service: Secondary Logon - C:\WINDOWS\System32\svchost.exe
O23 - Service: System Event Notification - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) - C:\WINDOWS\system32\svchost.exe
O23 - Service: Shell Hardware Detection - C:\WINDOWS\System32\svchost.exe
O23 - Service: Print Spooler - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE
O23 - Service: System Restore Service - C:\WINDOWS\system32\svchost.exe
O23 - Service: SSDP Discovery Service - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Image Acquisition (WIA) - C:\WINDOWS\system32\svchost.exe
O23 - Service: MS Software Shadow Copy Provider - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Performance Logs and Alerts - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telephony - C:\WINDOWS\System32\svchost.exe
O23 - Service: Terminal Services - C:\WINDOWS\System32\svchost
O23 - Service: Themes - C:\WINDOWS\System32\svchost.exe
O23 - Service: Telnet - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Distributed Link Tracking Client - C:\WINDOWS\system32\svchost.exe
O23 - Service: Universal Plug and Play Device Host - C:\WINDOWS\system32\svchost.exe
O23 - Service: Uninterruptible Power Supply - C:\WINDOWS\System32\ups.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service - C:\Program Files\MSN Messenger\usnsvc.exe
O23 - Service: Viewpoint Manager Service - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Volume Shadow Copy - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Time - C:\WINDOWS\System32\svchost.exe
O23 - Service: WebClient - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Management Instrumentation - C:\WINDOWS\system32\svchost.exe
O23 - Service: Portable Media Serial Number Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: Windows Management Instrumentation Driver Extensions - C:\WINDOWS\System32\svchost.exe
O23 - Service: WMI Performance Adapter - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Windows Media Player Network Sharing Service - C:\Program Files\Windows Media Player\WMPNetwk.exe
O23 - Service: Security Center - C:\WINDOWS\System32\svchost.exe
O23 - Service: Automatic Updates - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework - C:\WINDOWS\system32\svchost.exe
O23 - Service: Wireless Zero Configuration - C:\WINDOWS\System32\svchost.exe
O23 - Service: Network Provisioning Service - C:\WINDOWS\System32\svchost.exe

Share this post


Link to post
Share on other sites

Your system does not appear to be infected.

Unless you are experiencing symptoms, that may be caused by malware, I am going to close this thread.

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.