Home » Viren, Trojaner & Malware Forum » Avira findet TR/Spy.Goldun.RS Trojan "This file is a mailbox" » Themenansicht

Avira findet TR/Spy.Goldun.RS Trojan "This file is a mailbox"
#0
24.10.2008, 20:45
Anna_Nonyma
Member
Avatar Anna_Nonyma

Beiträge: 20
#1 Hello alle und einen wunderschönen Freitagabend!

Avira sagt, dass keine Action getätigt wurde, um meine Mailbox nicht zu löschen.
Soll ich alle Requirements abarbeiten und posten, oder kann ich das Problem mit Löschen der Mailbox oder so lösen?

hier das Avira Log


Avira AntiVir Personal
Report file date: vendredi 24 octobre 2008 19:36

Scanning for 1706493 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Normally booted
Username: SYSTEM
Computer name: NameAHOMENEW

Version information:
BUILD.DAT : 8.2.0.334 16933 Bytes 16/10/2008 14:55:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.7.59 4366336 Bytes 19/10/2008 23:26:31
ANTIVIR3.VDF : 7.0.7.84 177152 Bytes 24/10/2008 11:19:04
Engineversion : 8.2.0.7
AEVDF.DLL : 8.1.0.6 102772 Bytes 15/10/2008 10:56:12
AESCRIPT.DLL : 8.1.1.9 319867 Bytes 17/10/2008 10:56:05
AESCN.DLL : 8.1.1.3 123252 Bytes 15/10/2008 10:56:09
AERDL.DLL : 8.1.1.2 438644 Bytes 19/09/2008 11:04:14
AEPACK.DLL : 8.1.2.4 369014 Bytes 15/10/2008 10:56:08
AEOFFICE.DLL : 8.1.0.29 196988 Bytes 24/10/2008 11:19:08
AEHEUR.DLL : 8.1.0.63 1479032 Bytes 24/10/2008 11:19:07
AEHELP.DLL : 8.1.1.2 115062 Bytes 15/10/2008 10:56:07
AEGEN.DLL : 8.1.0.41 319861 Bytes 15/10/2008 10:56:06
AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 10:56:05
AECORE.DLL : 8.1.2.7 172407 Bytes 24/10/2008 11:19:05
AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 10:56:03
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 11/08/2008 09:22:59
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: C:\program files\avira\antivir personaledition

classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: off
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox,

+Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: vendredi 24 octobre 2008 19:36

Starting search for hidden objects.
'95250' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'adsltv.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'BsHelpCS.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ashWebSv.exe' - '1' Module(s) have been scanned
Scan process 'ashMaiSv.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'cmdagent.exe' - '1' Module(s) have been scanned
Scan process 'BsMobileCS.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'BlueSoleilCS.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned
Scan process 'BrMfcMon.exe' - '1' Module(s) have been scanned
Scan process 'YahooWidgets.exe' - '1' Module(s) have been scanned
Scan process 'YahooWidgets.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'mobsync.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'YahooWidgets.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'BtTray.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'BrccMCtl.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'BrMfcWnd.exe' - '1' Module(s) have been scanned
Scan process 'pptd40nt.exe' - '1' Module(s) have been scanned
Scan process 'cfp.exe' - '1' Module(s) have been scanned
Scan process 'vVX1000.exe' - '1' Module(s) have been scanned
Scan process 'wmdc.exe' - '1' Module(s) have been scanned
Scan process 'ashDisp.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
76 processes with 76 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '49' files ).


Starting the file scan:

Begin scan in 'C:\' <BOOT>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Users\ooo\AppData\Roaming\Thunderbird\Profiles\4l1ngpht.default\Mail\Local

Folders\Inbox
[0] Archive type: Netscape/Mozilla Mailbox
--> Mailbox_[From: "Sonya Norton" <johannes.danby@wentner-havranek]

[Message-ID: <808957619.03001027872998@wentner-havranek.at>][Subject: Something

hot]4198.mim
[1] Archive type: MIME
--> card.zip
[2] Archive type: ZIP
--> card.scr
[DETECTION] Is the TR/Dldr.Mutant.CM Trojan
--> Mailbox_[From: CNN Alerts <naivitei@ryd.hanco-ksa.com>][Subject: CNN

Alerts: My Custom Alert]8068.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <naivitei@ryd.hanco-ksa.com>][Subject: CNN

Alerts: My Custom Alert]8068.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <naedirbe1965@ryd.hanco-ksa.com>][Subject: CNN

Alerts: My Custom Alert]8070.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <naedirbe1965@ryd.hanco-ksa.com>][Subject:

CNN Alerts: My Custom Alert]8070.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <Daniele-rtorhtra@mackiewicz.net>][Subject: CNN

Alerts: My Custom Alert]8072.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <Daniele-rtorhtra@mackiewicz.net>][Subject:

CNN Alerts: My Custom Alert]8072.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <ikknapae1979@24match.org>][Subject: CNN

Alerts: My Custom Alert]8074.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <ikknapae1979@24match.org>][Subject: CNN

Alerts: My Custom Alert]8074.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <cilbibit1988@esm.rochester.edu>][Subject: CNN

Alerts: My Custom Alert]8076.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <cilbibit1988@esm.rochester.edu>][Subject:

CNN Alerts: My Custom Alert]8076.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <chutaien1987@esm.rochester.edu>][Subject: CNN

Alerts: My Custom Alert]8078.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <chutaien1987@esm.rochester.edu>][Subject:

CNN Alerts: My Custom Alert]8078.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <e'vase`r_2002@dr-gmeier.de>][Subject: CNN

Alerts: My Custom Alert]8080.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <e'vase`r_2002@dr-gmeier.de>][Subject: CNN

Alerts: My Custom Alert]8080.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <tutushim@brockeng.com>][Subject: CNN Alerts:

My Custom Alert]8082.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <tutushim@brockeng.com>][Subject: CNN Alerts:

My Custom Alert]8082.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <nassim-seilil@nrk.no>][Subject: CNN Alerts: My

Custom Alert]8084.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <nassim-seilil@nrk.no>][Subject: CNN Alerts:

My Custom Alert]8084.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <senbin_1975@nrk.no>][Subject: CNN Alerts: My

Custom Alert]8086.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <senbin_1975@nrk.no>][Subject: CNN Alerts: My

Custom Alert]8086.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <Jackylene-etilucab@earthology.net>][Subject:

CNN Alerts: My Custom Alert]8088.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <Jackylene-etilucab@earthology.net>][Subject:

CNN Alerts: My Custom Alert]8088.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <Wu-droowpot@mauks.com>][Subject: CNN Alerts:

My Custom Alert]8090.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <Wu-droowpot@mauks.com>][Subject: CNN Alerts:

My Custom Alert]8090.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <BIMBO-drorbell@mauks.com>][Subject: CNN

Alerts: My Custom Alert]8092.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <BIMBO-drorbell@mauks.com>][Subject: CNN

Alerts: My Custom Alert]8092.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <nazit1952@emord.com>][Subject: CNN Alerts: My

Custom Alert]8094.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <nazit1952@emord.com>][Subject: CNN Alerts:

My Custom Alert]8094.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <Greer-1tsaeb@carview.co.jp>][Subject: CNN

Alerts: My Custom Alert]8096.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <Greer-1tsaeb@carview.co.jp>][Subject: CNN

Alerts: My Custom Alert]8096.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <0lenient1953@dipaola.com.ar>][Subject: CNN

Alerts: My Custom Alert]8098.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <0lenient1953@dipaola.com.ar>][Subject: CNN

Alerts: My Custom Alert]8098.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <ugstange@hartfordpl.lib.ct.us>][Subject: CNN

Alerts: My Custom Alert]8100.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <ugstange@hartfordpl.lib.ct.us>][Subject: CNN

Alerts: My Custom Alert]8100.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <1zoology1961@chelcom.co.kr>][Subject: CNN

Alerts: My Custom Alert]8102.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <1zoology1961@chelcom.co.kr>][Subject: CNN

Alerts: My Custom Alert]8102.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <delkcahs_1950@fmxtruck.com>][Subject: CNN

Alerts: My Custom Alert]8104.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <delkcahs_1950@fmxtruck.com>][Subject: CNN

Alerts: My Custom Alert]8104.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <orceless1956@3050.dk>][Subject: CNN Alerts: My

Custom Alert]8110.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <orceless1956@3050.dk>][Subject: CNN Alerts:

My Custom Alert]8110.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <iinuksam1968@fastcorp.net>][Subject: CNN

Alerts: My Custom Alert]8112.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <iinuksam1968@fastcorp.net>][Subject: CNN

Alerts: My Custom Alert]8112.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <Brandun-eganomar@87455.jp>][Subject: CNN

Alerts: My Custom Alert]8114.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <Brandun-eganomar@87455.jp>][Subject: CNN

Alerts: My Custom Alert]8114.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <neknabot@01hr.com>][Subject: CNN Alerts: My

Custom Alert]8116.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <neknabot@01hr.com>][Subject: CNN Alerts: My

Custom Alert]8116.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <Hershey-ahpotyrt@21stcenturyauction][Subject:

CNN Alerts: My Custom Alert]8118.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <Hershey-ahpotyrt@21stcenturyauction]

[Subject: CNN Alerts: My Custom Alert]8118.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <hamie-eriomyrg@sccu.com>][Subject: CNN Alerts:

My Custom Alert]8120.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <hamie-eriomyrg@sccu.com>][Subject: CNN

Alerts: My Custom Alert]8120.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <kcuhc1991@ssastructural.com>][Subject: CNN

Alerts: My Custom Alert]8122.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <kcuhc1991@ssastructural.com>][Subject: CNN

Alerts: My Custom Alert]8122.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <atteihcc_1955@vih.com>][Subject: CNN Alerts:

My Custom Alert]8124.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <atteihcc_1955@vih.com>][Subject: CNN Alerts:

My Custom Alert]8124.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <Rikard-atsadnus@vih.com>][Subject: CNN Alerts:

My Custom Alert]8126.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <Rikard-atsadnus@vih.com>][Subject: CNN

Alerts: My Custom Alert]8126.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <siegrusi2005@auctionbytes.com>][Subject: CNN

Alerts: My Custom Alert]8128.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <siegrusi2005@auctionbytes.com>][Subject: CNN

Alerts: My Custom Alert]8128.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <anarotra@77businesses.com>][Subject: CNN

Alerts: My Custom Alert]8130.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <anarotra@77businesses.com>][Subject: CNN

Alerts: My Custom Alert]8130.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <ohsijnak_1993@speckvc.com>][Subject: CNN

Alerts: My Custom Alert]8132.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <ohsijnak_1993@speckvc.com>][Subject: CNN

Alerts: My Custom Alert]8132.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <noonekak1964@4ventavis.com>][Subject: CNN

Alerts: My Custom Alert]8134.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <noonekak1964@4ventavis.com>][Subject: CNN

Alerts: My Custom Alert]8134.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <haydar-jack-boo@advmortgageservices][Subject:

CNN Alerts: My Custom Alert]8136.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <haydar-jack-boo@advmortgageservices]

[Subject: CNN Alerts: My Custom Alert]8136.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <:derewop@odcm.com>][Subject: CNN Alerts: My

Custom Alert]8138.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <:derewop@odcm.com>][Subject: CNN Alerts: My

Custom Alert]8138.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <allee-jyunkank@flyer.co.uk>][Subject: CNN

Alerts: My Custom Alert]8320.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <allee-jyunkank@flyer.co.uk>][Subject: CNN

Alerts: My Custom Alert]8320.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <gasper-4187494@76275ettlingen.de>][Subject:

CNN Alerts: My Custom Alert]8322.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <gasper-4187494@76275ettlingen.de>][Subject:

CNN Alerts: My Custom Alert]8322.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <Hal-wnt@ccmsi.us>][Subject: CNN Alerts: My

Custom Alert]8328.mim
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[From: CNN Alerts <Hal-wnt@ccmsi.us>][Subject: CNN Alerts: My

Custom Alert]8328.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML

script virus
--> Mailbox_[Message-ID: <20080814162502.4205.qmail@mittal4>][Subject:

Download Free !][From: admin@microsoft.com <meineemail@free.fr>]8418.mim
[DETECTION] Contains recognition pattern of the PHISH/MSNBC.C phishing

file/email
--> Mailbox_[Message-ID: <20080814162502.4205.qmail@mittal4>][Subject:

Download Free !][From: admin@microsoft.com <meineemail@free.fr>]8418.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the PHISH/MSNBC.C phishing

file/email
--> Mailbox_[Message-ID: <20080814070709.6272.qmail@MASHA>][Subject: Download

Free !][From: admin@microsoft.com <meineemail@free.fr>]8430.mim
[DETECTION] Contains recognition pattern of the PHISH/MSNBC.C phishing

file/email
--> Mailbox_[Message-ID: <20080814070709.6272.qmail@MASHA>][Subject:

Download Free !][From: admin@microsoft.com <meineemail@free.fr>]8430.mim
[1] Archive type: MIME
--> file0.html
[DETECTION] Contains recognition pattern of the PHISH/MSNBC.C phishing

file/email
--> Mailbox_[Message-ID: <36738.baldo@rhona> ][From: "123greetings.com"

<webmaster@c__news.com>][Subject: You have received an eCard]10212.mim
[1] Archive type: MIME
--> e-card.zip
[2] Archive type: ZIP
--> e-card.exe
[DETECTION] Is the TR/Spy.Goldun.RS Trojan
--> Mailbox_[Message-ID: <85865.sudhir@charlton> ][From: "123greetings.com"

<paul.hutter@ewetel.net> ][Subject: You have received an eCard]10252.mim
[1] Archive type: MIME
--> e-card.zip
[2] Archive type: ZIP
--> e-card.exe
[DETECTION] Is the TR/Spy.Goldun.RS Trojan
[WARNING] This file is a mailbox. To avoid damaging your emails this file

will not be repaired or deleted![/color]
Begin scan in 'D:\' <RECOVER>


End of the scan: vendredi 24 octobre 2008 20:44
Used time: 1:07:12 Hour(s)

The scan has been done completely.

24045 Scanning directories
554409 Files were scanned
81 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
554327 Files not concerned
19318 Archives were scanned
5 Warnings
0 Notes
95250 Objects were scanned with rootkit scan
0 Hidden objects were found


Danke im Voraus und liebä Grüssä ausse Parisse.

AN[/b]
Dieser Beitrag wurde am 24.10.2008 um 20:59 Uhr von Anna_Nonyma editiert.
Seitenanfang Seitenende
24.10.2008, 20:50
virenfinder
Member

Beiträge: 3716
#2 bitte abarbeiten:
http://board.protecus.de/t23188.htm
zur sicherheit...
lösche die betreffende mail in deiner mailbox..
dann gehe auf gelöschte objekte dann (bei den meisten mailprogrammen) menü datei und ordner komprimieren wählen. so werden gelöschte nachichten entgültig gelöscht...
Seitenanfang Seitenende
24.10.2008, 21:01
Anna_Nonyma
Member

Themenstarter
Avatar Anna_Nonyma

Beiträge: 20
#3

Zitat

virenfinder postete
bitte abarbeiten:
http://board.protecus.de/t23188.htm
zur sicherheit...
lösche die betreffende mail in deiner mailbox..
dann gehe auf gelöschte objekte dann (bei den meisten mailprogrammen) menü datei und ordner komprimieren wählen. so werden gelöschte nachichten entgültig gelöscht...
sorry, ich war noch am Log- Einfügen - Editieren..
Avira sagt wirklich "the file IS a mailbox"... die anscheinend betroffenen Mails sind lange gelöscht...

OK ich arbeite das dann alles mal ab und schonmal vielen Dank für die superschnelle Antwor
Seitenanfang Seitenende
24.10.2008, 21:02
virenfinder
Member

Beiträge: 3716
#4 ja, du musst aber in deinem mail-programm die gelöschten objekte komprimieren wie von mir beschrieben... falls das net so geht, wie ich das beschriebenhabe, dann teile mir mit, welches mail-programm verwendet wird.
Seitenanfang Seitenende
24.10.2008, 21:05
Anna_Nonyma
Member

Themenstarter
Avatar Anna_Nonyma

Beiträge: 20
#5 ok ich arbeite alles ab.
Mail client ist Thunderbird version 2.0.0.17 (20080914)

thanx
Seitenanfang Seitenende
25.10.2008, 03:27
Gool
Member
Avatar Gool

Beiträge: 4730
#6 Ne, zunächst muss man den Papierkorb leeren, dann komprimieren ;)
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser
Seitenanfang Seitenende
25.10.2008, 09:53
virenfinder
Member

Beiträge: 3716
#7 ja erst leeren dann komprimieren...
Seitenanfang Seitenende
26.10.2008, 11:43
Anna_Nonyma
Member

Themenstarter
Avatar Anna_Nonyma

Beiträge: 20
#8 Bon als ich dann bei Combofix angekommen war wurde alles ziemlich grässlich, bin gerade dabei meinen schönen sauberen neu installierten PC wieder schick zu machen....... die Viren sind jedenfalls weg!

bussis
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1