| Hi,
I had 3 requests pop up today from my Bullguard software within around 5 minutes of each other which I sent for analysis and they were checked and confirmed as ok so i carried on browsing as normal.
Then I had an alert pop up from Windows Security Center saying that a trojan of some sort (can't remember the name and I can't find a log to get that info) was trying to get through and that Windows couldn't do nothing to stop it.
So I ran a full system scan, found 7 problems and rectified them. all good.
Then I checked the firewall to check what programs are allowed and what are blocked and I found these 3 previous application requests at the foot of the list. So I decided to block them all. Then I explored the folders to see what they were about and found these:
1. 'xcnupgfc.exe' found in 'windows/system32' folder
2. 'hgzsbgpy.exe' found in 'applications/ripqrspi' folder
3. The 3rd I cant remember the name but it was something like 'jqs'
Now I did a search on the web to check these out and found No.3 to be a virus so I removed that but I couldn't find anything for the other two. So I tried removing these both manually but it didn't work. So I sent them to my bullguard software to be scanned and they came back ok?!?! So I just removed them from the firewall list to see if they would do something again and no.1 did want to play so I have blocked it with no current further action (on the details I logged this bit of info 'ev1s-209-62-106-80.theplanet.com' if that means anything to anyone!). No.2 hasn't reared its ugly head yet but i expect it will soon!
Anyways, what I want to know is, what are No.1 and No.2 and do I need to get rid of them?!
I have the reports from the individual file scans here:
___________________________________________________________
BullGuard Scan Report
Scan Profile: "~10"
___________________________________________________________
----[ System Info ]------------
OS Version: Microsoft Windows XP Home Edition - Service Pack 3 (Build 2600) [2 * x86 CPUs]
Physical memory: 2040 MB
System up-time: 0 days, 03 hours, 35 minutes, 34 seconds
BullGuard up-time: 0 days, 03 hours, 34 minutes, 15 seconds
TopLayer Version: 8, 5, 0, 16
FileSpy5 Version: N/A
BdFileSpy Version: 3.12.0.62 built by: WinDDK
BsFileScan Version: 8, 5, 0, 65
Reconn Version: 1.1.0.5 built by: WinDDK
MailProxy Version: 8, 5, 0, 20
AntiVirus Version: 8, 5, 0, 47
----[ Scan Parameters ]------------
Folders to scan:
None
Excluded folders:
None
Files to scan:
C:\WINDOWS\system32\xcnupgfc.exe
Scan type:
[o] Scan all files
[ ] Scan program files only
[ ] Scan custom extensions:
[ ] Exclude user extensions:
[X] Scan boot sectors
[X] Scan packed files
[X] Scan archives
[X] Scan emails
[ ] Scan running processes
[ ] Scan registry
[ ] Scan IE cookies
[X] Enable heuristic detection
[ ] Scan default action
___________________________________________________________
Scan Statistics
___________________________________________________________
Scan started: Tuesday, October 07, 2008 17:43:35
Scan duration: 0 days, 00 hours, 00 minutes, 01 seconds
Completion status: Successful
Total files scanned: 6
Total files skipped: 0
Identified viruses: 0
Scan speed: 6.00 files/sec
___________________________________________________________
Results after ROUND 0
___________________________________________________________
Scan started: Tuesday, October 07, 2008 17:43:34
Scan duration: 0 days, 00 hours, 00 minutes, 01 seconds
Infections solved: 0
Infections left: 0
Viruses left: 0
___________________________________________________________
BullGuard Scan Report
Scan Profile: "~11"
___________________________________________________________
----[ System Info ]------------
OS Version: Microsoft Windows XP Home Edition - Service Pack 3 (Build 2600) [2 * x86 CPUs]
Physical memory: 2040 MB
System up-time: 0 days, 03 hours, 35 minutes, 54 seconds
BullGuard up-time: 0 days, 03 hours, 34 minutes, 35 seconds
TopLayer Version: 8, 5, 0, 16
FileSpy5 Version: N/A
BdFileSpy Version: 3.12.0.62 built by: WinDDK
BsFileScan Version: 8, 5, 0, 65
Reconn Version: 1.1.0.5 built by: WinDDK
MailProxy Version: 8, 5, 0, 20
AntiVirus Version: 8, 5, 0, 47
----[ Scan Parameters ]------------
Folders to scan:
None
Excluded folders:
None
Files to scan:
C:\Documents and Settings\All Users\Application Data\ripqrspi\hgzsbgpy.exe
Scan type:
[o] Scan all files
[ ] Scan program files only
[ ] Scan custom extensions:
[ ] Exclude user extensions:
[X] Scan boot sectors
[X] Scan packed files
[X] Scan archives
[X] Scan emails
[ ] Scan running processes
[ ] Scan registry
[ ] Scan IE cookies
[X] Enable heuristic detection
[ ] Scan default action
___________________________________________________________
Scan Statistics
___________________________________________________________
Scan started: Tuesday, October 07, 2008 17:43:55
Scan duration: 0 days, 00 hours, 00 minutes, 00 seconds
Completion status: Successful
Total files scanned: 3
Total files skipped: 0
Identified viruses: 0
Scan speed: 3.00 files/sec
___________________________________________________________
Results after ROUND 0
___________________________________________________________
Scan started: Tuesday, October 07, 2008 17:43:55
Scan duration: 0 days, 00 hours, 00 minutes, 00 seconds
Infections solved: 0
Infections left: 0
Viruses left: 0
| 
|