Prometheus1992
Warlord
I know this belongs in the Computer Talk section, but no one is on there right now, and i was hoping one of you guys could help me on this:
Today, i decided to check out the ZIP drive to see if it is still compatable with older version, and it is, so i inserted my dad's old Quicken from '97, and when i opened it, i got a warning saying that a 'Stealth_attack' virus was found. I could not delete it, but under my /:C drive or whatever, i found a new file, 282KB in length titled msxml4-KB927978-enu, saying such things as "Cloaking Enabled" and this was found in the text downlevel_payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537 .
MSI (s) (F8:8C) [06:02:54:078]: Cleaning up uninstalled install packages, if any exist
MSI (s) (F8:8C) [06:02:54:078]: MainEngineThread is returning 0
MSI (s) (F8:C4) [06:02:54:171]: Destroying RemoteAPI object.
MSI (s) (F8:2C) [06:02:54:171]: Custom Action Manager thread ending.
=== Logging stopped: 11/15/2006 6:02:54 ===
MSI (c) (68:30) [06:02:54:171]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (68:30) [06:02:54:187]: MainEngineThread is returning 0
1: sxsdelca 2: traceop 3: 796 4: 0
1: sxsdelca 2: traceop 3: 801 4: 0
1: sxsdelca 2: traceop 3: 802 4: 0
1: sxsdelca 2: traceop 3: 803 4: 0
1: sxsdelca 2: traceop 3: 805 4: 0
1: sxsdelca 2: traceop 3: 812 4: 0
1: sxsdelca 2: traceop 3: 813 4: 0
1: sxsdelca 2: traceop 3: 814 4: 0
1: sxsdelca 2: traceop 3: 819 4: 0
1: sxsdelca 2: traceop 3: 820 4: 0
1: sxsdelca 2: traceop 3: 821 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0 thats another sample
MSI (s) (F8:8C) [06:02:49:359]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (F8:8C) [06:02:49:359]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (F8:8C) [06:02:49:359]: Product installation will be elevated because user is admin and product is being installed per-machine.
MSI (s) (F8:8C) [06:02:49:359]: Running product '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}' with elevated privileges: Product is assigned.
MSI (s) (F8:8C) [06:02:49:359]: PROPERTY CHANGE: Adding REBOOT property. Its value is 'ReallySuppress'.
MSI (s) (F8:8C) [06:02:49:359]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'c:\11e9eb6779ea63d671de'.
MSI (s) (F8:8C) [06:02:49:359]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '3'.
MSI (s) (F8:8C) [06:02:49:359]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '5992'.
MSI (s) (F8:8C) [06:02:49:359]: TRANSFORMS property is now:
MSI (s) (F8:8C) [06:02:49:359]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '200'.
MSI (s) (F8:8C) [06:02:49:421]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Application Data
MSI (s) (F8:8C) [06:02:49:421]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Favorites
MSI (s) (F8:8C) [06:02:49:421]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\NetHood
MSI (s) (F8:8C) [06:02:49:421]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\My Documents
MSI (s) (F8:8C) [06:02:49:421]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\PrintHood
MSI (s) (F8:8C) [06:02:49:421]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Recent
MSI (s) (F8:8C) [06:02:49:421]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\SendTo
MSI (s) (F8:8C) [06:02:49:421]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Templates
MSI (s) (F8:8C) [06:02:49:437]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Application Data
MSI (s) (F8:8C) [06:02:49:437]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data
MSI (s) (F8:8C) [06:02:49:437]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\My Documents\My Pictures
MSI (s) (F8:8C) [06:02:49:484]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
MSI (s) (F8:8C) [06:02:49:484]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs\Startup
MSI (s) (F8:8C) [06:02:49:484]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs
MSI (s) (F8:8C) [06:02:49:484]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu
MSI (s) (F8:8C) [06:02:49:484]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Desktop
MSI (s) (F8:8C) [06:02:49:484]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Administrative Tools
MSI (s) (F8:8C) [06:02:49:500]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup
MSI (s) (F8:8C) [06:02:49:500]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs
MSI (s) (F8:8C) [06:02:49:500]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu
MSI (s) (F8:8C) [06:02:49:515]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Desktop
MSI (s) (F8:8C) [06:02:49:515]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Templates
MSI (s) (F8:8C) [06:02:49:515]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\Fonts
HELP, should i delete this file? thanks!
Today, i decided to check out the ZIP drive to see if it is still compatable with older version, and it is, so i inserted my dad's old Quicken from '97, and when i opened it, i got a warning saying that a 'Stealth_attack' virus was found. I could not delete it, but under my /:C drive or whatever, i found a new file, 282KB in length titled msxml4-KB927978-enu, saying such things as "Cloaking Enabled" and this was found in the text downlevel_payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537 .
MSI (s) (F8:8C) [06:02:54:078]: Cleaning up uninstalled install packages, if any exist
MSI (s) (F8:8C) [06:02:54:078]: MainEngineThread is returning 0
MSI (s) (F8:C4) [06:02:54:171]: Destroying RemoteAPI object.
MSI (s) (F8:2C) [06:02:54:171]: Custom Action Manager thread ending.
=== Logging stopped: 11/15/2006 6:02:54 ===
MSI (c) (68:30) [06:02:54:171]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (68:30) [06:02:54:187]: MainEngineThread is returning 0
1: sxsdelca 2: traceop 3: 796 4: 0
1: sxsdelca 2: traceop 3: 801 4: 0
1: sxsdelca 2: traceop 3: 802 4: 0
1: sxsdelca 2: traceop 3: 803 4: 0
1: sxsdelca 2: traceop 3: 805 4: 0
1: sxsdelca 2: traceop 3: 812 4: 0
1: sxsdelca 2: traceop 3: 813 4: 0
1: sxsdelca 2: traceop 3: 814 4: 0
1: sxsdelca 2: traceop 3: 819 4: 0
1: sxsdelca 2: traceop 3: 820 4: 0
1: sxsdelca 2: traceop 3: 821 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0 thats another sample
MSI (s) (F8:8C) [06:02:49:359]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (F8:8C) [06:02:49:359]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (F8:8C) [06:02:49:359]: Product installation will be elevated because user is admin and product is being installed per-machine.
MSI (s) (F8:8C) [06:02:49:359]: Running product '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}' with elevated privileges: Product is assigned.
MSI (s) (F8:8C) [06:02:49:359]: PROPERTY CHANGE: Adding REBOOT property. Its value is 'ReallySuppress'.
MSI (s) (F8:8C) [06:02:49:359]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'c:\11e9eb6779ea63d671de'.
MSI (s) (F8:8C) [06:02:49:359]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '3'.
MSI (s) (F8:8C) [06:02:49:359]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '5992'.
MSI (s) (F8:8C) [06:02:49:359]: TRANSFORMS property is now:
MSI (s) (F8:8C) [06:02:49:359]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '200'.
MSI (s) (F8:8C) [06:02:49:421]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Application Data
MSI (s) (F8:8C) [06:02:49:421]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Favorites
MSI (s) (F8:8C) [06:02:49:421]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\NetHood
MSI (s) (F8:8C) [06:02:49:421]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\My Documents
MSI (s) (F8:8C) [06:02:49:421]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\PrintHood
MSI (s) (F8:8C) [06:02:49:421]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Recent
MSI (s) (F8:8C) [06:02:49:421]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\SendTo
MSI (s) (F8:8C) [06:02:49:421]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Templates
MSI (s) (F8:8C) [06:02:49:437]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Application Data
MSI (s) (F8:8C) [06:02:49:437]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data
MSI (s) (F8:8C) [06:02:49:437]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\My Documents\My Pictures
MSI (s) (F8:8C) [06:02:49:484]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
MSI (s) (F8:8C) [06:02:49:484]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs\Startup
MSI (s) (F8:8C) [06:02:49:484]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs
MSI (s) (F8:8C) [06:02:49:484]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu
MSI (s) (F8:8C) [06:02:49:484]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Desktop
MSI (s) (F8:8C) [06:02:49:484]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Administrative Tools
MSI (s) (F8:8C) [06:02:49:500]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup
MSI (s) (F8:8C) [06:02:49:500]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs
MSI (s) (F8:8C) [06:02:49:500]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu
MSI (s) (F8:8C) [06:02:49:515]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Desktop
MSI (s) (F8:8C) [06:02:49:515]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Templates
MSI (s) (F8:8C) [06:02:49:515]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\Fonts
HELP, should i delete this file? thanks!
