Scanning difficulties and various malware (apparently) on system

Archive
1

Hello, I’m assisting a relative concerning some issues with their PC and was hoping to get some assistance here. The PC is running WinXP and has NAV Corporate Edition Full version: 7.61.934 installed. This began when the relative told me that the AV hadn’t finished scanning for several days. Looking at the control panel I found that the AV hadn’t completed a scan since 5/13/10! Looking at the Virus History section of the NAV control panel I found several pieces of malware listed that had not been either repaired or quarantined - though these are the options selected as remedy when one is found during a scan. I then attempted a manual scan and that was terminated within a second or two - with the scan panel saying that the user had terminated the scan. I DL’d Trend Micro’s Housecall and did a full scan which eventually completed and listed two threats - one was identified as a rootkit and the other as spyware. The spyware threat may not be a great issue as it appears to be a HP ‘backdoor’. It’s within a HP folder and named “terminator.exe”. I do wonder though if this could be considered a ‘vector’ for intrusion… The other threat TM indicated (the rootkit) was in a folder that appears to be related to the Adobe Flash product and TM referred to it as a ‘hidden file’. It showed a location of: “\.\pipe\gecko-crash-server-pipe.3592”. I ran Trend Micro’s Rootkit Buster but it showed no threats other than various file streams. I’m not entirely clear as to how to interpret the whole business of file streams. I copied down some information from the NAV Virus History section that indicated the various malware that does not appear to be quarantined on the system. Via the GUI the history only goes back to 4/7/10 and it shows multiple instances of the following malware in various locations from that date: Trojan.Pidief Bloodhound.PDF.23 W32.Erkez.B@mm Trojan.Pidief.G Bloodhound.PDF.21 Bloodhound.PDF!gen W32.Bugbear.B@mm Downloader I haven’t tried to quarantine these yet as I have a suspicion that there may be greater problems on this system and that a comprehensive approach may be necessary or at least a more knowledgeable diagnosis. Do let me know if I can supply other information that could be useful for diagnosis.