Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 31

Thread: Viruses and Me

  1. #11
    Junior Member
    Join Date
    May 2012
    Posts
    20

    Default

    C:\Program Files\RadioPI_4eEI\Installr\2.bin\4eEIPlug.dll Win32/Toolbar.MyWebSearch application
    C:\Program Files\RadioPI_4eEI\Installr\2.bin\NP4eEISb.dll Win32/Toolbar.MyWebSearch application
    C:\Program Files\RegServe\SilentRemover.exe a variant of Win32/Adware.RegDefense application
    C:\ProgramData\Spybot - Search & Destroy\Recovery\WinAgentws1.zip Win32/Bagle.gen.zip worm
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinAgentws1.zip Win32/Bagle.gen.zip worm
    C:\Users\richard\Desktop\uhhh\softonic-us-silent-2.exe Win32/Toolbar.Zugo application
    C:\Users\richard\Downloads\regserve-setup.exe a variant of Win32/Adware.RegDefense application
    C:\Users\richard\Downloads\Saya_no_Uta___English.exe Win32/Adware.1ClickDownload application
    C:\Users\richard\Downloads\SoftonicDownloader_for_skype.exe a variant of Win32/SoftonicDownloader.A application
    C:\Users\richard\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application
    C:\Windows.old\Users\All Users\Spybot - Search & Destroy\Recovery\WinAgentws1.zip Win32/Bagle.gen.zip worm
    C:\Windows.old.000\Documents and Settings\All Users\Spybot - Search & Destroy\Recovery\WinAgentws1.zip Win32/Bagle.gen.zip worm
    C:\Windows.old.000\Documents and Settings\richard\Desktop\uhhh\softonic-us-silent-2.exe Win32/Toolbar.Zugo application
    C:\Windows.old.000\Documents and Settings\richard\Downloads\regserve-setup.exe a variant of Win32/Adware.RegDefense application
    C:\Windows.old.000\Documents and Settings\richard\Downloads\Saya_no_Uta___English.exe Win32/Adware.1ClickDownload application
    C:\Windows.old.000\Documents and Settings\richard\Downloads\SoftonicDownloader_for_skype.exe a variant of Win32/SoftonicDownloader.A application
    C:\Windows.old.000\Documents and Settings\richard\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application
    C:\Windows.old.000\ProgramData\Application Data\Spybot - Search & Destroy\Recovery\WinAgentws1.zip Win32/Bagle.gen.zip worm
    C:\Windows.old.000\Users\All Users\Spybot - Search & Destroy\Recovery\WinAgentws1.zip Win32/Bagle.gen.zip worm
    C:\_OTL\MovedFiles\05312012_134429\C_Program Files\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application

  2. #12
    Junior Member
    Join Date
    May 2012
    Posts
    20

    Default

    "Windows Defender" was still registered as active before the scan...hopefully that didn't affect anything.

  3. #13
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good Morning,
    I would uninstall both of these programs


    C:\Program Files\RadioPI_4eEI
    C:\Program Files\RegServe




    Then go into Spybots Recovery folder and remove it all

    C:\ProgramData\Spybot - Search & Destroy\Recovery



    Delete this from your desktop

    C:\Users\richard\Desktop\uhhh\softonic-us-silent-2.exe



    Go into the downloads folder and delete it all but not the download folder itself

    C:\Users\richard\Downloads


    Did you create this
    C:\Windows.old <---




    What I would do is rerun ESET, this time let it remove what it finds
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  4. #14
    Junior Member
    Join Date
    May 2012
    Posts
    20

    Default

    I personally didn't intentionally create windows.old...it's possible someone else did but i have no idea.

    there's two of them with the same date of creation from 2008...windows.old and windows.old.000

    ESET ran and cleaned one issue after all preliminary actions were taken =).

  5. #15
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Did it clean everything in the old folder ?


    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    64 Bit Version

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :dir
      C:\Windows.old
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  6. #16
    Junior Member
    Join Date
    May 2012
    Posts
    20

    Default

    After the ESET fix scan i couldn't find a log, maybe because i didn't delete the first log beforehand, but i'm almost positive the entry that was "fixed" was C:\_OTL\MovedFiles\05312012_134429\C_Program Files\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application. There was definately only a single entry fixed.

    You probably have already seen this but all the .old.000 entries from the first scan seem to be doubles of all the regular entries...maybe some mirror thing going on. wierd

    Here's system look =D

    --------------------------------------------------------------------------

    SystemLook 30.07.11 by jpshortstuff
    Log created at 21:26 on 01/06/2012 by richard
    Administrator - Elevation successful

    ========== dir ==========

    C:\Windows.old - Parameters: "(none)"

    ---Files---
    autoexec.bat --a---- 24 bytes [10:23 02/11/2006] [21:43 18/09/2006]
    config.sys --a---- 10 bytes [06:25 02/11/2006] [21:43 18/09/2006]

    ---Folders---
    $Recycle.Bin d--hs-- [11:17 02/11/2006]
    Documents and Settings d--hs-- [12:59 02/11/2006]
    Program Files dr----- [11:18 02/11/2006]
    ProgramData d--h--- [11:18 02/11/2006]
    Users dr----- [11:18 02/11/2006]
    Windows d------ [11:18 02/11/2006]

    -= EOF =-

  7. #17
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Lets go here and do the same thing and delete those files

    C:\Windows.old\Users\All Users\Spybot - Search & Destroy\Recovery\WinAgentws1.zip
    C:\Windows.old.000\Users\All Users\Spybot - Search & Destroy\Recovery\WinAgentws1.zip
    C:\Windows.old.000\Documents and Settings\All Users\Spybot - Search & Destroy\Recovery\WinAgentws1.zip
    C:\Windows.old.000\Documents and Settings\richard\Desktop\uhhh\softonic-us-silent-2.exe
    C:\Windows.old.000\Documents and Settings\richard\Downloads\regserve-setup.exe
    C:\Windows.old.000\Documents and Settings\richard\Downloads\Saya_no_Uta___English.exe
    C:\Windows.old.000\Documents and Settings\richard\Downloads\SoftonicDownloader_for_skype.exe
    C:\Windows.old.000\Documents and Settings\richard\Downloads\vlcmediaplayer-setup.exe
    C:\Windows.old.000\ProgramData\Application Data\Spybot - Search & Destroy\Recovery\WinAgentws1.zip
    C:\_OTL\MovedFiles\05312012_134429\C_Program Files\Search Toolbar

    Let me know how it went .


    Then run a new scan with ESET and post the log please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #18
    Junior Member
    Join Date
    May 2012
    Posts
    20

    Default

    C:\_OTL\MovedFiles\05312012_134429\C_Program Files\Search Toolbar was the only file i could find and ESET turned up clean.

    Things to note...C:\users\richard and C:\windows.old.000\documents and setting\richard are 100% identicle...i couldn't get into C:\windows.old.000\documents and settings\richard without using start search...the folder didn't exist going through computer-->local disk.

    The exact same thing applied to C:\Windows.old.000\Users\All Users and C:\ProgramData...all files contained are identicle and i couldn't find C:\Windows.old.000\Users\All Users without using start search.

    inside this C:\Windows.old\Users\All Users\Spybot - Search & Destroy\Recovery...WinAgentws1.zip was no longer there, but i did find a bunch of .zip files with names i recognized as malicious? There's about five in there but two examples are GameVancePlaySushi5.zip and WiIQfraud2.zip (there's multiple copies of all of them)...The GUI for spybot shows the recovery section as empty.


    Here's ESET I went to sleep when i started the scan so i wasn't able to get the regular looking log (as far as i know) hopefully this is the same thing.

    --------------------------------------------------------------------------
    ESETSmartInstaller@High as downloader log:
    all ok
    esets_scanner_update returned -1 esets_gle=12
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=edf20e162e4fdb4992401ab3118fe57f
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-06-02 01:34:27
    # local_time=2012-06-02 07:34:27 (-0700, Mountain Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=5892 16776574 66 100 32636270 175245329 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=269839
    # found=0
    # cleaned=0
    # scan_time=6310

  9. #19
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    It looks like those folders may have been from a previous installation of windows. Did you buy this computer used ?

    http://windows.microsoft.com/en-us/w...der?SignedIn=1


    Lets go a bit further, plug these into System Look



    :dir
    C:\Windows.old
    C:\Windows.old.000
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #20
    Junior Member
    Join Date
    May 2012
    Posts
    20

    Default

    This system was put together brand new by myself and a couple other highschool kids at the time so it's very possible we did something wierd.




    SystemLook 30.07.11 by jpshortstuff
    Log created at 16:36 on 02/06/2012 by richard
    Administrator - Elevation successful

    ========== dir ==========

    C:\Windows.old - Parameters: "(none)"

    ---Files---
    autoexec.bat --a---- 24 bytes [10:23 02/11/2006] [21:43 18/09/2006]
    config.sys --a---- 10 bytes [06:25 02/11/2006] [21:43 18/09/2006]

    ---Folders---
    $Recycle.Bin d--hs-- [11:17 02/11/2006]
    Documents and Settings d--hs-- [12:59 02/11/2006]
    Program Files dr----- [11:18 02/11/2006]
    ProgramData d--h--- [11:18 02/11/2006]
    Users dr----- [11:18 02/11/2006]
    Windows d------ [11:18 02/11/2006]

    C:\Windows.old.000 - Parameters: "(none)"

    ---Files---
    autoexec.bat --a---- 24 bytes [10:23 02/11/2006] [21:43 18/09/2006]
    config.sys --a---- 10 bytes [06:25 02/11/2006] [21:43 18/09/2006]

    ---Folders---
    $Recycle.Bin d--hs-- [11:17 02/11/2006]
    Documents and Settings d--hs-- [12:59 02/11/2006]
    Program Files dr----- [11:18 02/11/2006]
    ProgramData d--h--- [11:18 02/11/2006]
    Users dr----- [11:18 02/11/2006]
    Windows d------ [11:18 02/11/2006]

    -= EOF =-

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •