Lonny,
Here is the Ewido file
Lonny,
Here is the Ewido file
Hi confusionsays
Try to attach it again please, it might need to be split into two files for it to fit .... Post a new Hijackthis log and mention the current problems.
Are you willing to put back that folder with Ewidos backups ? If so Do you need instructions
LONNY,
I divided the file into 2 files of 421 KB and 416 KB, but I am not allowed more than 30 KB. Any other way to get it to your eyes, then sending you 100 files?
Here is the new HJT log:
Logfile of HijackThis v1.99.0
Scan saved at 11:23:14 AM, on 1/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\XGMacroEn\XGProg.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\duane\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: XGMacro.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
I could probably use some help with the Ewido backup files.
The only problem that I have seen is a "Thumbs" file that keeps appearing in my "Shared" folder. It is apparently a systems file, which I have to keep deleting.
LONNY,
As an addition to your question of what current problems do I have, and my answer of the "Thumbs-system file": There are 143 "Thumbs" files on my computer, and when I check their "properties" I get a "modified" date earlier then the "created" date?!?! When I erase it in a file, then close that file, then come back later it is back??!
Hi
Run Ewido, click quarantine find and restore ONLY the items that were in that wmplayer folder
C:\Program Files\wmplayer , close ewido zip up the contents of that folder
(rightclick send to > compressed) then go attach that cab (or zip if you use a third party zip program) file here
http://www.thespykiller.co.uk/forum/index.php?board=1.0
Now delete that folder or run ewido and let it remove the items there.
Thanks
More info on those thumbs.db files here
http://www.tweakxp.com/article36702.aspx
Post a report from one or both of these free online scans
Kaspersky Lab - Free Online scan:
http://www.kaspersky.com/virusscanner
Click scan settings and place a check next to use [x]extended this database etc etc. Click ok.
Then choose: my computer: scan all your hard drives and mapped disks.
when finished click save as text and post that in your reply.
Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Save the report and post it back here please if there are any that it is unable to deal with.
LONNY,
I sent the contents of the wmplayer file to that other forum.
I downloaded kaspersky and it's findings are here:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, January 24, 2006 05:36:10
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 24/01/2006
Kaspersky Anti-Virus database records: 172825
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
E:\
F:\
G:\
H:\
I:\
N:\
Scan Statistics:
Total number of scanned objects: 108042
Number of viruses found: 20
Number of infected objects: 71
Number of suspicious objects: 2
Duration of the scan process: 8207 sec
Infected Object Name - Virus Name
C:\AGEU_SilentSudokuInstaller.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk
C:\AGEU_SilentSudokuInstaller.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk
C:\AGEU_SilentSudokuInstaller.exe Infected: Trojan-Dropper.Win32.VB.kk
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy19.zip/adv.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy19.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\duane\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1b69be98-69ae124d.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\duane\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1b69be98-69ae124d.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\duane\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1b69be98-69ae124d.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\duane\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1b69be98-69ae124d.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\duane\Local Settings\Temp\AGEU_SudokuInstaller.exe/data0006 Infected: Trojan-Dropper.Win32.VB.kk
C:\Documents and Settings\duane\Local Settings\Temp\AGEU_SudokuInstaller.exe Infected: Trojan-Dropper.Win32.VB.kk
C:\Program Files\wmplayer\wmplayer.exe Infected: Trojan-Dropper.Win32.VB.kw
C:\SS1001.exe/data0010 Infected: Trojan-Dropper.Win32.Small.qn
C:\SS1001.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP609\A0022502.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP610\A0022521.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP610\A0022565.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP612\A0022591.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP612\A0022592.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP612\A0022593.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP612\A0022593.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.y
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP612\A0022593.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.y
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP613\A0022613.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP615\A0022649.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP615\A0022654.exe Infected: Trojan-Downloader.Win32.VB.uy
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP615\A0022673.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP615\A0022678.exe Infected: Trojan-Dropper.Win32.VB.kw
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP617\A0022703.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP619\A0022729.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP619\A0022734.exe Infected: Trojan-Downloader.Win32.PurityScan.ax
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP619\A0022752.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP619\A0022775.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP621\A0022811.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP621\A0022827.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP621\A0022849.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP621\A0022862.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP621\A0022864.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP621\A0022865.exe Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP621\A0022872.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP621\A0022873.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP621\A0022874.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ai
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP621\A0022875.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP621\A0022875.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP621\A0022875.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ai
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP621\A0022875.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP621\A0022875.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.aa
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP621\A0022875.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP621\A0022876.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP621\A0022880.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP621\A0022892.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP621\A0022907.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP621\A0022917.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP622\A0022935.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP622\A0022978.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP622\A0022993.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP624\A0023027.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP624\A0023045.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP624\A0023057.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP625\A0023096.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP626\A0023177.exe Infected: Trojan-Downloader.Win32.Adload.l
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP626\A0023209.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP628\A0023258.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP629\A0023300.exe Infected: Trojan-Dropper.Win32.VB.kw
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP629\A0023301.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP629\A0023302.exe Infected: Backdoor.Win32.Rbot.gen
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP629\A0023303.exe Infected: not-a-virus:Monitor.Win32.NetMon.a
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP629\A0023304.exe Infected: Trojan-Dropper.Win32.VB.kw
C:\System Volume Information\_restore{1A8CD2D3-1597-4EFF-9955-B6CDD9CEE1C9}\RP632\A0023355.exe Infected: Backdoor.Win32.Rbot.gen
C:\WINDOWS\system32\DH9013.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf
C:\WINDOWS\system32\DH9013.exe Infected: Trojan-Clicker.Win32.Small.jf
C:\WINDOWS\system32\p2pnetworking.exe Infected: Backdoor.Win32.Rbot.gen
C:\WINDOWS\WinDy.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf
C:\WINDOWS\WinDy.exe Infected: Trojan-Clicker.Win32.Small.jf
Scan process completed.
I had problems downloading panda.
Thanks
Delete these files and folder
C:\AGEU_SilentSudokuInstaller.exe
C:\SS1001.exe
C:\WINDOWS\system32\DH9013.exe
C:\WINDOWS\WinDy.exe
C:\Program Files\wmplayer < folder
This is a differant BFU script than we used before
You already have the bfu program and the bfu folder created so skip that partKeep us informedMake a new folder at this location,
C:\ called "BFU"
Download Brute Force Uninstaller. By Merijn author of Hijackthis.
http://www.merijn.org/files/bfu.zip
Unzip it to it’s own folder (c:\BFU)
Doubleclick on BFU.exe, Click the round green icon (open script URL)
copy then paste in
http://metallica.geekstogo.com/p2pnetwork.bfu
Press execute and let it do it’s job.
Wait for the complete script execution box to popup and press OK.
If the script is really executed you should have seen a progress bar.
Press exit to exit the BFU program.
If you have any questions about the use of BFU please read here:
http://metallica.geekstogo.com/BFUinstructions.html
LONNY,
Managed to delete all the files.
I downloaded Brute, and ran it properly this time. It did all the things it was supposed to do.
Great
Are there any problems now ?
Hello, this topic will now be archived to prevent others with similar issues posting in it.
If you need it re-opened please pm me or Lonny.
Cheers.
Microsoft MVP Reconnect 2018-
Windows Insider MVP 2016-2018
Microsoft Consumer Security MVP 2006-2016