Hi,
I have one problem with Trojan.Ribdew.C.DLL..
I am using Bit Defender Software program. It detects one problem.

C:\Documents and Settings\....\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL\AVICodecPackLite3[1].exe=>(NSIS o)=>lzma_solid_nsis0005 Infected: Trojan.Ribdew.C.DLL
C:\Documents and Settings\.....\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL\AVICodecPackLite3[1].exe=>(NSIS o)=>lzma_solid_nsis0005 Deleted
C:\Documents and Settings\.....\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL\AVICodecPackLite3[1].exe=>(NSIS o) Update failed

I tried several things. Also I am using Spyboot program. But it was not detect this. I scanned a-squared too. Either It did not detect this Trojan.

Also I did system restore several times. But UNFORTUNATELY I did not solve this problem.
What is the problem.. How can remove this trojan from my computer.
Please help me...

I am still fighting to against this problem but I did not solve.. Please help...HELP..

Hello numlocke,

Welcome to Safer Networking Forums :)

* Click here (http://www.thespykiller.co.uk/files/HJTsetup.exe) to download HJTsetup.exe
Save HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.


Thanks,
tea

I am sensding log file.
Thanks..


Logfile of HijackThis v1.99.1
Scan saved at 14:05:28, on 11.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Power Manager\PM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.internethaber.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) - https://sube.garanti.com.tr/lib/JaguarEditControl.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159051687440
O16 - DPF: {65A6BE25-6D9A-4FF2-8971-2C348A91478A} (FNNActiveForm Control) - http://www.ataonline.com.tr/Program/ActiveChartPro/FNNActivexProChart.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Hello,

* Clean your Cache and Cookies in IE: Close all instances of Outlook Express and Internet Explorer
Go to Control Panel > Internet Options > General tab
Click the "Delete Cookies" button
Next to it, Click the "Delete Files" button
When prompted, place a check in: "Delete all offline content", click OK* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed): Go to Tools > Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.

Please download, install, and update AVG Anti-Spyware (formerly Ewido) (http://www.ewido.net/en/download/)


Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Close ewido. Do not run it yet.


Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.


In Safe Mode, load AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Restart back into Normal Mode.


In your reply, please post the results from AVG and a new HijackThis log. Also let me know how your computer is running. :)

Thanks,
tea

Hello,
I tried your advice step by step..But Unfortunately Failed...Really failed. AVG was not detect this trojan..
I am sending reports..PLEASE help...

First AVG report..
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:05:29 11.10.2006
+ Scan result:



Nothing found.



::Report end

Second Bit defender..

//-----------------------------------------------------------------
//
// ProductBitDefender Internet Security v10
// Product10.0
//
// Created on: 11/10/2006 20:14:06//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
Folders : 615
Files : 93236
Memory processes scanned : 17
Archives : 680
Runtime packers : 11917
Identified viruses : 1
Infected files : 1
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 1
Moved files : 0
I/O errors : 43
Scan time : 00:13:01
Scan speed (files/sec) : 119

Spyware Statistics

Registry keys scanned : 1613
Registry keys infected : 0
Cookies scanned : 5
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 25520914
Scan plugins : 15
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[ ] Disinfect
[X] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[X] Delete
[ ] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\full_scan\1160586845.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies


Summary:

C:\Documents and Settings\VATAN\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL\AVICodecPackLite3[1].exe=>(NSIS o)=>lzma_solid_nsis0005 Infected: Trojan.Ribdew.C.DLL
C:\Documents and Settings\VATAN\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL\AVICodecPackLite3[1].exe=>(NSIS o)=>lzma_solid_nsis0005 Deleted
C:\Documents and Settings\VATAN\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL\AVICodecPackLite3[1].exe=>(NSIS o) Update failed



Third Report;
Logfile of HijackThis v1.99.1
Scan saved at 20:36:18, on 11.10.2006Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Power Manager\PM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.internethaber.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) - https://sube.garanti.com.tr/lib/JaguarEditControl.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159051687440
O16 - DPF: {65A6BE25-6D9A-4FF2-8971-2C348A91478A} (FNNActiveForm Control) - http://www.ataonline.com.tr/Program/ActiveChartPro/FNNActivexProChart.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Hello,

Navigate to the following folder:
C:\Documents and Settings\VATAN\Local Settings\Temporary Internet Files\Content.IE5 <----empty everything in that folder.

Did you ever run Norton/Symantec AV on your computer?

Hello,

Navigate to the following folder:
C:\Documents and Settings\VATAN\Local Settings\Temporary Internet Files\Content.IE5 <----empty everything in that folder.

Did you ever run Norton/Symantec AV on your computer?


Hi,
I did this several times. Also I did by CCleaner. But nothing changed. Really I did not understand this problem. Other antispware programs did not detected this trojan. Only BitDefender detected it.
I haven't run Norton.

I am kosing my hope.. But I don't want to format my computer becuse of stupid trojan..

Do you have any idea?
Thanks...

Hello,

We still have many options yet to get rid of those pesky files, so no need to think of giving up. :bigthumb:

1) Please download the Killbox (http://www.killbox.net/downloads/KillBox.exe).
Save it to the desktop and run it.

2) Select "Delete on Reboot", and then select "All files".

3) Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\Documents and Settings\VATAN\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL\AVICodecPackLite3[1].exe

4) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

5) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

Reboot your computer.

Run Bit Defender again and let me know if those are gone. :)

Thanks,
tea

Hello,

I did all procedure by killbox but failed again..

what will we do??

:sad: :sad: :sad:


Pocket Killbox version 2.0.0.881
Running on Windows XP as VATAN(Administrator)
was started @ Perşembe, Ekim 12, 2006, 7:52 PM

# 1 [Delete on Reboot]
Path = C:\Documents and Settings\VATAN\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL\AVICodecPackLite3[1].exe=>(NSIS o)=>lzma_solid_nsis0005


PendingFileRenameOperations Registry Data has been Removed by External Process! @ 8:01:53 PM
Killbox Closed(Exit) @ 8:02:07 PM
__________________________________________________

Pocket Killbox version 2.0.0.881
Running on Windows XP as VATAN(Administrator)
was started @ Perşembe, Ekim 12, 2006, 8:41 PM

# 1 [Files to Delete]
Path = C:\Documents and Settings\VATAN\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL\AVICodecPackLite3[1].exe
*This File could not be Deleted

# 2 [Delete on Reboot]
Path = C:\Documents and Settings\VATAN\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL\AVICodecPackLite3[1].exe
*This File could not be Deleted

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 8:43:51 PM
# 3 [Delete on Reboot]
Path = C:\Documents and Settings\VATAN\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL\AVICodecPackLite3[1].exe
*This File could not be Deleted

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 8:47:49 PM
# 4 [Files to Delete]
Path = C:\Documents and Settings\VATAN\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL\AVICodecPackLite3[1].exe
*This File could not be Deleted

# 5 [Delete on Reboot]
Path = C:\Documents and Settings\VATAND\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL\AVICodecPackLite3[1].exe
*This File could not be Deleted

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 8:50:02 PM
# 6 [Delete on Reboot]
Path = C:\Documents and Settings\VATAN\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL\AVICodecPackLite3[1].exe
*This File could not be Deleted

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 8:50:55 PM
# 7 [Delete on Reboot]
Path = C:\Documents and Settings\VATAN\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL\AVICodecPackLite3[1].exe
*This File could not be Deleted

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 8:51:29 PM
# 8 [Delete on Reboot]
Path = C:\Documents and Settings\VATAN\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL\AVICodecPackLite3[1].exe
*This File could not be Deleted

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 8:52:33 PM

Hello,

All right, we'll use "the big guns" then.

1. Please download The Avenger (http://swandog46.geekstogo.com/avenger.zip) by Swandog46 to your Desktop. Click on Avenger.zip to open the file Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


Files to delete:
C:\Documents and Settings\VATAN\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL\AVICodecPackLite3[1].exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
Under "Script file to execute" choose "Input Script Manually".
Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Click Done
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply

Thanks,
tea

Hello,
sorry I used this program but it was not work... I think I have to do format... Because we still don't get rid of this trojan...

Do you have new idea?

Anyway, Thank you for helping

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: selected file does not appear to be a valid script.
Error code: 0

Hello,

Run Avenger again, only this time copy and paste this script in :

Folders to delete:
C:\Documents and Settings\VATAN\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL

Let me know how that does.

There is no need to PM me after every response. I can see the results here. :)

Thanks,
tea

Hello,

Run Avenger again, only this time copy and paste this script in :

Folders to delete:
C:\Documents and Settings\VATAN\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL

Let me know how that does.

There is no need to PM me after every response. I can see the results here. :)

Thanks,
tea

I run again but I got same result unfortunately...

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: selected file does not appear to be a valid script.
Error code: 0

Hello,

Please make sure there is no blank line at the top, and that there is a blank line below when you copy in the script, and try again.

tea

Hello,

Please make sure there is no blank line at the top, and that there is a blank line below when you copy in the script, and try again.

tea

Hi,
I did again carefully. There was no blank line at the top but result was same.

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: selected file does not appear to be a valid script.
Error code: 0

Hello,
I am still fighting to this problem,but I did not recover my computer.. Is anybody have any idea about my problem?.. Please help...

Hello,

What do you mean by "recover my computer"? Is this something new?:scratch:

Hello,

What do you mean by "recover my computer"? Is this something new?:scratch:


Hello,
I mean I have still same problem with Trojan.Ribdew.C.DLL

I tried several program that you adviced these.. But Unfortunately my computer has same trojan when scan by BitDefender..

I am really bored because of this stupid trojan. I want to delete it from my computer.. That's all.

Thank you for your helping...

Hello,

I asked others about this, and Metallica has something for you. :)

Please download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop.
Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
Then copy the part in the CODE box below into notepad and save it as NSISjava.bfu
Set Filetype to "all files"


OptionUnloadShell
ProcessKill \iexplore.exe|1
DllUnregister \java52e.dll|1

RegDeleteKey HKCR\CLSID\{B9CE503D-03F8-4161-A8A6-C912ADFCF2D4}
RegDeleteKey HKCR\Java.JavaExt
RegDeleteKey HKCR\Java.JavaExt.1
RegDeleteKey HKCR\txtfile\ShellEx\ContextMenuHandlers\JavaExt
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\PowerPoint
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{B9CE503D-03F8-4161-A8A6-C912ADFCF2D4}

FileDelete %SYSDIR%\java52e.dll


Save it in the same folder you made earlier (c:\BFU).

Then, please go to Start > My Computer and navigate to the C:\BFU folder.
Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon http://metallica.geekstogo.com/foldericon.png and select NSISjava.bfu
Press Execute and let it do it’s job. Don't be scared because your taskbar and desktop will disappear for a short while.
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.

Now see if that file is gone. :)

Thanks,
tea

Hello,
I downloaded last program and I did the last procedure several times and after that I scanned by Bitdefender. I am sending last report that got from BitDefender...

UNFORTUNATELY, I have still same problem.. Unbelieveable but it is true.

Help me!!!! HELP....HELP..:sad: :sad: :sad:



//-----------------------------------------------------------------
//
// ProductBitDefender Internet Security v10
// Product10.0
//
// Created on: 16/10/2006 18:36:55
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
Folders : 2882
Files : 475234
Memory processes scanned : 18
Archives : 2535
Runtime packers : 66798
Identified viruses : 1
Infected files : 1
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 1
Moved files : 0
I/O errors : 47
Scan time : 01:32:41
Scan speed (files/sec) : 85

Spyware Statistics

Registry keys scanned : 1613
Registry keys infected : 0
Cookies scanned : 84
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 509266
Scan plugins : 15
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[ ] Disinfect
[X] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[X] Delete
[ ] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\full_scan\1161013015.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies


Summary:

C:\Documents and Settings\VATAN\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL\AVICodecPackLite3[1].exe=>(NSIS o)=>lzma_solid_nsis0005 Infected: Trojan.Ribdew.C.DLL
C:\Documents and Settings\VATAN\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL\AVICodecPackLite3[1].exe=>(NSIS o)=>lzma_solid_nsis0005 Deleted
C:\Documents and Settings\VATAN\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL\AVICodecPackLite3[1].exe=>(NSIS o) Update failed

Hello,

Copy the contents of the code box below into a new notepad document (not wordpad).
Click file> save as...> call it check.bat > file types *all files*> and save it to desktop.


@echo off
cd\
del "C:\Docume~1\VATAN\LocalS~1\Tempor~1\Content.IE5\T8QKP5DL\AVICod~1.exe"
del "C:\Docume~1\VATAN\LocalS~1\Tempor~1\Content.IE5\T8QKP5DL\AVICodecPackLite3[1].exe"
dir "C:\Docume~1\VATAN\LocalS~1\Tempor~1\Content.IE5\T8QKP5DL\AVICod~1.exe" >report.txt
start notepad report.txt

Run check.bat and post back with the text that will open.

Hello,
I made check.bat file and run. One peport page opened. There is no anything inside of this report. There was clean one page. After that I checked my computer hopefully but BitDefender found same problem.

I have never met this type problem.

Really I don't understand this problem... What am I do?

Thank you..



//-----------------------------------------------------------------
//
// ProductBitDefender Internet Security v10
// Product10.0
//
// Created on: 17/10/2006 10:44:02
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
Folders : 805
Files : 133629
Memory processes scanned : 19
Archives : 1207
Runtime packers : 13893
Identified viruses : 1
Infected files : 1
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 1
Moved files : 0
I/O errors : 35
Scan time : 00:34:13
Scan speed (files/sec) : 65

Spyware Statistics

Registry keys scanned : 1613
Registry keys infected : 0
Cookies scanned : 88
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 509568
Scan plugins : 15
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[ ] Disinfect
[X] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[X] Delete
[ ] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\full_scan\1161071042.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies


Summary:

C:\Documents and Settings\VATAN\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL\AVICodecPackLite3[1].exe=>(NSIS o)=>lzma_solid_nsis0005 Infected: Trojan.Ribdew.C.DLL
C:\Documents and Settings\VATAN\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL\AVICodecPackLite3[1].exe=>(NSIS o)=>lzma_solid_nsis0005 Deleted
C:\Documents and Settings\VATAN\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL\AVICodecPackLite3[1].exe=>(NSIS o) Update failed

Hello,

Please go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis:

C:\Documents and Settings\VATAN\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL\AVICodecPackLite3[1].exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

Hello,
I did and got below report,when I got it first time. After that I closed my firewall and also windows firewall and I tried several time but I get this report..

What do you think. Also when I uploaded file I saw this file and I tried to deleted, but I did not deleted it.

"The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file."

Hi,
I have still same problem.. Is there any new idea to delete this trojan from my computer..
Please Help..

Hi Numlocke,

teacup61 asked me to look at your problem.

I wanted to know if there is another useraccount active on that computer and if the one you are using has administrator rights?

Let me know,

Hi Numlocke,

teacup61 asked me to look at your problem.

I wanted to know if there is another useraccount active on that computer and if the one you are using has administrator rights?

Let me know,

Hi,
I am using only one useraccount, but I am using this computer in University. Our university has T-Lan System. They gave one IP and DNS number. I am connecting from this number.
"if the one you are using has administrator rights?" Actually I don't understand this sentence. I can say only one useraccount active and belong to me in my computer.
I hope we can remove this problem from my computer.
Thank you..
Numlocke..

I will attach a file to this post. Rightclick that file and save it into the same folder as the file BFU.exe that teacup61 told you to get.

Then doubleclick BFU.exe and on the BFU program screen use the explorer button to find the emptycache.txt

Then click the Execute button.
Your desktop and taskbar will disappear for a brief period.
When all is back click the Exit button.

That should take care of it.
Let us know.

I will attach a file to this post. Rightclick that file and save it into the same folder as the file BFU.exe that teacup61 told you to get.

Then doubleclick BFU.exe and on the BFU program screen use the explorer button to find the emptycache.txt

Then click the Execute button.
Your desktop and taskbar will disappear for a brief period.
When all is back click the Exit button.

That should take care of it.
Let us know.

Hello,

I did. But failed again. I am sending log file...What is the problem, I don't understand it..

Thanks,
Numlocke

BFU v1.00.9
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 18:44:02, on 20.10.2006

Option Unload Explorer: Yes
Failed: FolderDelete C:\DOCUME~1\VATAN~1\LOCALS~1\Temp\a2archive (operation failed)
Failed: FolderDelete C:\DOCUME~1\VATAN~1\LOCALS~1\Temp\AAWTMP (operation failed)
Failed: FileDelete C:\DOCUME~1\VATAN~1\LOCALS~1\Temp\~DF71EA.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\VATAN~1\LOCALS~1\Temp\~DF828.tmp (operation failed)
Failed: FolderDelete C:\WINDOWS\Temp\tmp000013c2 (operation failed)
Failed: FolderDelete C:\Documents and Settings\VATAN\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL (operation failed)
Script completed.

After That I scanned again;

//-----------------------------------------------------------------
//
// ProductBitDefender Internet Security v10
// Product10.0
//
// Created on: 20/10/2006 18:48:18
////-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
Folders : 759
Files : 99021
Memory processes scanned : 18
Archives : 709
Runtime packers : 11931
Identified viruses : 1
Infected files : 1
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 1
Moved files : 0
I/O errors : 34
Scan time : 00:17:25
Scan speed (files/sec) : 94

Spyware Statistics

Registry keys scanned : 1615
Registry keys infected : 0
Cookies scanned : 150
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 510613
Scan plugins : 15
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[ ] Disinfect
[X] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[X] Delete
[ ] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\full_scan\1161359298.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies


Summary:

C:\Documents and Settings\VATAN\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL\AVICodecPackLite3[1].exe=>(NSIS o)=>lzma_solid_nsis0005 Infected: Trojan.Ribdew.C.DLL
C:\Documents and Settings\VATAND\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL\AVICodecPackLite3[1].exe=>(NSIS o)=>lzma_solid_nsis0005 Deleted
C:\Documents and Settings\VATAN\Local Settings\Temporary Internet Files\Content.IE5\T8QKP5DL\AVICodecPackLite3[1].exe=>(NSIS o) Update failed

Too bad the BFU log doesn't show why it failed. :sad:

Let's see if Unlocker can get rid of it.
Download the program here:
http://ccollomb.free.fr/unlocker/
and install it.

Check if your hidden files and folders are set to "show themselves"
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Now to find the undeletable file doubleclick "My Computer"
doubleclick C: drive icon
doubleclick Documents and settings
doubleclick the folder with username (VATAN)
doubleclick the Local Settings folder
doubleclick the Temporary Internet Files Folder
doubleclick the Content.IE5 folder
doubleclick the T8QKP5DL folder
now find the file called AVICodecPackLite3[1].exe and rightclick it.
Unlocker should be in the rightclick menu. Use it.
Delete the file and go back one step and rightclick the T8QKP5DL folder
Use Unlocker again and delete the entire folder.

Let me know if this works or where it goes wrong.

Hello,
I did but unfolder did not show this file and folders. Before use it, I selected show hidden files and folders. I think this folder was hidden by trojan. I saw all hidden folders and files except Content.IE5 folder and T8QKP5DL. Also I used find section to find this folder. Also It did not find this folder. Really interesting..

What will we do?. I am waiting your recommendation.
Thanks.
Numlocke

So you could follow the path untill the Temporary Internet Files Folder ?

Can you find the file in there ?
If you toggle the A you should get to see all the files whose names start with an A
The [1] part may not show up in the filename.

So you could follow the path untill the Temporary Internet Files Folder ?

Can you find the file in there ?
If you toggle the A you should get to see all the files whose names start with an A
The [1] part may not show up in the filename.

First I uninstalled Internet Explorer 7 and after that I found this file. I have no any idea about this. I used unlocker. It did not delete and asked me do you want to delete next reboot, I checked OK. I restarted my computer but unfortunately It did not deleted it.. I tried it several times but results were same..

Thanks..
Numlocke

Hi Numlocke,

We will probably have to delete the entire Temp Internet Folder for that useraccount. To do so we will need one of the following:
- Another useraccount with Administrator rights
- A set of startup floppies
- A windows XP CD

Let me know what you have and we will take it from there.

Hi Numlocke,

We will probably have to delete the entire Temp Internet Folder for that useraccount. To do so we will need one of the following:
- Another useraccount with Administrator rights
- A set of startup floppies
- A windows XP CD

Let me know what you have and we will take it from there.


I opened my computer as safety mode and I entered as administrator. I found this folder and files. I deleted it by unlocker. After that I checked my computer by BitDefender. There was no problem.
So I am happy. Thank you very much you and teacup for very kindly and useful information and help.
Thank you...

And a thank you to Mosaic1, who gave me the solution on a silver platter. :heart:

Glad we could help. :cool:

As the problem appears to be resolved this topic has been archived. :bigthumb:

If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter. Cheers. :)