unable to perm remove geeda.dll

[ken545]

This file infecter is a fairly new variant, I am looking into why there still showing up. They may be legit copies of the files and the bad ones may have been removed, I will find out. Be back soon.

Ken

[westing]

Okay, thank you, for your help!!!!

[westing]

My pc-cillin icon that usually shows up in my system tray no longer appears? If I open the main console from my startup menu it comes up but when I exit it still does not show up in my system tray and it will not allow me to check for updates?
My subscription ends March 8, is it worth me purchasing it again or using one of the free anti-virus and firewalls recommended?
Also, I removed windows defender b/c I kept getting a error message when I tried to install updates. This happens when there are windows updates as well. The automatic update will download the updates but I have to manually install each one. Is this a result of the vundo virus and should I be able to re-install windows defender and keep it updated? Sorry for all the questions!!! I really appreciate all of your help and time today! I'm in no rush for the answers just when ever you get the chance.

[ken545]

Hello,

pc-cillin is one of the programs that was infected by this trojan, what I would do is completely uninstall it via the Add Remove Programs in the Control Panel. I would also uninstall Trojan Hunter as thats not the best of programs,

If you need a free Anti Virus program, here are a few, just install one , more is overkill and will actually do more harm than good.

• AVG Free
• Free Avast 4 Home Edition
• Avira AntiVir® Personal Edition Classic

You need to enable windows to show all files and folders, instructions
Here

Delete the files in RED

C:\WINDOWS\system32\.htm
C:\WINDOWS\BM2bdc6baa.xml



Download and save RenV to your desktop

Doubleclick RenV.exe.

When finished, it shall produce a new log for you. Post that log in your next reply.

[westing]

Hello,

I don't see the C:\WINDOWS\system32\.htm file I see C:\WINDOWS\system32\.html?
I deleted the C:\WINDOWS\BM2bdc6baa.xml file there is also a C:\WINDOWS\BM2bdc6baa text doc. Should I delete this as well?

[ken545]

No, its just a text file, let it be for now, run RenV and post the log

[westing]

Code:

Ran on Mon 03/03/2008 - 20:35:31.39

----a-w            81,920 2008-03-02 18:12:47  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w           221,184 2008-03-02 18:12:47  C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
----a-w           185,896 2008-03-02 18:12:48  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w           462,336 2008-03-02 18:12:49  C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader .exe
----a-w            94,208 2008-03-02 18:12:46  C:\Program Files\Dell\Media Experience\DMXLauncher .exe
----a-w           132,496 2008-03-02 18:12:50  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w         2,097,488 2008-03-02 19:09:25  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w         1,807,960 2008-03-02 18:13:00  C:\Program Files\Trend Micro\Internet Security 14\pccguide .exe
----a-w           321,040 2008-03-02 18:12:57  C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon .exe
----a-w           866,584 2008-02-25 03:16:09  C:\Program Files\Windows Defender\MSASCui .exe
----a-w            59,392 2008-02-23 20:23:51  C:\WINDOWS\ehome\ehtray .exe
----a-w           315,904 2007-12-22 19:55:17  C:\WINDOWS\inf\unregmp2 .exe
----a-w            15,360 2008-02-23 20:24:11  C:\WINDOWS\system32\ctfmon .exe
----a-w           122,940 2008-03-02 18:12:47  C:\WINDOWS\system32\DLA\DLACTRLW .EXE

 Entries:               14  (14)
 Directories:            0  Files:            14
 Bytes:          6,784,708  Blocks:       13,256

-------------------------------

I'm still looking for the C:\WINDOWS\system32\.htm file, I didn't notice the "." before htm.

[westing]

Sorry for the bombardment but I remove Trend Micro Pc and installed AVG. However, I can not find Trojan Hunter in the Add/remove list?

[ken545]

Open NOTEPAD.exe and copy/paste the text in the code box below into it:

Code:

----a-w            81,920 2008-03-02 18:12:47  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w           221,184 2008-03-02 18:12:47  C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
----a-w           185,896 2008-03-02 18:12:48  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w           462,336 2008-03-02 18:12:49  C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader .exe
----a-w            94,208 2008-03-02 18:12:46  C:\Program Files\Dell\Media Experience\DMXLauncher .exe
----a-w           132,496 2008-03-02 18:12:50  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w         2,097,488 2008-03-02 19:09:25  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w         1,807,960 2008-03-02 18:13:00  C:\Program Files\Trend Micro\Internet Security 14\pccguide .exe
----a-w           321,040 2008-03-02 18:12:57  C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon .exe
----a-w           866,584 2008-02-25 03:16:09  C:\Program Files\Windows Defender\MSASCui .exe
----a-w            59,392 2008-02-23 20:23:51  C:\WINDOWS\ehome\ehtray .exe
----a-w           315,904 2007-12-22 19:55:17  C:\WINDOWS\inf\unregmp2 .exe
----a-w            15,360 2008-02-23 20:24:11  C:\WINDOWS\system32\ctfmon .exe
----a-w           122,940 2008-03-02 18:12:47  C:\WINDOWS\system32\DLA\DLACTRLW .EXE

Save this as Log.txt

Drag Log.txt into RenV as you see in the screenshot.




It will produce a new log, post it please

[westing]

Code:

Ran on Mon 03/03/2008 - 21:03:12.12

 Entries:                0  (0)
 Directories:            0  Files:             0
 Bytes:                  0  Blocks:            0