Infection will not allow Spybot or HJT to run

Status
Not open for further replies.
Morning Ken,
full path is

C:\DOWNLOADS\HijackThis.exe

What dangerous about this is I 1st posted here 9-19 at 2:00 pm
this was created 9-19- 12:21 am. the time I was downloading
the Infected game file and got infected.

What odd about this is none of the attributes are checked or grayed out
but it cannot be moved or changed or deleted,and it an .exe
like it sitting there ready to run as soon as it is called ..

like the creator of the bug knew it get caught but left a back door??

ALL everything I download goes to this folder ..
i just feel this may have come in piggy-backed with the bug

HR
 
Please download OTM by OldTimer.
  • Save it to your desktop.
  • Please click OTM and then click >> run.
  • Copy the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code: 
:Processes
explorer.exe

:Services

:Reg

:Files
C:\DOWNLOADS\HijackThis.exe


:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTM, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
 
as instructed
was I correct in my theory??

File is gone

can OTM be used as on a Reg basis to clean up the garbage??

Ed

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\DOWNLOADS\HijackThis.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 868204 bytes
->Temporary Internet Files folder emptied: 2824140 bytes
->FireFox cache emptied: 43594205 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: maint
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: roth
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 2165053 bytes
%systemroot%\System32 .tmp files removed: 2300433 bytes
Windows Temp folder emptied: 40960 bytes
RecycleBin emptied: 292634 bytes

Total Files Cleaned = 49.74 mb


OTM by OldTimer - Version 3.0.0.6 log created on 09272009_102353

Files moved on Reboot...

Registry entries deleted on Reboot...
 
That was a funny entry, good or bad its gone. As far as OTM, its your call, remove the wrong entry and you can disable your system so I would just use it under supervision.

Take care,
Ken
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
 
Status
Not open for further replies.
Back
Top