I have seen 2 names Trojan Vundo and Backdoor Trojan Agent ACFG and m

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

I have seen 2 names Trojan Vundo and Backdoor Trojan Agent ACFG and m

Options

tdc2719 View Member Profile	Aug 18 2009, 10:57 AM Post #1
New Member Posts: 8 From: tennessee OS: xp	Hello, My son informed me he was doing something on myspace next thing I knew almost every page I tried to go too was a my web search page. At first I thought yahoo.com was down and was looking for links in google to tell me if it were true. I was waiting on a huge news story about yahoo crashing today lol. Until every music playlist page I tried to go to was doing the same thing anything that used java really if I think about it. So anyway my son downloaded itunes as far as I can see it's the only new program on the computer I found. I did a malwarebytes scan as I have it on my machine as well as a comodo firewall and scotty the watchdog. zI try to be super careful these days and somehow this one slipped through. Thanks so much for any and all help. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:55:40 PM, on 8/18/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Yahoo!\Common\YMailAdvisor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\wuauclt.exe C:\HP\KBD\KBD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\AGRSMMSG.exe c:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 7458 bytes

Transience View Member Profile	Aug 22 2009, 05:04 PM Post #2
Unofficial Music Guru Posts: 2,354 From: Massachusetts, USA OS: Vista	Hello and welcome to Geeks to Go! I'm Dave and I'll be helping you to clean your computer. The first thing I need you to do is go to this page and follow the instructions there: Malware Cleaning Guide - Please Read Before Starting a New Topic. These are the steps that we need you to perform before attempting a removal of malware from your computer. If you're still experiencing problems after following all the steps in that thread, then please post the following logs here for me to take a look at: Malwarebytes' Anti-Malware log OTListIt.txt and Extras.txt, both located in the same directory as the OTL program. RootRepeal.txt located wherever you saved it after the scan. Once you've posted those logs for me I'll take a look at them and see where we need to go from there . Cheers, Dave

Transience View Member Profile	Aug 23 2009, 02:09 PM Post #4
Unofficial Music Guru Posts: 2,354 From: Massachusetts, USA OS: Vista	Couple quick things to fix, not much malware in that log . 1. OTL Fixes Please double click on OTL to run it. Under the Custom Scans/Fixes box at the bottom, paste in the complete contents of the code box below: CODE :OTL PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/05/06 03:47:54 \| 00,000,050 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001/07/28 07:07:38 \| 00,000,000 \| -HS- \| M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2004/04/30 23:01:14 \| 00,000,053 \| -HS- \| M] () - D:\AUTORUN.FCB -- [ FAT32 ] :Services hucaisu :Reg :Files C:\WINDOWS\System32\drivers\hucaisu.sys :Commands [purity] [emptytemp] [start explorer] [Reboot] Then click the Run Fix button at the top. Let the program run unhindered, reboot when it is done if your computer does not do so automatically. Once you've rebooted, please scan with OTL again and post back the fresh log. Just need the OTL log in your next reply. Cheers, Dave

tdc2719 View Member Profile	Aug 23 2009, 02:23 PM Post #5
New Member Posts: 8 From: tennessee OS: xp	All processes killed ========== OTL ========== No active process named explorer.exe was found! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun\|DWORD:1 /E : value set successfully! C:\AUTOEXEC.BAT moved successfully. D:\AUTOEXEC.BAT moved successfully. D:\AUTORUN.FCB moved successfully. ========== SERVICES/DRIVERS ========== Service\Driver hucaisu not found. Service\Driver hucaisu not found. ========== REGISTRY ========== ========== FILES ========== C:\WINDOWS\System32\drivers\hucaisu.sys moved successfully. ========== COMMANDS ========== C:\Documents and Settings\HP_Owner\Application Data\Αdobe\Αdobe moved successfully. C:\Documents and Settings\HP_Owner\Application Data\Αdobe moved successfully. C:\Documents and Settings\HP_Owner\Application Data\ѕуstem32 moved successfully. C:\Documents and Settings\HP_Owner\Application Data\WіnSxS\WіnSxS moved successfully. C:\Documents and Settings\HP_Owner\Application Data\WіnSxS moved successfully. [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Administrator.YOUR-F78BF48CE2 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Administrator.YOUR-F78BF48CE2.000 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: bama ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Bamalegend ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: HP_Owner ->Temp folder emptied: 10230 bytes ->Temporary Internet Files folder emptied: 293887 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 40300973 bytes User: HP_Owner.THEBAMAS ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes User: j-gotti ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot. ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 16786 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 11768 bytes Total Files Cleaned = 38.81 mb OTL by OldTimer - Version 3.0.10.7 log created on 08232009_161259 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

Transience View Member Profile	Aug 23 2009, 06:53 PM Post #6
Unofficial Music Guru Posts: 2,354 From: Massachusetts, USA OS: Vista	Looking good let's run some final checks. First we'll clean out your unnecessary temp files to speed up the scans: 1. TFC Please download TFC to your desktop. Save any work, then close all open windows. Double-click TFC to run it, and allow the process to complete, which should not take more than a couple minutes. You may or may not be prompted to reboot, if you are click "Yes" and allow the computer to reboot. Close TFC when it has completed. 2. Malwarebytes' Anti-Malware Please download Malwarebytes' Anti-Malware from here. Doubleclick (Vista users please right-click Run as Administrator) on mbam-setup.exe to install the program. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware at the end of setup, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform Full Scan, then click Scan. The scan is different from the quick scan and will take a fairly long time to finish (you can leave it to run and go do something else), please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to restart. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab. Copy & Paste the entire report in your next reply. 3. Kaspersky Online Scan Kaspersky online scanner uses Java technology to perform the scan. Because your Java is out of date, we need to update it first so that the scan will run without issues. Update Java Please download JavaRa to your desktop and unzip it to its own folder Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts. A log will appear (JavaRa.log), DO NOT post this log, I have no need for it. Open JavaRa.exe again and select Search For Updates. Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer. Scan Follow this link to the Kaspersky WebScanner Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure the following is checked. Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases Click on My Computer under Scan. Once the scan is complete, it will display the results. Click on View Scan Report. You will see a list of infected items there. Click on Save Report As.... Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Please post this log in your next reply. So post back with the logs from MBAM and Kaspersky when you have them and give me an update on how the PC is running, and we should have you on your way . - Dave

tdc2719 View Member Profile	Aug 24 2009, 04:43 AM Post #7
New Member Posts: 8 From: tennessee OS: xp	I can never get kaspersky to work on my pc could i possibly use bitdefender instead?

Transience View Member Profile	Aug 24 2009, 07:24 AM Post #8
Unofficial Music Guru Posts: 2,354 From: Massachusetts, USA OS: Vista	I'd rather you give this one a shot for me, it usually runs just fine and is almost as good as Kaspersky: 1. ESET Online Scan Please run a free online scan with the ESET Online Scanner Note: You can only run the scan online in Internet Explorer, otherwise you will have to download and install a component from ESET to run it. If at all possible, please use IE for the scan. Tick the box next to YES, I accept the Terms of Use Click Start When asked, allow the ActiveX control to install Click Start Make sure that the options Remove found threats and the option Scan unwanted applications is checked Click Scan (This scan can take several hours, so please be patient) Once the scan is completed, you may close the window Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt Copy and paste that log as a reply to this topic Cheers, Dave

tdc2719 View Member Profile	Aug 25 2009, 10:38 AM Post #9
New Member Posts: 8 From: tennessee OS: xp	Malwarebytes' Anti-Malware 1.40 Database version: 2682 Windows 5.1.2600 Service Pack 2 8/25/2009 12:34:07 PM mbam-log-2009-08-25 (12-34-07).txt Scan type: Full Scan (C:\\|D:\\|E:\\|F:\\|G:\\|H:\\|I:\\|) Objects scanned: 256912 Time elapsed: 2 hour(s), 39 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, August 25, 2009 Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, August 25, 2009 06:58:06 Records in database: 2685774 Scan settings scan using the following database extended Scan archives yes Scan e-mail databases yes Scan area My Computer C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan statistics Objects scanned 120320 Threats found 4 Infected objects found 4 Suspicious objects found 0 Scan duration 05:22:15 File name Threat Threats count C:\Documents and Settings\HP_Owner\My Documents\Music downloads\Saved\i wanna niyoki.wma Infected: Trojan-Downloader.WMA.Wimad.n 1 C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0003966.DLL Infected: not-a-virus:Monitor.Win32.Agent.c 1 C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0014044.vbs Infected: Trojan.VBS.Starter.n 1 C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE Infected: not-a-virus:AdWare.Win32.SearchIt.t 1 Selected area has been scanned.

Transience View Member Profile	Aug 25 2009, 11:08 AM Post #10
Unofficial Music Guru Posts: 2,354 From: Massachusetts, USA OS: Vista	Logs look pretty good just need to quickly take care of 2 files Kaspersky picked up: Please download OTM Save it to your desktop. Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): CODE :Processes explorer.exe :Files C:\Documents and Settings\HP_Owner\My Documents\Music downloads\Saved\i wanna niyoki.wma C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE :Commands [purity] [emptytemp] [Reboot] Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTM and reboot your PC. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter .log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. Cheers, Dave

tdc2719 View Member Profile	Aug 25 2009, 01:38 PM Post #11
New Member Posts: 8 From: tennessee OS: xp	All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== FILES ========== File/Folder C:\Documents and Settings\HP_Owner\My Documents\Music downloads\Saved\i wanna niyoki.wma not found. File/Folder C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Administrator.YOUR-F78BF48CE2 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Administrator.YOUR-F78BF48CE2.000 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: bama ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Bamalegend ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: HP_Owner ->Temp folder emptied: 77857107 bytes ->Temporary Internet Files folder emptied: 5881739 bytes ->Java cache emptied: 221949 bytes ->FireFox cache emptied: 89825801 bytes User: HP_Owner.THEBAMAS ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes User: j-gotti ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot. ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 16786 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 617166 bytes Total Files Cleaned = 166.40 mb OTM by OldTimer - Version 3.0.0.6 log created on 08252009_152925 Files moved on Reboot... Registry entries deleted on Reboot...

Transience View Member Profile	Aug 26 2009, 08:31 AM Post #12
Unofficial Music Guru Posts: 2,354 From: Massachusetts, USA OS: Vista	We have a couple last things to take care of and then you're good to go. Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware. Please download OTC to your desktop. Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator") Click on the CleanUp! button and follow the prompts. You will be asked to reboot the machine to finish the Cleanup process, choose Yes. After the reboot all the tools we used should be gone. Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind. Clean up System Restore (XP) Now to get you off to a good start we will clean your system restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method: Select Start > All Programs > Accessories > System tools > System Restore. On the dialogue box that appears select Create a Restore Point Click NEXT Enter a name e.g. Clean Click CREATE You now have a clean restore point, to get rid of the bad ones: Select Start > All Programs > Accessories > System tools > Disk Cleanup. In the Drop down box that appears select your main drive e.g. C Click OK The System will do some calculation and the display a dialogue box with TABS Select the More Options Tab. At the bottom will be a system restore box with a CLEANUP button click this Accept the Warning and select OK again, the program will close and you are done Here are some tips to reduce the potential for malware infection in the future; I strongly that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again. Make proper use of your antivirus and firewall Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, and if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important. You should keep your antivirus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're still clean. Once a week works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own. If you don't have a firewall, some great free options you can test out are: Online Armor, Outpost, and Sunbelt. I'd highly recommend that you install one of those. If you do decide to use a 3rd party firewall program, please be sure to disable the Windows firewall as per these instructions so they don't conflict: Please click on Start -> Control Panel Double click Windows Firewall Click Change Settings Choose Off to disable Windows Firewall. Finally, for a great tutorial on how to get the best protection out of your firewall, take a look at this guide. Use a safer web browser Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives: Firefox, Opera, and Google Chrome. All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer. These browser add-ons will help to make your browser safer: Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones: Green to go, Yellow for caution, and Red to stop. Available for Firefox and Internet Explorer. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing. Available for Firefox only. These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article. Exercise common sense Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer. Keep up on Windows updates Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again. Slow computer? If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos. I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck! Cheers, Dave

tdc2719 View Member Profile	Aug 26 2009, 10:28 PM Post #13
New Member Posts: 8 From: tennessee OS: xp	ty ty ty ty ty ty ty soooooooooo much!!! I appreciate all you did and all the time you spent with me will be donating you guys are wonderful. BTW I so love your profile pic glad you were the one who helped me!!

Transience View Member Profile	Aug 27 2009, 10:45 AM Post #14
Unofficial Music Guru Posts: 2,354 From: Massachusetts, USA OS: Vista	Thank you for your kindness, it was my pleasure to help, and I'm glad to hear you're a Hendrix fan . Best of luck to you! - Dave

Transience View Member Profile	Aug 27 2009, 10:45 AM Post #15
Unofficial Music Guru Posts: 2,354 From: Massachusetts, USA OS: Vista	Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal HTTP Trojan Nebuler Activity and Backdoor Trojan	0 / 502	11th August 2008 - 03:12 AM Secretnimbus started - last by Secretnimbus
Virus, Spyware and Trojan Removal Trojan.Vundo.H and Backdoor.bot Found by MBAM but keep returning [RESO 12	19 / 1,335	14th December 2008 - 12:04 AM TwilightEye started - last by JSntgRvr
Virus, Spyware and Trojan Removal Please help: Hacktool, Pwdump, Trojan Horse and Backdoor Trojan, oh my 12	21 / 1,037	1st March 2009 - 06:28 AM SGG started - last by Rorschach112
Virus, Spyware and Trojan Removal HELP removing genanoju.dll (Trojan.Vundo) and kebukilo (Trojan.Vundo)	5 / 158	21st September 2009 - 02:45 PM marylus started - last by Essexboy