Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Mailbot [RESOLVED]

Started by discorae , Aug 30 2006 06:20 PM

  • This topic is locked This topic is locked

#16
discorae
Posted 10 September 2006 - 03:07 PM

discorae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
You're such a gem! So, here's the results.....

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "{f0c8173f-bc0e-4a06-aba9-db5a3e1fda89}" 9/10/2006 5:05:04 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0C8173F-BC0E-4a06-ABA9-DB5A3E1FDA89}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0C8173F-BC0E-4a06-ABA9-DB5A3E1FDA89}\InprocServer32]


And now for the fun part: removal!
Hope you're enjoying your weekend and thanks for your help
discorae
  • 0

Advertisements

#17
Metallica
Posted 11 September 2006 - 01:59 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Let's check first if there any any files associated with those.

Click Start > Run > and copy this command into the window

regedit.exe /e C:\tibs.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0C8173F-BC0E-4a06-ABA9-DB5A3E1FDA89}"

Doing this successfully will create the file C:\tibs.txt
Find that file and post the content please.

Regards,
  • 0

#18
discorae
Posted 11 September 2006 - 03:48 PM

discorae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Hi Metallica!

results are:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0C8173F-BC0E-4a06-ABA9-DB5A3E1FDA89}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0C8173F-BC0E-4a06-ABA9-DB5A3E1FDA89}\InprocServer32]
@="blank"

thanks! :whistling:
discorae
  • 0

#19
Metallica
Posted 12 September 2006 - 01:16 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
OK. So we can kick that one out as well.

Copy the part in the CODE box below into notepad and save it as pe386uncurrent.reg
Set Filetype to "all files"

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0C8173F-BC0E-4a06-ABA9-DB5A3E1FDA89}]

Doubleclick that file and confirm you want to merge it with the registry.

Then we need to look at that file SpySweeper found.

Can youi do a Find Files for: exec.exe
Let me know the full path to the file please.

Regards,
  • 0

#20
discorae
Posted 12 September 2006 - 07:34 AM

discorae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Hello. I performed the reg edit. :whistling: The results of exec.exe search came up with 2 files:

C:\Documents and Settings\All Users\Application Data\Viewpoint Manager\Downloads\AlertSWF\contents
C:\Documents and Settings\All Users\Application Data\Viewpoint Manager\Downloads\ViewpointManager\contents

As always, thank you for your help
discorae
  • 0

#21
Metallica
Posted 12 September 2006 - 08:14 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Do you have the infamous Viewpoint software installed?

Check if you can uninstall it from Add/Remove Software.

If it is not listed there, you can delete this folder:
C:\Documents and Settings\All Users\Application Data\Viewpoint Manager

That should be it. Unless you have any other questions.
  • 0

#22
discorae
Posted 12 September 2006 - 08:32 AM

discorae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
So is Viewpoint malware (thus being infamous)? I don't use it and not really sure what it is. My partner must've installed it (or is it a self-installer?). The file size, ha-ha, was 666kb. But it's gone.

And I guess so am I. You've been so patient and helpful! :whistling:
Thank you for all your time and assistance. GTG rules!!!

Best to you!
:blink: discorae
  • 0

#23
Metallica
Posted 12 September 2006 - 09:00 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Viewpoint is not really malware. But it's not really trustworthy either:
http://wiki.castleco...ewpoint_Manager
I have made it a habit to remove it when I see it, as they always seem to cause problems and no-one ever knows where it came from.

You're welcome. You were a pleasure to work with. :whistling:

Regards,
  • 0

#24
discorae
Posted 12 September 2006 - 09:06 AM

discorae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Thank you very much, you were also a pleasure to work with!

Does a staff member edit my topic so it shows it's been resolved or closed? Or should I edit the title to show it's been resolved? That was never clear to me.

Cheers
discorae :whistling:
  • 0

#25
Metallica
Posted 12 September 2006 - 09:12 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Setting to [resolved] is one click of the button for me. :whistling:

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :blink:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP