Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Mailbot [RESOLVED]


  • This topic is locked This topic is locked

#16
discorae

discorae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
You're such a gem! So, here's the results.....

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "{f0c8173f-bc0e-4a06-aba9-db5a3e1fda89}" 9/10/2006 5:05:04 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0C8173F-BC0E-4a06-ABA9-DB5A3E1FDA89}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0C8173F-BC0E-4a06-ABA9-DB5A3E1FDA89}\InprocServer32]


And now for the fun part: removal!
Hope you're enjoying your weekend and thanks for your help
discorae
  • 0

Advertisements


#17
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,944 posts
Let's check first if there any any files associated with those.

Click Start > Run > and copy this command into the window

regedit.exe /e C:\tibs.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0C8173F-BC0E-4a06-ABA9-DB5A3E1FDA89}"


Doing this successfully will create the file C:\tibs.txt
Find that file and post the content please.

Regards,
  • 0

#18
discorae

discorae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Hi Metallica!

results are:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0C8173F-BC0E-4a06-ABA9-DB5A3E1FDA89}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0C8173F-BC0E-4a06-ABA9-DB5A3E1FDA89}\InprocServer32]
@="blank"

thanks! :whistling:
discorae
  • 0

#19
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,944 posts
OK. So we can kick that one out as well.

Copy the part in the CODE box below into notepad and save it as pe386uncurrent.reg
Set Filetype to "all files"

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0C8173F-BC0E-4a06-ABA9-DB5A3E1FDA89}]

Doubleclick that file and confirm you want to merge it with the registry.

Then we need to look at that file SpySweeper found.

Can youi do a Find Files for: exec.exe
Let me know the full path to the file please.

Regards,
  • 0

#20
discorae

discorae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Hello. I performed the reg edit. :whistling: The results of exec.exe search came up with 2 files:

C:\Documents and Settings\All Users\Application Data\Viewpoint Manager\Downloads\AlertSWF\contents
C:\Documents and Settings\All Users\Application Data\Viewpoint Manager\Downloads\ViewpointManager\contents

As always, thank you for your help
discorae
  • 0

#21
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,944 posts
Do you have the infamous Viewpoint software installed?

Check if you can uninstall it from Add/Remove Software.

If it is not listed there, you can delete this folder:
C:\Documents and Settings\All Users\Application Data\Viewpoint Manager

That should be it. Unless you have any other questions.
  • 0

#22
discorae

discorae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
So is Viewpoint malware (thus being infamous)? I don't use it and not really sure what it is. My partner must've installed it (or is it a self-installer?). The file size, ha-ha, was 666kb. But it's gone.

And I guess so am I. You've been so patient and helpful! :whistling:
Thank you for all your time and assistance. GTG rules!!!

Best to you!
:blink: discorae
  • 0

#23
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,944 posts
Viewpoint is not really malware. But it's not really trustworthy either:
http://wiki.castleco...ewpoint_Manager
I have made it a habit to remove it when I see it, as they always seem to cause problems and no-one ever knows where it came from.

You're welcome. You were a pleasure to work with. :whistling:

Regards,
  • 0

#24
discorae

discorae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Thank you very much, you were also a pleasure to work with!

Does a staff member edit my topic so it shows it's been resolved or closed? Or should I edit the title to show it's been resolved? That was never clear to me.

Cheers
discorae :whistling:
  • 0

#25
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,944 posts
Setting to [resolved] is one click of the button for me. :whistling:

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :blink:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP