[Metallica]

Nowhere to be found.

Your last post there I can find is this one:
http://www.thespykil...hp?topic=2642.0
where you attached: ffdddfefb_g.dll

[Advertisements]

Something is going wrong with Spykillers.
I am going to repeat again uploads.

[morog]

Something is going wrong with Spykillers.
I am going to repeat again uploads.

[morog]

Please let me know if you find the files I uploaded.
Maybe you can find usefull this info:http://www.viruslist.com/en/viruses/encyclopedia?virusid=111088
Regards,

[Metallica]

I did find the file, but I can't see that doing anything usefull
The filesize is 5 bytes.

Can you compare to the original you have?
Also check to see the date it was created.
Maybe that will give us something to look for.

The description at viruslist is pretty useless:
Currently there is no description available for this program.

[morog]

Yes. the filsize is 5 bytes, modified Tuesday, August 08, 2006, 4:00:52 PM.
In System 32 is written that the file is a part of ActiveX Control 1KB.
Except the name all is identical as the first one.
In meantime done scan wit KAV 6.0 in Safe Mode.
Besides this two Trojan files in the stat-up cleaning sequenze,nothing other found as malware.
Regards,

[Metallica]

I feel a headache coming up.

• Please download StartupList to your desktop.
• Double click the startuplist.zip to extract the files inside.
• When the new window opens, please double click on StartupList.exe
• A window will open that will begin listing all of the startups with icons and text. In the lower left hand corner, it will show the status. When it says "ready" in the bottom left corner, it has finished running.
• At the top of the window, click File>Save As and save startuplist.txt to your desktop.
• Close startuplist.exe window
• Attach a copy of startuplist.txt in your next reply

Posting it will not work in one post, so please use the File Attachments box.
I will take the time to have a looooooooooong read.

Regards,

[morog]

Hi,
I send you attachment you ask.
Regards,

Attached Files

•  startuplist.txt   148.38KB   82 downloads

[Metallica]

Wow. You really like to try a lot of software out, don't you.

Nothing bad that I could spot, but there was one opening that might help.

First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:regedit /e c:\registrybackup.reg
Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

Click Start > Run > and type in notepad and click OK
Copy and paste the text in the quote box into the Notepad window (including the Windows Registry Editor Version 5.00):
(Note: copy and paste from Windows Registry Editor Version 5.00 down – Don’t include the word quote from the quote box)

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}]
@="WebCheck"

[HKEY_CLASSES_ROOT\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32]
@="C:\\WINDOWS\\System32\\webcheck.dll"

Click File and then select Save As
In the ‘Save in’ box - Save it to your Desktop
In the ‘File name’ box – type in fix.reg
In the ‘Save as type’ box - use the drop down arrow and select All Files
Click Save
Close Notepad

Close all open windows and Browsers

Double Click fix.reg on your Desktop
When it asks you if you want to merge the contents to the registry, click yes/ok.
A window saying “Information in fix.reg has been successfully entered into the registry” should come up – Click OK.

Then empty your cache using ATF and reboot.

Let me know if the warning still comes up.

Regards,

[morog]

Hi ,
All done according your advice, all operations strictly respected, but at athe end, after reboot, in KAV menu still same wornings appears.
Norhing change

[Metallica]

They have to be coming from somewhere.

I noticed you are using FireFox. Is that your default browser?

The remarkable thing is that these files called popup[1].htm are in the cache for IE.
I don't see any iexplore.exe running however.

Do you have an Active Desktop (with internet content)?

Regards,

[morog]

May default browser is IE.
Ocassionaly I am using Firefox and Opera.
I have some like:
-IE active Context menu
-IE ActiveX program dowloaded automatically by IE
-IE installed Plugins
-IE Toolbars ( nothing)
Please explain what you mean egzactly regarding "Active Desktop"
Regards,

[Metallica]

Active desktop is when youhave some kind of information or content of the internet displayed on your desktop.
http://en.wikipedia..../Active_Desktop

It is a way in which something could sneak in.

You can follow the instructions here to disable it:
http://support.micro...om/?kbid=190228

[morog]

Hi,
Disabled Active Desktop-no changes
Regards,

[Metallica]

Can you tell me if the same files show up if you reboot into safe mode and then scan your
C:\Documents and Settings\momo\Local Settings\Temporary Intenet files
folder?

Also have a look around in that folder if you do and let me know if you find any leads about the site the files might be coming from.

Regards,

[morog]

Hi Metellica,
Scanned in Safe Mode concerned folder and all Documents and Settings-nothing found.
When start KAV found this info abt two trojans dated 09.09.2006.
Clicking on them seleted option "Discard" and after reboot in Normal Mode there i no worning about those trojans.
.Accordin my modest opinion , KAV has discovered those trojans during Startup scan on 09.09.2006.
Don't know how much you are familiar with KAV 6.0- I start use it recently, before was KAV 5.0 so maybe hi cleared those trojans one time for ever.If not they are somwhere in Startup programs but any how KAV is neutralizing them , so probably no risk.
At the end we shall wait for removal tool .
Thanks for your help and assistance m'8,
Regards,
NB: if you are interested I can send you PM with a/m information (trojans)