Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Browser modifier [closed]


  • This topic is locked This topic is locked

#31
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Follow the advise, UNLESS you don't have a disk with a driver for the mouse.

Run Killbox (doubleclick Killbox.exe).

Run it, and click the radio button that says Delete a file on reboot. For the file in the box below, paste it into the full path of file to delete box and click the red circle with a white cross in it.

The program will ask you if you want to reboot; say Yes.

Let the system reboot.


C:\Program Files\MouseWare\system\A0022285.exe

  • 0

Advertisements


#32
davmic0907

davmic0907

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
sorry for delay in replying - been away.

i have no disk for the mouse so no way of re-installing it - any suggestions?
  • 0

#33
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
The infected file is loaded bij em_exec.exe.
That file is from a Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove".

Can you put this file:
C:\Program Files\MouseWare\system\A0022285.exe
on a disk for save keeping.

Than reboot the system and check if your mouse will still run. Let me know please.
  • 0

#34
davmic0907

davmic0907

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
can't locate this program in order to save to disk & decided enough was enough & to bite the bullett & just run the killbox program & suffer the consequences.

However opened killbox & pasted the program as stated & this error came up

"pendingfilerenameoperations. registry data has been removed by external process"

what does this mean?
  • 0

#35
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
It means the files you entered has already been removed by something else.
Maybe the steps we did above cleared it.

That means we're clean now!
  • 0

#36
davmic0907

davmic0907

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
can't see how as i haven't done anything yet - uninstalling the mouse was your first step so do i need to now go & do the previous steps ? & do i have to turn off microsoft spyware etc first?
  • 0

#37
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Can you please look at the bottom of the mouse?

Look for a manufacturer and a type.

Let's see if we can find a download for it so we can remove this one.
  • 0

#38
davmic0907

davmic0907

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
ok it is a logitech wheel mouse
lots of numbers printed underneath it M/N No. M-U69 S/N LZC12606539
does any of that help?
  • 0

#39
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Please see if you can find your mouse here.
  • 0

#40
davmic0907

davmic0907

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
sorry but this bloody search engine keeps popping up & won't let me get onto site to check.
  • 0

Advertisements


#41
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
  • 0

#42
davmic0907

davmic0907

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
did this - made no difference.
ran new scan - results:

Scan Results: 26743 files scanned. 2 viruses were detected.

File Infection Status Path
EM_EXEC.EXE Win32.Holax.A infected C:\Program Files\MouseWare\system\
ms0b920b.dll Win32.Holax.A infected C:\WINDOWS\system32\
  • 0

#43
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
You are infected with the rare CWS.Holax viral variant. Please run the Computer Associates online scan here:
http://www3.ca.com/s...sinfo/scan.aspx
Follow the prompts to scan your hard drive. When the scan is finished it will produce a report of infected files at the bottom of the screen. Please copy the entire text of this report and post it here for me to see.

I let you use this scanner, because in our second run this scanner is capable of curing the effected systemfiles.
  • 0

#44
davmic0907

davmic0907

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
this was the scanner i used yesterday & posted results above.

it doesn't give a "cure" option
  • 0

#45
davmic0907

davmic0907

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
also ran another mwav scan - results posted below:

File C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE infected by "Virus.Win32.Implinker.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\ms0b920b.dll infected by "not-a-virus:AdWare.Visiter" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE infected by "Virus.Win32.Implinker.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\ms0b920b.dll infected by "not-a-virus:AdWare.Visiter" Virus. Action Taken: No Action Taken.
File C:\Program Files\AOL 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Common Files\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\system32\ms0b920b.dll infected by "not-a-virus:AdWare.Visiter" Virus. Action Taken: No Action Taken.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP