Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

worm.win32.netsky

Started by fffuturama , Feb 02 2008 02:10 PM

  • Please log in to reply

#16
fffuturama
Posted 02 February 2008 - 10:50 PM

fffuturama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ComboFix 08-02.03.1 - Administrator 02/02/2008 22:41:14.3 - NTFSx86
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\Documents and Settings\Administrator\Desktop\installments\Nero-7.5.9.0A_eng.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-49cfd623.zip\
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-70408ee2.zip\
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-4477ad6a.zip\
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-b825669-2b0e2f8d.zip\
C:\Documents and Settings\Administrator\Desktop\installments\Nero-7.5.9.0A_eng.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.

2008-02-02 22:41 . 02/02/08 10:41p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_35c.dat
2008-02-02 19:54 . 02/02/08 07:54p <DIR> d-------- C:\WINNT\system32\Kaspersky Lab
2008-02-02 19:54 . 02/02/08 07:54p <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-02 17:21 . 02/02/08 07:30p <DIR> d-------- C:\col4309
2008-02-02 17:20 . 02/02/08 05:20p 3 --a------ C:\WINNT\Twain001.Mtx
2008-02-02 14:05 . 02/02/08 02:05p <DIR> d-------- C:\Program Files\Trend Micro
2008-01-25 20:03 . 01/25/08 08:05p <DIR> d-------- C:\Program Files\Age Of Wonders
2008-01-20 14:39 . 01/22/08 10:06a 54,156 --ah----- C:\WINNT\QTFont.qfn
2008-01-20 14:39 . 01/20/08 02:39p 1,409 --a------ C:\WINNT\QTFont.for
2008-01-14 03:01 . 01/14/08 03:01a <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-14 01:11 . 01/17/08 03:08p <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-01-14 01:10 . 01/14/08 01:10a <DIR> d-------- C:\Program Files\DNA
2008-01-14 01:10 . 01/14/08 01:10a <DIR> d-------- C:\Program Files\BitTorrent
2008-01-14 01:10 . 02/02/08 10:37p <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DNA
2008-01-13 18:11 . 01/13/08 06:11p <DIR> d-------- C:\Program Files\Photo Viewer
2008-01-13 18:06 . 01/13/08 06:06p <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder
2008-01-13 18:06 . 01/13/08 06:06p 82,380 --a------ C:\WINNT\system32\drivers\AFS2K.SYS
2008-01-13 18:05 . 06/19/03 01:05p 12,592 --a------ C:\WINNT\system32\drivers\usbscan.sys
2008-01-13 18:05 . 06/19/03 01:05p 12,592 --a--c--- C:\WINNT\system32\dllcache\usbscan.sys
2008-01-13 18:04 . 01/13/08 06:04p <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-01-13 17:52 . 01/13/08 05:52p <DIR> d-------- C:\Program Files\Bonjour
2008-01-13 17:50 . 01/13/08 05:50p <DIR> d-------- C:\WINNT\system32\BWKDLogs
2008-01-13 17:49 . 01/13/08 05:49p <DIR> d-------- C:\Program Files\Common Files\Kodak
2008-01-13 17:48 . 01/13/08 05:48p <DIR> d-------- C:\WINNT\system32\color
2008-01-13 17:48 . 01/13/08 05:48p <DIR> d-------- C:\KPCMS
2008-01-13 17:39 . 01/13/08 05:51p <DIR> d-------- C:\Program Files\Kodak
2008-01-13 17:39 . 01/13/08 05:39p <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-01-07 19:24 . 01/07/08 07:24p <DIR> dr------- C:\Program Files\Liquid Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-02 23:43 --------- d---a-w C:\Program Files\Steam
2008-02-02 06:27 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2008-02-02 01:42 --------- d-----w C:\Program Files\DivX
2008-01-30 03:00 43,520 ----a-w C:\WINNT\system32\CmdLineExt03.dll
2008-01-14 00:06 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-13 23:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 20:37 --------- d-----w C:\Program Files\World of Warcraft
2007-12-26 20:16 --------- d-----w C:\Program Files\iTunes
2007-12-26 20:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2007-12-26 20:15 --------- d-----w C:\Program Files\iPod
2007-12-26 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-26 19:27 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-26 19:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead
2007-12-26 19:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-12-26 19:20 --------- d-----w C:\Program Files\Nero
2007-12-23 07:22 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-12-22 22:55 --------- d--h--w C:\Documents and Settings\Administrator\Application Data\yahoo!
2007-12-21 21:08 --------- d-----w C:\Program Files\Ventrilo
2007-12-21 21:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-21 00:51 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-12-21 00:51 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
2007-12-11 21:54 --------- d-----w C:\Program Files\Yahoo!
2007-12-10 22:04 --------- d-----w C:\Program Files\AIM6
2007-12-10 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-10 22:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-10 21:56 --------- d-----w C:\Program Files\Common Files\AOL
2004-01-01 20:59 271 ---h--w C:\Program Files\desktop.ini
2004-01-01 20:59 21,952 ---h--w C:\Program Files\folder.htt
1999-12-07 17:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [11/16/06 07:04p 139264]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/07 04:43p 4670704]
"Steam"="C:\Program Files\Steam\Steam.exe" [01/01/04 12:08a 1266936]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [10/04/07 09:20a 50528]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [01/14/08 01:10a 290112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 01:05p 111376 C:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [03/09/06 03:29p 7561216]
"nwiz"="nwiz.exe" [03/09/06 03:29p 1519616 C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [03/09/06 03:29p 86016]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [04/13/05 02:48a 36975]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/06 03:40p 155648]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [10/25/06 06:58p 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/06 09:36a 256576]
"HPDJ Taskbar Utility"="C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe" [11/19/01 08:27a 196608]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [01/28/08 02:27p 579072]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [04/17/02 10:42a 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [10/26/07 01:44p 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [06/19/03 01:05p 186640]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe [2004-01-03 19:44:24 262144]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-14 23:11:40 180224]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08 16423]

R1 Avg7RsNT;AVG7 Resident Driver NT;C:\WINNT\system32\Drivers\avg7rsnt.sys [10/23/07 09:13p]
R3 openhci;Microsoft USB Open Host Controller Driver;C:\WINNT\system32\DRIVERS\openhci.sys [06/19/03 01:05p]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 22:44:25
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 02/02/2008 22:46:24
ComboFix-quarantined-files.txt 2008-02-03 04:45:34
ComboFix2.txt 2008-02-02 23:45:17
ComboFix3.txt 2008-02-02 22:54:29
.
2008-01-14 09:01:17 --- E O F ---
  • 0

Advertisements

#17
fffuturama
Posted 02 February 2008 - 10:50 PM

fffuturama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:19 PM, on 2/2/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\AIM\aim.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: D-Link AirPlus.lnk = C:\Program Files\D-Link AirPlus\AirPlus.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.94 85.255.112.19
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

--
End of file - 6572 bytes
  • 0

#18
kahdah
Posted 02 February 2008 - 10:58 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
I see that you have BitTorrent DNA installed.
Having P2p programs such as these raise the possibility of getting infected again.
See here for information on P2P's.
I will leave it up to you if you want to remove it.
To remove it just simply uninstall it then delete this folder>C:\Program Files\BitTorrent DNA
=================================================================
After that please update your Java:
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:After that
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
============================================
After that please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2

Now click on Fix Checked and then close Hijackthis.
===================================
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK


    • Posted Image

    The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Clean System Restore points.

Also delete anything that we used that is left over.
=================================
After that Your log is clean. :)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
  • 0

#19
fffuturama
Posted 03 February 2008 - 11:15 AM

fffuturama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
well i think that the virus is gone, but i am haveing trouble getting into the add/remove programs thing, everytime i try to open it it freezes and only it does everything else keeps working
  • 0

#20
kahdah
Posted 03 February 2008 - 11:24 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Try this to see if you can get it to work go to Start >Run type in this >appwiz.cpl
hit enter see if you can get into it that way.

Edited by kahdah, 03 February 2008 - 11:24 AM.

  • 0

#21
fffuturama
Posted 03 February 2008 - 12:09 PM

fffuturama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
nope that didn't work
  • 0

#22
kahdah
Posted 03 February 2008 - 12:39 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Because this is no longer a malware issue then I will send you to the XP forum where some techs will be able to help you further.

XP forum
Start a new topic in that forum and someone will be able to assist you further.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP