Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan on my comp...[RESOLVED]


  • This topic is locked This topic is locked

#1
awddrifter

awddrifter

    Member

  • Member
  • PipPip
  • 14 posts
Someone said in another topic I made about my Hard Drive failure in this thread ---> http://www.geekstogo...ata-t20133.html
that I had a trojan on my computer from the hjt log file I posted which i thought might help solve my Hard Drive problem (which I haven't solved yet). Can anyone help me remove this trojan please?

Logfile of HijackThis v1.99.1
Scan saved at 10:30:37 AM, on 28/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
H:\hjt\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CleanMyPC Popup Blocker - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [adobe_cfg] "C:\Program Files\Adobe\adobe_cfg.exe" /startup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [adobe_start] "C:\Program Files\Adobe\adobe_start.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [cmssSystemProcess] C:\WINDOWS\System32\csmss.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Instant Messenger ™ - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - H:\IBM DRIVE\Program Files\AIM95\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.v.../sti/index.html
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activewor...ldsDownload.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://benkyodo.plala.jp/kxhcm10.ocx
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {55F2FE00-C6E1-11D4-84BC-009027889212} (Seagate DiscWizard English) - http://www.seagate.c...in/npdscwiz.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://do3dl.serveft...sCamControl.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft....ayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://ntcast.com/tv...ayx_vp6_mp3.cab
O16 - DPF: {F8500B09-46D8-4DFA-B6BA-CE1DC96C9626} (MetaGateX Class) - http://www.metagate.ne.jp/MGX.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://3dgamers.tuka....9.9/tukati.cab
O18 - Protocol: relatedlinks - {CD8D1CAA-FE4A-45DF-A06C-028AAF1821DE} - C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll
O20 - Winlogon Notify: mallocator - C:\WINDOWS\SYSTEM32\mscdmss.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thank you :tazz:

Edited by awddrifter, 28 April 2005 - 10:46 AM.

  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
It seems like you do have one or two of them here.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Reboot into Safe Mode by hitting the F8 key until menu shows up. In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O4 - HKLM\..\Run: [cmssSystemProcess] C:\WINDOWS\System32\csmss.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.v.../sti/index.html
O18 - Protocol: relatedlinks - {CD8D1CAA-FE4A-45DF-A06C-028AAF1821DE} - C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll
O20 - Winlogon Notify: mallocator - C:\WINDOWS\SYSTEM32\mscdmss.dll
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)


Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\WINDOWS\System32\csmss.exe
C:\PROGRA~1\COMMON~1\BTLINK\
C:\WINDOWS\SYSTEM32\mscdmss.dll


Reboot into Normal Mode run a new HijackThis scan. Save the log file and post it here.

Please empty any Quarantine folder in your antivirus program and purge all recovery items in the Spybot program (if you use it) before running this tool.

Download the Mwav virus checker at http://www.mwti.net/antivirus/mwav.asp (Use Link 3)

1. Save it to a folder.
2. Reboot into Safe Mode.
3. Double click the Mwav.exe file. This is a stand alone tool and NOT just a virus checker......so it won't install anything.
4. Select all local drives, scan all files, and press SCAN. When it is completed, anything found will be displayed in the lower pane.
5. In the Virus Log Information Pane......
Left click and highlight all the information in the Lower pane --- Use &CTRL C &on your keyboard to copy everything found in the lower pane and save it to a notepad file
*Note* If prompted that a virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning. We are not going to use this to remove anything...but to ID the bad files.

Once you copy that to a Notepad file...highlight the text and copy it here.
  • 0

#3
awddrifter

awddrifter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Ok i have reached up to the step where you have said to "Reboot into Normal Mode run a new HijackThis scan. Save the log file and post it here."

I am now proceeding with the virus scan.

One thing... it would not let me delete C:\WINDOWS\SYSTEM32\mscdmss.dll while in safe mode. It kept saying the file was in use. I then tried using a program i have on my comp called delinvfile.exe to delete the file (while still in safe mode), and that didn't work either, so its still there.

Logfile of HijackThis v1.99.1
Scan saved at 3:07:35 PM, on 28/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
H:\hjt\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CleanMyPC Popup Blocker - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [adobe_cfg] "C:\Program Files\Adobe\adobe_cfg.exe" /startup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [adobe_start] "C:\Program Files\Adobe\adobe_start.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Instant Messenger ™ - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - H:\IBM DRIVE\Program Files\AIM95\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activewor...ldsDownload.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://benkyodo.plala.jp/kxhcm10.ocx
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {55F2FE00-C6E1-11D4-84BC-009027889212} (Seagate DiscWizard English) - http://www.seagate.c...in/npdscwiz.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://do3dl.serveft...sCamControl.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft....ayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://ntcast.com/tv...ayx_vp6_mp3.cab
O16 - DPF: {F8500B09-46D8-4DFA-B6BA-CE1DC96C9626} (MetaGateX Class) - http://www.metagate.ne.jp/MGX.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://3dgamers.tuka....9.9/tukati.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Download KillBox http://www.greyknigh...spy/KillBox.exe. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot):

C:\WINDOWS\SYSTEM32\mscdmss.dll

Awaiting the mwav log.
  • 0

#5
awddrifter

awddrifter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Alright here are my results... seems I am an irresponsible person when it comes to the safety of my comp with all these viruses.... ;)

File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "FunWebProducts Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "mywebsearch Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Narrator Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\a.exe infected by "Trojan-Downloader.Win32.Agent.co" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\btiein.dll infected by "Trojan-Downloader.Win32.QDown.h" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\cmd.ftp infected by "Trojan-Downloader.BAT.Ftp.r" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\ff.vbs infected by "Trojan-Downloader.VBS.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\file.exe infected by "Backdoor.Win32.SpyBoter.dx" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\KILLAPPS.EXE tagged as not-a-virus:RiskWare.Tool.KillApp.b. No Action Taken.
File C:\WINDOWS\System32\lascfg.exe infected by "Net-Worm.Win32.Dabber.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\mscdmss.dll infected by "Trojan-Downloader.Win32.Agent.co" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\Std.exe infected by "Trojan.Win32.SecondThought.b" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\matt\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\YL3WTWVQ\05274[1].cab infected by "Trojan.Win32.Dialer.g" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\matt\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\YTX6NYTO\ysb_prompt[1].php infected by "Trojan-Downloader.JS.IstBar.j" Virus. Action Taken: No Action Taken.
File C:\bla.exe infected by "Trojan-Downloader.Win32.Small.aaq" Virus. Action Taken: No Action Taken.
File C:\cdrive loose stuff\motionsetup.exe tagged as not-a-virus:RiskWare.Downloader.DigStream. No Action Taken.
File C:\cdrive loose stuff\pskill.exe tagged as not-a-virus:NetTool.PsKill. No Action Taken.
File C:\cdrive loose stuff\Uninstall.2.14.0000c.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\cdrive loose stuff\wuawx.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Documents\wmediaplayer.exe infected by "Backdoor.Win32.Agobot.gen" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Guest\Application Data\Microsoft\helpefan.dll infected by "Trojan-Spy.Win32.Agent.w" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Guest\Application Data\Microsoft\helpefav.dll infected by "Trojan-Spy.Win32.Small.bf" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\matt\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\my.class-25fb4871-11b04ea3.class infected by "Trojan-Downloader.Win32.Small.aaq" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\matt\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\my.class-9976afe-47461548.class infected by "Trojan-Downloader.Win32.Small.aaq" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\matt\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-b5faecf-17948c45.zip infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\matt\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3cc46f89-15d8b126.zip infected by "Trojan-Downloader.Java.OpenStream.u" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\matt\Desktop\Unused Desktop Shortcuts\sysreset253.exe tagged as not-a-virus:RiskWare.mIRC.6.14. No Action Taken.
File C:\Documents and Settings\matt\Local Settings\Temp\Temporary Internet Files\Content.IE5\YL3WTWVQ\05274[1].cab infected by "Trojan.Win32.Dialer.g" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\matt\Local Settings\Temp\Temporary Internet Files\Content.IE5\YTX6NYTO\ysb_prompt[1].php infected by "Trojan-Downloader.JS.IstBar.j" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\matt\My Documents\wmediaplayer.exe infected by "Backdoor.Win32.Agobot.gen" Virus. Action Taken: No Action Taken.
File C:\Downloads\lfs_s1d_demo\data\language\Francais.txt infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.
File C:\Downloads\lfs_s1d_demo\data\language\Portugues.txt infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.
File C:\Downloads\lfs_s1d_demo\data\misc\help_Francais.txt infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.
File C:\Downloads\LFS_S1G_DEMO\data\language\Catala.txt infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.
File C:\Downloads\LFS_S1G_DEMO\data\language\Francais.txt infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.
File C:\Downloads\LFS_S1G_DEMO\data\language\Portugues.txt infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.
File C:\Downloads\LFS_S1G_DEMO\data\misc\help_Francais.txt infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.
File C:\install files\DivX502Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\install files\DivX505Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\install files\LiveDrvUni-Pack(ENG).exe tagged as not-a-virus:RiskWare.Tool.KillApp.b. No Action Taken.
File C:\install files\main ish\My Downloads\DivX502Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\install files\mirc616.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.
File C:\install files\movieplay_eval.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\install files\superdvdripper1.7crack\SuperDvdRipper1.7Crack.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File C:\install files\superdvdripper1.7crack.zip tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File C:\install files\superdvdripperv1.89patchlash.zip tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File C:\install files\superdvdripperv1.90patchlash\Patcher.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File C:\install files\superdvdripperv1.90patchlash.zip tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File C:\install files\sysreset253.exe tagged as not-a-virus:RiskWare.mIRC.6.14. No Action Taken.
File C:\kawaks\blend\Media\temp\eDonkey61.exe infected by "not-a-virus:AdWare.ToolBar.Ucmore.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\BPFTP Server\G6FTPSrv.exe tagged as not-a-virus:RiskWare.FTP.BulletProof.221. No Action Taken.
File C:\Program Files\DIGStream\digstream.exe tagged as not-a-virus:RiskWare.Downloader.DigStream. No Action Taken.
File C:\RECYCLER\S-1-5-21-2495073255-1182671931-1460304000-1005\Dc5\Drivers\Audio\Creative\SB Audigy\AUDDRVPACK.EXE tagged as not-a-virus:RiskWare.Tool.KillApp.b. No Action Taken.
File C:\RECYCLER\S-1-5-21-2495073255-1182671931-1460304000-1005\Dc5\Drivers\Audio\Creative\SB Live 5.1\LiveDrvPack.exe tagged as not-a-virus:RiskWare.Tool.KillApp.b. No Action Taken.
File C:\RECYCLER\S-1-5-21-2495073255-1182671931-1460304000-1005\Dc5\Drivers\USB2\Gigabyte\Intel\Win2000XP\U2v2.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\8ALL141.exe infected by "not-a-virus:[bleep]-Dialer.Win32.Collegamento" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system\Systemy7\temp2.exe tagged as not-a-virus:RiskWare.Tool.HideWindows. No Action Taken.
File C:\WINDOWS\system32\a.exe infected by "Trojan-Downloader.Win32.Agent.co" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\btiein.dll infected by "Trojan-Downloader.Win32.QDown.h" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\cmd.ftp infected by "Trojan-Downloader.BAT.Ftp.r" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\ff.vbs infected by "Trojan-Downloader.VBS.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\file.exe infected by "Backdoor.Win32.SpyBoter.dx" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\KILLAPPS.EXE tagged as not-a-virus:RiskWare.Tool.KillApp.b. No Action Taken.
File C:\WINDOWS\system32\lascfg.exe infected by "Net-Worm.Win32.Dabber.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\mscdmss.dll infected by "Trojan-Downloader.Win32.Agent.co" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\Std.exe infected by "Trojan.Win32.SecondThought.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\kb3j8sk1.exe infected by "Trojan-Proxy.Win32.Agent.ag" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\~787456.tmp infected by "not-a-virus:AdWare.Wintol.d" Virus. Action Taken: No Action Taken.
File D:\mirc\mirc32.exe tagged as not-a-virus:RiskWare.mIRC.5.81. No Action Taken.
File D:\mirc\moo.dll tagged as not-a-virus:Tool.Win32.Moo. No Action Taken.
File D:\mirc\Movies\Murcielago-01.zip infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.
File D:\mirc\Movies\polarisctcpv1.01.zip tagged as not-a-virus:RiskWare.mIRC.5.81. No Action Taken.
File D:\mirc\Movies\polarisctcpv1.03.zip tagged as not-a-virus:RiskWare.mIRC.5.81. No Action Taken.
File D:\mirc\download\moo.dll tagged as not-a-virus:Tool.Win32.Moo. No Action Taken.
File D:\mirc\download\graffitigold.zip tagged as not-a-virus:RiskWare.mIRC.5.9.1. No Action Taken.
File D:\AAA\mirc\mirc32.exe tagged as not-a-virus:RiskWare.mIRC.5.7. No Action Taken.
File D:\AAA\mirc\moo.dll tagged as not-a-virus:Tool.Win32.Moo. No Action Taken.
File D:\AAA\mirc\Download\invision2b1308.rar tagged as not-a-virus:RiskWare.mIRC.5.9.1. No Action Taken.
File D:\mirc2\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.
File D:\Matt\postal.exe tagged as not-a-virus:Simulator.Win16.Gun. No Action Taken.
File D:\Hotline Client 1.8.5\hl185dls\CDRWin_v4.0A_English Crack [2].zip tagged as not-a-virus:FalseAlarm.DrWeb.Backdoor.Theef.111. No Action Taken.
File D:\sysreset253.exe tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken.
File D:\sysreset\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken.
File D:\Advanced.Administrative.Tools.Aatools.v5.56.Incl.Keygen-SSG\aatools_setup.exe infected by "Trojan-Dropper.Win32.Delf.dh" Virus. Action Taken: No Action Taken.
File D:\Advanced.Administrative.Tools.Aatools.v5.56.Incl.Keygen-SSG.rar infected by "Trojan-Dropper.Win32.Delf.dh" Virus. Action Taken: No Action Taken.
File F:\sysreset251.exe tagged as not-a-virus:RiskWare.mIRC.6.01. No Action Taken.
File F:\Hotline Extra\temp\Quake III Arena.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File G:\new\pskill.exe tagged as not-a-virus:NetTool.PsKill. No Action Taken.
File H:\DUMP\RECOiL\ServUSetup.exe tagged as not-a-virus:RiskWare.FTP.Serv-U.5201. No Action Taken.
File H:\DUMP\RECOiL.rar tagged as not-a-virus:RiskWare.FTP.Serv-U.5201. No Action Taken.
File H:\IBM DRIVE\cls95p21.zip infected by "Type_Win32" Virus. Action Taken: No Action Taken.
File H:\IBM DRIVE\gamespytunnel10.exe tagged as not-a-virus:Tool.WinCap. No Action Taken.
File H:\IBM DRIVE\Matt\postal.exe tagged as not-a-virus:Simulator.Win16.Gun. No Action Taken.
File H:\IBM DRIVE\Matt\Zelda\The Potion\ScourExchangeSetup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File H:\IBM DRIVE\mirc\mirc32.exe tagged as not-a-virus:RiskWare.mIRC.5.7.1. No Action Taken.
File H:\IBM DRIVE\Program Files\Online Services\AT&T\ATTSETUP.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File H:\IBM DRIVE\taxes\KPMG99.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File H:\IBM DRIVE\WINDOWS\Desktop\Install Files and patches\napv2.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File H:\IBM DRIVE\WINDOWS\Desktop\Stuff\napv2b7.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File H:\IBM DRIVE\WINDOWS\Desktop\Stuff\Scmpoo\scmpoo.exe tagged as not-a-virus:Simulator.Win16.Sheep. No Action Taken.
File H:\IBM DRIVE\WINDOWS\OPTIONS\CABS\OLS\AOL\AOL40AU.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File H:\IBM DRIVE\WINDOWS\OPTIONS\CABS\OLS\AOL\AOL40CA.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File H:\IBM DRIVE\WINDOWS\OPTIONS\CABS\OLS\AOL\AOL40UK.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File H:\IBM DRIVE\WINDOWS\OPTIONS\CABS\OLS\AOL\AOL40US.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File H:\IBM DRIVE\WINDOWS\OPTIONS\CABS\OLS\AT&T\ATTKIT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File H:\IBM DRIVE\WINDOWS\OPTIONS\CABS\OLS\CSI\USKIT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File H:\IBM DRIVE\WINDOWS\OPTIONS\CABS\WIN98_66.CAB tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File H:\IBM DRIVE\WINDOWS\SYSTEM\Favorite.dll infected by "not-a-virus:AdWare.Favman.a" Virus. Action Taken: No Action Taken.
File H:\IBM DRIVE\WINDOWS\SYSTEM\H@tKeysH@@k.DLL tagged as not-a-virus:Cracker.Game.HotHook.dll. No Action Taken.
File H:\IBM DRIVE\WINDOWS\SYSTEM\Packet.dll tagged as not-a-virus:Tool.WinCap. No Action Taken.
File H:\IBM DRIVE\WINDOWS\SYSTEM\PACKET.VXD tagged as not-a-virus:Tool.WinCap. No Action Taken.
File H:\IBM DRIVE\WINDOWS\SYSTEM\whccinst.exe infected by "not-a-virus:AdWare.WebHancer.16" Virus. Action Taken: No Action Taken.
File H:\sysreset\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.14. No Action Taken.

It took 9hrs 22mins... I never knew I had so many files...
Fri Apr 29 01:15:40 2005 => Total Objects Scanned: 380022
;)


I will reboot into safe mode and run that killbox.exe program and see if it works :tazz:


Thanks for all your help again... I know im a handfull...

EDIT: I ran the killbox.exe program and followed your steps, the file

C:\WINDOWS\SYSTEM32\mscdmss.dll

is gone now.

NOTE: the IBM DRIVE folder is a folder i made when I took out my old 12GB IBM drive but wanted to keep all of the files on it on my computer, I just copied the whole drive to a folder in my H:, so that is why you see windows there as well (its win98se)

Edited by awddrifter, 29 April 2005 - 02:04 AM.

  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
You should not be downloading these "cracks" or key generators. As you can see, most of them are infested with viruses.

Click on the Start menu
Select Settings
Select Control Panels
Select Java Plug-in
Click on the Cache tab
Click on the Clear button
Click OK to confirm

Download KillBox http://www.greyknigh...spy/KillBox.exe. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot):

C:\bla.exe
C:\cdrive loose stuff\wuawx.exe
C:\Documents and Settings\All Users\Documents\wmediaplayer.exe
C:\Documents and Settings\Guest\Application Data\Microsoft\helpefan.dll
C:\Documents and Settings\Guest\Application Data\Microsoft\helpefav.dll
C:\Documents and Settings\matt\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3cc46f89-15d8b126.zip
C:\Documents and Settings\matt\My Documents\wmediaplayer.exe
C:\Downloads\lfs_s1d_demo\data\language\Francais.txt
C:\Downloads\lfs_s1d_demo\data\language\Portugues.txt
C:\Downloads\lfs_s1d_demo\data\misc\help_Francais.txt
C:\Downloads\LFS_S1G_DEMO\data\language\Catala.txt
C:\Downloads\LFS_S1G_DEMO\data\language\Francais.txt
C:\Downloads\LFS_S1G_DEMO\data\language\Portugues.txt
C:\Downloads\LFS_S1G_DEMO\data\misc\help_Francais.txt
C:\kawaks\blend\Media\temp\eDonkey61.exe
C:\WINDOWS\Downloaded Program Files\8ALL141.exe
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\btiein.dll
C:\WINDOWS\system32\cmd.ftp
C:\WINDOWS\system32\ff.vbs
C:\WINDOWS\system32\file.exe
C:\WINDOWS\system32\lascfg.exe
C:\WINDOWS\system32\mscdmss.dll
C:\WINDOWS\system32\Std.exe
D:\mirc\moo.dll
D:\mirc\Movies\Murcielago-01.zip infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.
D:\mirc\Movies\polarisctcpv1.01.zip tagged as not-a-virus:RiskWare.mIRC.5.81. No Action Taken.
D:\mirc\Movies\polarisctcpv1.03.zip tagged as not-a-virus:RiskWare.mIRC.5.81. No Action Taken.
D:\mirc\download\moo.dll tagged as not-a-virus:Tool.Win32.Moo. No Action Taken.
D:\Hotline Client 1.8.5\hl185dls\CDRWin_v4.0A_English Crack [2].zip
D:\Advanced.Administrative.Tools.Aatools.v5.56.Incl.Keygen-SSG\aatools_setup.exe
D:\Advanced.Administrative.Tools.Aatools.v5.56.Incl.Keygen-SSG.rar
H:\IBM DRIVE\WINDOWS\SYSTEM\Favorite.dll infected by "not-a-virus:AdWare.Favman.a" Virus. Action Taken: No Action Taken.
H:\IBM DRIVE\WINDOWS\SYSTEM\H@tKeysH@@k.DLL tagged as not-a-virus:Cracker.Game.HotHook.dll. No Action Taken.
H:\IBM DRIVE\WINDOWS\SYSTEM\whccinst.exe

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/Cleanup.exe ) and install it. Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

Restart. Any problems now? If not:

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer and uncheck the same box to enable System Restore.

Make sure to get the latest updates for Windows and Internet Explorer at http://v5.windowsupd...t.aspx?ln=en-us.

Your log is clean.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0

#7
awddrifter

awddrifter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Ok, I have removed all of the files listed and have reached the step to turn off system restore.

My question is....do I want to turn off system restore even though I am currently trying to solve a problem with one of my hard disk drives not being able to be read by my computer (I made a topic about it here ). Will there be a chance of me not being able to restore the data on that hard drive if I do this?
  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
The restore points are not used to restore data. It's only used to restore you back to a certain date's system settings - your data files you use are not involved here. We ask users to disable it and then enable system restore because malware may hide in the restore points.

If you are still worried about this, then leave it. My suggestion is to turn it off and then (without restarting) turn it back on again (by unchecking that box). That will create a new restore point for you.

Any other problems/questions related to spyware now?
  • 0

#9
awddrifter

awddrifter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I managed to fix my drive problem and I am currently formatting my new HDD. I will turn off system restore, reboot, and then turn it back on again, and hopefully everything will be good.

Thanks a ton again for your help, i really appreciate it :tazz:

Edited by awddrifter, 29 April 2005 - 11:20 PM.

  • 0

#10
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP