Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

adware threat


  • Please log in to reply

#16
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Can you see that file in explorer?

If not, do this first: How to view hidden files/folders

Then download and install Unlocker
http://ccollomb.free.fr/unlocker/

Try removing it with that.

Regards,
  • 0

Advertisements


#17
splooosh

splooosh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
hi, I found that file in explorer and tried unlocker and it said there is nothing to unlock, so I deleted it manually. This time when I ran my norton antivirus, there were only 5 out of the 9 files left that would not delete.
the compressed files are;
exdl.exe
exul.exe
javexulm.vxd
mqexdlm.srg
msexreg.exe
are all within c:\windows\system32\netus80x.vxd and norton antivirus says they are adware threats and when I put my pointer over it, it says it's a virtual device driver..is it recommnded to manually delete these?

barry
  • 0

#18
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Copy the part in bold below into notepad and call it rembarg.reg

REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Bargains]

[-HKEY_LOCAL_MACHINE\Software\CashBack]

[-HKEY_LOCAL_MACHINE\Software\exactUtil]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
\CashBack]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
\Bargains]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
\explorer\Browser Helper Objects\{CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer
\Browser Helper Objects\{CE188402-6EE7-4022-8868-AB25173A3E14}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID
\{CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID
\{CE188402-6EE7-4022-8868-AB25173A3E14}]

[-HKEY_LOCAL_MACHINE\Software\Classes\Interface
\{8EEE58D5-130E-4CBD-9C83-35A0564E2468}]

[-HKEY_LOCAL_MACHINE\Software\Classes\Interface
\{C6906A23-4717-4E1F-B6FD-F06EBED12468}]

[-HKEY_LOCAL_MACHINE\Software\Classes\Interface
\{C6906A23-4717-4E1F-F06EBED14177}]

[-HKEY_LOCAL_MACHINE\Software\Classes\TypeLib
\{4EB7BBE8-2E15-424B-9DDB-2CDB9516E2A3}]

[-HKEY_LOCAL_MACHINE\Software\Classes\Apuc.UrlCatcher.1]

[-HKEY_LOCAL_MACHINE\Software\Classes\Apuc.UrlCatcher]

[-HKEY_LOCAL_MACHINE\Software\Classes\CB.UrlCatcher.1]

[-HKEY_LOCAL_MACHINE\Software\Classes\CB.UrlCatcher]

[-HKEY_CLASSES_ROOT\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516A2A3}]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ZESOFT]

[-HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\_SC_ZESOFT]


Then copy the next part in blue into notepad and call it delbarg.bat


attrib -r -s -h c:\windows\system32\netus80x.vxd
del c:\windows\system32\netus80x.vxd


Reboot into safe mode and doubleclick rembarg.reg
Confirm you want to merge it with the registry.
Then doubleclick delbarg.bat

Reboot once more and do another scan.

Regards,
  • 0

#19
splooosh

splooosh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
hi, I followed the above procedure, however after rebooting from safemode, the same 5 files failed to delete when using norton antivirus
barry
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP