Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google search redirected, links to wrong sites [Closed]

Started by Undersea_Gal , Jan 09 2009 05:38 PM

This topic is locked

#16
Undersea_Gal

Posted 09 January 2009 - 11:57 PM

Member

Topic Starter
Member
41 posts

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, January 9, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, January 10, 2009 03:08:50
Records in database: 1596509
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
I:\
J:\

Scan statistics:
Files scanned: 88808
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:39:51

File name / Threat name / Threats count
C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

The selected area was scanned.

#17
RatHat

Posted 10 January 2009 - 12:08 AM

Ex Malware Expert

Expert
7,829 posts

Just one bad file showing, so lets get rid of it.

Please download the OTMoveIt3 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
:files
C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE

:commands
[purity]
[emptytemp]
```
Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Let me know if this has resolved the redirect problem.

#18
Undersea_Gal

Posted 10 January 2009 - 12:17 AM

Member

Topic Starter
Member
41 posts

Is this good news?

========== FILES ==========
C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\Arj.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\avlib.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\Avp1.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\AvpMgr.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\btimages.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\CAB.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\dmap.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\dtreg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\FsDrvPlg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\FSSync.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\HashCont.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\HashMD5.PPL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\HCCMP.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\ichk2.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\iChkSA.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\Inflate.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\IWGen.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\kave.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\kosglue-7.0.25.0.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\lha.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\L_llio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\MailMsg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\mdb.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\MDMAP.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\MemModSc.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\MemScan.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\minizip.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\MKavIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\msoe.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\nfio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\NTFSstrm.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\prKernel.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\prLoader.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\prseqio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\PrUtil.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\Quantum.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\rar.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\ScanningProcess.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\sfdb.PPL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\TempFile.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\thpimpl.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\UniArc.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\UnLZX.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\UnStored.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\WDiskIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\hsperfdata_CNL\3408 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\etilqs_7cZONx5Ztio7yArnGJ7a scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\CNL\Application Data\Sun\Java\Deployment\cache\6.0\14\757e808e-63972b1c scheduled to be deleted on reboot.
Java cache emptied.
File delete failed. C:\Documents and Settings\CNL\Local Settings\Application Data\Mozilla\Firefox\Profiles\1jg8q15o.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\CNL\Local Settings\Application Data\Mozilla\Firefox\Profiles\1jg8q15o.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\CNL\Local Settings\Application Data\Mozilla\Firefox\Profiles\1jg8q15o.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\CNL\Local Settings\Application Data\Mozilla\Firefox\Profiles\1jg8q15o.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\CNL\Local Settings\Application Data\Mozilla\Firefox\Profiles\1jg8q15o.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\CNL\Local Settings\Application Data\Mozilla\Firefox\Profiles\1jg8q15o.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01092009_220927

Files moved on Reboot...
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\Arj.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\avlib.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\Avp1.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\AvpMgr.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\btimages.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\CAB.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\dmap.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\dtreg.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\FsDrvPlg.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\FSSync.dll
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\FSSync.dll NOT unregistered.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\FSSync.dll moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\HashCont.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\HashMD5.PPL moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\HCCMP.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\ichk2.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\iChkSA.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\Inflate.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\IWGen.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\kave.dll
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\kave.dll NOT unregistered.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\kave.dll moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\kosglue-7.0.25.0.dll
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\kosglue-7.0.25.0.dll NOT unregistered.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\kosglue-7.0.25.0.dll moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\lha.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\L_llio.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\MailMsg.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\mdb.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\MDMAP.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\MemModSc.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\MemScan.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\minizip.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\MKavIO.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\msoe.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\nfio.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\NTFSstrm.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\prKernel.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\prLoader.dll
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\prLoader.dll NOT unregistered.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\prLoader.dll moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\prseqio.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\PrUtil.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\Quantum.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\rar.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\ScanningProcess.exe moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\sfdb.PPL moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\TempFile.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\thpimpl.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\UniArc.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\UnLZX.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\UnStored.ppl moved successfully.
C:\DOCUME~1\CNL\LOCALS~1\Temp\jkos-CNL\binaries\WDiskIO.ppl moved successfully.
File C:\DOCUME~1\CNL\LOCALS~1\Temp\hsperfdata_CNL\3408 not found!
File C:\DOCUME~1\CNL\LOCALS~1\Temp\etilqs_7cZONx5Ztio7yArnGJ7a not found!
C:\Documents and Settings\CNL\Application Data\Sun\Java\Deployment\cache\6.0\14\757e808e-63972b1c moved successfully.
C:\Documents and Settings\CNL\Local Settings\Application Data\Mozilla\Firefox\Profiles\1jg8q15o.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\CNL\Local Settings\Application Data\Mozilla\Firefox\Profiles\1jg8q15o.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\CNL\Local Settings\Application Data\Mozilla\Firefox\Profiles\1jg8q15o.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\CNL\Local Settings\Application Data\Mozilla\Firefox\Profiles\1jg8q15o.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\CNL\Local Settings\Application Data\Mozilla\Firefox\Profiles\1jg8q15o.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\CNL\Local Settings\Application Data\Mozilla\Firefox\Profiles\1jg8q15o.default\XUL.mfl moved successfully.

#19
Undersea_Gal

Posted 10 January 2009 - 12:24 AM

Member

Topic Starter
Member
41 posts

My browser searches are working! RatHat, you are a genius.
A million thanks.

#20
RatHat

Posted 10 January 2009 - 04:32 AM

Ex Malware Expert

Expert
7,829 posts

That's great news Julie!

Lets do one more thing though to double check that you are completely clean.

Firstly, lets clean up a bit. Uninstall GMER:

Copy the entire contents of the Code Box below to Notepad.
Name the file as gmer_uninstall.bat
Change the Save as Type to All Files
and Save it in the folder where GMER.exe was saved
Once saved, double click on the gmer_uninstall.bat file. a MSDOS window will be displayed. That is normal.

@echo off
sc stop gmer
sc delete gmer
if exist %SystemRoot%\System32\drivers\gmer.sys del /f /q %SystemRoot%\System32\drivers\gmer.sys
if exist %SystemRoot%\gmer.dll del /f /q %SystemRoot%\gmer.dll
if exist %SystemRoot%\gmer.exe del /f /q %SystemRoot%\gmer.exe
if exist %SystemRoot%\gmer.ini del /f /q %SystemRoot%\gmer.ini
if exist %SystemRoot%\gmer_uninstall.cmd del /f /q %SystemRoot%\gmer_uninstall.cmd
if exist %SystemRoot%\gmer.bat del /f /q %SystemRoot%\gmer.bat
if exist %SystemRoot%\gmer.reg del /f /q %SystemRoot%\gmer.reg
if exist %SystemRoot%\gmer.log del /f /q %SystemRoot%\gmer.log
rd /s /q gmer
del /f /q gmer_uninstall.bat
exit

Reopen OTMoveIt3

Make sure you have an Internet Connection.
Click on the CleanUp! button
A list of tool components used in the Cleanup of malware will be downloaded.
Click Yes to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

You can now delete any logs that are left over on your desktop.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OK, now for the double check. Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:

Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
Once the short scan has finished, Click Options > Change settings
Choose the "Scan tab" and UNcheck "Heuristic analysis"
Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
When done, a message will be displayed at the bottom advising if any viruses were found.
Click "Yes to all" if it asks if you want to cure/move the file.
When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
Save the DrWeb.csv report to your desktop.
Exit Dr.Web Cureit when done.
Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

If this report comes back clean, then I will give you a few tips for the future.

Regards,
RatHat

#21
Undersea_Gal

Posted 12 January 2009 - 03:13 PM

Member

Topic Starter
Member
41 posts

Gmer was saved on my desktop. I followed the uninstall instructions but gmer.exe is still on my desktop.

Is this ok?

#22
RatHat

Posted 12 January 2009 - 05:41 PM

Ex Malware Expert

Expert
7,829 posts

Was Gmer in a folder called gmer, or was the program file saved to your desktop, but not in a folder? Anyway, it should be OK, if you just delete it now and carry on with the rest.

#23
Undersea_Gal

Posted 12 January 2009 - 05:43 PM

Member

Topic Starter
Member
41 posts

It was saved straight to the desktop, not in a folder. Do I just delete the .exe file?

I tried carrying on with the Dr Web scan, but it was taking way too long, so I think I'll run it overnight and post the log tomorrow.
In the first hour I ran it, it did find one file called "kill" something.

#24
RatHat

Posted 12 January 2009 - 06:00 PM

Ex Malware Expert

Expert
7,829 posts

Yes just delete the .exe file, that is OK.

DrWeb can take a long time, so do please run it overnight. I will pick up the log when you post it.

Any other problems with the machine?

#25
Undersea_Gal

Posted 12 January 2009 - 06:03 PM

Member

Topic Starter
Member
41 posts

So far, so good. I think it needs a good clean-up, though.

Thanks again so much for your help!
Did you get my last message with the questions?

Sounds good for posting/picking up the log tomorrow. I hope the "kill tool" or whatever the Dr Web picked up won't be a problem.

#26
RatHat

Posted 12 January 2009 - 06:12 PM

Ex Malware Expert

Expert
7,829 posts

Once we know where anything is, it won't be a problem!

DrWeb will also find things in AV quarantine folders, so it might just be this. Will wait to see what the log shows.

I got your PM, and will get back to you shortly. I want to clear any open logs first though.