Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32.P2P-Worm Alcan.a help

Started by gpsugy , Nov 01 2005 09:17 PM

  • This topic is locked This topic is locked

#61
gpsugy
Posted 15 December 2005 - 02:11 PM

gpsugy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
ok, i'm finished with your instructions. there were no items found a second time in both spybot and ad-aware for some reason, but there were a few items that came up the first time i scanned. let me know if u need them.

this is my activescan log:


Incident Status Location

Spyware:application/bestoffer Not disinfected C:\WINDOWS\smdat32m.sys
Adware:adware/seeqbar Not disinfected Windows Registry
Adware:Adware/Exact.BargainBuddyNot disinfected C:\!KillBox\bb_auto_wider.swf
Adware:Adware/Exact.BargainBuddyNot disinfected C:\!KillBox\bb_click_wider.swf
Virus:Trj/Iconz.A Not disinfected C:\!KillBox\iconz3.exe
Adware:Adware/Veevo Not disinfected C:\!KillBox\KDP397d.dll
Adware:Adware/Exact.BargainBuddyNot disinfected C:\!KillBox\logo.gif
Spyware:Spyware/Overpro Not disinfected C:\!KillBox\nsdtmp09.dll


and.... this is my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:08:59 PM, on 12/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ghang Family\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\Ers_src.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {00001016-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter16 Class) - http://www.netmarble...NMStarter16.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab30149.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) - http://player.bugs.c.../mv/p3bvset.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://www.spgame.co...game/msxml4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.c...l/mv/XTools.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

ok. i've done whatever i could. Thanks. :tazz:
  • 0

Advertisements

#62
joshuacat
Posted 15 December 2005 - 02:20 PM

joshuacat

    Visiting Staff

  • Member
  • PipPipPip
  • 188 posts
Please RIGHT-CLICK HERE to download Silent Runner's.
  • Save it to the desktop.
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will receive a prompt:
    • Do you want to skip supplementary searches?
      click NO
  • If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
  • You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
  • Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

Reply back with your Silent Runners Log.
  • 0

#63
gpsugy
Posted 15 December 2005 - 06:44 PM

gpsugy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
ok, i am finished.

here is my silent runner log:

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MoneyAgent" = ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"" [file not found]
"AIM" = "C:\Program Files\AIM\aim.exe -cnetwait.odl" ["America Online, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]
"PHIME2002ASync" = "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]
"PHIME2002A" = "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]
"BJCFD" = "C:\Program Files\BroadJump\Client Foundation\CFD.exe" ["BroadJump, Inc."]
"IPInSightMonitor 01" = ""C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"" ["Visual Networks"]
"Microsoft Works Update Detection" = "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [file not found]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"AVGCtrl" = ""C:\Program Files\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\common\ymmapi.dll" ["Yahoo! Inc."]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{E976844F-E7A7-41E1-B7DF-6FDC48AE2C57}" = "MJ2Desc Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\MJ2Desc.dll" [file not found]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\common\ymmapi.dll" ["Yahoo! Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Ghang Family\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssmypics.scr" [MS]


Startup items in "Ghang Family" & "All Users" startup folders:
--------------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]


Enabled Scheduled Tasks:
------------------------

"RUTASK" -> launches: "C:\WINDOWS\ru.exe" [file not found]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes.dll" ["Yahoo! Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

{2499216C-4BA5-11D5-BD9C-000103C116D5}\
"ButtonText" = "Yahoo! Login"
"MenuText" = "Yahoo! Login"
"CLSIDExtension" = "{2499216C-4BA5-11D5-BD9C-000103C116D5}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\common\ylogin.dll" ["Yahoo! Inc."]

{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
"ButtonText" = "Messenger"
"MenuText" = "Yahoo! Messenger"
"CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes.dll" ["Yahoo! Inc."]

{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir Service, AntiVirService, ""C:\Program Files\AVPersonal\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Telephony, TapiSrv, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\tapisrv.dll" [null data]}
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 127 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 66 seconds.
---------- (total run time: 247 seconds)

Edited by gpsugy, 15 December 2005 - 06:48 PM.

  • 0

#64
joshuacat
Posted 15 December 2005 - 08:20 PM

joshuacat

    Visiting Staff

  • Member
  • PipPipPip
  • 188 posts
Okay, still picking up another stray file that was part of the infection you had earlier.

Using Windows Explorer, locate the follow file, and delete it if still present:

C:\WINDOWS\smdat32m.sys <==file

And another inactive remnant...
  • Copy the contents of the following code box to notepad.

    cd C:\windows\tasks
attrib -s -h -r  RUTASK.job
del RUTASK.job
  • Save it to your desktop as ru.bat, make sure to select "All Files" under "Save as type".
  • Double click on ru.bat to run it. You can delete the file off your desktop after you run it.
Besides those 2 remnants of the infections that we got rid of earlier, there is nothing else showing in your logs that require a fix.

Are you having any more problems?
  • 0

#65
gpsugy
Posted 15 December 2005 - 09:12 PM

gpsugy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Thanks. And yes, i do have a problem. AntiVir is still picking up the file with the virus W32/Jeefo. it is very annoying and is getting on my nerves. please help me delete it. it's not deleting even though i use the option "delete file" with anti vir.
  • 0

#66
joshuacat
Posted 15 December 2005 - 09:16 PM

joshuacat

    Visiting Staff

  • Member
  • PipPipPip
  • 188 posts
What is the exact message that you are getting?
Does it give you the file location?
  • 0

#67
joshuacat
Posted 15 December 2005 - 09:50 PM

joshuacat

    Visiting Staff

  • Member
  • PipPipPip
  • 188 posts
You can also try this....

Download the following removal tool from Sophos:

Open JEEFOGUI
Run it
Then click GO.

It will save a log file to the following location - C:\resolve.log
Copy and paste the contents of the resolve.log as a reply to this post.
  • 0

#68
gpsugy
Posted 16 December 2005 - 03:05 PM

gpsugy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
the exact message is this:


C:\SYSTEM VOLUME INFORMATION\_RESTORE{B32BA8D4-5E5A-41C0-9773-116ED9C8C0C9}\RP422\A0047945.EXE

Contains code of the Windows virus W32/Jeefo
  • 0

#69
gpsugy
Posted 16 December 2005 - 03:20 PM

gpsugy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
this is my resolve log:



RESOLVE Version 1.04
Copyright © 2003, Sophos Plc, www.sophos.com

System disinfection for W32/Jeefo

Data Version 1.00, Plugin Version 1.01

System scan started at 16:10 on 16 December 2005

Checking for W32/Jeefo in memory

Could not open process. Process ID: 532

Could not open process. Process ID: 584

Could not open process. Process ID: 608

Could not open process. Process ID: 652

Could not open process. Process ID: 664

Could not open process. Process ID: 816

Could not open process. Process ID: 872

Could not open process. Process ID: 964

Could not open process. Process ID: 1008

Could not open process. Process ID: 1152

Could not open process. Process ID: 1300

Could not open process. Process ID: 1440

Could not open process. Process ID: 1452

Could not open process. Process ID: 1472

Could not open process. Process ID: 1516

Could not open process. Process ID: 1552

Could not open process. Process ID: 1748

Could not open process. Process ID: 1976

Could not open process. Process ID: 520

Could not open process. Process ID: 3132

W32/Jeefo was not found active in memory

Checking for files affected by W32/Jeefo

Scanning C:


Scanning D:


Scanning C:


Scanning D:

Error opening file D:\RECYCLER\NPROTECT\00000005.exe

Error opening file D:\RECYCLER\NPROTECT\00000011.exe

Error opening file D:\RECYCLER\NPROTECT\00000042.exe

Error opening file D:\RECYCLER\NPROTECT\00000046.exe

Error opening file D:\RECYCLER\NPROTECT\00000047.exe

Error opening file D:\RECYCLER\NPROTECT\00000053.exe

Error opening file D:\RECYCLER\NPROTECT\00000059.exe

Error opening file D:\RECYCLER\NPROTECT\00000064.exe

Error opening file D:\RECYCLER\NPROTECT\00000065.exe

Error opening file D:\RECYCLER\NPROTECT\00000069.exe

Error opening file D:\RECYCLER\NPROTECT\00000076.exe

Error opening file D:\RECYCLER\NPROTECT\00000078.exe

Error opening file D:\RECYCLER\NPROTECT\00000129.exe

Error opening file D:\RECYCLER\NPROTECT\00000130.exe

Error opening file D:\RECYCLER\NPROTECT\00000181.exe

Error opening file D:\RECYCLER\NPROTECT\00000182.exe

Error opening file D:\RECYCLER\NPROTECT\00000186.exe

Error opening file D:\RECYCLER\NPROTECT\00000187.exe

Error opening file D:\RECYCLER\NPROTECT\00000190.exe

Error opening file D:\RECYCLER\NPROTECT\00000202.exe

Error opening file D:\RECYCLER\NPROTECT\00000203.exe

Error opening file D:\RECYCLER\NPROTECT\00000210.exe

Error opening file D:\RECYCLER\NPROTECT\00000212.exe

Error opening file D:\RECYCLER\NPROTECT\00000219.exe

Error opening file D:\RECYCLER\NPROTECT\00000221.exe

Error opening file D:\RECYCLER\NPROTECT\00000228.exe

Error opening file D:\RECYCLER\NPROTECT\00000230.exe

Error opening file D:\RECYCLER\NPROTECT\00000249.exe

Error opening file D:\RECYCLER\NPROTECT\00000251.exe

Error opening file D:\RECYCLER\NPROTECT\00000260.exe

Error opening file D:\RECYCLER\NPROTECT\00000263.exe

Error opening file D:\RECYCLER\NPROTECT\00000266.exe

Error opening file D:\RECYCLER\NPROTECT\00000272.exe

Error opening file D:\RECYCLER\NPROTECT\00000275.exe

Error opening file D:\RECYCLER\NPROTECT\00000281.exe

Error opening file D:\RECYCLER\NPROTECT\00000282.exe

Error opening file D:\RECYCLER\NPROTECT\00000287.exe

Error opening file D:\RECYCLER\NPROTECT\00000298.exe

Error opening file D:\RECYCLER\NPROTECT\00000300.exe

Error opening file D:\RECYCLER\NPROTECT\00000307.exe

Error opening file D:\RECYCLER\NPROTECT\00000309.exe

Error opening file D:\RECYCLER\NPROTECT\00000312.exe

Error opening file D:\RECYCLER\NPROTECT\00000314.exe

Error opening file D:\RECYCLER\NPROTECT\00000325.exe

Error opening file D:\RECYCLER\NPROTECT\00000326.exe

Error opening file D:\RECYCLER\NPROTECT\00000329.exe

Error opening file D:\RECYCLER\NPROTECT\00000347.exe

Error opening file D:\RECYCLER\NPROTECT\00000349.exe

Error opening file D:\RECYCLER\NPROTECT\00000357.exe

Error opening file D:\RECYCLER\NPROTECT\00000364.exe

Error opening file D:\RECYCLER\NPROTECT\00000365.exe

Error opening file D:\RECYCLER\NPROTECT\00000371.exe

Error opening file D:\RECYCLER\NPROTECT\00000375.exe

Error opening file D:\RECYCLER\NPROTECT\00000376.EXE

Error opening file D:\RECYCLER\NPROTECT\00000377.EXE

Error opening file D:\RECYCLER\NPROTECT\00000378.exe

Error opening file D:\RECYCLER\NPROTECT\00000379.exe

Error opening file D:\RECYCLER\NPROTECT\00000380.exe

Error opening file D:\RECYCLER\NPROTECT\00000381.exe

Error opening file D:\RECYCLER\NPROTECT\00000382.exe

Error opening file D:\RECYCLER\NPROTECT\00000383.exe

Error opening file D:\RECYCLER\NPROTECT\00000384.exe

Error opening file D:\RECYCLER\NPROTECT\00000385.exe

Error opening file D:\RECYCLER\NPROTECT\00000386.exe

Error opening file D:\RECYCLER\NPROTECT\00000387.exe

Error opening file D:\RECYCLER\NPROTECT\00000388.exe


System scan finished at 16:16 on 16 December 2005

Infected processes found : 0
Processes terminated or disinfected : 0
Infected files found : 0
Infected files deleted : 0
  • 0

#70
joshuacat
Posted 16 December 2005 - 03:47 PM

joshuacat

    Visiting Staff

  • Member
  • PipPipPip
  • 188 posts
The location that you copied above is from your system restore point. It is harmless in that location. We will remove it as part of my final cleanup steps to you. If you want, run the Jeefo removal tool once more from safe mode. Copy the resolve.log as a reply to this post.
  • 0

Advertisements

#71
gpsugy
Posted 16 December 2005 - 05:12 PM

gpsugy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
ok, i did it in safe mode, but i just got that same warning message from anti vir, so the virus is still in my computer. please help me get rid of this annoyance.

here is my resolve log:



RESOLVE Version 1.04
Copyright © 2003, Sophos Plc, www.sophos.com

System disinfection for W32/Jeefo

Data Version 1.00, Plugin Version 1.01

System scan started at 16:10 on 16 December 2005

Checking for W32/Jeefo in memory

Could not open process. Process ID: 532

Could not open process. Process ID: 584

Could not open process. Process ID: 608

Could not open process. Process ID: 652

Could not open process. Process ID: 664

Could not open process. Process ID: 816

Could not open process. Process ID: 872

Could not open process. Process ID: 964

Could not open process. Process ID: 1008

Could not open process. Process ID: 1152

Could not open process. Process ID: 1300

Could not open process. Process ID: 1440

Could not open process. Process ID: 1452

Could not open process. Process ID: 1472

Could not open process. Process ID: 1516

Could not open process. Process ID: 1552

Could not open process. Process ID: 1748

Could not open process. Process ID: 1976

Could not open process. Process ID: 520

Could not open process. Process ID: 3132

W32/Jeefo was not found active in memory

Checking for files affected by W32/Jeefo

Scanning C:


Scanning D:


Scanning C:


Scanning D:

Error opening file D:\RECYCLER\NPROTECT\00000005.exe

Error opening file D:\RECYCLER\NPROTECT\00000011.exe

Error opening file D:\RECYCLER\NPROTECT\00000042.exe

Error opening file D:\RECYCLER\NPROTECT\00000046.exe

Error opening file D:\RECYCLER\NPROTECT\00000047.exe

Error opening file D:\RECYCLER\NPROTECT\00000053.exe

Error opening file D:\RECYCLER\NPROTECT\00000059.exe

Error opening file D:\RECYCLER\NPROTECT\00000064.exe

Error opening file D:\RECYCLER\NPROTECT\00000065.exe

Error opening file D:\RECYCLER\NPROTECT\00000069.exe

Error opening file D:\RECYCLER\NPROTECT\00000076.exe

Error opening file D:\RECYCLER\NPROTECT\00000078.exe

Error opening file D:\RECYCLER\NPROTECT\00000129.exe

Error opening file D:\RECYCLER\NPROTECT\00000130.exe

Error opening file D:\RECYCLER\NPROTECT\00000181.exe

Error opening file D:\RECYCLER\NPROTECT\00000182.exe

Error opening file D:\RECYCLER\NPROTECT\00000186.exe

Error opening file D:\RECYCLER\NPROTECT\00000187.exe

Error opening file D:\RECYCLER\NPROTECT\00000190.exe

Error opening file D:\RECYCLER\NPROTECT\00000202.exe

Error opening file D:\RECYCLER\NPROTECT\00000203.exe

Error opening file D:\RECYCLER\NPROTECT\00000210.exe

Error opening file D:\RECYCLER\NPROTECT\00000212.exe

Error opening file D:\RECYCLER\NPROTECT\00000219.exe

Error opening file D:\RECYCLER\NPROTECT\00000221.exe

Error opening file D:\RECYCLER\NPROTECT\00000228.exe

Error opening file D:\RECYCLER\NPROTECT\00000230.exe

Error opening file D:\RECYCLER\NPROTECT\00000249.exe

Error opening file D:\RECYCLER\NPROTECT\00000251.exe

Error opening file D:\RECYCLER\NPROTECT\00000260.exe

Error opening file D:\RECYCLER\NPROTECT\00000263.exe

Error opening file D:\RECYCLER\NPROTECT\00000266.exe

Error opening file D:\RECYCLER\NPROTECT\00000272.exe

Error opening file D:\RECYCLER\NPROTECT\00000275.exe

Error opening file D:\RECYCLER\NPROTECT\00000281.exe

Error opening file D:\RECYCLER\NPROTECT\00000282.exe

Error opening file D:\RECYCLER\NPROTECT\00000287.exe

Error opening file D:\RECYCLER\NPROTECT\00000298.exe

Error opening file D:\RECYCLER\NPROTECT\00000300.exe

Error opening file D:\RECYCLER\NPROTECT\00000307.exe

Error opening file D:\RECYCLER\NPROTECT\00000309.exe

Error opening file D:\RECYCLER\NPROTECT\00000312.exe

Error opening file D:\RECYCLER\NPROTECT\00000314.exe

Error opening file D:\RECYCLER\NPROTECT\00000325.exe

Error opening file D:\RECYCLER\NPROTECT\00000326.exe

Error opening file D:\RECYCLER\NPROTECT\00000329.exe

Error opening file D:\RECYCLER\NPROTECT\00000347.exe

Error opening file D:\RECYCLER\NPROTECT\00000349.exe

Error opening file D:\RECYCLER\NPROTECT\00000357.exe

Error opening file D:\RECYCLER\NPROTECT\00000364.exe

Error opening file D:\RECYCLER\NPROTECT\00000365.exe

Error opening file D:\RECYCLER\NPROTECT\00000371.exe

Error opening file D:\RECYCLER\NPROTECT\00000375.exe

Error opening file D:\RECYCLER\NPROTECT\00000376.EXE

Error opening file D:\RECYCLER\NPROTECT\00000377.EXE

Error opening file D:\RECYCLER\NPROTECT\00000378.exe

Error opening file D:\RECYCLER\NPROTECT\00000379.exe

Error opening file D:\RECYCLER\NPROTECT\00000380.exe

Error opening file D:\RECYCLER\NPROTECT\00000381.exe

Error opening file D:\RECYCLER\NPROTECT\00000382.exe

Error opening file D:\RECYCLER\NPROTECT\00000383.exe

Error opening file D:\RECYCLER\NPROTECT\00000384.exe

Error opening file D:\RECYCLER\NPROTECT\00000385.exe

Error opening file D:\RECYCLER\NPROTECT\00000386.exe

Error opening file D:\RECYCLER\NPROTECT\00000387.exe

Error opening file D:\RECYCLER\NPROTECT\00000388.exe


System scan finished at 16:16 on 16 December 2005

Infected processes found : 0
Processes terminated or disinfected : 0
Infected files found : 0
Infected files deleted : 0


RESOLVE Version 1.04
Copyright © 2003, Sophos Plc, www.sophos.com

System disinfection for W32/Jeefo

Data Version 1.00, Plugin Version 1.01

System scan started at 16:58 on 16 December 2005

Checking for W32/Jeefo in memory

Could not open process. Process ID: 148

Could not open process. Process ID: 200

Could not open process. Process ID: 224

Could not open process. Process ID: 268

Could not open process. Process ID: 280

Could not open process. Process ID: 432

Could not open process. Process ID: 492

Could not open process. Process ID: 552

W32/Jeefo was not found active in memory

Checking for files affected by W32/Jeefo

Scanning C:


Scanning D:


Scanning C:


Scanning D:

Error opening file D:\RECYCLER\NPROTECT\00000005.exe

Error opening file D:\RECYCLER\NPROTECT\00000011.exe

Error opening file D:\RECYCLER\NPROTECT\00000042.exe

Error opening file D:\RECYCLER\NPROTECT\00000046.exe

Error opening file D:\RECYCLER\NPROTECT\00000047.exe

Error opening file D:\RECYCLER\NPROTECT\00000053.exe

Error opening file D:\RECYCLER\NPROTECT\00000059.exe

Error opening file D:\RECYCLER\NPROTECT\00000064.exe

Error opening file D:\RECYCLER\NPROTECT\00000065.exe

Error opening file D:\RECYCLER\NPROTECT\00000069.exe

Error opening file D:\RECYCLER\NPROTECT\00000076.exe

Error opening file D:\RECYCLER\NPROTECT\00000078.exe

Error opening file D:\RECYCLER\NPROTECT\00000129.exe

Error opening file D:\RECYCLER\NPROTECT\00000130.exe

Error opening file D:\RECYCLER\NPROTECT\00000181.exe

Error opening file D:\RECYCLER\NPROTECT\00000182.exe

Error opening file D:\RECYCLER\NPROTECT\00000186.exe

Error opening file D:\RECYCLER\NPROTECT\00000187.exe

Error opening file D:\RECYCLER\NPROTECT\00000190.exe

Error opening file D:\RECYCLER\NPROTECT\00000202.exe

Error opening file D:\RECYCLER\NPROTECT\00000203.exe

Error opening file D:\RECYCLER\NPROTECT\00000210.exe

Error opening file D:\RECYCLER\NPROTECT\00000212.exe

Error opening file D:\RECYCLER\NPROTECT\00000219.exe

Error opening file D:\RECYCLER\NPROTECT\00000221.exe

Error opening file D:\RECYCLER\NPROTECT\00000228.exe

Error opening file D:\RECYCLER\NPROTECT\00000230.exe

Error opening file D:\RECYCLER\NPROTECT\00000249.exe

Error opening file D:\RECYCLER\NPROTECT\00000251.exe

Error opening file D:\RECYCLER\NPROTECT\00000260.exe

Error opening file D:\RECYCLER\NPROTECT\00000263.exe

Error opening file D:\RECYCLER\NPROTECT\00000266.exe

Error opening file D:\RECYCLER\NPROTECT\00000272.exe

Error opening file D:\RECYCLER\NPROTECT\00000275.exe

Error opening file D:\RECYCLER\NPROTECT\00000281.exe

Error opening file D:\RECYCLER\NPROTECT\00000282.exe

Error opening file D:\RECYCLER\NPROTECT\00000287.exe

Error opening file D:\RECYCLER\NPROTECT\00000298.exe

Error opening file D:\RECYCLER\NPROTECT\00000300.exe

Error opening file D:\RECYCLER\NPROTECT\00000307.exe

Error opening file D:\RECYCLER\NPROTECT\00000309.exe

Error opening file D:\RECYCLER\NPROTECT\00000312.exe

Error opening file D:\RECYCLER\NPROTECT\00000314.exe

Error opening file D:\RECYCLER\NPROTECT\00000325.exe

Error opening file D:\RECYCLER\NPROTECT\00000326.exe

Error opening file D:\RECYCLER\NPROTECT\00000329.exe

Error opening file D:\RECYCLER\NPROTECT\00000347.exe

Error opening file D:\RECYCLER\NPROTECT\00000349.exe

Error opening file D:\RECYCLER\NPROTECT\00000357.exe

Error opening file D:\RECYCLER\NPROTECT\00000364.exe

Error opening file D:\RECYCLER\NPROTECT\00000365.exe

Error opening file D:\RECYCLER\NPROTECT\00000371.exe

Error opening file D:\RECYCLER\NPROTECT\00000375.exe

Error opening file D:\RECYCLER\NPROTECT\00000376.EXE

Error opening file D:\RECYCLER\NPROTECT\00000377.EXE

Error opening file D:\RECYCLER\NPROTECT\00000378.exe

Error opening file D:\RECYCLER\NPROTECT\00000379.exe

Error opening file D:\RECYCLER\NPROTECT\00000380.exe

Error opening file D:\RECYCLER\NPROTECT\00000381.exe

Error opening file D:\RECYCLER\NPROTECT\00000382.exe

Error opening file D:\RECYCLER\NPROTECT\00000383.exe

Error opening file D:\RECYCLER\NPROTECT\00000384.exe

Error opening file D:\RECYCLER\NPROTECT\00000385.exe

Error opening file D:\RECYCLER\NPROTECT\00000386.exe

Error opening file D:\RECYCLER\NPROTECT\00000387.exe

Error opening file D:\RECYCLER\NPROTECT\00000388.exe


System scan finished at 17:00 on 16 December 2005

Infected processes found : 0
Processes terminated or disinfected : 0
Infected files found : 0
Infected files deleted : 0
  • 0

#72
joshuacat
Posted 16 December 2005 - 05:20 PM

joshuacat

    Visiting Staff

  • Member
  • PipPipPip
  • 188 posts
gpsugy:

Okay, both your HiJackThis and the Silent Runners log came up clean except for a couple of the leftover entries that I mentioned.
Great job! :tazz:

Let's start the cleanup steps...

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
  • CHECK the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
This will get rid of the AntiVir warning message....

Disable and Enable System Restore. - Since you are using Windows XP you should disable and enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and enable system restore here:

Windows XP System Restore Guide

--------------------------------------------------------------
Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend the following:

Detection and Removal Programs:

You already have 2 good Anti-spyware detection programs -SpyBot, and Ad-Aware. It is important that all of these programs are updated, and you run full system scans on a regular basis.

Please see the following tutorials below:

How to use Ad-Aware to remove Spyware
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers


Prevention Programs:

I recommend the following programs to help prevent an infection:

Spywareblaster - Helps prevent spyware from being installed.
Please see the following tutorial - Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware.

Sygate or ZoneLabs - You don't have a firewall installed. You should install one to help protect against future problems. A firewall is definitely a must have. I recommend that you install one of the programs suggested.


Other necessary Programs and steps:

Anti-virus program - It looks like you have an anti-virus program. It is important that this program is updated, and you run a full system scan on a regular basis.

More Secure Browser - Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, and/or Opera.

Visit Microsoft's Windows Update Site Frequently - If you are a Windows users you must visit http://www.windowsupdate.com regularly. This site is a Microsoft site that will scan your computer for any patches or updates that are missing from your computer. It will then provide a list of items that it can download and install for you. This will ensure your computer has all of the latest security updates available installed on your computer and is secure from any known security holes.

Please read the following:Reply once more that you understand these recommendations, and confirm that there are no remaining issues.
  • 0

#73
gpsugy
Posted 16 December 2005 - 05:45 PM

gpsugy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
i have a question, y would i need to disable the system restore if i am going to enable it right after anyway?
  • 0

#74
gpsugy
Posted 16 December 2005 - 05:51 PM

gpsugy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
i am sorry, i understand why now.
  • 0

#75
gpsugy
Posted 16 December 2005 - 06:28 PM

gpsugy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
hi. are u sure that i am completely cleaned? i have just scanned my computer with spybot, and the same items from before came up:

Advertising.com
Avenue A, Inc.
DoubleClick
FastClick
TargetNet
ValueClick

these items constantly come up. please help me.

and i have a question about spyblaster. does it protect me while it's closed? i run the program, then i close the window, but i don't see an icon in the bottom-right hand corner of my computer. is it active?

i'm sorry, i seem to be asking too much, but i'm trying to download sygate. could u perhaps give me a more specific address? i do not know where exactly to go to download the firewall. thanks.

Edited by gpsugy, 16 December 2005 - 06:35 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP