Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Gator Gain ?

Started by Summer_24 , Nov 27 2005 03:46 AM

  • Please log in to reply

#16
Buckeye_Sam
Posted 09 December 2005 - 08:56 AM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts

I was able to locate D:\RECYCLER\S-1-5-21-1960408961-1292428093-682003330-1004\Dd1.DAT however, when I clicked on it to try and delete it, I got this message "cannot delete, it is being used by another person or program. Close any programs that might be using the file and try again." I was not using anything else, I was in safe mode, only trying to locate and delete what you told me to, so I am a little bit conufsed?

Don't worry about this one. It can't hurt you from the recycle bin. Did you try emptying the recycle bin?

Also, I had about 125 files titled $NtUninstallKB8_____$ under C:\WINDOWS.......between the B8 and $ were five random numbers for each individual file. Should I have these on my computer, because i'm not sure what they are??

These are backups for all of your Windows security updates. They're ok.


Let's try something else.

Please download Ewido Security Suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
http://www.ewido.net...wnload/updates/

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.


Reboot your computer and post a new hijackthis log and the log from Ewido.
  • 0

Advertisements

#17
Summer_24
Posted 13 December 2005 - 12:17 AM

Summer_24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:42:20 PM, 12/11/2005
+ Report-Checksum: 7DF4C9A6

+ Scan result:

No infected objects found.

::Report End


**I also ran the Ad-Aware SE scan, and found this...

TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[13]=IECache Entry : C:\Documents and Settings\summer\Cookies\summer@realmedia[1].txt




Logfile of HijackThis v1.99.1
Scan saved at 12:11:15 AM, on 12/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe


** I also ran the panda scan again, and it found the 6 items listed below:
Incident Status Location
Adware:adware/addestroyer Not disinfected C:\WINDOWS\SYSTEM32\PopOops.dll
Adware:adware/savenow Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\WUInst.inf
Adware:adware/favoriteman Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\ATPartners.inf
Spyware:spyware/bridge Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\bridge.dll
Adware:adware/blazefind Not disinfected C:\WINDOWS\System32creditcard.bmp
Adware:adware/sidesearch Not disinfected Windows Registry

*I was not able to delete the four items listed below. And, I have not been able to locate the three C files (last week I even tried to locate the C files through Safe Mode, but still had no luck). Please help me fix this problem. Thanks for all of your help!
C:\WINDOWS\DOWNLOADED PROGRAM FILES\WUInst.inf
C:\WINDOWS\DOWNLOADED PROGRAM FILES\ATPartners.inf
C:\WINDOWS\DOWNLOADED PROGRAM FILES\bridge.dll
Adware:adware/sidesearch Not disinfected Windows Registry

Edited by Summer_24, 13 December 2005 - 12:23 AM.

  • 0

#18
Buckeye_Sam
Posted 13 December 2005 - 07:30 AM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Let's try Killbox again.

Open Killbox and select the Delete on reboot option.
Copy and paste the following file to the field labeled "Full path of file to delete"

C:\WINDOWS\DOWNLOADED PROGRAM FILES\bridge.dll

Press the Delete button (the button that looks like a red circle with a white X in it).
A first dialog box will ask if you want to delete the file on reboot, press the YES button.
A second dialog box will ask you if you want to REBOOT now. Press the YES button.

Your computer will reboot.



Let me know what happens.
  • 0

#19
Summer_24
Posted 14 December 2005 - 11:51 PM

Summer_24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
Hello again.
I copied and pasted the file into Killbox, clicked the option for delete upon reboot....clicked on the red delete button and nothing happened. For some reason it will not delete this file. I tried locating the file by going to start, run, & start search....neither one of them found the file. Any ideas as to why i'm not able to locate it and what I should try next?
Thanks for all your hard work,
Summer
  • 0

#20
Buckeye_Sam
Posted 15 December 2005 - 03:42 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
First let me say that I'm not convinced that the file even exists. But let's try this.

Click Start -> Run -> type cmd and hit enter.
Type cd\ to get back to a C:\
Type cd C:\WINDOWS\DOWNLOADED PROGRAM FILES
Type del bridge.dll

It will tell you if the file does not exist or can not be deleted. But if you get no message then the file was successfully deleted. Delete these files also using these commands.

del WUInst.inf
del ATPartners.inf

Type exit to close the command prompt.


Let me know how it goes.

Edited by Buckeye_Sam, 15 December 2005 - 03:45 PM.

  • 0

#21
Summer_24
Posted 16 December 2005 - 11:57 PM

Summer_24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
Hello!
I typed in the three files, and was able to find both del WUInst.inf & del ATPartners.inf - so i'm assuming that it deleted them since it didn't say that it couldn't delete them or couldn't find them.
For the del bridge.dll file, I got the message: "Could not find C:\WINDOWS\DOWNLOADED PROGRAM FILES\bridge.dll"

What would you like me to do now? Also, is there any way to speed up my computer? It's supposed to have high speed internet access, but is taking a really long time with everything.
Thanks again,
Summer
  • 0

#22
Buckeye_Sam
Posted 17 December 2005 - 07:17 AM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Is it your computer that is slow, or just your connection?

I see AOL in your log. Are you still using AOL?
  • 0

#23
Summer_24
Posted 19 December 2005 - 10:22 PM

Summer_24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
No, i'm not using AOL anymore...I switched over to COX High Speed Internet. However, I do use AOL Instant Messenger (AIM).

I think its my computer that is running slow, i'm not really sure- it may be my internet. It takes forever to pull up anything online.

Any suggestions?
  • 0

#24
Buckeye_Sam
Posted 20 December 2005 - 04:12 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
If you are just seeing web pages loading slow, then it's just your connection that is slow, not necessarily your computer.

Let's get rid of any leftover parts of AOL that may be slowing you down.
Fix this line with Hijackthis.

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe


Now delete this folder.

C:\Program Files\Common Files\AOL



Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)


Reboot your computer and let me know if you notice any difference.
  • 0

#25
Summer_24
Posted 20 December 2005 - 11:46 PM

Summer_24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
Hi!
I wasn't able to get rid of the folder C:\Program Files\Common Files\AOL - everytime I try to delete it, I get the message "Cannot delete acsd.exe: Access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use."
Did I do something wrong? I even tried to delete it using kill box, and it still didn't work. Any suggestions?
Thanks for your help,
Summer
  • 0

Advertisements

#26
Buckeye_Sam
Posted 21 December 2005 - 04:56 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Reboot into Safe mode and delete it from there.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP