Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

XP update problems Malware ?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Pictureman1 » January 25th, 2006, 6:27 pm

Hi Nellie2

Have retried this evening to run Panda ActiveScan, still no sucess in fact less than last night could not even get the computer on line.

If a desktop folder is clicked it will open normally, if a desk top icon or an icon within a folder is clicked the system hangs with the busy timer showing frequently this busy period can be 3-5 mins at the end of which the selected screen will open.

If the function is to open a programme the busy timer may show briefly and then go without the programme opening, as was the case both last night and tonight when trying to access the internet.

Again I am unable to open Windows Task Manager in order to see the state of the programme, responding? not running?

At the moment I really do not feel I am able to acheive the necessary progress needed to follow the instructions you are giving me due to these problems, I am wondering therefore if the way forward is to do a clean reinstall of the operating system, I did when I received the system confirm that no critical data was on the system and so data loss is not a problem.

Would a clean reinstall resolve the problems? or at least allow better progress? I look forward to your thoughts on this. I will not of course do anything down this route until I get your approval.

If we are to go down this route, I am fairly confident of the proceedures necessary, horever as it is not a regular thing for me please could you point me in the direction of a site with detailed instructions in order to avoid mistakes.

Many thanks for all your help.
Pictureman1
Regular Member
 
Posts: 15
Joined: January 20th, 2006, 1:52 pm
Location: Devon U.K.
Advertisement
Register to Remove

Unread postby Nellie2 » January 26th, 2006, 4:44 pm

I see that the virus has loaded again, I need to see a hijack log run in normal mode to get the full hit of what is going on!

Try the Bitdefender Online Scan

When that is done, go to Trend Micro and scan. Let the scanners clean what they find.

When done, reboot and Please download MWav eScan to a convenient location.

This scan might take around 3+ hours to finish when set to scan everything.

I need you to run MWav by double-clicking on mwav.exe
Put a check next to the below items before scanning:
  • Memory
  • Startup Folders
  • Drive - All Local Drives
  • Folder - then click "browse" to change the directory to C: (default is C:\Windows)
  • Registry
  • System Folders
  • Services
  • Include Sub-Directory
  • Scan All Files

Please make sure ALL of these are checked, then press the Scan button.

*NOTE* MWav may pause and appear to be finished, but it isn't done. Just let it run until it says it's complete.

On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items". Once the scan is complete, please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely big so there is no way to post the whole log. I just need the infected items list from that window.
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK

Unread postby Pictureman1 » January 27th, 2006, 12:33 pm

Hi Nellie2

Still having great problems using the system due to hanging and crashes, usually needing to reboot several times between each test. I hope that the logs are in the correct place, with all the system hangs and reboots I have got rather confused as to where each belongs.

I would appreciate your comments on my previous suggestion of system rebuild, I have today been talking to the system owner he is getting rather concerned as about the time of the system failure he enrolled on an on line course and now needs to start urgently.

I think that if not working by Monday he has decided to resort to local repair agent, sorry about that as I am enjoying the learning curve that this has given me.

**********************************************************

Did in the end manage to run BitDefender here is the log.


BitDefender Online Scanner

Scan report generated at: Thu, Jan 26, 2006 - 22:44:52


Scan path: A:\;C:\;D:\;E:\;F:\;

statistics

Time
00:25:52

Files
52379

Folders
1647

Boot Sectors
5

Archives
675

Packed Files
2099




Results

Identified Viruses
2

Infected Files
11

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
9




Engines Info

Virus Definitions
253942

Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins
13

Archive plugins
39

Unpack plugins
4

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\WINDOWS\SYSTEM32\mscf.exe
Infected with: Backdoor.RBot.38842005

C:\WINDOWS\SYSTEM32\mscf.exe
Disinfection failed

C:\WINDOWS\SYSTEM32\mscf.exe
Delete failed

C:\WINDOWS\msconfigsd.exe
Infected with: Backdoor.RBot.8CAAB00E

C:\WINDOWS\msconfigsd.exe
Disinfection failed

C:\WINDOWS\msconfigsd.exe
Delete failed

C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\1KIXFRWY\sdd4[1].exe
Infected with: Backdoor.RBot.8CAAB00E

C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\1KIXFRWY\sdd4[1].exe
Deleted

C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\2L6ZIP96\sdd4[1].exe
Infected with: Backdoor.RBot.8CAAB00E

C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\2L6ZIP96\sdd4[1].exe
Deleted

C:\Documents and Settings\Admin\Local Settings\Temp\hjzfcugqi.exe
Infected with: Backdoor.RBot.8CAAB00E

C:\Documents and Settings\Admin\Local Settings\Temp\hjzfcugqi.exe
Deleted

C:\Documents and Settings\Admin\Local Settings\Temp\pxznlrpopk.exe
Infected with: Backdoor.RBot.8CAAB00E

C:\Documents and Settings\Admin\Local Settings\Temp\pxznlrpopk.exe
Deleted

C:\Documents and Settings\Admin\Local Settings\Temp\quwggfdcd.exe
Infected with: Backdoor.RBot.8CAAB00E

C:\Documents and Settings\Admin\Local Settings\Temp\quwggfdcd.exe
Deleted

C:\Documents and Settings\JohnB\Local Settings\Temp\yqlxzsdzjyx.exe
Infected with: Backdoor.RBot.8CAAB00E

C:\Documents and Settings\JohnB\Local Settings\Temp\yqlxzsdzjyx.exe
Deleted

C:\Documents and Settings\JohnB\Local Settings\Temporary Internet Files\Content.IE5\S94DMN8F\sdd4[1].exe
Infected with: Backdoor.RBot.8CAAB00E

C:\Documents and Settings\JohnB\Local Settings\Temporary Internet Files\Content.IE5\S94DMN8F\sdd4[1].exe
Deleted

C:\System Volume Information\_restore{F7BB4EBD-6EA6-4A17-A637-C71E15FC7C4E}\RP11\A0013772.exe
Infected with: Backdoor.RBot.8CAAB00E

C:\System Volume Information\_restore{F7BB4EBD-6EA6-4A17-A637-C71E15FC7C4E}\RP11\A0013772.exe
Deleted

C:\System Volume Information\_restore{F7BB4EBD-6EA6-4A17-A637-C71E15FC7C4E}\RP11\A0013773.exe
Infected with: Backdoor.RBot.8CAAB00E

C:\System Volume Information\_restore{F7BB4EBD-6EA6-4A17-A637-C71E15FC7C4E}\RP11\A0013773.exe
Deleted

*************************************************************

Trend Micro

Initially refused to run at all when I eventually got into the site it returned the following erreo message

"HouseCall does not support Multibyte character sets......." then "Please come back for updates"

************************************************************

The link you gave returned "Page has been moved" and referred me to their home page, from there went to free downloads and selected "eScan AntiVirus for windows" (awn2k3e.exe), this seemed the most applicable.

This was rather different from what I expected from your post however did my best.

Whilst downloading it ran a vitrus scanner briefly but no log appered to be saved, once finished I updated with latest updates.

The main screen did not tie up with your instructions so selected "Computer" and the option which showed longes scan times on the basis I assumed it was doing the most secure checks.

The format was different and did not seem to show a seperate vius log so have copied the two shown and pasted here.

Virus found

mwav scan revealed two infected files:-

Virus could not be removed/Backdoor.Win32.SdBot.xy/A0015769.exe/C:\System Volume Information\_restore{F7BB4EBD-6EA6-4A17-A637-C71E15FC7C4E}RP11

Virus could not be removed/Backdoor.Win32.SdBot.xy/A0015770.exe/C:\System Volume Information\_restore{F7BB4EBD-6EA6-4A17-A637-C71E15FC7C4E}RP11

As scan was different have copied first and last sections of log as it may give a better idea of where we are at.

Startrt of log

Fri Jan 27 11:08:11 2006 => ******************************************************************
Fri Jan 27 11:08:11 2006 => eScan for Windows.
Fri Jan 27 11:08:11 2006 => Copyright © 2005-2006, MicroWorld Technologies Inc.
Fri Jan 27 11:08:11 2006 => Support: support@mwti.net
Fri Jan 27 11:08:11 2006 => Web: http://www.mwti.net
Fri Jan 27 11:08:11 2006 => ******************************************************************
Fri Jan 27 11:08:11 2006 => Version 8.0.636.1
Fri Jan 27 11:08:11 2006 => LogFile: C:\PROGRA~1\eScan\Log\27010000.log
Fri Jan 27 11:08:11 2006 =>
Fri Jan 27 11:08:11 2006 => Heuristics: On
Fri Jan 27 11:08:11 2006 => Packed files: On
Fri Jan 27 11:08:11 2006 => System areas: On
Fri Jan 27 11:08:11 2006 => Archived files: On
Fri Jan 27 11:08:11 2006 => Calculate Analysis: On
Fri Jan 27 11:08:11 2006 => Action specified in case of an infection: Automatic
Fri Jan 27 11:08:11 2006 =>
Fri Jan 27 11:09:41 2006 => ***** Checking system areas *****
Fri Jan 27 11:10:00 2006 =>
Fri Jan 27 11:10:00 2006 => ***** Checking selected directories and files *****
Fri Jan 27 11:10:00 2006 => Scanning File C:\setuplog.exe
Fri Jan 27 11:10:00 2006 => C:\hiberfil.sys ***** File having Size Restriction *****
Fri Jan 27 11:10:00 2006 => Scanning File C:\FRUNLOG.TXT
Fri Jan 27 11:10:00 2006 => Scanning File C:\config.sy_
Fri Jan 27 11:10:00 2006 => Scanning File C:\MSDOS.SYS
Fri Jan 27 11:10:00 2006 => Scanning File C:\CONFIG.SYS
Fri Jan 27 11:10:00 2006 => Scanning File C:\AUTOEXEC.BAT
Fri Jan 27 11:10:00 2006 => Scanning File C:\avgun.log
Fri Jan 27 11:10:01 2006 => Scanning File C:\IO.SYS
Fri Jan 27 11:10:01 2006 => C:\AVG7QT.DAT ***** File having Size Restriction *****
Fri Jan 27 11:10:01 2006 => Scanning File C:\smitfiles.txt
Fri Jan 27 11:10:01 2006 => Scanning File C:\BOOTSECT.DOS
Fri Jan 27 11:10:01 2006 => Scanning File C:\23990098.$$$
Fri Jan 27 11:10:01 2006 => Scanning File C:\AVPCallback.log
Fri Jan 27 11:10:01 2006 => Scanning File C:\ntldr
Fri Jan 27 11:10:01 2006 => Scanning File C:\ntdetect.com
Fri Jan 27 11:10:01 2006 => Scanning File C:\boot.ini

End of log:-

Fri Jan 27 11:35:52 2006 => Scanning File F:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Fri Jan 27 11:35:54 2006 => Scanning File F:\Program Files\Lavasoft\Ad-Aware SE Personal\alert.wav
Fri Jan 27 11:35:54 2006 => Scanning File F:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
Fri Jan 27 11:35:55 2006 => Scanning File F:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref.old
Fri Jan 27 11:35:55 2006 => Scanning File F:\Program Files\Lavasoft\Ad-Aware SE Personal\INSTALL.LOG
Fri Jan 27 11:35:55 2006 => Scanning File F:\Program Files\Lavasoft\Ad-Aware SE Personal\license.txt
Fri Jan 27 11:35:55 2006 => F:\Program Files\Lavasoft\Ad-Aware SE Personal\manual.chm ***** File having Scanning Restriction *****
Fri Jan 27 11:35:55 2006 => Scanning File F:\Program Files\Lavasoft\Ad-Aware SE Personal\unregaaw.exe
Fri Jan 27 11:35:55 2006 => Scanning File F:\Program Files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE
Fri Jan 27 11:35:55 2006 => Scanning File F:\Program Files\Lavasoft\Ad-Aware SE Personal\Lang\default.awl
Fri Jan 27 11:35:55 2006 => Scanning File F:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask
Fri Jan 27 11:35:55 2006 => Result: File F:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask not Scanned. Possibly password protected...
Fri Jan 27 11:35:55 2006 => Scanning File F:\RECYCLER\S-1-5-21-1177238915-1708537768-1957994488-1004\desktop.ini
Fri Jan 27 11:35:55 2006 => Scanning File F:\RECYCLER\S-1-5-21-1177238915-1708537768-1957994488-1004\INFO2
Fri Jan 27 11:35:55 2006 => Scanning File F:\RECYCLER\S-1-5-21-1177238915-1708537768-1957994488-1005\desktop.ini
Fri Jan 27 11:35:55 2006 => Scanning File F:\RECYCLER\S-1-5-21-1177238915-1708537768-1957994488-1005\INFO2
Fri Jan 27 11:35:55 2006 => Scanning File F:\RECYCLER\S-1-5-21-1177238915-1708537768-1957994488-1006\desktop.ini
Fri Jan 27 11:35:56 2006 => Scanning File F:\RECYCLER\S-1-5-21-1177238915-1708537768-1957994488-1006\INFO2
Fri Jan 27 11:35:56 2006 => F:\System Volume Information\*.* Access is denied.
Fri Jan 27 11:35:56 2006 =>
Fri Jan 27 11:35:56 2006 => ***** Scanning Completed. *****
Fri Jan 27 11:35:56 2006 =>
Fri Jan 27 11:35:56 2006 => Total Number of Files Scanned: 17065
Fri Jan 27 11:35:56 2006 => Total Number of Files Infected: 2
Fri Jan 27 11:35:56 2006 => Total Number of Files Disinfected: 0
Fri Jan 27 11:35:56 2006 => Total Number of Files Renamed: 0
Fri Jan 27 11:35:56 2006 => Total Number of Files Deleted: 0
Fri Jan 27 11:35:56 2006 => Total Number of Errors: 2
Fri Jan 27 11:35:56 2006 => Time Elapsed:: 00:26:15

Not sure if this will give you what you want but hope so.
Pictureman1
Regular Member
 
Posts: 15
Joined: January 20th, 2006, 1:52 pm
Location: Devon U.K.

Unread postby Nellie2 » January 27th, 2006, 6:01 pm

You have a nasty password stealing trojan and I thoroughly recommend that you change all your online passwords using a different computer that is not infected!

If you bank online then it may be prudent to contact your bank and let them know that your account may be compromised.

Go here to download the Rbot disinfection utility from F-secure. Make sure you read all the instructions.

When done, Please download and install this disk cleanup utility called Cleanup!
http://cleanup.stevengould.org/

It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space.

Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

Reboot and post a fresh hijack log please
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK

Unread postby Pictureman1 » January 28th, 2006, 4:34 pm

Hi Nellie2

At last I have been able to run HJT in normal mode, attached is the log just taken, hope we are now pretty clean as I would hate to have the computer take away without finishing the task.

Logfile of HijackThis v1.99.1
Scan saved at 20:24:34, on 28/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
F:\Program Files\ewido anti-malware\ewidoctrl.exe
F:\Program Files\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\eScan\avpm.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\eScan\TRAYICOS.EXE
C:\PROGRA~1\eScan\AVPMWrap.EXE
C:\PROGRA~1\eScan\MAILDISP.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\ESCAN\SPOOLER.EXE
C:\PROGRA~1\eScan\MAILSCAN.EXE
C:\PROGRA~1\eScan\AvpM.exe
C:\PROGRA~1\eScan\kavss.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Documents and Settings\Admin\Desktop\hijackthis\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Program Files\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8540503571
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - F:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Look forward to your next post
Pictureman1
Regular Member
 
Posts: 15
Joined: January 20th, 2006, 1:52 pm
Location: Devon U.K.

Unread postby Nellie2 » January 29th, 2006, 5:08 pm

Your hijack log looks good..... I take it that your computer is behaving itself now??

Could you give me another bit defender or Panda scan please
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK

Unread postby Pictureman1 » January 30th, 2006, 10:05 am

Hi Nellie2

Yes all seems weell now, here is the Panda scan just seems to be the one cookie now sure that will not present you with much of a problem.


Incident Status Location

Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\John Ballard\Cookies\john ballard@microsofteup.112.2o7[1].txt
Pictureman1
Regular Member
 
Posts: 15
Joined: January 20th, 2006, 1:52 pm
Location: Devon U.K.

Unread postby Nellie2 » January 30th, 2006, 4:16 pm

You can sort those cookies out by having another run through with Cleanup.

Now would be a good time to reset system restore. To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Please go to Windows Update as soon as you can and update to SP2, your system is vulnerable without it and the subsequent security fixes.

You do not appear to have a firewall running and there are a few available for free that have excellent reputations:

Zone Alarm

Kerio

Sygate

Here are some suggestions to reduce the potential for spyware infection in the future. I strongly recommend installing the following :

Spyware Blaster - It will prevent most spyware from ever being installed.
Spyware Guard - It offers realtime protection from spyware installation attempts.
IE-Spyad - IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
I also recommend reading this article written by Tony Klein How did I get infected in the first place
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK

Unread postby Pictureman1 » February 1st, 2006, 7:01 pm

Hi Nellie2

Just to confirm that I have followed your advice in the last post, updated to SP2 and installed the suggested protections to the system. All now up and running, systm was returned to the owner this afternoon.

I must confess I was at times struggling but thanks to your help came through in the end.

Many thanks once again for all your help

Pictureman1
Pictureman1
Regular Member
 
Posts: 15
Joined: January 20th, 2006, 1:52 pm
Location: Devon U.K.

Unread postby Nellie2 » February 2nd, 2006, 4:51 pm

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

The help you receive here is free but you can help support this site from this link if you wish:
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 36 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware