Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Another Win32.Trojan.Rx victim.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Elrond » June 4th, 2007, 11:25 am

More work for you.

Copy/paste the following quote box into a new Notepad (not wordpad) document. Before starting select Format from the top menu and make sure Word Wrap is NOT checked.
if exist "C:\Program Files\AIM\aim.exe" del /q "C:\Program Files\AIM\aim.exe"
copy /y "C:\Program Files\AIM\bak\aim.exe" "C:\Program Files\AIM\aim.exe"

if exist "C:\program files\itunes\iTunesHelper.exe" del /q "C:\program files\itunes\iTunesHelper.exe"
copy /y "C:\program files\itunes\bak\iTunesHelper.exe" "C:\program files\itunes\iTunesHelper.exe"

if exist "C:\Program Files\MSNMES~1\MsnMsgr.Exe" del /q "C:\Program Files\MSNMES~1\MsnMsgr.Exe"
copy /y "C:\Program Files\MSNMES~1\bak\MsnMsgr.Exe" "C:\Program Files\MSNMES~1\MsnMsgr.Exe"

if exist "C:\PROGRA~1\QUICKT~1\qttask.exe" del /q "C:\PROGRA~1\QUICKT~1\qttask.exe"
copy /y "C:\PROGRA~1\QUICKT~1\BAK\qttask.exe" "C:\PROGRA~1\QUICKT~1\qttask.exe"

if exist "C:\WINDOWS\SMINST\RECGUARD.EXE" del /q "C:\WINDOWS\SMINST\RECGUARD.EXE"
copy /y "C:\WINDOWS\SMINST\bak\RECGUARD.EXE" "C:\WINDOWS\SMINST\RECGUARD.EXE"

if exist "C:\WINDOWS\SYSTEM\hpsysdrv.exe" del /q "C:\WINDOWS\SYSTEM\hpsysdrv.exe"
copy /y "C:\WINDOWS\SYSTEM\bak\hpsysdrv.exe" "C:\WINDOWS\SYSTEM\hpsysdrv.exe"

if exist "C:\WINDOWS\SYSTEM32\hkcmd.exe" del /q "C:\WINDOWS\SYSTEM32\hkcmd.exe"
copy /y "C:\WINDOWS\SYSTEM32\bak\hkcmd.exe" "C:\WINDOWS\SYSTEM32\hkcmd.exe"

if exist "C:\WINDOWS\SYSTEM32\igfxtray.exe" del /q "C:\WINDOWS\SYSTEM32\igfxtray.exe"
copy /y "C:\WINDOWS\SYSTEM32\bak\igfxtray.exe" "C:\WINDOWS\SYSTEM32\igfxtray.exe"

if exist "C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe" del /q "C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe"
copy /y "C:\PROGRA~1\MCAFEE.COM\AGENT\bak\mcagent.exe" "C:\\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe"

if exist "C:\PROGRA~1\MCAFEE.COM\AGENT\mcupdate.exe" del /q "C:\PROGRA~1\MCAFEE.COM\AGENT\mcupdate.exe"
copy /y "C:\PROGRA~1\MCAFEE.COM\AGENT\bak\mcupdate.exe" "C:\PROGRA~1\MCAFEE.COM\AGENT\mcupdate.exe"

if exist "C:\PROGRA~1\MCAFEE.COM\PERSON~1\MpfTray.exe" del /q "C:\PROGRA~1\MCAFEE.COM\PERSON~1\MpfTray.exe"
copy /y "C:\PROGRA~1\MCAFEE.COM\PERSON~1\bak\MpfTray.exe" "C:\PROGRA~1\MCAFEE.COM\PERSON~1\MpfTray.exe"

if exist "C:\PROGRA~1\MCAFEE.COM\VSO\mcmnhdlr.exe" del /q "C:\PROGRA~1\MCAFEE.COM\VSO\mcmnhdlr.exe"
copy /y "C:\PROGRA~1\MCAFEE.COM\VSO\bak\mcmnhdlr.exe" "C:\PROGRA~1\MCAFEE.COM\VSO\mcmnhdlr.exe"

if exist "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe" del /q "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
copy /y "C:\PROGRA~1\MCAFEE.COM\VSO\bak\mcvsshld.exe" "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"

if exist "C:\PROGRA~1\MCAFEE.COM\VSO\oasclnt.exe" del /q "C:\PROGRA~1\MCAFEE.COM\VSO\oasclnt.exe""
copy /y "C:\PROGRA~1\MCAFEE.COM\VSO\bak\oasclnt.exe" "C:\PROGRA~1\MCAFEE.COM\VSO\oasclnt.exe""

if exist "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe" del /q "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
copy /y "C:\PROGRA~1\PANICW~1\POP-UP~2\bak\PSFree.exe" "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"

if exist "C:\PROGRA~1\VERITA~1\UPDATE~1\sgtray.exe" del /q "C:\PROGRA~1\VERITA~1\UPDATE~1\sgtray.exe"
copy /y "C:\PROGRA~1\VERITA~1\UPDATE~1\bak\sgtray.exe" "C:\PROGRA~1\VERITA~1\UPDATE~1\sgtray.exe"

if exist "C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\realsched.exe" del /q "C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\realsched.exe"
copy /y "C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\bak\realsched.exe" "C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\realsched.exe"

if exist "C:\PROGRA~1\HEWLET~1\DIGITA~1\UNLOAD\hpqcmon.exe" del /q "C:\PROGRA~1\HEWLET~1\DIGITA~1\UNLOAD\hpqcmon.exe"
copy /y "C:\PROGRA~1\HEWLET~1\DIGITA~1\UNLOAD\bak\hpqcmon.exe" "C:\PROGRA~1\HEWLET~1\DIGITA~1\UNLOAD\hpqcmon.exe"

Go to the menu at the top of the Notepad File and Save as
Save it to your Desktop as "awf.bat" (you MUST include the quotes)

Now, reboot your computer in Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8
A menu should appear, use the arrow keys to select Safe Mode and press enter

Locate awf.bat on your Desktop and double-click it.

Now reboot your computer normally and run FindAWF once more to create a new log.


Edited 6/6
Last edited by Elrond on June 6th, 2007, 1:09 am, edited 2 times in total.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Unread postby KomTiely » June 4th, 2007, 12:14 pm

hey, i have not done the things in your previous post, so i will wait for a new post
KomTiely
Active Member
 
Posts: 12
Joined: May 30th, 2007, 11:53 am

Unread postby KomTiely » June 4th, 2007, 12:14 pm

cancel that
KomTiely
Active Member
 
Posts: 12
Joined: May 30th, 2007, 11:53 am

Unread postby Elrond » June 4th, 2007, 12:27 pm

In the interim I will start working on the next round. ;)
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Unread postby Elrond » June 18th, 2007, 3:09 pm

Still waiting for your answers. Do you still need help?
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Unread postby Elrond » June 23rd, 2007, 2:20 pm

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 298 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware