log on/off musical chime is still out
Did you follow my instructions exactly? I'll lay them out step-by-step so that there is no confusion:
1. Open Windows Explorer(Right-Click on the Start button and click Explore), in the left pane click on C: then Qoobox then quarantine then c then Windows
(the Windows Explorer address bar should now show C:\Qoobox\quarantine\c\windows)
2.In the right pane, right-click on the Media folder and select Copy
3.Back in the left pane, click on C: again.
4.Now scroll down in the left pane and click on the Windows folder
5.Right-click on the Windows folder and select Paste
6.In the right pane, double-click on the Media folder to open it
7.For each file in the file that ends .wav.vir, right-click on the file, select rename, and remove the .vir part
When you get to SendMail.dll.vir, simply right-click on this file and select delete.
those C commands, are they actual files or commands contained within files? When I typed it under search, it referenced the log reports for Kapersky and HJack, so I just deleted the old scan reports....is that what you wanted or is there more? For future reference, is there a method to locate these files besides putting them in the "run" box? I don't want to run something that I shouldn't.....
Do you mean these:
C:\WINDOWS\system32\kdfmgr.exe
C:\102C.tmp
C:\1D28.tmp
C:\1D2E.tmp
Those are actual files that I want you to delete. Don't ever put any of these files (or others I ask/asked you to delete) in the Run box, you do not want them running and causing you to get infected again.
Here are the steps to delete these files and the ones I had you try earlier:
1. Open Windows Explorer (Right-Click on the Start button and click Explore)
2. Inside the Windows Explorer window, in the left pane, click on C:
3. In the right pane, find the following files on C: click on each filename and press the delete key as you find each one:
Program.exe
102C.tmp
1D28.tmp
1D2E.tmp
4. After those files have been deleted, in the left pane, click on system32. In the right pane, click on the filename and delete the following file:
kdfmgr.exe
Do not delete any other files in the system32 folder.
Empty your Recycle Bin and let me know if you had any trouble deleting any of the files.
The host program installed sends ads to a dummy address right ...127.0.0.01 or something like that.......how can I tell that my hosts are no longer corrupted....
The host program did the right thing, It replaced your corrupted hosts file with one that isn't corrupted.
.....and what can I do about those files listed as virus/spyware that the Kapersky report caught and my anti-virus didn't?
Deleting the files I listed above and emptying Trend Micro's quaratine folder will get rid them. Just remember to always keep your Anti-Virus uptodate.