Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91601 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

I might need a tune-up.....


  • Please log in to reply
10 replies to this topic

#1 tvhevh

tvhevh

    Authentic Member

  • Authentic Member
  • PipPip
  • 178 posts
  • Interests:Motorsports

Posted 28 February 2007 - 11:37 AM

I went to the self-help section and could do most of what was listed, except run the F-Secure online scan--it lists that it's only for Win2K and XP. It kept spitting up with an ActiveX problem every time I tried to run it.

The self-help also listed a Panda scan--without any description or explanation of same. I'm curious to know just what that is.

Anyway, here's the HJT log:


Logfile of HijackThis v1.99.1
Scan saved at 11:24:22 AM, on 2/28/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\TABLET.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\PROGRAM FILES\TV VIEWER\TVWAKEUP.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\TV VIEWER\ANNCLIST.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\SYSTEM\LTMSG.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\MULTIMEDIA CARD READER\SHWICON98.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\DESKTOP\SYSTEM INTEGRITY\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN2\YCOMP5_5_7_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN2\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [DellSC] C:\Program Files\Dell\Solution Center\service.exe
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Sunkist] C:\Program Files\Multimedia Card Reader\shwicon98.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [Tablet] C:\WINDOWS\SYSTEM\Tablet.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKLM\..\RunServices: [TVWakeup] C:\Progra~1\TVView~1\tvwakeup.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [VidSvr]
O4 - HKLM\..\RunServices: [Announcements] C:\Program Files\TV Viewer\annclist.exe
O4 - Startup: POWERR~1.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/...bGameLoader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: WebWorks Help 2.0 - file://C:\Program Files\procreate Painter Classic\Help\wwhelp2.cab
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0008.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab




Thanks--Tom vonHatten

    Advertisements

Register to Remove


#2 shelf life

shelf life

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 3,191 posts

Posted 12 March 2007 - 06:50 PM

hi tvhevh,

nothing stands out in the log, but that dosnt mean its not there.
does spybot search and destroy flag anything?
does AVG provide the location of the file?

have you ever tried to update internet explorer?
------------------------------------------------------------
f-secure, panda are online scanners, they use internet explorer and activeX.

Kaspersky virus scanner
http://www.kaspersky.com/virusscanner

click on online scanner, accept EULA, after it loads database (may take awhile) click next
click Scan settings button
select extended
Under Scan options check both Scan Archives and Scan Mail Bases, then ok
click on My computer link and scan will begin
after scan is done there is a option to Save report as a .txt file. Click that button. Copy and paste the report into your reply

Housecall at TrendMicro
http://housecall.tre.../start_corp.asp
check Auto Clean.

BitDefender Free Online Virus Scan
http://www.bitdefend...can/licence.php
check AutoClean under Scan Options.


eTrust Antivirus Web Scanner
http://www3.ca.com/s...sinfo/scan.aspx
------------------------------------------
let me know if you have any luck.

shelf life
How Can I Reduce My Risk?

#3 tvhevh

tvhevh

    Authentic Member

  • Authentic Member
  • PipPip
  • 178 posts
  • Interests:Motorsports

Posted 16 March 2007 - 03:54 PM

I ran Kaspersky--it wouldn't let me save as a text file--only as an HTML file (Web Page) I've copied all the info, and pasted it here: KASPERSKY ONLINE SCANNER REPORT Friday, March 16, 2007 3:38:12 PM Operating System: Microsoft Windows Millennium Edition Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 14/03/2007 Kaspersky Anti-Virus database records: 281798 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer a:\ c:\ d:\ e:\ Scan Statistics Total number of scanned objects 97195 Number of viruses found 16 Number of infected objects 28 / 0 Number of suspicious objects 0 Duration of the scan process 02:23:14 Infected Object Name Virus Name Last Action c:\WINDOWS\SYSTEM\WBEM\REPOSITORY\CIM.REP Object is locked skipped c:\WINDOWS\SYSTEM\CATROOT\SYSMAST.CBD Object is locked skipped c:\WINDOWS\SYSTEM\CATROOT\SYSMAST.CBK Object is locked skipped c:\WINDOWS\SYSTEM\CATROOT\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbd Object is locked skipped c:\WINDOWS\SYSTEM\CATROOT\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbk Object is locked skipped c:\WINDOWS\SYSTEM\woinst.exe/data0006 Infected: Trojan-Dropper.Win32.Agent.hy skipped c:\WINDOWS\SYSTEM\woinst.exe NSIS: infected - 1 skipped c:\WINDOWS\Sti_Trace.log Object is locked skipped c:\WINDOWS\COOKIES\INDEX.DAT Object is locked skipped c:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT Object is locked skipped c:\WINDOWS\WIN386.SWP Object is locked skipped c:\WINDOWS\SCHEDLOG.TXT Object is locked skipped c:\WINDOWS\Sti_Event.log Object is locked skipped c:\WINDOWS\TEMP\mosgthrsvc\Ntf3093.TMP Object is locked skipped c:\WINDOWS\TEMP\mosgthrsvc\Ntf3094.TMP Object is locked skipped c:\WINDOWS\TEMP\ZLT05189.TMP Object is locked skipped c:\WINDOWS\TEMP\~DF39D2.TMP Object is locked skipped c:\WINDOWS\TEMP\~DF6744.TMP Object is locked skipped c:\WINDOWS\WIASERVC.LOG Object is locked skipped c:\WINDOWS\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped c:\WINDOWS\Application Data\casino.exe Infected: not-a-virus:AdWare.Win32.Casino.p skipped c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\qk4bpc3o.Default User\Cache\_CACHE_MAP_ Object is locked skipped c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\qk4bpc3o.Default User\Cache\_CACHE_001_ Object is locked skipped c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\qk4bpc3o.Default User\Cache\_CACHE_002_ Object is locked skipped c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\qk4bpc3o.Default User\Cache\_CACHE_003_ Object is locked skipped c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\qk4bpc3o.Default User\history.dat Object is locked skipped c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\qk4bpc3o.Default User\cert8.db Object is locked skipped c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\qk4bpc3o.Default User\key3.db Object is locked skipped c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\qk4bpc3o.Default User\search.sqlite Object is locked skipped c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\qk4bpc3o.Default User\urlclassifier2.sqlite Object is locked skipped c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\qk4bpc3o.Default User\parent.lock Object is locked skipped c:\WINDOWS\Application Data\AVG7\Log\emc.log Object is locked skipped c:\WINDOWS\Downloaded Program Files\flash.inf Infected: not-a-virus:AdWare.Win32.BetterInternet.as skipped c:\WINDOWS\Temporary Internet Files\CONTENT.IE5\index.dat Object is locked skipped c:\WINDOWS\All Users\Application Data\Microsoft\Office Search Services\IndexingService\Projects\System\System.Ntfy36.gthr Object is locked skipped c:\WINDOWS\All Users\Application Data\Microsoft\Office Search Services\IndexingService\Projects\System\Build\Indexer\NlFiles\CiP10000.000 Object is locked skipped c:\WINDOWS\All Users\Application Data\Microsoft\Office Search Services\IndexingService\Projects\System\Build\Indexer\NlFiles\CiST0000.000 Object is locked skipped c:\WINDOWS\All Users\Application Data\Microsoft\Office Search Services\IndexingService\Projects\System\Build\Indexer\NlFiles\DocId.Map Object is locked skipped c:\WINDOWS\All Users\Application Data\Microsoft\Office Search Services\IndexingService\Projects\System\Build\Indexer\NlFiles\propstor.bk1 Object is locked skipped c:\WINDOWS\All Users\Application Data\Microsoft\Office Search Services\IndexingService\Projects\System\Build\Indexer\NlFiles\00000002.ps1 Object is locked skipped c:\WINDOWS\All Users\Application Data\Microsoft\Office Search Services\IndexingService\Projects\System\Build\Indexer\CiFiles\CiPT0000.000 Object is locked skipped c:\WINDOWS\All Users\Application Data\Microsoft\Office Search Services\IndexingService\Projects\System\Build\Indexer\CiFiles\INDEX.000 Object is locked skipped c:\WINDOWS\All Users\Application Data\Microsoft\Office Search Services\IndexingService\Projects\System\Build\Indexer\CiFiles\CiCL0001.000 Object is locked skipped c:\WINDOWS\All Users\Application Data\Microsoft\Office Search Services\IndexingService\Projects\System\Build\Indexer\CiFiles\CiSL0001.000 Object is locked skipped c:\WINDOWS\All Users\Application Data\Microsoft\Office Search Services\IndexingService\Projects\System\Build\Indexer\CiFiles\00010001.ci Object is locked skipped c:\WINDOWS\All Users\Application Data\Microsoft\Office Search Services\IndexingService\Projects\System\System.Crwl668.gthr Object is locked skipped c:\WINDOWS\All Users\Application Data\Microsoft\Office Search Services\IndexingService\Projects\System\System.Crwl669.gthr Object is locked skipped c:\WINDOWS\All Users\Application Data\Microsoft\Office Search Services\IndexingService\GatherLogs\System.398.gthr Object is locked skipped c:\WINDOWS\All Users\Application Data\Microsoft\Office Search Services\IndexingService\GatherLogs\System.398.Crwl Object is locked skipped c:\WINDOWS\All Users\Application Data\tatss\patchme.exe/init.dll Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.h skipped c:\WINDOWS\All Users\Application Data\tatss\patchme.exe/pcsvc.exe Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.a skipped c:\WINDOWS\All Users\Application Data\tatss\patchme.exe/pcsvc.dll Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.a skipped c:\WINDOWS\All Users\Application Data\tatss\patchme.exe/init.dll Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.h skipped c:\WINDOWS\All Users\Application Data\tatss\patchme.exe/pcsvcAccess.ocx Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.a skipped c:\WINDOWS\All Users\Application Data\tatss\patchme.exe/dpi.exe Infected: not-a-virus:NetTool.Win32.Dpi skipped c:\WINDOWS\All Users\Application Data\tatss\patchme.exe ViseMan: infected - 6 skipped c:\WINDOWS\All Users\Application Data\tatss\patchme.exe ViseMan: infected - 6 skipped c:\WINDOWS\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped c:\WINDOWS\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped c:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped c:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped c:\WINDOWS\Internet Logs\PC_6.ldb Object is locked skipped c:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped c:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped c:\_RESTORE\TEMP\A0132663.CPY Infected: Trojan-Downloader.Win32.Small.beu skipped c:\_RESTORE\ARCHIVE\CHANGE.LOG Object is locked skipped c:\_RESTORE\LOGS\vxdsfp.log Object is locked skipped c:\_RESTORE\LOGS\vxdalt1.log Object is locked skipped c:\Program Files\TV Viewer\ANNCLIST.FIL Object is locked skipped c:\Program Files\TV Viewer\annlog.txt Object is locked skipped c:\msrbvvqeqdx.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped c:\!Submit\odbs.log Infected: Trojan.JS.StartPage.x skipped c:\!Submit\abi.exe Infected: not-a-virus:AdWare.Win32.BetterInternet skipped c:\!Submit\loud.exe Infected: not-a-virus:AdWare.Win32.WinAD.z skipped c:\!Submit\connmie.exe Infected: not-a-virus:AdWare.Win32.FindSpy.a skipped c:\!Submit\dxconf.exe Infected: not-a-virus:AdWare.Win32.FindSpy.a skipped c:\!Submit\psis80ex.ax/C:/WINDOWS/SYSTEM/mscb.dll Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped c:\!Submit\psis80ex.ax/C:/Program Files/CashBack/bin/cashback.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.p skipped c:\!Submit\psis80ex.ax/C:/Program Files/CashBack/bin/cb.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped c:\!Submit\psis80ex.ax/C:/Program Files/CashBack/bin/flash.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped c:\!Submit\psis80ex.ax ZIP: infected - 4 skipped c:\!Submit\javex80.vxd/C:/WINDOWS/SYSTEM/nvms.dll Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped c:\!Submit\javex80.vxd/C:/Program Files/NaviSearch/bin/nls.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped c:\!Submit\javex80.vxd ZIP: infected - 2 skipped c:\!Submit\HDPlugin1019.dll Infected: not-a-virus:AdWare.Win32.Gator.1019 skipped Scan process completed. I apologize for the slow response--I'm doing this in between travel from home, and my wife and daughters aren't all that interested in maintenance--just usage of the machines. I'll report once I run the other programs you listed. --Tom vonHatten

#4 tvhevh

tvhevh

    Authentic Member

  • Authentic Member
  • PipPip
  • 178 posts
  • Interests:Motorsports

Posted 17 March 2007 - 05:42 PM

Here's the results from the BitDefender Scan. It deleted some of the files, and couldn't do so with others. BitDefender Online Scanner,,, "Scan report generated at: Fri, Mar 16, 2007 - 19:35:53",,, Scan path: A:\;C:\;D:\;E:\;,,, ,,, Statistics,,, Time,3:31:38,, Files,647595,, Folders,5675,, Boot Sectors,2,, Archives,2257,, Packed Files,28400,, ,,, Results,,, Identified Viruses ,14,, Infected Files ,21,, Suspect Files ,1,, Warnings,0,, Disinfected,0,, Deleted Files,18,, Engines Info,,, Virus Definitions,405543,, Engine build,AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08),, Scan plugins,14,, Archive plugins,38,, Unpack plugins,5,, E-mail plugins,6,, System plugins,1,, Scan Settings,,, First Action,Disinfect,, Second Action,Delete,, Heuristics,Yes,, Enable Warnings,Yes,, Scanned Extensions,*;,, Exclude Extensions,,, Scan Emails,Yes,, Scan Archives,Yes,, Scan Packed,Yes,, Scan Files,Yes,, Scan Boot,Yes,, ,,, Scanned File, Status,, C:\WINDOWS\SYSTEM\cidaconf.exe,Infected with: Trojan.Sillydl.4LW,, C:\WINDOWS\SYSTEM\cidaconf.exe,Disinfection failed,, C:\WINDOWS\SYSTEM\cidaconf.exe,Deleted,, C:\WINDOWS\SYSTEM\woinst.exe,Infected with: Trojan.Dropper.Agent.HY,, C:\WINDOWS\SYSTEM\woinst.exe,Disinfection failed,, C:\WINDOWS\SYSTEM\woinst.exe,Deleted,, C:\WINDOWS\HELP\CHMRedir.chm,Infected with: Trojan.Bloon.A,, C:\WINDOWS\HELP\CHMRedir.chm,Disinfection failed,, C:\WINDOWS\HELP\CHMRedir.chm,Deleted,, C:\WINDOWS\All Users\Application Data\tatss\patchme.exe=>(VISE Installer o)=>dpi.exe,Detected with: Application.Downloader.Js,, C:\WINDOWS\All Users\Application Data\tatss\patchme.exe=>(VISE Installer o)=>dpi.exe,Disinfection failed,, C:\WINDOWS\All Users\Application Data\tatss\patchme.exe=>(VISE Installer o)=>dpi.exe,Deleted,, C:\WINDOWS\All Users\Application Data\tatss\patchme.exe=>(VISE Installer o),Update failed,, C:\WINDOWS\All Users\Application Data\tatss\patchme.exe=>(VISE Installer o)=>dpi.exe,Detected with: Application.Downloader.Js,, C:\WINDOWS\All Users\Application Data\tatss\patchme.exe=>(VISE Installer o)=>dpi.exe,Disinfection failed,, C:\WINDOWS\All Users\Application Data\tatss\patchme.exe=>(VISE Installer o)=>dpi.exe,Deleted,, C:\WINDOWS\All Users\Application Data\tatss\patchme.exe=>(VISE Installer o),Update failed,, C:\WINDOWS\system.sam,Infected with: Trojan.StartPage.PM,, C:\WINDOWS\system.sam,Disinfection failed,, C:\WINDOWS\system.sam,Deleted,, C:\WINDOWS\backup\T\50318000.DAT=>(Embedded EXE g),Infected with: Trojan.Downloader.Agent.Z,, C:\WINDOWS\backup\T\50318000.DAT=>(Embedded EXE g),Disinfection failed,, C:\WINDOWS\backup\T\50318000.DAT=>(Embedded EXE g),Deleted,, C:\WINDOWS\backup\T\50318000.DAT,Update failed,, C:\_RESTORE\TEMP\A0132663.CPY,Infected with: Trojan.Downloader.Small.BEU,, C:\_RESTORE\TEMP\A0132663.CPY,Disinfection failed,, C:\_RESTORE\TEMP\A0132663.CPY,Delete failed,, C:\_RESTORE\TEMP\A0261497.CPY,Infected with: Trojan.StartPage.PM,, C:\_RESTORE\TEMP\A0261497.CPY,Disinfection failed,, C:\_RESTORE\TEMP\A0261497.CPY,Delete failed,, C:\_RESTORE\TEMP\A0261492.CPY,Infected with: Trojan.Sillydl.4LW,, C:\_RESTORE\TEMP\A0261492.CPY,Disinfection failed,, C:\_RESTORE\TEMP\A0261492.CPY,Delete failed,, C:\_RESTORE\TEMP\A0261493.CPY,Infected with: Trojan.Dropper.Agent.HY,, C:\_RESTORE\TEMP\A0261493.CPY,Disinfection failed,, C:\_RESTORE\TEMP\A0261493.CPY,Delete failed,, C:\$VAULT$.AVG\65973475.FIL,Infected with: Exploit.Win32.WMF-PFV.C,, C:\$VAULT$.AVG\65973475.FIL,Disinfection failed,, C:\$VAULT$.AVG\65973475.FIL,Deleted,, C:\$VAULT$.AVG\97347658.FIL,Infected with: Trojan.Downloader.Tiny.O,, C:\$VAULT$.AVG\97347658.FIL,Disinfection failed,, C:\$VAULT$.AVG\97347658.FIL,Deleted,, C:\$VAULT$.AVG\84052042.FIL,Infected with: Trojan.Downloader.Tiny.O,, C:\$VAULT$.AVG\84052042.FIL,Disinfection failed,, C:\$VAULT$.AVG\84052042.FIL,Deleted,, C:\$VAULT$.AVG\53546439.FIL,Infected with: Trojan.Downloader.Tiny.O,, C:\$VAULT$.AVG\53546439.FIL,Disinfection failed,, C:\$VAULT$.AVG\53546439.FIL,Deleted,, C:\$VAULT$.AVG\97137975.FIL,Infected with: Trojan.Downloader.Tiny.O,, C:\$VAULT$.AVG\97137975.FIL,Disinfection failed,, C:\$VAULT$.AVG\97137975.FIL,Deleted,, C:\msrbvvqeqdx.exe,Infected with: Trojan.Downloader.87,, C:\msrbvvqeqdx.exe,Disinfection failed,, C:\msrbvvqeqdx.exe,Deleted,, C:\!Submit\odbs.log,Infected with: Trojan.Js.Startpage.X,, C:\!Submit\odbs.log,Disinfection failed,, C:\!Submit\odbs.log,Deleted,, C:\!Submit\abi.exe,Infected with: Trojan.BettInet.A,, C:\!Submit\abi.exe,Disinfection failed,, C:\!Submit\abi.exe,Deleted,, C:\!Submit\loud.exe,Suspected of: BehavesLike:Trojan.Downloader,, C:\!Submit\loud.exe,Disinfection failed,, C:\!Submit\loud.exe,Deleted,, C:\!Submit\connmie.exe,Infected with: Trojan.Clicker.P,, C:\!Submit\connmie.exe,Disinfection failed,, C:\!Submit\connmie.exe,Deleted,, C:\!Submit\dxconf.exe,Infected with: Trojan.Click.239,, C:\!Submit\dxconf.exe,Disinfection failed,, C:\!Submit\dxconf.exe,Deleted,, --Tom vonHatten

#5 shelf life

shelf life

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 3,191 posts

Posted 18 March 2007 - 02:43 PM

hi tvhevh,

thanks for all the info. there are some "protected" files AV cant touch, thats why you see:
Object is locked skipped

some others are in your system restore archive, we can clean those by making a new restore point, once it all looks good.

please download, install, update and scan with Ad Aware:

http://www.lavasoftu...se_personal.php

after using ad aware reboot once, rescan and post a new hjt log.

shelf life
How Can I Reduce My Risk?

#6 tvhevh

tvhevh

    Authentic Member

  • Authentic Member
  • PipPip
  • 178 posts
  • Interests:Motorsports

Posted 19 March 2007 - 05:28 PM

Did the AdAware can and cleanup.

Here's the new HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 5:16:18 PM, on 3/19/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\TABLET.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\PROGRAM FILES\TV VIEWER\TVWAKEUP.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\TV VIEWER\ANNCLIST.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\DELL\SOLUTION CENTER\SERVICE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LTMSG.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\MULTIMEDIA CARD READER\SHWICON98.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\DESKTOP\SYSTEM INTEGRITY\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN2\YCOMP5_5_7_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN2\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [DellSC] C:\Program Files\Dell\Solution Center\service.exe
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Sunkist] C:\Program Files\Multimedia Card Reader\shwicon98.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [Tablet] C:\WINDOWS\SYSTEM\Tablet.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKLM\..\RunServices: [TVWakeup] C:\Progra~1\TVView~1\tvwakeup.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [VidSvr]
O4 - HKLM\..\RunServices: [Announcements] C:\Program Files\TV Viewer\annclist.exe
O4 - Startup: POWERR~1.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/...bGameLoader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: WebWorks Help 2.0 - file://C:\Program Files\procreate Painter Classic\Help\wwhelp2.cab
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0008.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...ebscan_ansi.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab


--TvH

#7 shelf life

shelf life

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 3,191 posts

Posted 20 March 2007 - 02:53 PM

hi tvhevh, ok good. see if you can find and delete this folder:tatss located here: C:\WINDOWS\All Users\Application Data\ might have to do this first: Windows ME * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View Tab. * Under the Hidden files and folders heading select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Click Yes to confirm. * Click OK. * Click Start, Programs and Accessories and open Windows Explorer. * Select a hard drive from the left hand side of the Windows Explorer window. * Select View the Entire contents of this drive. looking any better on that end? shelf life
How Can I Reduce My Risk?

#8 tvhevh

tvhevh

    Authentic Member

  • Authentic Member
  • PipPip
  • 178 posts
  • Interests:Motorsports

Posted 21 March 2007 - 06:40 PM

Got rid of the folder. I guess we'll see what happens. I'm going to reboot right now. --Tom vonHatten

#9 tvhevh

tvhevh

    Authentic Member

  • Authentic Member
  • PipPip
  • 178 posts
  • Interests:Motorsports

Posted 24 March 2007 - 06:30 AM

I still get a message from AVG when it does a scan about the following file being infected: C:\_RESTORE\TEMP\A0132663.CPY AVG says it has a "Trojan Horse Downloader.Generic.VGV" How do I get rid of this file? --TvH

#10 shelf life

shelf life

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 3,191 posts

Posted 24 March 2007 - 04:27 PM

hi tvhevh,

looks like thats in your system restore archive. we can make new restore points like this:

1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.(new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot

How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb;en-us;310405
How Can I Reduce My Risk?

#11 tvhevh

tvhevh

    Authentic Member

  • Authentic Member
  • PipPip
  • 178 posts
  • Interests:Motorsports

Posted 28 March 2007 - 06:56 PM

I took care of the restore points. Things now seem better. Thanks for your help. --Tom vonHatten

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users