|
Home Forum Radio Memberlist Help Search Quick Links | |
| Forum Index » Internet » Spyware / Virus Removal » Help With Virus Tspy_alemod.a |
| Spyware / Virus Removal Spyware, virus, browser hijack and other malware removal. |
 |
 |
|
Thread Tools | Display Modes |  |
|
#1
07-11-2005, 06:05 PM
|
||||
|
||||
|
Help I have a nasty virus that I can't get rid of. This spyware drops the following files in the windows system folder: OLEADM.DLL & OLEADM32.DLL It then drops the file WININIT.INI in the windows folder. The said .INI file renames the dropped file OLEADM32.DLL to WININET.DLL at system startup. It then overwrites the original WININET.DLL file, which is in the windows system folder. Note: the file OLEADM32.DLL is a modified copy of the WININET.DLL. This modified copy contains a malicious code. Can you please help me get rid of this bug? I have Windows XP Home. Thanks, Paul
|
 Posted |
|
#2
07-11-2005, 07:43 PM
|
||||
|
||||
|
Hi paul lets first run an online scan here and set it to auto clean please. When its done and cleaned I want you to go to step 2.
Virus scan -> http://housecall.trendmicro.com/hous...start_corp.asp Step 2-- Get The latest version of Adaware You can download the free version here: http://www.lavasoftusa.com/support/download/ You need to be logged on as Adminstrator through the installation. For ease in installation and operation, view the tutorial here http://www.cyberanswers.org/articles/adaware.htm Just download it to your desktop and then to install click on the file you just downloaded (aawsepersonal.exe). You will be guided through the installation. It is recommended to use the default setting of "Protect anyone who uses this computer". On the main screen of Adaware please look for the *check for updates now* link, just above the start button in the bottom right corner or you can click on the Webupdate button that looks like a globe icon at the top. Press * connect* to let it check for any recent updates. If any are found, please let it download and install them. Now, configure your settings. Click the gear icon at the top. These are the recommended settings: AAW SE settings General Button Safety: Check (Green) all three. Advanced Button Logfile Detail Level: All options under this should be checked (Green). Tweak Button Check (Green) the following: Log Files Include basic Ad-Aware settings in logfile: Include additional Ad-Aware settings in logfile: Please do not check (Green): Include Module list in logfile: On your first scan, use the Full Scan (Perform full system scan) mode. Let Adaware remove any *bad* objects found. Reboot your PC and scan again. Repeat this process until no more bad items are found. It may take several scans to clean everything, depending on the type of infections found. Step 2: Download Spybot - Search & Destroy, from here http://security.kolla.de/: if you haven't already got the program. For ease in installation and operation you can opt to view the tutorial here http://www.cyberanswers.org/articles/spybot-s&d.htm Click on Settings, and Settings again. Go to the Webupdate section, and check Display also available beta versions. Now press Online, and search for, and put a check mark next to all updates, and install following the prompts. Next, close all Internet Explorer windows, and click Check for Problems. Once the scan is complete, have SpyBot remove all it finds marked in RED. Step 3: Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK. Step 4: Empty the Recycle Bin Step 5: Create a folder on your hard drive somewhere like in "My Documents" and name it Hijackthis Download 'Hijack This to its own folder http://www.merijn.org/files/hijackthis.zip Doubleclick HijackThis.exe, and hit "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log, load it in Notepad, and copy its contents here. |
|
#3
07-11-2005, 11:36 PM
|
||||
|
||||
|
Logfile of HijackThis v1.99.1
Scan saved at 8:33:27 PM, on 7/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\WINDOWS\wanmpsvc.exe C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Error Nuker\bin\ErrorNuker.exe C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HJT\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.2.1.34/chec...g-ob-assets.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409 O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/en...ach_core_1.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1114286376765 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Here is my HijackThis file. The one problem I had was that I was unable to delete my Windows temp folder. When I tried it said: CANNOT DELETE ISTMP2.DIR ACCESS IS DENIED. Any ideas? Thanks, Paul |
|
#4
07-11-2005, 11:59 PM
|
||||
|
||||
|
Windows sometimes like to hang on to some temp files so retry in the am. Also did it detect and remove anything ?
Also rescan with a different scanner from http://www.cyberanswers.org/forum/index.ph...ge&pg=virusscan just to be sure. |
|
#5
07-13-2005, 01:09 AM
|
||||
|
||||
|
Hello, I still can't delete some items in my temp folder, and rescanning with a different scanner didn't get rid of this darn virus. Here is a new HijackThis Log.
Logfile of HijackThis v1.99.1 Scan saved at 10:08:19 PM, on 7/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\WINDOWS\wanmpsvc.exe C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Error Nuker\bin\ErrorNuker.exe C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\HJT\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.2.1.34/chec...g-ob-assets.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409 O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/en...ach_core_1.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1114286376765 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Can you please Help me?? Thanks, Paul |
|
#6
07-13-2005, 08:42 AM
|
||||
|
||||
|
Download: eScans mwav (freeware)
http://www.mwti.net/antivirus/free_utilities.asp • Once installed • Double-click it to run it, select: all local drives • Scan all files, press Scan • When completed, anything suspicious found will be displayed in the lower pane. • Highlight it, (lower pane) press CTRL + C keys • Reply to your Topic, right-click and paste it in your next reply. |
|
#7
07-13-2005, 03:39 PM
|
||||
|
||||
|
File C:\WINDOWS\System32\OLEADM.dll infected by "Trojan.Win32.Agent.eo" Virus! Action Taken: No Action Taken.
Object "Quicken Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "myway Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "CWS.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "l.exe Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "MaxSpeed Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken. Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken. Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken. Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. File C:\WINDOWS\system32\ms.exe infected by "Trojan-Downloader.Win32.VB.cw" Virus! Action Taken: No Action Taken. File C:\WINDOWS\system32\oleadm.dll infected by "Trojan.Win32.Agent.eo" Virus! Action Taken: No Action Taken. File C:\AOL Instant Messenger\AIM.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpkw_setupSTUS\comp02.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpkw_setupSTUS\comps\asp\aspsetup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpkw_setupSTUS\comps\deskbar\deskbr.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpkw_setupSTUS\comps\toolbar\toolbr.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Documents and Settings\All Users\Documents\AOL Downloads\aolsetup90\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temp\addit.exe tagged as "not-a-virus:AdWare.Midadle.b". Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temp\all_files7.exe infected by "Backdoor.Win32.Ruledor.e" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temp\ClrSch\FNuninstaller.EX_ tagged as "not-a-virus:AdWare.ClearSearch.n". Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temp\common.dll tagged as "not-a-virus:AdWare.WebSearch.a". Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temp\TBPS.exe tagged as "not-a-virus:AdWare.WebSearch.a". Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temp\toolbar.dll tagged as "not-a-virus:AdWare.WebSearch.a". Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temp\~407664.tmp tagged as "not-a-virus:AdWare.Wintol.j". Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temp\~408032.tmp tagged as "not-a-virus:AdWare.Wintol.k". Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temp\~432294.tmp tagged as "not-a-virus:AdWare.Wintol.k". Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temp\~434276.tmp tagged as "not-a-virus:AdWare.Wintol.k". Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temp\~438579.tmp tagged as "not-a-virus:AdWare.Wintol.j". Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temp\~508258.tmp tagged as "not-a-virus:AdWare.Wintol.j". Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temp\~568469.tmp tagged as "not-a-virus:AdWare.Wintol.j". Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temp\~673109.tmp tagged as "not-a-virus:AdWare.Wintol.j". Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temp\~687586.tmp tagged as "not-a-virus:AdWare.Wintol.k". Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temp\~709837.tmp infected by "Trojan-Downloader.Win32.Wintool.a" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temp\~723961.tmp tagged as "not-a-virus:AdWare.Wintol.j". Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temp\~727946.tmp tagged as "not-a-virus:AdWare.Wintol.k". Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temp\~800382.tmp tagged as "not-a-virus:AdWare.Wintol.j". Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temp\~924998.tmp tagged as "not-a-virus:AdWare.Wintol.j". Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temp\~954548.tmp tagged as "not-a-virus:AdWare.Wintol.k". Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\2HSZU961\mtrslib2[1].js infected by "Trojan-Downloader.JS.Small.ag" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\433RUWPH\prompt[1].php infected by "Trojan-Downloader.JS.IstBar.j" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\6DGJ2HYT\mtrslib2[1].js infected by "Exploit.HTML.CodeBaseExec" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\6DGJ2HYT\prompt[1].htm infected by "Exploit.HTML.CodeBaseExec" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\6POV690T\mtrslib2[1].js infected by "Trojan-Downloader.JS.Small.ag" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\6POV690T\prompt[1].php infected by "Trojan-Downloader.JS.WinAD.a" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\6POV690T\prompt[2].php infected by "Trojan-Downloader.JS.WinAD.a" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\6POV690T\prompt[3].php infected by "Trojan-Downloader.JS.WinAD.a" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\BY0RNXO9\test[1].htm infected by "Exploit.JS.ScriptSrc.a" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\CZ67U12X\downloads_manager[1].htm infected by "Exploit.HTML.CodeBaseExec" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\CZ67U12X\Topr1150_1156_autopop[1].exe tagged as "not-a-virus:AdWare.HelpExpress". Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\I5H6RYHW\prompt[1].htm infected by "Exploit.HTML.CodeBaseExec" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\ILCHKPUX\CartoonCoveSetup[1].exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\K1SP2B8H\second-random-page[1].htm infected by "Trojan-Clicker.JS.Linker.j" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\KD2FODQ3\mtrslib2[1].js infected by "Trojan-Downloader.JS.Small.ag" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\KHMF0HYJ\index[1].htm infected by "Trojan-Clicker.JS.Linker.h" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\KHMF0HYJ\prompt[1].htm infected by "Trojan-Downloader.JS.IstBar.b" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\O3LF2QZT\media[1].htm infected by "Trojan-Clicker.JS.Linker.j" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\VMW3JHOX\new2[1].chm infected by "Trojan-Downloader.VBS.Psyme.based" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\Chris\Local Settings\Temp\~288308.tmp tagged as "not-a-virus:AdWare.Wintol.j". Action Taken: No Action Taken. File C:\Documents and Settings\Chris\Local Settings\Temp\~332037.tmp tagged as "not-a-virus:AdWare.Wintol.j". Action Taken: No Action Taken. File C:\Documents and Settings\Chris\Local Settings\Temp\~338014.tmp infected by "Trojan-Downloader.Win32.Wintool.a" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\Chris\Local Settings\Temp\~345709.tmp tagged as "not-a-virus:AdWare.Wintol.j". Action Taken: No Action Taken. File C:\Documents and Settings\Chris\Local Settings\Temp\~394904.tmp tagged as "not-a-virus:AdWare.Wintol.k". Action Taken: No Action Taken. File C:\Documents and Settings\Chris\Local Settings\Temp\~398508.tmp tagged as "not-a-virus:AdWare.Wintol.j". Action Taken: No Action Taken. File C:\Documents and Settings\Chris\Local Settings\Temp\~429513.tmp infected by "Trojan-Downloader.Win32.Wintool.a" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\Chris\Local Settings\Temp\~431080.tmp tagged as "not-a-virus:AdWare.Wintol.j". Action Taken: No Action Taken. File C:\Documents and Settings\Chris\Local Settings\Temp\~730641.tmp tagged as "not-a-virus:AdWare.Wintol.j". Action Taken: No Action Taken. File C:\Documents and Settings\Chris\Local Settings\Temp\~738653.tmp tagged as "not-a-virus:AdWare.Wintol.k". Action Taken: No Action Taken. File C:\Documents and Settings\Chris\Local Settings\Temp\~740190.tmp tagged as "not-a-virus:AdWare.Wintol.k". Action Taken: No Action Taken. File C:\Documents and Settings\Chris\Local Settings\Temp\~794867.tmp infected by "Trojan-Downloader.Win32.Wintool.a" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\Chris\Local Settings\Temp\~800440.tmp infected by "Trojan-Downloader.Win32.Wintool.a" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\Chris\Local Settings\Temp\~809856.tmp tagged as "not-a-virus:AdWare.Wintol.k". Action Taken: No Action Taken. File C:\Documents and Settings\Chris\Local Settings\Temp\~812447.tmp tagged as "not-a-virus:AdWare.Wintol.j". Action Taken: No Action Taken. File C:\Documents and Settings\Chris\Local Settings\Temp\~839093.tmp tagged as "not-a-virus:AdWare.Wintol.k". Action Taken: No Action Taken. File C:\Documents and Settings\Chris\Local Settings\Temp\~840876.tmp infected by "Trojan-Downloader.Win32.Wintool.a" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\Chris\Local Settings\Temp\~844080.tmp tagged as "not-a-virus:AdWare.Wintol.k". Action Taken: No Action Taken. File C:\Documents and Settings\Chris\Local Settings\Temp\~844607.tmp infected by "Trojan-Downloader.Win32.Wintool.a" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\Chris\Local Settings\Temp\~845153.tmp tagged as "not-a-virus:AdWare.Wintol.j". Action Taken: No Action Taken. File C:\Documents and Settings\Chris\Local Settings\Temp\~876347.tmp tagged as "not-a-virus:AdWare.Wintol.j". Action Taken: No Action Taken. File C:\Documents and Settings\Chris\Local Settings\Temp\~886749.tmp tagged as "not-a-virus:AdWare.Wintol.j". Action Taken: No Action Taken. File C:\Documents and Settings\Chris\Local Settings\Temp\~940259.tmp infected by "Trojan-Downloader.Win32.Wintool.a" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\Chris\Local Settings\Temp\~999208.tmp tagged as "not-a-virus:AdWare.Wintol.j". Action Taken: No Action Taken. File C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr3470\CxtPls.exe infected by "Trojan-Downloader.Win32.Apropo.m" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr3470\WinGenerics.dll infected by "Trojan-Downloader.Win32.Apropo.p" Virus! Action Taken: No Action Taken. File C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr3BD3 tagged as "not-a-virus:AdWare.WinFetcher.e". Action Taken: No Action Taken. File C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr73CA\common.dll tagged as "not-a-virus:AdWare.Wintol.s". Action Taken: No Action Taken. File C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr73CA\toolbar.dll tagged as "not-a-virus:AdWare.Wintol.s". Action Taken: No Action Taken. File C:\Documents and Settings\Owner\Local Settings\Temp\temp.frC517 tagged as "not-a-virus:AdWare.Midadle.d". Action Taken: No Action Taken. File C:\Documents and Settings\Owner\Local Settings\Temp\temp.frFFC8\toolbar.dll tagged as "not-a-virus:AdWare.WebSearch.d". Action Taken: No Action Taken. File C:\hp\bin\Python-2.2.1.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\hp\bin\Terminator.exe tagged as not-a-virus:Tool.Win32.KillApp.a. No Action Taken. File C:\hp\bin\win32all-146.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\America Online 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\America Online 9.0a\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\America Online 9.0b\backup\restore\comp02.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\America Online 9.0b\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\America Online 9.0c\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\AOL Deskbar\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\AOL Toolbar\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Common Files\AOL\AOL Spyware Protection\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Common Files\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\FileSubmit\Be our Guide\nnez_388.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken. File C:\Program Files\FileSubmit\Be our Guide\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\HP Instant Support\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\interMute\SpamSubtract\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Microsoft AntiSpyware\Quarantine\0650933D-13BD-4880-95E3-BE1D6D\2AD85414-CF9B-4C8E-AB17-DEAF65 infected by "Trojan.Win32.StartPage.uz" Virus! Action Taken: No Action Taken. File C:\Program Files\Microsoft AntiSpyware\Quarantine\14CBFA50-61B3-411D-88E7-06756B\3A5C44B3-3C6B-4496-B5FA-DCE6E0 infected by "Trojan.Win32.StartPage.uz" Virus! Action Taken: No Action Taken. File C:\Program Files\Microsoft AntiSpyware\Quarantine\16AFF862-D76F-43E2-BCE7-CEFEA1\32F22B9C-2B19-4652-9BC9-CA7F2F infected by "Trojan.Win32.StartPage.uz" Virus! Action Taken: No Action Taken. File C:\Program Files\Microsoft AntiSpyware\Quarantine\4067BAC2-330A-44B9-B0FD-92676D\BF6338F7-18DB-4935-9664-26351A infected by "Trojan.Win32.StartPage.uz" Virus! Action Taken: No Action Taken. File C:\Program Files\Microsoft AntiSpyware\Quarantine\879E3D21-07E3-4C82-BE9E-EAB0E2\E00BFD80-69AA-412B-AD53-E957EF infected by "Trojan.Win32.StartPage.uz" Virus! Action Taken: No Action Taken. File C:\Program Files\Microsoft AntiSpyware\Quarantine\8A69E35F-C5C6-4B03-A3A0-7D157A\69FE5408-47CA-446E-BA7A-DBE3DA infected by "Trojan.Win32.StartPage.uz" Virus! Action Taken: No Action Taken. File C:\Program Files\Microsoft AntiSpyware\Quarantine\8D865EA7-9E63-437A-826A-429537\1D1BD4A2-6071-4D2D-825E-3CDD4E infected by "Trojan.Win32.StartPage.uz" Virus! Action Taken: No Action Taken. File C:\Program Files\Microsoft AntiSpyware\Quarantine\A3FD824D-1751-44AB-8A89-AAD066\E0A06860-35B9-4657-A791-D3947A infected by "Trojan.Win32.StartPage.uz" Virus! Action Taken: No Action Taken. File C:\Program Files\Microsoft AntiSpyware\Quarantine\B14EA7B7-309B-4112-953C-E162C6\01EBDF11-39B9-4AB7-AFA5-135112 infected by "Trojan.Win32.StartPage.uz" Virus! Action Taken: No Action Taken. File C:\Program Files\Microsoft AntiSpyware\Quarantine\C427FDE1-999C-476A-8A04-D91513\1C91D57C-A3B8-431E-B0F6-54BCC0 infected by "Trojan.Win32.StartPage.uz" Virus! Action Taken: No Action Taken. File C:\Program Files\Microsoft Games\Halo\GSArcade.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Microsoft Games\Halo Trial\GSArcade.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\TDM\TDMInstall.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Online Services\MSN80\MSN\encarta\SW851ERS.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Trend Micro\Internet Security\Quarantine\12.tmp infected by "Trojan-Downloader.Win32.Agent.ed" Virus! Action Taken: No Action Taken. File C:\Program Files\Trend Micro\Internet Security\Quarantine\19.tmp infected by "Exploit.HTML.ObjData" Virus! Action Taken: No Action Taken. File C:\Program Files\Trend Micro\Internet Security\Quarantine\1A.tmp infected by "Trojan-Downloader.Win32.Dyfuca.bw" Virus! Action Taken: No Action Taken. File C:\Program Files\Trend Micro\Internet Security\Quarantine\2D.tmp infected by "Trojan-Downloader.Win32.Agent.ed" Virus! Action Taken: No Action Taken. File C:\Program Files\Trend Micro\Internet Security\Quarantine\7B.tmp tagged as "not-a-virus:AdWare.WinFetcher.e". Action Taken: No Action Taken. File C:\Program Files\Trend Micro\Internet Security\Quarantine\7C.tmp infected by "Trojan-Downloader.Win32.Dyfuca.cj" Virus! Action Taken: No Action Taken. File C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\K. Betsch recommendation.RB0 infected by "Virus.MSWord.Marker.fq2" Virus! Action Taken: No Action Taken. File C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\160.tmp infected by "Trojan.Win32.Agent.eo" Virus! Action Taken: No Action Taken. File C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2B5.tmp infected by "Trojan-Proxy.Win32.Small.bo" Virus! Action Taken: No Action Taken. File C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2C2.tmp infected by "Trojan-Proxy.Win32.Small.bo" Virus! Action Taken: No Action Taken. File C:\Program Files\Valve\Steam\Unwise32.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Yahoo!\Installs\ymsgrie.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\RECYCLER\S-1-5-21-3617728275-1730965172-911066639-1003\Dc6.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\RECYCLER\S-1-5-21-3617728275-1730965172-911066639-1003\Dc88.frAB65 infected by "Trojan.Win32.StartPage.uz" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1\A0000029.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\WINDOWS\Installer\a8c0f77.msi tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\WINDOWS\Installer\a8c0f7b.msi tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\WINDOWS\Lycos\ss_IGN1_setup.exe tagged as "not-a-virus:AdWare.Sidesearch.d". Action Taken: No Action Taken. File C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\WINDOWS\system32\Macromed\Shockwave 8\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\WINDOWS\system32\ms.exe infected by "Trojan-Downloader.Win32.VB.cw" Virus! Action Taken: No Action Taken. File C:\WINDOWS\system32\oleadm.dll infected by "Trojan.Win32.Agent.eo" Virus! Action Taken: No Action Taken. File C:\WINDOWS\Installer\a8c0f77.msi tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\WINDOWS\Installer\a8c0f7b.msi tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\WINDOWS\Lycos\ss_IGN1_setup.exe tagged as "not-a-virus:AdWare.Sidesearch.d". Action Taken: No Action Taken. File C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\WINDOWS\system32\Macromed\Shockwave 8\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\WINDOWS\system32\ms.exe infected by "Trojan-Downloader.Win32.VB.cw" Virus! Action Taken: No Action Taken. File C:\WINDOWS\system32\oleadm.dll infected by "Trojan.Win32.Agent.eo" Virus! Action Taken: No Action Taken. |
|
#8
07-13-2005, 06:15 PM
|
||||
|
||||
|
First thing I would like you to do is download coolweb shredder from http://www.trendmicro.com/ftp/products/onl...hredder.exeOpen it, click fix and let it scan and remove anything it may find.
__________________________________________ Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK. Empty the Recycle Bin _______________________________________________ Disable system restore as per http://www.cyberanswers.org/forum/index.ph...e&pg=sysrestore ______________________________________________ Set the system to view all hidden files and folders as per this: http://www.cyberanswers.org/forum/index.ph...ge&pg=showfiles _____________________________________- Now open windows by right clicking start / explore / my computer / Once there find each of the files listed below, right click and delete: (be sure not to miss any) C:\WINDOWS\system32\ms.exe C:\WINDOWS\system32\oleadm.dll Then in windows explorer navigate to this folder C:\Documents and Settings\Brian\Local Settings\Temp Enter the folder and once inside click edit / select all / edit / edit / cut exit the folder Empty the recycle bin once again.. Rescan again with mwav and show me another fresh log please. |
|
#9
07-14-2005, 03:04 PM
|
||||
|
||||
|
Hello Mobo, here are my results. CW Shredder was clean. Temp folder was emptied. %temp% was unable to delete ~DFC928.tmp ~DFF231.tmp File C:\windows\system32\ oleadm.dll I CANNOT DELETE!! Access is Denied!! Windows Explorer folder C:\Documents and Settings\Brian\Local settings\temp I clicked edit \select all\ edit\edit\cut then exited the folder? Was this part right? Below is the fresh rescan! Thanks, Paul [img]style_emoticons/<#EMO_DIR#>/biggrin.gif[/img] File C:\WINDOWS\System32\OLEADM.dll infected by "Trojan.Win32.Agent.eo" Virus! Action Taken: No Action Taken.
Object "Quicken Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "myway Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "CWS.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "l.exe Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "MaxSpeed Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken. Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken. Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken. Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. File C:\WINDOWS\system32\oleadm.dll infected by "Trojan.Win32.Agent.eo" Virus! Action Taken: No Action Taken. File C:\WINDOWS\Installer\a8c0f77.msi tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\WINDOWS\Installer\a8c0f7b.msi tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\WINDOWS\Lycos\ss_IGN1_setup.exe tagged as "not-a-virus:AdWare.Sidesearch.d". Action Taken: No Action Taken. File C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\WINDOWS\system32\Macromed\Shockwave 8\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\WINDOWS\system32\oleadm.dll infected by "Trojan.Win32.Agent.eo" Virus! Action Taken: No Action Taken. |
|
#10
07-14-2005, 03:24 PM
|
||||
|
||||
|
Ok paul we do have a great deal of progress thus far. Now please download this tool for the stubborn files:
http://www.downloads.subratam.org/KillBox.zip Once downloaded, unzip it to the desktop. Double click on the killbox.exe and select "run" IN THE SPACE PROVIDED PASTE C:\windows\system32\ oleadm.dll tHEN TICK DELETE ON REBOOT THEN TICK THE RED X DONOT REBOOT WHEN PROMPTED Do the same for these files first then reboot afterwards C:\Documents and Settings\Brian\Local Settings\Temp~DFC928.tmp C:\Documents and Settings\Brian\Local Settings\Temp~DFF231.tmp Then another mwav scan should take care of it |
|
| Bookmarks |
| Currently Active Users Viewing |
It appears you have not yet registered with our community
which limits what you can do & see. It's Free To register, please click here.
