New Antivirus 2008 Removal Question

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Important Announcement: We have two terrific contests running on the site that I wanted all our members and guests to know about.

The first contest is the HP Magic Giveaway, which is underway as of November 28th. More information can be found at this topic, which will be updated very soon with further information.

The second contests, is for the chance to win two Seagate FreeAgent external hard drives. More information about this contest can be found here.

These are both amazing contests and I suggest everyone submit an entry for them.

- BleepingComputer Management

BleepingComputer.com > Security > Am I infected? What do I do?

When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

2 Pages

< 1 2

New Antivirus 2008 Removal Question

Options

vic457 View Member Profile	Jun 26 2008, 07:52 PM Post #16
New Member Group: Members Posts: 1 Joined: 19-February 06 Member No.: 55,744	If this will help: 1. The Program runs from a random generated folder in the Programs Folder [c:\program files\rhc1w0j0el7al] 2. We tried deleting cookies and temps and could not ... even with a different machine. I ended up haveing to take ownerership. 3. Afer clearing the files the screen went to normal. 4. The Display properties are missing tabs ... we have Themes, Appearance, Settings left. I have 3 machings in the shop and had to erase 1 on Monday. All of the machines are from different clients. This one is killing us. PS all XP machines.

quietman7 View Member Profile	Jun 27 2008, 05:55 AM Post #17
Bleepin' Janitor Group: Global Moderator Posts: 13,524 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513	While symptoms may appear similar the infection is not always the same. Depending on what other malicious files have been downloaded the infection may be worst on some machines as opposed to others. Thus, no quick fix. There are no shortcuts or guarantees when it comes to malware removal. Sometimes it takes several efforts with different tools to do the job. Even then, with some types of malware infections, the task can be arduous. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?" Microsoft MVP - Windows Security 2007-2008

Lynxcruising View Member Profile	Jul 2 2008, 09:38 AM Post #18
Member Group: Members Posts: 15 Joined: 23-June 08 Member No.: 218,142	THANKS!! The new updates from Malwarebytes' took it out as far as I can tell. The only thing that is left - I click on "Start" and there is several items before the line, this is 3 down - Antivirus XP 2008 (no icon) Antivirus XP 2008 registry (no Icon) Advance protection 2008 (no Icon) Malware Protection 2008 w/icon Malware Protection 2008 Registry w/Icon Should I try to take these out? Do you want me to post the Malwarebytes' logs?

quietman7 View Member Profile	Jul 2 2008, 10:08 AM Post #19
Bleepin' Janitor Group: Global Moderator Posts: 13,524 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513	Yes, please post the MBAM log. Please print out and follow the instructions for using SDFix in BC's self-help tutorial "How to use SDFix". This program is for Windows 2000/XP ONLY. -- When using this tool, you must use the Administrator's account or an account with "Administrative rights" -- Disconnect from the Internet and temporarily disable your anti-virus and any anti-malware real time protection before performing a scan. When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt. Please copy and paste the contents of Report.txt in your next reply. Be sure to renable you anti-virus and and other security programs before connecting to the Internet. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?" Microsoft MVP - Windows Security 2007-2008

Lynxcruising View Member Profile	Jul 2 2008, 06:16 PM Post #20
Member Group: Members Posts: 15 Joined: 23-June 08 Member No.: 218,142	Thaks for the software link. Here is the logs - Malwarebytes' Anti-Malware 1.19 Database version: 913 Windows 5.1.2600 Service Pack 2 10:25:05 AM 7/2/2008 mbam-log-7-2-2008 (10-25-05).txt Scan type: Quick Scan Objects scanned: 53446 Time elapsed: 10 minute(s), 41 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 7 Memory Processes Infected: C:\WINDOWS\system32\lphcaq6j0e17t.exe (Trojan.FakeAlert) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcaq6j0e17t (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\blphcaq6j0e17t.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lphcaq6j0e17t.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\phcaq6j0e17t.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Iii iiiiiiii\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Iii iiiiiiii\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Iii iiiiiiii\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Iii iiiiiiii\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.18 Database version: 895 5:56:15 PM 6/30/2008 mbam-log-6-30-2008 (17-56-15).txt Scan type: Quick Scan Objects scanned: 51999 Time elapsed: 10 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Iii iiiiiiii\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Iii iiiiiiii\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

quietman7 View Member Profile	Jul 2 2008, 08:37 PM Post #21
Bleepin' Janitor Group: Global Moderator Posts: 13,524 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513	You need to run SDFix and post that log. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?" Microsoft MVP - Windows Security 2007-2008

Lynxcruising View Member Profile	Jul 3 2008, 06:12 PM Post #22
Member Group: Members Posts: 15 Joined: 23-June 08 Member No.: 218,142	OK, Here is the report, computer looks better - SDFix: Version 1.201 Run by Administrator on Thu 07/03/2008 at 06:31 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\VDM10.TMP - Deleted C:\VDM11.TMP - Deleted C:\WINDOWS\dat.txt - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-03 18:58:18 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe::Enabled:IBM Update Connector" "C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe::Enabled:IBM Update Connector" "C:\\Program Files\\IBM\\Updater\\ucsmb.exe"="C:\\Program Files\\IBM\\Updater\\ucsmb.exe::Enabled:IBM Update Connector" "C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo\\halo.exe::Disabled:Halo" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe::Disabled:iTunes" "C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe::Disabled:TaskPanl" "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe::Disabled:Kodak Software Updater" "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe::Enabled:EasyShare" "C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE::Disabled:LEXPPS.EXE" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe::Enabled:Internet Explorer" "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE::Enabled:Microsoft Office OneNote" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Documents and Settings\\Iiii iiiiiiii\\Local Settings\\Temp\\.tt6B.tmp"="C:\\Documents and Settings\\Iiii iiiiiiii\\Local Settings\\Temp\\.tt6B.tmp::Enabled:enable" "C:\\WINDOWS\\system32\\sysrest32.exe"="C:\\WINDOWS\\system32\\sysrest32.exe::Enabled:enable" "C:\\Documents and Settings\\Iiii iiiiiiii\\Local Settings\\Temp\\.ttD.tmp"="C:\\Documents and Settings\\Iiii iiiiiiii\\Local Settings\\Temp\\.ttD.tmp::Enabled:enable" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe::Enabled:IBM Update Connector" "C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe::Enabled:IBM Update Connector" "C:\\Program Files\\IBM\\Updater\\ucsmb.exe"="C:\\Program Files\\IBM\\Updater\\ucsmb.exe::Enabled:IBM Update Connector" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" Remaining Files* : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Tue 11 Oct 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Tue 11 Oct 2005 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv19.bak" Mon 28 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Sun 11 May 2008 12,287 ...H. --- "C:\Documents and Settings\Iiii iiiiiiii\My Documents\IN LIFE IDEA\~WRL0236.tmp" Fri 28 Dec 2007 8,913,016 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0926b9470c9af53c207eadf0bf3934da\BIT4A7.tmp" Fri 28 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT44.tmp" Fri 28 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT42.tmp" Fri 28 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT46.tmp" Fri 28 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT45.tmp" Fri 28 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT47.tmp" Fri 28 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT43.tmp" Sun 30 Mar 2008 499,200 ...H. --- "C:\Documents and Settings\Iiii iiiiiiii\Application Data\Microsoft\Word\~WRL0003.tmp" Sat 22 Mar 2008 451,072 ...H. --- "C:\Documents and Settings\Iiii iiiiiiii\Application Data\Microsoft\Word\~WRL0045.tmp" Finished!

Lynxcruising View Member Profile	Jul 3 2008, 07:22 PM Post #23
Member Group: Members Posts: 15 Joined: 23-June 08 Member No.: 218,142	Well, that did not look right so I ran another log on, a few more came up - SDFix: Version 1.201 Run by Iiii iiiiiii on Thu 07/03/2008 at 08:03 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\DOCUME~1\IIII IIIIIII~1\Desktop\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.tt11.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.tt12.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.tt13.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.tt14.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.tt16.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.tt18.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.tt1B.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.tt1C.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.tt21.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.tt23.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.tt2C.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.tt31.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.tt33.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.tt34.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.tt35.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.tt37.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.tt3F.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.tt42.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.tt53.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.tt54.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.tt57.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.tt58.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.tt5A.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.tt61.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.tt62.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.tt64.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.tt65.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.tt7F.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.ttBA.tmp - Deleted C:\DOCUME~1\IIII IIIIIII~1\LOCALS~1\Temp\.ttCA.tmp - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-03 20:11:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:0000006c "TracesSuccessful"=dword:00000064 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe::Enabled:IBM Update Connector" "C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe::Enabled:IBM Update Connector" "C:\\Program Files\\IBM\\Updater\\ucsmb.exe"="C:\\Program Files\\IBM\\Updater\\ucsmb.exe::Enabled:IBM Update Connector" "C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo\\halo.exe::Disabled:Halo" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe::Disabled:iTunes" "C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe::Disabled:TaskPanl" "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe::Disabled:Kodak Software Updater" "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe::Enabled:EasyShare" "C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE::Disabled:LEXPPS.EXE" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe::Enabled:Internet Explorer" "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE::Enabled:Microsoft Office OneNote" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Documents and Settings\\Iiii iiiiiii\\Local Settings\\Temp\\.tt6B.tmp"="C:\\Documents and Settings\\Iiii iiiiiii\\Local Settings\\Temp\\.tt6B.tmp::Enabled:enable" "C:\\WINDOWS\\system32\\sysrest32.exe"="C:\\WINDOWS\\system32\\sysrest32.exe::Enabled:enable" "C:\\Documents and Settings\\Iiii iiiiiii\\Local Settings\\Temp\\.ttD.tmp"="C:\\Documents and Settings\\Iiii iiiiiii\\Local Settings\\Temp\\.ttD.tmp::Enabled:enable" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe::Enabled:IBM Update Connector" "C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe::Enabled:IBM Update Connector" "C:\\Program Files\\IBM\\Updater\\ucsmb.exe"="C:\\Program Files\\IBM\\Updater\\ucsmb.exe::Enabled:IBM Update Connector" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" Remaining Files* : File Backups: - C:\DOCUME~1\IIII IIIIIII~1\Desktop\SDFix\backups\backups.zip Files with Hidden Attributes : Tue 11 Oct 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Tue 11 Oct 2005 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv19.bak" Mon 28 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Sun 11 May 2008 12,287 ...H. --- "C:\Documents and Settings\Iiii iiiiiii\My Documents\IN LIFE IDEA\~WRL0236.tmp" Fri 28 Dec 2007 8,913,016 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0926b9470c9af53c207eadf0bf3934da\BIT4A7.tmp" Fri 28 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT44.tmp" Fri 28 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT42.tmp" Fri 28 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT46.tmp" Fri 28 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT45.tmp" Fri 28 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT47.tmp" Fri 28 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT43.tmp" Sun 30 Mar 2008 499,200 ...H. --- "C:\Documents and Settings\Iiii iiiiiii\Application Data\Microsoft\Word\~WRL0003.tmp" Sat 22 Mar 2008 451,072 ...H. --- "C:\Documents and Settings\Iiii iiiiiii\Application Data\Microsoft\Word\~WRL0045.tmp" Finished!

Lynxcruising View Member Profile	Jul 3 2008, 07:27 PM Post #24
Member Group: Members Posts: 15 Joined: 23-June 08 Member No.: 218,142	I still have the same unwanted links in the "Start botton" menue.

Lynxcruising View Member Profile	Jul 3 2008, 11:22 PM Post #25
Member Group: Members Posts: 15 Joined: 23-June 08 Member No.: 218,142	I looked at the unwanted items on the "Start menue". Rt click, properties and found that they did not have a link anymore so I "Remove from list" each item. Computer looks good and does not look like any problems. I now need to figure out how to get a workable firewall and other protection going. Thanks.

quietman7 View Member Profile	Jul 4 2008, 06:09 AM Post #26
Bleepin' Janitor Group: Global Moderator Posts: 13,524 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513	If there are no more problems or signs of infection, you should Create a New Restore Point *to prevent possible reinfection* from an old one*. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is: Go to Start* > Programs > Accessories > System Tools and click "System Restore". Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. Then use Disk Cleanup to remove all but the most recently created Restore Point. Go to Start > Run and type: Cleanmgr Click "Ok". Click the "More Options" Tab. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one. Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup. Tips to protect yourself against malware and reduce the potential for re-infection, be sure to read: • "Simple and easy ways to keep your computer safe". • "How did I get infected?, With steps so it does not happen again!". • "Best Practices - Internet Safety for 2008". • "Hardening Windows Security - Part 1 & Part 2". • "IE Recommended Minimal Security Settings" - "How to Secure Your Web Browser". • Avoid online gaming sites and peer-to-peer (P2P) or file sharing programs as they are a security risk which can make your system susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans target and spread across P2P files sharing networks and gaming sites. In some instances the infection may cause so much damage to your system that recovery is not possible and the only option is to wipe your drive, reformat and reinstall the OS. The best way to reduce the risk of infection is to avoid gaming sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology. List of Free Firewalls Before installing a 3rd-party firewall, make sure you turn off the the Windows firewall. For instructions with screenshots, see How to turn off the Windows Firewall in SP2 or How to turn on or off the Windows Vista Firewall. Using two software firewalls on a single computer could cause issues with connectivity to the Internet or other unexpected behavior. Further, running multiple software firewalls can cause conflicts that are hard to identify and troubleshoot. Only one of the firewalls can receive the packets over the network and process them. Sometimes you may even have a conflict that causes neither firewall to protect your connection. However, you can use a hardware firewall (your router) and a software firewall (Kerio or ZoneAlarm) in conjunction. For more information see "The Differences and Features of Hardware & Software Firewalls", "Choosing a Firewall: Hardware v. Software" and "Comparing Firewall Features". Choosing a firewall is a matter of personal preference, your technical experience, features offered, the amount of resources utilized, how it may affect system performance and what will work best for your system. A particular firewall that works well for one person may not work as well for another. You may need to experiment and find the one most suitable for your use. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?" Microsoft MVP - Windows Security 2007-2008

« Next Oldest · Am I infected? What do I do? · Next Newest »

2 Pages

< 1 2

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 4th December 2008 - 02:29 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides