Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Cant Delete Winflyer From Add/remove.


  • This topic is locked This topic is locked
15 replies to this topic

#1 ceeze21

ceeze21

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 PM

Posted 22 July 2007 - 12:13 AM

I need help please!! :thumbsup: im trying to delete winflyer. how can i uninstall this?? thanks..
Ceeze " A man can fail many times, but he isn't a failure until he he gives up.

BC AdBot (Login to Remove)

 


#2 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:07:26 PM

Posted 22 July 2007 - 02:01 AM

Hi, ceeze21, I am Oldf@rt, and I will try to help you with the winflyer problem, if we are unable to remove it using the method(s) that I suggest, I will refer you to the Hijack this team, lets try SuperAntiSpyware first, Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
I need the log, so I can see if you have other problems.

Thanks
OF
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#3 buddy215

buddy215

  • Moderator
  • 13,204 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:26 PM

Posted 22 July 2007 - 08:54 AM

Super Antispyware may remove Winflyer. It is also a good a idea to use Vundofix, too.
http://www.atribune.org/content/view/24/2/

You should also check that you have the latest Java which is 6.2. You can access the program by clicking on the "coffee cup" in the Control Panel and selecting the Update tab.
You could have got infected by a "driveby" by visiting an infected website. The best protection for preventing driveby infections is the Firefox browser with the NoScript extension.
If you get another popup telling you are infected, don't click to close it until you are disconnected from the internet.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 ceeze21

ceeze21
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 PM

Posted 22 July 2007 - 01:34 PM

thanks oldf@rt.. i did as you said...

as for gor buddy215 thanks, i tried vundofix, it stopped an error message when i started windows, but that about it.

here is my log



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/22/2007 at 01:56 PM

Application Version : 3.9.1008

Core Rules Database Version : 3272
Trace Rules Database Version: 1283

Scan type : Complete Scan
Total Scan Time : 01:45:16

Memory items scanned : 645
Memory threats detected : 0
Registry items scanned : 7631
Registry threats detected : 5
File items scanned : 118550
File threats detected : 250

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{09586B0E-0617-483C-B024-20E8D40D0772}
HKCR\CLSID\{09586B0E-0617-483C-B024-20E8D40D0772}
HKCR\CLSID\{09586B0E-0617-483C-B024-20E8D40D0772}\InprocServer32
HKCR\CLSID\{09586B0E-0617-483C-B024-20E8D40D0772}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\MLLJG.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09586B0E-0617-483C-B024-20E8D40D0772}

Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@realmedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.pornpassplanet[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@apmebf[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@casalemedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.amaena[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.monster[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@nba.112.2o7[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@crossmediaservices[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@linksynergy[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.doubleclick[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bidzcom.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.drivecleaner[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statcounter[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.pointroll[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@stats.drivecleaner[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adopt.euroclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@stats1.reliablestats[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fastclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.doubleclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@nike.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@questionmarket[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.m5prod[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@targetnet[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bluestreak[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@citi.bridgetrack[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@nextag[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@its-sexy-time[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@4.adbrite[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wal4ulc5ckp.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@105-bmp.googleadservices[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6walyqmd5sfq.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@view.atdmt[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@precisionclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@revsci[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@perf.overture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statse.webtrendslive[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wblyekajkgo.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@icc.intellisrv[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@67.15.239[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjnyaocjmeq.stats.esomniture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cbs.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjl4ajdjeeo.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-eset.hitbox[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@specificclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@3.adbrite[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.interclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adrevolver[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@paypal.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjlokkdzcgo.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wakiwmd5egp.stats.esomniture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-traderelectronicmedia.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.as4x.tmcs[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-dig.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@redorbit[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@server.iad.liveperson[4].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@buzznet.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@go.drivecleaner[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.mediamayhemcorp[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@imrworldwide[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-verizon.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@xiti[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@microsoftwlmessengermkt.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-maniatv.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@webmd.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@winantivirus[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-providianbankcorpservices.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjl4shd5wcp.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@metacafe.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sales.liveperson[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@entrepreneur[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.winantiviruspro[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.zanox[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tribalfusion[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@overture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.adbrite[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@view.atdmt[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@aer.directtrack[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hitbox[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.web.aol[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@drivecleaner[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@linkstattrack[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-chrysler.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adv.webmd[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfmyogcjiap.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-hollywood.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@efashionsolutions.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adinterax[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@67.15.239[4].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cpvfeed[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@anat.tacoda[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.adserverplus[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atwola[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2o7[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@indiads[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wblyepdjolq.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.poopchuteporn[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjkyglazobo.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@qnsr[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sextracker[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@server.iad.liveperson[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ar.atwola[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@winantispyware[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@counter.auctionworks[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clicksor[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@server.iad.liveperson[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@msnportal.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adbrite[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.doubleclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@keywordmax[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@go.drivecleaner[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@footballfanatics.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@pch.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adlegend[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.addfreestats[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@track.bestbuy[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@popundersupply[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statse.webtrendslive[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@stats.crossmediaservices[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@interclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.103092804[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@server.iad.liveperson[7].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@nbcuniversal.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjkoqpc5kdq.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@pro-market[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjl4ghajoco.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@image.masterstats[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@counter8.sextracker[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfl4ahcjsep.stats.esomniture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adultfriendfinder[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.burstbeacon[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@monstercom.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjnysjazelp.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@optimize.indieclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bs.serving-sys[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cs.sexcounter[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@counter.hitslink[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-aon.hitbox[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@login.tracking101[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adt.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clickaider[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfmiajcjmkp.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@track.clickspark[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adultadworld[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tracking.lsfinteractive[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clicksector[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@counter9.sextracker[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@trafficmp[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@drivecleaner[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-wachovia.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.drivecleaner[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@webpower[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mcclatchy.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfkykidzweo.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@counter.inkfrog[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@password-crackers[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@server.iad.liveperson[5].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjnyqgcpilo.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@blockbuster.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tacoda[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cz11.clickzs[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wbmywmd5scp.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfmyujdjabp.stats.esomniture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@edge.ru4[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfl4qncjeho.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.ppctracking[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adopt.specificclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjkycidzedp.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@rmbclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@counter10.sextracker[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@serving-sys[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wgkiamczslo.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@server.iad.liveperson[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.addynamix[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@heavycom.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wgkysidzmkq.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-spherion.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.websitestats[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@counter6.sextracker[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjny-1ncjwa.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.adrevolver[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cf-db01.clickfacts[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.toplist24[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@partners.agamimedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@toutmedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wgkyeid5cgp.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjl4gjc5ieq.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjkoajaziaq.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediatraffic[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@zedo[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-bestbuy.hitbox[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@canadapost.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@rb4.worldsex[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@jumpman23.112.2o7[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@maturesexi[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@usenext[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@eclicknetwork[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www3.addfreestats[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@publishers.clickbooth[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adserving.cpxinteractive[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fortunecity[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wamigpdpefo.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@counter5.sextracker[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.burstnet[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.googleadservices[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@videoegg.adbureau[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.googleadservices[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adserving.autotrader[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.iconadserver[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@homestore.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@partner2profit[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@pornaccess[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.sextasya[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.sextasya[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.mininova[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@karasxxx[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@yadro[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clicktorrent[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@counter.search[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tremor.adbureau[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adbrite[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad1.clickhype[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-linksys.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@nextelmedia.sprintpcs[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@altastat[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tradedoubler[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bbs.adultwebmasterinfo[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wbmioicpwcq.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.cnn[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@free.wegcash[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@soundclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@burstnet[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-equifax.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.winantispyware[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfliemc5kho.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sexlist[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adserver.adreactor[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad2.adnetinteractive[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@electronicarts.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.media-servers[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2o7[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2o7[4].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-dig.hitbox[1].txt
Ceeze " A man can fail many times, but he isn't a failure until he he gives up.

#5 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:07:26 PM

Posted 22 July 2007 - 01:55 PM

there are three more things that you will need to do: Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.
Once the bitdefender scan is completed, please download Rogue Remover Free. Save the download file where you normally keep your downloads. Double click the saved file to start the installer, when the installation is finished, uncheck the show readme box, leave the run box checked. Use the link in the main box to check for updates, when you find updates download them. Once this is completed, please click the scan link.

If Rogue Remover finds anything, it will walk you through the remaining steps. If it needs to restart your computer, allow it.

Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Please let us know your results.

Thanks Again
OF

Edited by oldf@rt, 22 July 2007 - 01:55 PM.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#6 buddy215

buddy215

  • Moderator
  • 13,204 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:26 PM

Posted 22 July 2007 - 01:56 PM

Super Antispyware removed several cookies related to other programs associated with Vundo. Suggest you post a Hijack This Log in the Hijack This Forum. Directions are in the link below. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

You can stop the Third Party Cookies that SAS removed from installing on your computer. See info in link below.
http://www.howtogeek.com/howto/windows-vis...cookies-in-ie7/

Also, after installing the latest Java, go to Add/Remove program and uninstall ALL old versions of Java.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 ceeze21

ceeze21
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 PM

Posted 22 July 2007 - 04:30 PM

when i run cleamngr. a window pops up with scroll down with two option c drive or drive.. i dont have no "more option" button. do i choose c drive?
Ceeze " A man can fail many times, but he isn't a failure until he he gives up.

#8 ceeze21

ceeze21
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 PM

Posted 22 July 2007 - 04:31 PM

ok ignore last previous post i got it.. :thumbsup:
Ceeze " A man can fail many times, but he isn't a failure until he he gives up.

#9 ceeze21

ceeze21
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 PM

Posted 22 July 2007 - 04:53 PM

buddy215 i have the new version of java.. i also did the steps from howtogeek.com ..

oldf@rti followed all your steps also.. how would i know that everything is ok? i still have winflyer in add or remove program..

thanks again!!
Ceeze " A man can fail many times, but he isn't a failure until he he gives up.

#10 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:07:26 PM

Posted 22 July 2007 - 05:29 PM

How is the machine running now?

also, I need to see the bitdefender log.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#11 ceeze21

ceeze21
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 PM

Posted 22 July 2007 - 08:24 PM

well the machine seems ok.. but i just want to make sure.
here is the log




BitDefender Online Scanner



Scan report generated at: Sun, Jul 22, 2007 - 16:53:35





Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;K:\;







Statistics

Time
01:19:00

Files
429522

Folders
10243

Boot Sectors
3

Archives
20027

Packed Files
33107




Results

Identified Viruses
4

Infected Files
7

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
7




Engines Info

Virus Definitions
639921

Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-152c8050.zip=>Gummy.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-152c8050.zip=>Gummy.class
Disinfection failed

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-152c8050.zip=>Gummy.class
Deleted

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-152c8050.zip
Updated

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-152c8050.zip=>Counter.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-152c8050.zip=>Counter.class
Disinfection failed

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-152c8050.zip=>Counter.class
Deleted

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-152c8050.zip
Updated

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-152c8050.zip=>VerifierBug.class
Infected with: Java.Trojan.ClassLoader.K

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-152c8050.zip=>VerifierBug.class
Disinfection failed

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-152c8050.zip=>VerifierBug.class
Deleted

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-152c8050.zip
Updated

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-152c8050.zip=>Beyond.class
Infected with: Java.Trojan.ClassLoader.K

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-152c8050.zip=>Beyond.class
Disinfection failed

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-152c8050.zip=>Beyond.class
Deleted

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-152c8050.zip
Updated

C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\XZN2B4TU\popup[1].htm
Infected with: Trojan.Clicker.CM

C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\XZN2B4TU\popup[1].htm
Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\XZN2B4TU\popup[1].htm
Deleted

C:\Program Files\music_now\inetchk.exe
Infected with: Trojan.Click.HD

C:\Program Files\music_now\inetchk.exe
Disinfection failed

C:\Program Files\music_now\inetchk.exe
Deleted

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP184\A0147871.exe
Infected with: Trojan.Click.HD

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP184\A0147871.exe
Disinfection failed

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP184\A0147871.exe
Deleted
Ceeze " A man can fail many times, but he isn't a failure until he he gives up.

#12 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:07:26 PM

Posted 22 July 2007 - 08:36 PM

It looks like you should be clean. I would recommend that you read the How did I get Infected topic, as it will keep you from getting problems like this in the future. as far as any entries for winflyer in the add/remove programs, select the program, click the {remove} button, you should get a message saying the program cant be found, do you want to remove it from the list, just click yes or ok.

You can still post a Hijack this log, if you wish. One of the real experts at malware removal can give you the 100% clean.

let us know

Thanks, OF
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#13 ceeze21

ceeze21
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 PM

Posted 22 July 2007 - 08:53 PM

thank you so much!! :thumbsup: as for removing winflyer, i clicked on the remove button i get "the specified module could no be found" i clicked ok, but thats as far as it goes.. thank you.

i will post the log on Hijack this log, is one log ok or do i post both logs.??

thank you again.
Ceeze " A man can fail many times, but he isn't a failure until he he gives up.

#14 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:07:26 PM

Posted 22 July 2007 - 09:14 PM

Start with Step # 9

The hijack this team member will be able to give you better instructions on removal of this entry.

Edited by oldf@rt, 22 July 2007 - 09:15 PM.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#15 ceeze21

ceeze21
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 PM

Posted 22 July 2007 - 09:21 PM

thank you..
Ceeze " A man can fail many times, but he isn't a failure until he he gives up.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users