Hey! K, so here it is! Now it said that everything was all done and dusted but when i go to exit out of malwarebytes it says there is a scan still running and do i really, really want to exit? So I havent done as yet! Dont know if it is an error or what!
My... you are getting them ... I don't know what that's all about, but you've posted the developer scan, which is what I wanted & Malwarebytes' Anti-Malware has nothing else to do ... so exit from it (if you haven't allready).
Now you've posted the scan, I can see that the file you have in system32 is still being tagged as malware by Malwarebytes' Anti-Malware ... so please go to C:\Windows\System32\ci.dll & upload the file here for me :-http://www.thespykiller.co.uk/index.php?board=1.0
Start a new topic ...title ci.dll for steamwiz
put this in your post :-
for steamwiz ...
link :- http://www.bleepingcomputer.com/forums/topic146308-15.html
C:\Windows\System32\ci.dll (Trojan.BHO) -> No action taken. [EXTRA=Trojan.BHO, C:\Windows\system32\CI.dll]
then please find the C:\Windows\system32\ci.dll
... zip it
& attach it to the post...
if you can't zip it, just attach it as it is ...
I have downloaded that avenger thingumy and extracted it to my desktop - do you want me to start it off or anything? Havent clicked as I darent without your instructions!
We are going to use Avenger to remove these last remaining infected file shown by the KASPERSKY ONLINE SCANNER REPORT
C:\Program Files\Internet Explorer\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.cg skipped
C:\Program Files\MSN Messenger\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.cg skipped
C:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.cj skipped
C:\Users\Charli\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.17803 Infected: Trojan-Downloader.Win32.VB.dck skipped
C:\Windows\dbrmdwb.exe Infected: IM-Worm.Win32.Pykse.h skipped
C:\Windows\System32\f3PSSavr.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch.bg skipped
now you have an Avenger folder on your desktop.
3. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing Ctrl+C
Files to delete:
C:\Program Files\Internet Explorer\msimg32.dll
C:\Program Files\MSN Messenger\msimg32.dll
C:\Program Files\MSN Messenger\riched20.dll
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
4. open the Avenger folder & doubleclick the Avenger.exe file (Right click/Run as Administrator if you have vista)
5. Right click on the window under Input script here:
, and select Paste
6. make sure the Scan for rootkits
is checked ...
& the Automatically disable any rootkits found
is NOT checked ...
7. Click on Execute
8. Answer "Yes
" twice when prompted.The Avenger will automatically do the following
- It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
- On reboot, it will briefly open a black command window on your desktop, this is normal.
- After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
- The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
9. Please copy/paste
the content of c:\avenger.txt
into your reply
Run the Malwarebytes Anti-Malware from the icon on your desktop, select the quarantine tab, and delete all...then run & post a new KASPERSKY ONLINE SCANNER REPORT (same as previously)
PS Does your previous message mean i have been given the all clear then? Apart from that ci.dll thing that is supposed to be there anyway (do i need to do anything else about that BTW? It says on that site something about allowing it or something )?
Edited by steamwiz, 20 May 2008 - 02:41 PM.