Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem With My Pc


  • Please log in to reply
1 reply to this topic

#1 Max Lopes

Max Lopes

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 30 September 2008 - 07:28 AM

yesterday i had get a virus inside my pc. and that virus installed 2 fake antivirus programs called microantivirus and smart antivirus, they gave things like: HALT low CPU usage mostly activated by malware. scan now?
i have removed it (not with a antivirus program but by myself couse the virus scanners didn't catch it)
and now there are only these nasty files left.
PS; i know that this are the fake files in my SYSTEM32 dirctory couse with Ad-Aware procces watch i can see a process works from, but here they are:
YUR1D
ntdll.dll
kernel32.dll
shell32.dll
ADVAPI32.dll
RPCRT4.dll
Secur32.dll
GDI32.dll
USER32.dll
msvcrt.dll
SHLWAPI.dll
IMM32.DLL
comctl32.dll
comctl32.dll
uxtheme.dll
MSCTF.dll
msctfime.ime
ole32.dll
ctagent.dll

is it recommeded to use combofix? couse others just don't remove them.
these files here above are files from one process that still remains, the name of the process is YUR1D.exe
i know exacly where these files exist in my pc but i can't remove them becouse they are in use :thumbsup: ?
i have terminated almost everithing in my process list so :flowers:
please help me out!!!!!

[Moderator edit: post moved to more appropriate forum. jgw]

Edited by jgweed, 30 September 2008 - 09:09 AM.


BC AdBot (Login to Remove)

 


m

#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 30 September 2008 - 01:55 PM

:thumbsup: it is not recommended to run combofix unless instructed by a Malaware expert and then only within the HJT section of the forum

please try running this tool instead

http://www.bleepingcomputer.com/forums/ind...st&p=959453

and let us know the result so the Team can see what further tools may be required




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users