Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected w/ antivirus xp pro 2009 and other malware


  • Please log in to reply
20 replies to this topic

#1 SIH

SIH

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 20 April 2009 - 05:39 PM

Well I came into this virus some time ago, but I talked to someone and they said it was nothing to worry about.
But I feel it is this causing errors on my pc and could possibly be infected with other things.
I got a C:\WINDOWS\system32\yehikufu.dll error.
I was wondering if i could possibly get some help?
As i honestly haven't a clue what to do.
I cannot run any antispyware because this virus wont let me as it disabled all of my other ones.
I have windows XP home edition.
Also, I had a lsass.exe error with the status code 1073741819 and that error wouldn't allow my computer to even get logged on, so I used earlier settings which allowed me on, but do not know if it is fixed.

Also, if anyone could give this a read and possibly help me.
http://www.bleepingcomputer.com/forums/t/221088/formatting-and-reinstalling/

Edited by SIH, 20 April 2009 - 09:15 PM.


BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:58 AM

Posted 20 April 2009 - 05:48 PM

Try this to install MBAM

Try renaming the setup file to install.com

try installing in safe mode

here's a random renamer for the program if you can get it installed

http://kixhelp.com/wr/files/mb/randmbam.exe

http://www.gt500.org/malwarebytes/database.jsp

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Please download Malwarebytes Anti-Malware (v1.36) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
Chewy

No. Try not. Do... or do not. There is no try.

#3 SIH

SIH
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 20 April 2009 - 06:20 PM

Everything you said worked!
And here is the log which you asked for.

Malwarebytes' Anti-Malware 1.36
Database version: 2016
Windows 5.1.2600 Service Pack 3

4/20/2009 6:19:32 PM
mbam-log-2009-04-20 (18-19-32).txt

Scan type: Quick Scan
Objects scanned: 93750
Time elapsed: 9 minute(s), 3 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 5
Registry Keys Infected: 18
Registry Values Infected: 14
Registry Data Items Infected: 11
Folders Infected: 31
Files Infected: 166

Memory Processes Infected:
C:\Documents and Settings\SethAndrew\Local Settings\Application Data\1629852460.exe (Rogue.SpywareFighter) -> Unloaded process successfully.
C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe (Rogue.Antivirus2008) -> Unloaded process successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\mobahibe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yagerumu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sdfgerfgf3f.dll (Trojan.Agent) -> Delete on reboot.
C:\Program Files\AntivirusPro2009\htmlayout.dll (Rogue.AntivirusPro2009) -> Delete on reboot.
C:\Program Files\AntivirusPro2009\AVEngn.dll (Rogue.Antivirus2008) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98c7b763-273f-467e-b2b6-687ecc41aa5c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{98c7b763-273f-467e-b2b6-687ecc41aa5c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e2ba40a2-74f3-42bd-f434-2604812c8953} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98c7b763-273f-467e-b2b6-687ecc41aa5c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e2ba40a2-74f3-42bd-f434-2604812c8953} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ba40a2-74f3-42bd-f434-2604812c8953} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a185c3e6-e5dd-4053-aaa5-dc9097076e48} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a185c3e6-e5dd-4053-aaa5-dc9097076e48} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\win32x (Malware.Tool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SpyWare Fighter (Rogue.SpyWareFighter) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\antiviruspro2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2e7afc00 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kunomijiji (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{e2ba40a2-74f3-42bd-f434-2604812c8953} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus pro 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diagnostic manager (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.FakeAlert) -> Data: c:\windows\system32\karna.dat -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\twex.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Cowabanga (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Documents and Settings\seth.PC161035812295.000\Start Menu\Programs\Outerinfo (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\seth.PC161035812295\Application Data\FunWebProducts (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\seth.PC161035812295\Application Data\FunWebProducts\Data (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\seth.PC161035812295\Application Data\FunWebProducts\Data\seth (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\seth.PC161035812295.000\Application Data\FunWebProducts (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\seth.PC161035812295.000\Application Data\FunWebProducts\Data (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\seth.PC161035812295.000\Application Data\FunWebProducts\Data\seth (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain32 (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Spyware Fighter (Rogue.SpyWareFighter) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\mobahibe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yagerumu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sdfgerfgf3f.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\Program Files\AntivirusPro2009\htmlayout.dll (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\SethAndrew\Local Settings\Application Data\1629852460.exe (Rogue.SpywareFighter) -> Quarantined and deleted successfully.
C:\WINDOWS\instsp2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\lbvong.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\a.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\avwa.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dubuwemo.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gudasene.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hf873uwndf.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jeharaya.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\karozeza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pubulasi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rawihani.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ritujute.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yejimoya.dll.vir (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yitefuko.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\win32x.sys (Malware.Tool) -> Quarantined and deleted successfully.
C:\feyadtq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\hclpsfee.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\pwofju.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\rnvx.exe (Virus.Virut) -> Quarantined and deleted successfully.
C:\tbbek.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\tmpl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\tqpxlyy.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\Documents and Settings\SethAndrew\Local Settings\Temp\~TM8.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\SethAndrew\Local Settings\Temp\s38q9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\seth.PC161035812295.000\Start Menu\Programs\Outerinfo\Terms.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\seth.PC161035812295.000\Start Menu\Programs\Outerinfo\Uninstall.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\OiUninstaller.exe (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\outerinfo.ico (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\Terms.rtf (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3BROVLY.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00015CA2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0002A84C.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\004319AC (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00432034.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00432237.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00433B0F.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00435E56.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0043A94A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0043AAB1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0043AC76.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0043D182.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0043DF9C (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\007F1255.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\007F2408.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\007F24E3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\007F25CE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00A71773 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00A851B8 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_cmc.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_cmc.dat.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History\allowed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History\notallow (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\00432A94.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\00AEC507.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\AVEngn.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\Uninstall.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain32\local.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain32\user.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\SethAndrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Fighter.lnk (Rogue.SpyWareFighter) -> Quarantined and deleted successfully.
C:\Documents and Settings\SethAndrew\Desktop\Spyware Fighter.lnk (Rogue.SpyWareFighter) -> Quarantined and deleted successfully.
C:\Documents and Settings\SethAndrew\Start Menu\Spyware Fighter.lnk (Rogue.SpyWareFighter) -> Quarantined and deleted successfully.
C:\Documents and Settings\SethAndrew\Start Menu\Programs\Startup\Spyware Fighter.lnk (Rogue.SpyWareFighter) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\mksf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\xrptlo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\SethAndrew\Local Settings\Temp\winlogqn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\wpv371238811540.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\wpv401237260142.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\wpv461239934680.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\wpv531239934653.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\wpv691239934893.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twex.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\seth.PC161035812295.000\Local Settings\Temp\!update.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Sysvxd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wini10891.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\SethAndrew\Local Settings\Temp\wrdwn2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\SethAndrew\Local Settings\Temp\wrdwn3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\SethAndrew\Local Settings\Temp\wrdwn4 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\SethAndrew\Local Settings\Temp\wrdwn5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\SethAndrew\Local Settings\Temp\wrdwn6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\SethAndrew\Local Settings\Temp\wrdwn7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\SethAndrew\Local Settings\Temp\wrdwn8 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\SethAndrew\Local Settings\Temp\wrdwn9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\SethAndrew\Local Settings\Temp\261070828.exe (Trojan.Downloader) -> Delete on reboot.

#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:58 AM

Posted 20 April 2009 - 06:34 PM

After the reboot run another quick scan with MBAM
Chewy

No. Try not. Do... or do not. There is no try.

#5 SIH

SIH
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 20 April 2009 - 06:44 PM

After it finishes scanning, do you want me to post the log again?

Also, I have this PanoStandAlone pop up that will not go away.
It says internal error 2908.
{027c78f-3785-43dd-bad4-7aa177359dbb}
Think you might know how to get rid of that or even tell me what it is?

#6 SIH

SIH
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 20 April 2009 - 07:00 PM

Here is the log after I ran the scan again.

Malwarebytes' Anti-Malware 1.36
Database version: 2016
Windows 5.1.2600 Service Pack 3

4/20/2009 6:55:20 PM
mbam-log-2009-04-20 (18-55-20).txt

Scan type: Quick Scan
Objects scanned: 93285
Time elapsed: 10 minute(s), 10 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\temp\BN86.tmp (Trojan.Kobcka) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\SethAndrew\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.

#7 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:58 AM

Posted 20 April 2009 - 07:03 PM

In regards to the PANOSTANDALONE installation, this is a part of HP's PhotoSmart Printer so the HP CD is required to install the software. It appears that a portion of the HP software is installed but that the installation was not completed. The HP software that is installed will continue to attempt to install the missing software until it is successful. Once the installation is complete the request to perform the install will go away.


please post all the logs for scans I request
Chewy

No. Try not. Do... or do not. There is no try.

#8 SIH

SIH
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 20 April 2009 - 07:15 PM

Oh well I dont remember attempting to install that at all, so I can't finish it.
But as you can see, I posted the log above your previous post.

#9 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:58 AM

Posted 20 April 2009 - 07:20 PM

C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.


I was afarid of this all along but wanted confirmation, your last log put the nails in the coffin


Your System is infected with Virut!!
Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.

More information:
http://free.avg.com/66558

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.


http://home.mcafee.com/VirusInfo/VirusProf...aspx?key=143034

W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)


Miekiemoes, one of our team members here and an MS-MVP, additionally has a blog post about Virut.
Chewy

No. Try not. Do... or do not. There is no try.

#10 SIH

SIH
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 20 April 2009 - 07:25 PM

Well it seems my best option is to format and reinstall?
What exactly will that do and how would I go about doing it?
I've never really done that.
Also, are there any risks that I would be taking with this option?

#11 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:58 AM

Posted 20 April 2009 - 07:49 PM

I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc..
Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.

Read here for instructions how to format and reinstall Windows:

http://web.mit.edu/ist/products/winxp/adva...all-format.html
Chewy

No. Try not. Do... or do not. There is no try.

#12 SIH

SIH
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 20 April 2009 - 08:01 PM

Could you explain how I would go about backing up those things?
Sorry for all the trouble, but i appreciate the help.
And i keep getting this zuh8wb3r.exe popup, part of the virus i assume?
Also, that link you gave me sends me to a broken page.

Edited by SIH, 20 April 2009 - 08:04 PM.


#13 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:58 AM

Posted 20 April 2009 - 08:09 PM

I would turn that computer off and leave it off until I was ready to retrieve what I needed, you have some homework to do

Remember if you connect another drive to use for backing up data then anything I have already mentioned could be infected.

Burning a cd or dvd might work until virut infects those programs
Chewy

No. Try not. Do... or do not. There is no try.

#14 SIH

SIH
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 20 April 2009 - 08:14 PM

So you are saying using an external drive the files would all get infected?
Or only if I got those certain things on there?
Like if i put the certain things needed and like music and stuff, I would be fine?
Sorry, I am quite lost and I'm not sure what to do.
I really appreciate the help though.

#15 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:58 AM

Posted 20 April 2009 - 08:16 PM

any .exe/.scr/.htm/.html/.xml/.zip/.rar files... already on that drive could be infected
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users