Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with -win32/renos.dz


  • Please log in to reply
1 reply to this topic

#1 cufu

cufu

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 01 July 2009 - 06:37 AM

i get a message from fire wall -every 10 minutes that says my computer is infected
tells me to remove it i push on the button that says remove all but it comes back
also the reboot its slower
thank you

Attached File  dds.Attach.txt   14.27KB   13 downloads
DDS (Ver_09-06-26.01) - NTFSx86
Run by pc at 21:02:28.34 on Wed 01/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.111 [GMT 10:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\setup.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\pc\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bigpond.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Hacked by Godzilla
mSearch Bar = hxxp://www.google.com/ie
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\2.bin\MWSSRCAS.DLL
uURLSearchHooks: vidica Toolbar: {d7d30ba6-d1f4-4aa9-9187-f20c30930597} - c:\program files\vidica\tbvid1.dll
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\2.bin\MWSSRCAS.DLL
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SkypeIEHelper Class: {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\progra~1\skype\toolbars\skypef~1\SKYPE_~1.DLL
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: XML Class: {500bca15-57a7-4eaf-8143-8c619470b13d} - c:\windows\system32\msxml71.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: vidica Toolbar: {d7d30ba6-d1f4-4aa9-9187-f20c30930597} - c:\program files\vidica\tbvid1.dll
BHO: {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - Nothing
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Skype Toolbar for Internet Explorer: {b13721c7-f507-4982-b2e5-502a71474fed} - c:\program files\skype\toolbars\skype for internet explorer\skype_toolbar.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL
TB: vidica Toolbar: {d7d30ba6-d1f4-4aa9-9187-f20c30930597} - c:\program files\vidica\tbvid1.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: My Skype™ Contacts: {029f4681-0900-4227-a3cb-52f1ed4a8529} - c:\progra~1\skype\toolbars\skypef~1\SKYPE_~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\2.bin\mwsoemon.exe
uRun: [Cognac] c:\docume~1\pc\locals~1\temp\b.exe
mRun: [RaidTool] c:\program files\via\raid\raid_tool.exe
mRun: [VTTimer] VTTimer.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"
mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
mRun: [HttpDetect]
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SpeedOptimizer] c:\progra~1\speedo~1\SPO.EXE -s
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\2.bin\M3PLUGIN.DLL,UPF
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\2.bin\mwsoemon.exe
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [NSLauncher] c:\program files\nokia\nokia software launcher\NSLauncher.exe /startup
mRun: [MS32DLL] c:\windows\MS32DLL.dll.vbs
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\pc\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZRfox000
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\progra~1\skype\toolbars\skypef~1\SKYPE_~1.DLL
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\office
Trusted Zone: microsoft.com\V4.Windowsupdate
Trusted Zone: microsoft.com\Windowsupdate
Trusted Zone: microsoft.com and https\V5.Windowsupdate
Trusted Zone: Windowsupdate.com\Download
DPF: {134F7664-943D-3BB9-65F5-70B91DF46C86} - hxxp://www.xxxcodec.com/xxxcodec-v3.508.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\program files\ewido anti-malware\shellhook.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
LSA: Notification Packages = :\windows\system32\srrstr.dll cecli scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pc\applic~1\mozilla\firefox\profiles\l63vaibf.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2005-12-30 3072]
R2 AcuWVSSchedulerv5;Acunetix WVS Scheduler v5;c:\program files\acunetix\web vulnerability scanner 5\WVSScheduler.exe [2008-10-8 656384]
R2 Ast Service;Ast Service;c:\windows\system32\AstSrv.exe [2008-6-12 57344]
R2 ewido security suite control;ewido security suite control;c:\program files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\2.bin\mwssvc.exe [2008-10-9 28762]
S2 XXXCodec Acceleration Service;XXXCodec Service;c:\program files\xxxcodec\casrv.exe --> c:\program files\xxxcodec\casrv.exe [?]
S3 alcan5ln;SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [2005-11-23 36256]
S3 DCamUSBLTN;Kodak DVC325 Digital Video Camera;c:\windows\system32\drivers\dvc325.sys --> c:\windows\system32\drivers\dvc325.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34448]
S3 qcusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\ZTEusbmdm.sys [2007-3-2 99584]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2008-11-13 11520]
S4 ewido security suite guard;ewido security suite guard;c:\program files\ewido anti-malware\ewidoguard.exe [2005-12-19 151616]

=============== Created Last 30 ================

2009-07-01 08:20 <DIR> --d----- c:\windows\system32\NtmsData
2009-07-01 06:45 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-07-01 06:44 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-07-01 06:44 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-07-01 06:26 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-07-01 06:26 <DIR> --d-h--- C:\BJPrinter
2009-07-01 06:26 <DIR> --d-h--- C:\CanonMP
2009-07-01 06:26 <DIR> --d----- c:\program files\1stWORKS
2009-07-01 06:25 <DIR> --d----- c:\windows\OptionScope
2009-07-01 06:25 <DIR> --d----- c:\program files\common files\Equis
2009-07-01 06:25 <DIR> --d----- c:\windows\LastGood(2)
2009-07-01 02:50 <DIR> --d----- c:\windows\system32\XPSViewer
2009-07-01 01:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-07-01 01:50 <DIR> --d----- c:\program files\STOPzilla!
2009-07-01 01:50 <DIR> --d----- c:\program files\common files\iS3
2009-07-01 01:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-07-01 01:33 <DIR> --d----- c:\documents and settings\pc\IECompatCache
2009-07-01 01:30 <DIR> --dsh--- c:\documents and settings\pc\PrivacIE
2009-07-01 01:20 <DIR> --dsh--- c:\documents and settings\pc\IETldCache
2009-07-01 01:15 <DIR> --d----- c:\windows\ie8updates
2009-07-01 01:11 <DIR> -cd-h--- c:\windows\ie8
2009-06-30 22:33 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2009-06-29 06:17 129,028 a------- c:\windows\msa.exe
2009-06-29 06:17 205,828 a------- c:\windows\system32\msxml71.dll
2009-06-29 02:01 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-06-29 02:01 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-06-29 02:01 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-06-29 02:01 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-06-29 02:01 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-29 02:01 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-06-29 02:01 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-06-29 02:01 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-06-29 02:01 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-06-29 01:54 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-06-29 01:54 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-29 01:54 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-06-28 22:43 <DIR> --d----- c:\program files\Telstra
2009-06-10 11:09 268 a---h--- C:\sqmdata19.sqm
2009-06-10 11:09 244 a---h--- C:\sqmnoopt19.sqm
2009-06-09 21:34 268 a---h--- C:\sqmdata18.sqm
2009-06-09 21:34 244 a---h--- C:\sqmnoopt18.sqm

==================== Find3M ====================

2009-06-29 20:59 0 a--shr-- C:\MS32DLL.dll.vbs
2009-05-13 15:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-08 01:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 14:56 827,392 a------- c:\windows\system32\wininet(3).dll
2009-04-29 14:56 1,159,680 a------- c:\windows\system32\urlmon(3).dll
2009-04-17 22:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-16 00:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2008-10-02 20:12 60,744 -------- c:\documents and settings\pc\g2mdlhlpx.exe
2008-08-27 15:22 31,224 -------- c:\docume~1\pc\applic~1\GDIPFONTCACHEV1.DAT
2008-03-04 12:06 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2005-01-23 08:10 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012005012320050124\index.dat
2005-01-23 08:10 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 21:03:08.71 ===============

BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:58 AM

Posted 04 July 2009 - 09:29 AM

hi,

Sorry for delay, no shortage of posters. If you still need help you can try this;

to help show all files:
FOr XP: on the desktop double click my computer,at the top click on> tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then ok

Next boot computer into safe mode. To reach Safe mode you would tap the f8 key during a computer restart. Chose the first option from the list: safe mode. we will look for and delete some files and uninstall a few while in safe mode:

you might want to copy/paste what follows into notepad and save it so you can find it in safe mode:
once at the safe mode desktop;

navigate to:
c:\windows
look for and delete this file:
MS32DLL.dll.vbs

navigate to:
c:\docume~1\pc\locals~1\temp\b.exe
c:\documents and settings\pc\local settings\temp
delete all you can in the temp folder, make sure you get b.exe

navigate to:
c:\program files\xxxcodec\casrv.exe
delete the entire xxxcodec folder


Empty your Temp folders. Go to Start > Run and type:cleanmgr. Windows will scan. When done check these 3 and press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin

Look in add/remove programs panel and uninstall;
MyWebSearch and/or MyWebSearch Search Assistant

also uninstall this if present:
Vidica Toolbar

click start->settings->control panel->internet options->programs tab->RESET WEB SETTINGS

Reboot normally and get a download to use:

Please download Malwarebytes' Anti-Malware (MBAM) to your desktop:

http://www.malwarebytes.org/mbam.php

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click **Remove Selected.**

**A restart of your computer most likely will be required to remove some items.**

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

Post the MBAM log in your reply.


you may as well uninstall this via the add/remove programs panel:
ewido anti-malware

I dont see a anti-virus app on board. Do you have/need one?
you can do a
online scan here:

ESET online scanner:

http://www.eset.com/onlinescan/

uses Internet Explorer only
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan unwanted applications"
click scan
when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt
please copy/paste that log in next reply.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users