Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How To Remove Project1.exe Virus ?


  • This topic is locked This topic is locked
15 replies to this topic

#1 jamesharden

jamesharden

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 26 August 2013 - 08:59 AM

my computer is having this virus very long time ago but i didint know that was a virus . After Heard it Was a Virus I am finding For it. Now i came here for a help to remove that virus .PLEASE HELP ME!!!             I am REALLY SAD of This Virus           

 

 

CAN PLEASE FAST REPLY ME ?? :(

 

Moderator Edit: Moved from the Windows 7 forum to a more appropriate forum

Roger


Edited by rotor123, 26 August 2013 - 09:29 AM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:47 AM

Posted 26 August 2013 - 05:41 PM

Hello jamesharden, and Welcome -

Project 1.Exe is a Remote Administration Tool that is used by hackers to control victim's machine remotely. Just like many other RATs, this one can record your keystroke inputs, disable firewall, install malicious files on computer and do other unwanted activities. Basically, the possibilities of such programs depend on the needs of the attacker. Severity scale: (37/100) = fairly bad.
The author is a hacker called Cybernetic cowb0y. He wrote this pest back in December 2002.

 

Advised removal methods (must be used in this numbered routine)

 

:step1: Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* Do not reboot your computer after running RKill as the malware programs will start again.
* If the tool does not run from any of the links provided, please let me know.

* If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

 

 

:step2: Please download Malwarebytes Anti-Malware Free (aka MBAM)

Do not accept the Free Trial Version at this time ............

* Double-click MBAM - setup.exe and follow the prompts to install the program.
* At the end, be sure to Check for Updates to be so it is current
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Scan, then click Quick Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
If you are not sure of any items, post the log and ask if it should be removed.

Be sure to reboot the computer after you post the log.

 

 

:step3: Please download AdwCleaner by Xplode onto your desktop.

*Close all open programs and internet browsers.
*Double click on adwcleaner.exe to run the tool.
*Click on Delete.
*Confirm each time with Ok.
* NOTE : Your computer will be rebooted automatically, and a log file will open after the restart.

*Please post the contents of that logfile with your next reply.
*You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

 

:step4: Download SUPERAntiSpyware Free (aka SAS)

Do not accept the 14 day Free Trial Version at this time ...........

* Double-click SAS - setup.exe and follow the prompts to install the program.
* At the end, be sure to Check for Updates to be so it is current
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.

NOTE : If the log is only Tracking Cookies, do not post that section of the log -
* Post the rest of the log back here.

Be sure to reboot the computer after you post the log.

 

Be sure those 4 logs are posted back here when completed, or only 1 at a time will do.

Please tell me if you still have the same problems -

 

Thank You -


Edited by noknojon, 26 August 2013 - 05:43 PM.


#3 jamesharden

jamesharden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 27 August 2013 - 01:33 AM

hi noknonjon,

 

Here is rKill.exe log : 

 

Rkill 2.6.1 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 08/27/2013 02:27:27 PM in x64 mode.
Windows Version: Windows 7 Professional 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]
 
Backup Registry file created at:
 C:\Users\Admin\Desktop\rkill\rkill-08-27-2013-02-27-33.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 08/27/2013 02:28:16 PM
Execution time: 0 hours(s), 0 minute(s), and 48 seconds(s)


#4 jamesharden

jamesharden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 27 August 2013 - 01:36 AM

hi noknonjon again,

 

Here Malwarebytes Log : 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.26.05
 
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Admin :: ADMIN-PC [administrator]
 
Protection: Enabled
 
8/27/2013 2:20:16 PM
mbam-log-2013-08-27 (14-20-16).txt
 
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 301140
Time elapsed: 13 minute(s), 4 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 17
HKCR\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\esrv.deltaESrvc.1 (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\esrv.deltaESrvc (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\delta.deltadskBnd.1 (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\delta.deltadskBnd (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\Interface\{1231839B-064E-4788-B865-465A1B5266FD} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCU\Software\BabSolution\Redir (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 4
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Data: Delta Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Data:  -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Explorer (Trojan.Agent) -> Data: c:\windows\resources\themes\explorer.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Svchost (Backdoor.Bot) -> Data: c:\windows\resources\svchost.exe -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bad: (http://www2.delta-search.com/?babsrc=HP_ss&mntrId=445AEC55F968BD4E&affID=122471&tsp=4986) Good: (http://www.google.com) -> Quarantined and repaired successfully.
 
Folders Detected: 4
C:\Users\Admin\AppData\Local\Temp\mt_ffx (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.24.6 (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
 
Files Detected: 8
C:\Users\Admin\AppData\Local\Temp\DeltaTB.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\C73B7C29-BAB0-7891-9F19-BAB80DED8840\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\C73B7C29-BAB0-7891-9F19-BAB80DED8840\Latest\BUSolution.dll (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\C73B7C29-BAB0-7891-9F19-BAB80DED8840\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\C73B7C29-BAB0-7891-9F19-BAB80DED8840\Latest\Setup.exe (PUP.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Admin\Downloads\Programs\Unlocker1.9.2.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Windows\Resources\spoolsv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Resources\Themes\icsys.icn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
 
(end)


#5 jamesharden

jamesharden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 27 August 2013 - 01:44 AM

hi noknonjon,
 
Here Is ADWCleaner Log : 
 
 
# AdwCleaner v3.001 - Report created 27/08/2013 at 14:42:01
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Professional  (64 bits)
# Username : Admin - ADMIN-PC
# Running from : C:\Users\Admin\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : BrowserDefendert
 
***** [ Files / Folders ] *****
 
[!] Folder Deleted : C:\ProgramData\Babylon
[!] Folder Deleted : C:\ProgramData\BrowserDefender
[!] Folder Deleted : C:\Program Files (x86)\delta
[!] Folder Deleted : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Windows\System32\Tasks\BrowserDefendert
File Deleted : C:\Windows\System32\Tasks\EPUpdater
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\5f2db88e239ec44
Key Deleted : HKLM\SOFTWARE\5f2db88e239ec44
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Delta
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7600.16385
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs]
 
-\\ Google Chrome v29.0.1547.57
 
[ File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : keyword
Deleted : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [4714 octets] - [27/08/2013 14:41:09]
AdwCleaner[S0].txt - [4396 octets] - [27/08/2013 14:42:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4456 octets] ##########

Edited by jamesharden, 27 August 2013 - 01:45 AM.


#6 jamesharden

jamesharden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 27 August 2013 - 01:52 AM

hi noknonjon again,

 

 

The SUPERAntiSpyware Doesn't detect any thing expect : Tracking Cookie



#7 jamesharden

jamesharden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 27 August 2013 - 02:06 AM

Hi noknonjon,

 

I am still having the same problem ...

When i try To Open A File It Auto Closes And Pop Out This Message 'Project1.exe' Has Stopped working



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:47 AM

Posted 27 August 2013 - 03:48 AM

Hi -

I only have been able to find 1 other option to remove it - With an Antivirus Scanner -

 

How To Temporarily Disable Your Anti-virus while you scan -

Scan your machine with ESET OnlineScan
1. Hold down Control Key and click HERE to open ESET OnlineScan in a new window.
2. Click the ESET Online Scanner button.
3. NOTE :.For alternate browsers only: (Microsoft Internet Explorer users can skip these 2 steps)

 

- 1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- 2. Double click on the ESET Online Scanner icon on your desktop.

 

 4. Check "YES, I accept the Terms of Use."
 5. Click the Start button.
 6. Accept any security warnings from your browser.
 7. Under scan settings, check Scan Archives and Remove found threats
8. Click Advanced settings and select the following:

Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

 9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time to download the program for a first time, and then download updated data base (1 to 2  hours is not unusual)
10. When the scan completes, click List Threats
11. Click Export, and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply.
12. Click the Back button.
13. Click the Finish button
Or you can find a report at  C:\Program Files\esetonlinescanner\log.txt.

 

 

Thanks -



#9 jamesharden

jamesharden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 27 August 2013 - 08:48 AM

By The Same Time,

 

I've Noticed that My Malwarebytes Anti-Virus Keep Detect virus A minute To Minute

 

Here The Evidence:http://postimg.org/image/52i107n1j/

 

I Have Noticed that The Virus Had Detect More Than   76   is (spoolsv.exe)      1     (explorer.exe)       1 (icsys.inc.exe) 



#10 jamesharden

jamesharden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 27 August 2013 - 09:00 AM

Hi Again Noknonjon,
 
 
C:\Computer\Games\SuddenAttackSEA\launcher.exe a variant of Win32/TrojanDownloader.VB.QCC trojan cleaned by deleting - quarantined
C:\Computer\Games\SuddenAttackSEA\launcher.exe.exe a variant of Win32/TrojanDownloader.VB.QCC trojan cleaned by deleting - quarantined
C:\Computer\Games\SuddenAttackSEA\SAManualPatcher_201301021728_201302081237(MAL)_R1.exe a variant of Win32/TrojanDownloader.VB.QCC trojan cleaned by deleting - quarantined
C:\Computer\Games\SuddenAttackSEA\SAManualPatcher_201302210904_201303071110(MAL).exe a variant of Win32/TrojanDownloader.VB.QCC trojan cleaned by deleting - quarantined
C:\Computer\Games\SuddenAttackSEA\SAManualPatcher_201306111634_201306271147(MAL).exe a variant of Win32/TrojanDownloader.VB.QCC trojan cleaned by deleting - quarantined
C:\Computer\Games\SuddenAttackSEA\SAManualPatcher_201307171729_201307292113(MAL).exe a variant of Win32/TrojanDownloader.VB.QCC trojan cleaned by deleting - quarantined
C:\Computer\Games\SuddenAttackSEA\suddenattack.exe a variant of Win32/TrojanDownloader.VB.QCC trojan cleaned by deleting - quarantined
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\035B6JNR\pack[1].7z a variant of Win32/bProtector.A application deleted - quarantined
C:\Users\Admin\AppData\Local\Temp\C73B7C29-BAB0-7891-9F19-BAB80DED8840\Latest\BExternal.dll a variant of Win32/Toolbar.Babylon.F application cleaned by deleting - quarantined
C:\Users\Admin\AppData\Local\Temp\C73B7C29-BAB0-7891-9F19-BAB80DED8840\Latest\IEHelper.dll Win32/Toolbar.Babylon.E application cleaned by deleting - quarantined
C:\Windows\Resources\spoolsv.exe a variant of Win32/TrojanDownloader.VB.QCC trojan cleaned by deleting - quarantined
C:\Windows\Resources\svchost.exe a variant of Win32/TrojanDownloader.VB.QCC trojan cleaned by deleting - quarantined
C:\Windows\Resources\Themes\explorer.exe a variant of Win32/TrojanDownloader.VB.QCC trojan cleaned by deleting (after the next restart) - quarantined
C:\Windows\Resources\Themes\icsys.icn.exe a variant of Win32/TrojanDownloader.VB.QCC trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/TrojanDownloader.VB.QCC trojan contained infected files


#11 jamesharden

jamesharden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 27 August 2013 - 09:15 AM

Dear Noknonjon,

 

Thanks For Your Instruction From The beginning until the Virus Is Totally Removed

 

Thanks For Leaving Ur Time For Me

 

 

Thanks-



#12 jamesharden

jamesharden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 27 August 2013 - 09:29 AM

Hi Noknonjon,

 

Now The Project1.exe Had Been Removed Sucessfully.

 

The Another Problem Is Malwarebytes Detect The spoolsv.exe Virus A minute To A Minute.

 

Here The Evidence : http://postimg.org/image/52i107n1j/



#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:47 AM

Posted 27 August 2013 - 04:54 PM

OK -

Malwarebytes is there to find these things -

Make sure all items are removed (post a Scan Log if you have one) and then rescan to see a result.

The infection you had (RAT) is a Severe one, and can cause many problems.

 

Rescan after you have removed the infections and scan with SUPERAntiSpyware Free (aka SAS)

This is a similar program, but do not post a log if it only cleans Tracking Cookies -

 

Thanks -

 



#14 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:47 AM

Posted 28 August 2013 - 07:32 PM

Hi -

Also can you please Download MiniToolBox, Save it to your desktop and run it.
Checkmark the following boxes only :
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
• List Minidump Files
 Click Go and copy / paste the result (Result.txt).

 

There seems to be an ongoing problem, and we need to isolate it ......

 

Thanks -



#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:47 AM

Posted 01 September 2013 - 09:12 AM

Since you have now opened a New Topic in the same forum area, I will assume this problem is now solved.

Several posts in the same section will add to confusion for all.

Follow the post below and combine all your problems into one -

 

Please read Preparation Guide and post a new topic in

Virus, Trojan, Spyware, and Malware Removal Logs

 

Please post there and wait for a reply from the Experts in Malware Removal Area.

 

There can be a wait if the Experts get a bit busy, but all posts are answered in turn -

 


Please post to the Malware Removal Logs area even if you are unable to produce the requested logs, and an Expert will assist you with removal of the problem - Leave a link to this topic so the helper can read your original problem -

 

 

Thank You -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users