Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"your Computer Is Infecting"


  • Please log in to reply
8 replies to this topic

#1 draven

draven

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Location:England
  • Local time:08:08 PM

Posted 09 September 2006 - 04:12 PM

Hello,

All today ive been trying to get rid of two peices of spyware located in C: drive, they are : -

1. ann.exe

2. winstall.exe

Everytime i connect to the internet in the taskbar their is a little round red icon with a white x in it and its saying "your computer is infecting" and then both .exe listed above try to get through my firewall.

I used SmitfraudFix and its still on my computer, here is the rapport.txt file : -


SmitFraudFix v2.85

Scan done at 20:40:50.90, 09/09/2006
Run from C:\Documents and Settings\Default\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files

C:\winstall.exe Deleted
C:\Documents and Settings\Default\Application Data\Install.dat Deleted

Deleting Temp Files


Registry Cleaning

Registry Cleaning done.

After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End



For some reason the ann.exe dont show up on the rapport and it wasnt deleted.


Could someone please tell me what i need to delete this spyware of my computer.


thanks.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,469 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:08 PM

Posted 09 September 2006 - 08:05 PM

Go to virustotal.com
In the "Select file" box, click the "browse" button and locate this file:
C:\ann.exe
Click "Open", then click the "Submit" button. Copy the results and paste them in your next reply.

Then download and scan with Ewido Anti-Spyware v4.0 in "SAFE MODE".
Print out the Ewido Install and Scan Instructions.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 draven

draven
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Location:England
  • Local time:08:08 PM

Posted 10 September 2006 - 05:58 AM

From virustotal.com


STATUS: FINISHED
Complete scanning result of "ann.exe", received in VirusTotal at 09.10.2006, 12:45:19 (CET).


Antivirus Version Update Result
AntiVir 7.1.1.16 09.09.2006 TR/Dldr.Small.cpg.1
Authentium 4.93.8 09.09.2006 could be infected with an unknown virus
Avast 4.7.844.0 09.08.2006 no virus found
AVG 386 09.08.2006 no virus found
BitDefender 7.2 09.10.2006 no virus found
CAT-QuickHeal 8.00 09.09.2006 no virus found
ClamAV devel-20060426 09.10.2006 Trojan.Downloader.Small-1339
eTrust-InoculateIT 23.72.120 09.08.2006 Win32/Unknown!Trojan
eTrust-Vet 30.3.3070 09.09.2006 Win32/Oneraw!generic
DrWeb 4.33 09.10.2006 Trojan.Fakealert
Ewido 4.0 09.10.2006 Not-A-Virus.Hoax.Win32.Renos.eo
Fortinet 2.77.0.0 09.09.2006 Adware/PestTrap
F-Prot 3.16f 09.09.2006 could be infected with an unknown virus
F-Prot4 4.2.1.29 09.09.2006 generic
Ikarus 0.2.65.0 09.08.2006 no virus found
Kaspersky 4.0.2.24 09.10.2006 not-virus:Hoax.Win32.Renos.eo
McAfee 4848 09.08.2006 potentially unwanted program Adware-PestTrap
Microsoft 1.1560 09.09.2006 no virus found
NOD32v2 1.1746 09.08.2006 a variant of Win32/Adware.SpySheriff
Norman 5.80.02 09.08.2006 no virus found
Panda 9.0.0.4 09.09.2006 Adware/SpySheriff
Sophos 4.09.0 09.10.2006 no virus found
Symantec 8.0 09.10.2006 no virus found
TheHacker 5.9.8.208 09.08.2006 no virus found
UNA 1.83 09.08.2006 Hoax.Win32.Renos.069E
VBA32 3.11.1 09.10.2006 Hoax.Win32.Renos.bx#1
VirusBuster 4.3.7:9 09.09.2006 no virus found

Aditional Information

File size: 29184 bytes

MD5: 31ea18db3c6174a54e6a16cacdb7a040

SHA1: 4eff3c99f43e716ed5a0acb624d76c0f77b55a48

Edited by draven, 10 September 2006 - 05:59 AM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,469 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:08 PM

Posted 10 September 2006 - 07:43 AM

Did you run the Ewido scan yet? If not, do so. Are you experiencing any other problems with your pc - popup alerts, browser redirection, etc.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 draven

draven
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Location:England
  • Local time:08:08 PM

Posted 10 September 2006 - 09:08 AM

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 14:46:29 10/09/2006

+ Scan result:



HKU\S-1-5-21-527237240-1677128483-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Windows installer -> Adware.PestTrap : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP301\A0083775.exe -> Backdoor.IRCBot.su : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP308\A0084596.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP308\A0084604.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP308\A0084637.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP308\A0084645.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP308\A0084873.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP308\A0084922.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP309\A0084998.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP310\A0085074.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\csevn.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\cshtr.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\NUGVFL01\popup[1].php -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\NUGVFL01\popup[2].php -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Dan\Local Settings\Temp\temp.fr4EFE -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\NUGVFL01\n[1].exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP310\A0086115.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP310\A0086122.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP310\A0086134.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP310\A0086139.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\A0086148.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\A0086194.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\A0086195.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\A0086196.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\A0089202.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\A0089203.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\A0089205.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\A0089206.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\A0091218.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\A0091219.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\A0091236.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\A0091239.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\A0091257.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\A0091258.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\A0091262.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\A0091274.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\A0091301.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\A0091302.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\A0091328.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\snapshot\MFEX-1.DAT -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\snapshot\MFEX-2.DAT -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\ann.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\winstall.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\Documents and Settings\Dan\Cookies\dan@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Dan\Cookies\dan@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\Dan\Cookies\dan@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Dan\Cookies\dan@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Dan\Cookies\dan@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Dan\Cookies\dan@vip.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\Dan\Cookies\dan@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Dan\Cookies\dan@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Dan\Cookies\dan@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Dan\Cookies\dan@ehg-techtarget.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Dan\Cookies\dan@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Dan\Cookies\dan@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Dan\Cookies\dan@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Dan\Cookies\dan@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Dan\Cookies\dan@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Dan\Cookies\dan@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
C:\Documents and Settings\Dan\Cookies\dan@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ntoskrnl.dll -> Trojan.Agent.rx : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dmgbz.exe -> Trojan.DNSChanger.aw : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dmmrc.exe -> Trojan.DNSChanger.aw : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dmxhy.exe -> Trojan.DNSChanger.aw : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dmxyq.exe -> Trojan.DNSChanger.aw : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\favset.exe -> Trojan.Favadd.an : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP310\A0086121.exe -> Trojan.Puper.bx : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\howiper.exe -> Trojan.Qhost.df : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP308\A0084600.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP308\A0084651.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP308\A0084877.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP308\A0084928.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP309\A0084993.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP309\A0085002.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP310\A0085072.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP310\A0086077.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP310\A0086094.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP310\A0086129.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\A0086146.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\A0089200.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\A0089214.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\A0091227.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\A0091247.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\A0091272.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\A0091293.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\A0091310.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP311\A0091327.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dmlla.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dmlnx.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dmumt.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{84B030D6-5E50-47A6-AD78-2795F4CF5E5D}\RP310\A0086119.exe -> Trojan.Small.gq : Cleaned with backup (quarantined).


::Report end

#6 draven

draven
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Location:England
  • Local time:08:08 PM

Posted 10 September 2006 - 09:11 AM

After an hour long scan, i did everything listed, i connected to the internet and the pop up came back and so did ann.exe and winstall.exe.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,469 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:08 PM

Posted 10 September 2006 - 02:38 PM

Please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". When you have done that, post a log in the HijackThis Logs and Analysis Forum, not here, for assistance by the HJT Team Experts.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix.

It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. Please be patient. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have no replies as this makes it easier for them to identify those who have not been helped. If you post another response, a team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log here.

After posting a log you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc.) unless advised by a HJT Team member. Doing so can result in system changes which may not show it the log you already posted and any modifications you make may complicate the malware removal process.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 draven

draven
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Location:England
  • Local time:08:08 PM

Posted 10 September 2006 - 03:57 PM

Is there anything else i can do with Ewido? - delete files etc?

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,469 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:08 PM

Posted 10 September 2006 - 04:03 PM

If these files keep returning there is something on your system causing this to happen. The steps you have taken so far has not resolved the problem. Its time to have a deeper look as to what's going on with your system by creating a hijackthis log. This will help us to identify and remove any malware files that may be responsible for your problems.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users