Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virusburst Removed Or Still Present?


  • Please log in to reply
1 reply to this topic

#1 mark park

mark park

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 06 October 2006 - 08:23 PM

Hi :thumbsup:

I have carried out the instructions to remove Virusburst from my laptop from your website (how to remove virusburst removal instructions posted by Grinler on 31/09/2006) and it appers to have worked as there are no annoying task bar warnings of virus infection now, but when I ran the panda active scan at the final stage or removing the virus it said the following


Incident Status Location

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitRem.exe[smitRem/Process.exe]
Spyware:Cookie/Malwarewipe Not disinfected C:\Documents and Settings\Mark\Cookies\mark@malwarewipe[1].txt
Spyware:Cookie/VirusBurst Not disinfected C:\Documents and Settings\Mark\Cookies\mark@www.virusburst[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mark\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mark\Desktop\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\4TCUQKS9\smitRem[1].exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Roguescanfix\Process.exe
Adware:Adware/VideosCodec Not disinfected C:\Program Files\SoftCodec\isamini.exe
Adware:Adware/VideosCodec Not disinfected C:\Program Files\SoftCodec\pmmon.exe
Adware:Adware/VideosCodec Not disinfected C:\Program Files\SoftCodec\pmsngr.exe

So I am unsure if the virus really has been removed because it is not present on my task bar, but the panda software found it but does not apper to have removed it.... I am confused.

Here are the contents of my C:\Program Files\RoguesScanFix\task.txt

Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

Can you tell me what if any steps I need to take next.


Thanks.... a very confused and tired Mark. :flowers:

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:57 AM

Posted 07 October 2006 - 07:22 AM

process.exe is part of the smitfruad fix tool and detected by some antivirus programs as a "RiskTool", "Hacking tool, or "Potentially unwanted"; it is not a virus, but a program used to stop system processes. Anti-virus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. Potentially unwanted does not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. You can just delete the smitRem folder from your desktop.

If your using Win XP or 2000, do this.

First, print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.

Then please download, install and update AVG Anti-Spyware 7.5. DO NOT perform a scan yet.
Print out the AVG Anti-Spyware Install-Scan Instructions.

Go here and follow the instructions for using SmitfraudFix. Read "How to create/extract a ZIP File in Win ME/XP/2003" or "How to create/extract a ZIP File in Win 9x/2000" if your not sure how to do this.

After using the tool reboot again in "SAFE MODE".

Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Then scan with AVG Anti-Spyware 7.5 per the instructions you printed out and reboot normally.

DELETE the following folder IF STILL PRESENT. When found right-click and choose delete.

C:\Program Files\SoftCodec\ <- this folder
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users