Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Iefeats virus/trojan


  • This topic is locked This topic is locked
12 replies to this topic

#1 gaelic123

gaelic123

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Location:Fridley, Minnesota
  • Local time:08:57 AM

Posted 14 June 2004 - 03:12 PM

I'm trying to help my nephew with a computer virus. He's running Windows XP on a laptop computer and he had let his AV subscription expire (Yes, I gave him hell for that)

Anyway I installed Norton Internet Security and ran a virus scan. It found 22 viruses. I have been able to delete almost all of them with Norton, Adaware, & Spybot Search & Destroy, and CW shredder except for one.

Norton AV finds Iefeats but it then I cannot delete it, and it doesn't give me the option to quarantine it either. I've gone to Symantec's knowledge base and tried to follow the instructions to manually delete it from the registry, but the entries I'm supposed to remove don't show on the right panel of the the registry.

It no longer exhibits the problems connected with the virus, but Norton still finds it whenever I run a scan.

Is there anyway to delete this? Or do you think the removal attempts have disabled it?

I'm not that computer literate myself, and I'm afraid to do too much more in the registry.

Any suggestions/feedback would be appreciated.

Thanks in advance,

Mary

P.S.
The specs in my signature are for my computer, not the one I'm trying to help with.
Dell XPS 933Mhz processor, 256 RAM, Windows98se, Linksys Cable/DSL Router,
Norton Internet Security Anti-Virus & Firewall, Adaware, Spybot Search & Destroy, Spywareblaster, Spyware Guard

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:57 AM

Posted 14 June 2004 - 03:35 PM

Can you give me the location where it is being found?

#3 gaelic123

gaelic123
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Location:Fridley, Minnesota
  • Local time:08:57 AM

Posted 14 June 2004 - 03:48 PM

It doesn't give a location that I can see.

Mary
Dell XPS 933Mhz processor, 256 RAM, Windows98se, Linksys Cable/DSL Router,
Norton Internet Security Anti-Virus & Firewall, Adaware, Spybot Search & Destroy, Spywareblaster, Spyware Guard

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:57 AM

Posted 14 June 2004 - 04:28 PM

It should say the location when it finds it.

It may be trapped in system restore where norton cant clean it. Wipe your system restore points by disabling and then enabling system restore.

Follow the tutorial below:

Windows XP System Restore Guide

#5 gaelic123

gaelic123
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Location:Fridley, Minnesota
  • Local time:08:57 AM

Posted 14 June 2004 - 09:30 PM

Grinler,

I disabled system restore and ran the Norton scan again. It couldn't delete
it (Adware.Iefeats) and this is the location (I think)

C\Recycler\S-1-5-21-2914288250-3095290957-2122901767-500\Dc2.exe


The scan also turned up another threat (Adware.websearch) it was located at

C\Documents and Settings\Windows user\Local settings\Temp\down.cab

Any ideas as to what I can do at this point to get rid of these?

Thanks in advance,

Mary
Dell XPS 933Mhz processor, 256 RAM, Windows98se, Linksys Cable/DSL Router,
Norton Internet Security Anti-Virus & Firewall, Adaware, Spybot Search & Destroy, Spywareblaster, Spyware Guard

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:57 AM

Posted 14 June 2004 - 09:36 PM

Empty your recycle bin. That will get rid of one of them.

Also post a hijackthis log for us to look at. Instructions below:

Create a directory on your hardrive to save HijackThis.exe. A directory like c:\hijackthis. If you do not do this, you will not be able to use the backup/restore features.

Download HijackThis from:

http://www.spywareinfo.com/~merijn/files/hijackthis.zip

or

http://tools.zerosrealm.com/hjt.zip

Save this file into the directory you made previously and then run the program named hijackthis.exe. When the program opens click on the Config button, then click on the Misc Tools button, and click on the Check for update online button. When it completes checking/applying updates press the back button.

Now click on the Scan button and when it is finished click on the Save Log button. A Notepad window will open with the contents of this log. Click on Edit then click on Select all. Then click on Edit and then Click on Copy.

Create a reply to this post here and right click in message area and select paste to paste the log into the post.

Someone will reply to you after reading this post. DO NOT fix any entries unless you understand what you are doing.

To see a tutorial on using HijackThis you can click on the link below:

How to use HijackThis to remove Browser Hijackers & Spyware

#7 gaelic123

gaelic123
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Location:Fridley, Minnesota
  • Local time:08:57 AM

Posted 14 June 2004 - 09:54 PM

Grinler,
I checked the recycle bin and there's nothing in it to empty.

The Hijack this log is as follows:

Logfile of HijackThis v1.97.7
Scan saved at 9:50:46 PM, on 6/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\twain_32\SiPix\SCBLINK2\USBPNP.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
C:\WINDOWS\twain_32\SiPix\SCBLINK2\BLINK2CC.exe
C:\WINDOWS\System32\Atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint\Apntex.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myway.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myway.com
F1 - win.ini: load=???
??? ???
?
? ?????
F1 - win.ini: run=???
??? ???
?
? ?????
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [USBPNP] C:\WINDOWS\twain_32\SiPix\SCBLINK2\USBPNP.exe
O4 - HKLM\..\Run: [SetupType] Portable
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [BLINK2CC] C:\WINDOWS\twain_32\SiPix\SCBLINK2\BLINK2CC.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Translate Page - res://c:\windows\downloaded program files\GoogleToolbar_en_1.1.66-deleon.dll/cmtrans.html
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1...n/GoogleNav.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7977.3593634259
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab


BTW another problem that might show up in this log is that his computer froze at shutdown a while back and instead of control-alt-delete or even turning it off, he unplugged it. Now when it boots up an error comes up that windows can't find file
and there are a whole bunch of little squares. If you x it out the system finishes lloading. The message says to remove it from the registry if you don't need it, but I don't even know what it is or where to find it. I'm just telling you this in case it helps iin reading the Hijack this log.

I'll wait for your instructions

Thanks,

Mary

Edited by gaelic123, 14 June 2004 - 10:08 PM.

Dell XPS 933Mhz processor, 256 RAM, Windows98se, Linksys Cable/DSL Router,
Norton Internet Security Anti-Virus & Firewall, Adaware, Spybot Search & Destroy, Spywareblaster, Spyware Guard

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:57 AM

Posted 14 June 2004 - 10:15 PM

Would this happen to be an japanese or chinese version of windows?

#9 gaelic123

gaelic123
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Location:Fridley, Minnesota
  • Local time:08:57 AM

Posted 14 June 2004 - 10:20 PM

Grinler,

No, it's an English version. Sorry, It's just really screwed up.

I wondered if the little squares with the question marks in the Hijack this log had to do with his shutdown/loading problem.

Mary
Dell XPS 933Mhz processor, 256 RAM, Windows98se, Linksys Cable/DSL Router,
Norton Internet Security Anti-Virus & Firewall, Adaware, Spybot Search & Destroy, Spywareblaster, Spyware Guard

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:57 AM

Posted 14 June 2004 - 11:17 PM

I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please put a checkmark in the box for each of these entries, close all other windows, and click the fix button:


F1 - win.ini: load=???
??? ???
?
? ?????
F1 - win.ini: run=???
??? ???
?
? ?????
O4 - HKLM\..\Run: [SetupType] Portable

Reboot and post a new log. Other than that I do not see anything, but it is possible that those entries in the win.ini could be causing problems.

#11 gaelic123

gaelic123
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Location:Fridley, Minnesota
  • Local time:08:57 AM

Posted 15 June 2004 - 07:52 AM

Grinler,

I did as you instructed. The file that was showing as an error at loading is no longer showing up(thank you!!!)

this is the new hijackthis log


Logfile of HijackThis v1.97.7
Scan saved at 7:42:43 AM, on 6/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\twain_32\SiPix\SCBLINK2\USBPNP.exe
C:\WINDOWS\twain_32\SiPix\SCBLINK2\BLINK2CC.exe
C:\WINDOWS\System32\Atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint\Apntex.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myway.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myway.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [USBPNP] C:\WINDOWS\twain_32\SiPix\SCBLINK2\USBPNP.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [BLINK2CC] C:\WINDOWS\twain_32\SiPix\SCBLINK2\BLINK2CC.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Translate Page - res://c:\windows\downloaded program files\GoogleToolbar_en_1.1.66-deleon.dll/cmtrans.html
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1...n/GoogleNav.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7977.3593634259
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab


I don't know if I'm supposed to do anything else. I haven't run another virus scan with to see if Iefeats and websearch virus threats will show up.

If they still show up shall I just exclude them from further scans? Since it can't delete them I just don't know what else to do.

Thanks so much for your help,

Mary
Dell XPS 933Mhz processor, 256 RAM, Windows98se, Linksys Cable/DSL Router,
Norton Internet Security Anti-Virus & Firewall, Adaware, Spybot Search & Destroy, Spywareblaster, Spyware Guard

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:57 AM

Posted 15 June 2004 - 10:33 AM

I do not see anything here that is a problem. If you havent done so already, please disable and reenable system restore.

Hopefully with what we did and doing that, it will not find the viruses any more.

#13 gaelic123

gaelic123
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Location:Fridley, Minnesota
  • Local time:08:57 AM

Posted 15 June 2004 - 03:15 PM

Grinler,

I had already disabled system restore before running the Norton AV scan.

After running an additional Norton AV scan it still detected both viruses(Iefeats and Adware.websearch)

I tried following the manual removal instructions for each of these on Symantec's page, but the values in the right registry panes weren't there.

The computer no longer exhibits symptoms of infection, and since I can't delete them, and you don't see anything amiss in the Hijackthis log, I've excluded them from future Norton AV scans.

Again, Thank you so much for your help.


Mary
Dell XPS 933Mhz processor, 256 RAM, Windows98se, Linksys Cable/DSL Router,
Norton Internet Security Anti-Virus & Firewall, Adaware, Spybot Search & Destroy, Spywareblaster, Spyware Guard




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users