Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

N

nsfirechap

31 Posts

47445

December 18th, 2004 22:00

Help with Maleware/Spyware

My Dell 5100 laptop is bombarded with maleware - elite toolbar, Kalvys, and others thant Norton Anti virus cannot remove, Adware & spybot "clean" them but they are still there on the rescan. My IE toolbar has been hijacked and locked to "about blank". I did go to safe mode and removed all the registry entries pertaining to these but still came back. I also reformatted the hard drive and reloaded using the Dell XP restore cd but the buggers are still there. Is there a possibility that they are residing on the partition that Dell tech support says stays there for system restore? Any help anyone can provide will be great and deeply and desperately appreciated.
 
Jeff 
:smileymad::smileymad::smileymad::smileymad::smileymad:

Midnight Star

4.8K Posts

December 28th, 2004 13:00

Jeff,

It looks like it came in via an ActiveX control, possibly from a website you visited - a drive by download.

-

Ok, let's start by doing this...

1.  Download, unzip and run "About:Buster". When it's done, run it again for good measure.

2.  Go to www.trendmicro.com and click "Free Online Scan". When it's down, select all available drives, and click "Scan".

3.  Run AdAware SE Personal and "perform a full system scan".

4.  Run Spybot S&D and "Check for Problems".

5.  Post back a new log.

-

It looks like there's a few viruses/ trojans running and i'm hoping the steps above will get em'. If not, 'wax' em' with HiJackThis.

Mike.

 

nsfirechap

31 Posts

December 28th, 2004 18:00

Mike,

Per your instructions I did the following:

1.  Download, unzip and run "About:Buster". When it's done, run it again for good measure.

   Ran it and it said nothing found

2.  Go to www.trendmicro.com and click "Free Online Scan". When it's down, select all available drives, and click "Scan".

  tried numerous times and got warnings messages and the site "shut down"

3.  Run AdAware SE Personal and "perform a full system scan".

    now when I run AdAware the only files it detects refer to "cool web search" but here's the kicker - now when I try and fix them AdAware locks up and I need to use task manager to shut it down. I tried restarting the laptop a few times and it still does this. 

4.  Run Spybot S&D and "Check for Problems".

    Spybot doesn't find anything

5.  Post back a new log. 

 

Also I noticed in the add/remove file there is now a program titled Home Search Assistant - when I click on remove it automatically takes me to a web site that gives directions to remove and of course when I follow those nothing happens(I feel like an idiot-probrably should not have clcik on the links it brought me to, eh)

as far as Hijack this log this is it:

Logfile of HijackThis v1.99.0
Scan saved at 11:33:20 AM, on 12/28/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\crwc32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\elqug.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\elqug.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\elqug.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\elqug.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\elqug.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\elqug.dll/sp.html#14044
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {CFDEDD7B-3C68-3EA9-44F9-80368394C67C} - C:\WINDOWS\javawc.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [javaqi.exe] C:\WINDOWS\system32\javaqi.exe
O4 - HKLM\..\Run: [iecy.exe] C:\WINDOWS\system32\iecy.exe
O4 - HKLM\..\Run: [mfckn32.exe] C:\WINDOWS\system32\mfckn32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103155708825
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\system32\crwc32.exe

 

I sure owe you big time for your help - gotta do something about this laptop bad - I am heading for Iraq next month and need to get it working right and figure out how to prevent this mess from happening again.

 Jeff

   

 

 

Midnight Star

4.8K Posts

December 28th, 2004 19:00

Jeff,

Let's try CWShredder and see if it recognizes this thing. Download, unzip and run it. Then click "Fix ->".

Post back the results.

Mike.
 

nsfirechap

31 Posts

December 28th, 2004 19:00

oops forgot to mention I ran CW shredder it did not recognize it

Midnight Star

4.8K Posts

December 28th, 2004 19:00

Jeff,
 
I know. If i'm not mistaken, there's going to be an increase in very, very difficult to remove 'infections'.
 
-
 
Here's a process i'm not familar with:
 
C:\WINDOWS\system32\crwc32.exe
 
So, we'll hold off on deleting that file from your harddrive until last.
 
-
 
Let's get started...
 

Now, let's run HiJackThis, then:
1.  click " Config..."
2.  click " Misc Tools"
3.  click " Delete a file on reboot"
4.  browse to, then double-click on each of the file(s) below, one at a time:
 
    C:\WINDOWS\system32\elqug.dll
    C:\WINDOWS\javawc.dll
    C:\WINDOWS\system32\javaqi.exe
    C:\WINDOWS\system32\iecy.exe
    C:\WINDOWS\system32\mfckn32.exe
 
5.  when prompted to " Reboot Now", after selecting each file, select " No"
 

Run HiJackThis and click " Scan", then check(tick) the following, if present:
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\elqug.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\elqug.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\elqug.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\elqug.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\elqug.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\elqug.dll/sp.html#14044
 
R3 - Default URLSearchHook is missing
 
O2 - BHO: (no name) - {CFDEDD7B-3C68-3EA9-44F9-80368394C67C} - C:\WINDOWS\javawc.dll
 
O4 - HKLM\..\Run: [javaqi.exe] C:\WINDOWS\system32\javaqi.exe
O4 - HKLM\..\Run: [iecy.exe] C:\WINDOWS\system32\iecy.exe
O4 - HKLM\..\Run: [mfckn32.exe] C:\WINDOWS\system32\mfckn32.exe
 
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7.cab
 
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\system32\crwc32.exe
 

Now, with all windows closed except HiJackThis, click " Fix checked".
 
Reboot your computer.
 

Post back a new log.

Mike.

 

nsfirechap

31 Posts

December 28th, 2004 19:00

just noticed in the add/remove programs the following two programs that it won't let me delte also:
 
search Extender
 
Shopping wizard:smileymad::smileymad::smileymad::smileymad::smileymad:

nsfirechap

31 Posts

December 28th, 2004 22:00

Mike,

 

Did  what you suggested in kijack - the three programs are still listed in the add/remove folder.

Here's the latest hijack log.

Jeff

Logfile of HijackThis v1.99.0
Scan saved at 3:41:52 PM, on 12/28/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103155708825
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

Midnight Star

4.8K Posts

December 28th, 2004 23:00

Jeff,
 
If they can't be removed now, they might be 'stuck' there.
 
How's the system running overall? Does the problem seem resolved?
 
Mike.
 

nsfirechap

31 Posts

December 28th, 2004 23:00

this is what the adaware log says: since the forum here would not let me send the whole file at one time I am sending what looks like the bad stuf it found
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5
 
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 CoolWebSearch Object Recognized!
    Type               : File
    Data               : iiqdr.dat
    Category           : Malware
    Comment            :
    Object             : C:\WINDOWS\
 
 CoolWebSearch Object Recognized!
    Type               : File
    Data               : kxmwl.dat
    Category           : Malware
    Comment            :
    Object             : C:\WINDOWS\
 
 CoolWebSearch Object Recognized!
    Type               : File
    Data               : lmvux.txt
    Category           : Malware
    Comment            :
    Object             : C:\WINDOWS\
 
 CoolWebSearch Object Recognized!
    Type               : File
    Data               : isoqj.log
    Category           : Malware
    Comment            :
    Object             : C:\WINDOWS\system32\
 
 CoolWebSearch Object Recognized!
    Type               : File
    Data               : mmwfe.log
    Category           : Malware
    Comment            :
    Object             : C:\WINDOWS\system32\
 
 CoolWebSearch Object Recognized!
    Type               : File
    Data               : mzmeg.dat
    Category           : Malware
    Comment            :
    Object             : C:\WINDOWS\system32\
 
 CoolWebSearch Object Recognized!
    Type               : File
    Data               : qpaug.txt
    Category           : Malware
    Comment            :
    Object             : C:\WINDOWS\system32\
 
 CoolWebSearch Object Recognized!
    Type               : File
    Data               : thbmr.dat
    Category           : Malware
    Comment            :
    Object             : C:\WINDOWS\system32\
 
 CoolWebSearch Object Recognized!
    Type               : File
    Data               : wyvvy.txt
    Category           : Malware
    Comment            :
    Object             : C:\WINDOWS\system32\
 
 CoolWebSearch Object Recognized!
    Type               : File
    Data               : tzcvc.txt
    Category           : Malware
    Comment            :
    Object             : C:\WINDOWS\
 
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 CoolWebSearch Object Recognized!
    Type               : RegValue
    Data               :
    Category           : Malware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\internet explorer\main
    Value              : Use Search Asst
 CoolWebSearch Object Recognized!
    Type               : RegValue
    Data               :
    Category           : Malware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft
    Value              : set
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 17
4:17:24 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:05:36.254
Objects scanned:78694
Objects identified:12
Objects ignored:0
New critical objects:12

 

nsfirechap

31 Posts

December 28th, 2004 23:00

Ok here's the latest Mike:
 
I ran a program i have called CC Cleaner - it's supposed to clean up temp files, etc. it picked up and deleted 145MB of "junk" after it ran I checked the add/remove folders and those files are gone. I.E. seems no longer to be hijacked and I am not getting bombarded with pop ups from out of nowhere(course  iwonder if the pop up acion is because  ifinally got off my add new stuff paranoia and loaded XP service pack 2.
 
But here is what has me confused - I run Adaware and I still get 12 critical objects titled cool web if it will help here is the lof from adaware - I have to post it in another message due to the size lmititations of these forums.:
 
Should i go into the registry and see about manually deleting these entries?
 
Thanks a ton - I owe ya!!!
 
Jeff 
 
 

Midnight Star

4.8K Posts

December 29th, 2004 06:00

Jeff,

Your welcome!

Just curious; can you post back the contents of a couple of the text files first? Only if they contain printable characters.

Like:

lmvux.txt
qpaug.txt
wyvvy.txt
tzcvc.txt

... i'm curious about the contents.

 
Thanks,
 
Mike.
 

nsfirechap

31 Posts

December 29th, 2004 19:00

Mike,

 

The last few Adaware scans show clean - some of the previously found items show up in registry kets. Also when I run Norton Antivirus the maleware files I had problems with this time (as well as the last time) show up in the log, and as the last few times show as not able to fix.

 

Jeff

 

Midnight Star

4.8K Posts

December 29th, 2004 20:00

Jeff,

You might try running those from "Safe Mode" and see if they can be deleted that way? Which files are showing up, the ones you posted above? Can they be removed on reboot?

Mike.

 

nsfirechap

31 Posts

December 29th, 2004 21:00

Mike,

 I ran Adaware in normal and safe mode - nothing shows up(either in spybot too).

ran Norton Antivirus in normal and safe and the following files show up everytime and when I try and fix them it says fix failed Norton identifies them as Maleware threats:

 

compressed file bullseye network/bin/adv.exe within c:\windows\system32\mac80ex.idf

next entry same as above ecept adx.exe replaces adv.exe

next entry the same cept entry reading bin/bargains follows bullseye netwrok/

windows\system32\config\systemprofile\local settings\temporary internet files\content.IES\81Q74X63163\bb[1}.exe

compressed file windows/system32\exdl.exe within windows\system32\netut80ex.vxd

next entry the same cept exul.exe followa first system32

next entry the same cept javexulm.vxe follows first system32

next one the same cept mgexdlm.srg follows first system32

windows\system32\msbe.dll within c:\windows\system32\mac80.ex.idf 

 

 

Midnight Star

4.8K Posts

December 29th, 2004 21:00

Jeff,

Ok, they are compressed with an 'archive' type file and that's probably why it can't delete or fix them. Drop Denny Denham a note and see if those 'archives' would be safe to remove. I don't know much about those file types ... :(

Mike.

 

View More

View All

No Events found!

Top