Skip to main content

RKinner

2 Intern

 • 

5.9K Posts

August 3rd, 2005 18:00

The only thing I see that looks bad is:
 
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://www.pussyharem.com/stream/mmp.cab
 
This one I don't know:
 
O4 - Global Startup: NU.nl-Nieuwslezer.lnk = C:\Program Files\NU.nl Nieuwslezer\nunwslzr.exe
Appears to be some sort of newsreader but
However in the processes I see a process running that looks suspicious.
 
C:\Program Files\MegaSpoof\Megaspoof.exe
The only reference I find to this file says it supposedly allows you access to free porn.  I don't know what starts this program but I'd get rid of it.
 
Get Killbox:
Download the Killbox.
http://www.downloads.subratam.org/KillBox.exe
Save it to the desktop
Double-click Killbox.exe to run it.
Select "Delete on Reboot".
Place the following line (complete path) in bold in the "Full Path of File to Delete" box in Killbox:
C:\Program Files\MegaSpoof\
Check the Deltree box then press the red button, agree you want to delete the file and let it reboot.
 
If it shows up next time then boot into Safe Mode and try again.  Shutdown and Restart and Boot into Safe Mode by tapping the F8 key when you see the PC maker's logo.
Keep tapping until it tells you it is going to Safe Mode or you see the Safe
Mode menu. Select the top option.
 
You will also find that Norton and AntiSpy will both work better in Safe Mode.
 
Also check that you have nothing suspicious starting as a scheduled task.
 
Then Start, Run, cmd, OK to bring up the cmd screen.
 
Type:
 
cd \
dir C:\WINDOWS\Tasks\
 
 
(This should give you a list of tasks which may be set to run at certain times.  I have seen several malware install .job files here so as to reinstall themselves at boot or shutdown or just at a particular time each day.  If you don't find anything then try:   )
 
dir -h C:\WINDOWS\Tasks\
 
(If you do find something that is not something you recognize then let's rename it.  Say you find
 
RUTASK.job 
and
SA.DAT     
 
then you can rename it:  )
 
cd  C:\WINDOWS\Tasks
ren RUTASK.job RUTASK.txt
ren SA.DAT sa.txt
 
(or delete it if you are sure it's nothing you might need.)
 
cd  C:\WINDOWS\Tasks
del /f /q RUTASK.job
del /f /q SA.DAT
 
If you have a fast link you can get mwav.exe from:
http://www.spywareinfo.dk/download/mwav.exe
and install it and check for updates then
 
 reboot into Safe Mode (F8) and run the escan(mwav) program.  Select all options and let it run for a few hours.  It will eventually create a log file.  It will remove anything it finds that it considers a virus or try to.  Adware it just flags in the log.  You have to go through the log for entries like:
Fri Jul 29 10:25:26 2005 => File C:\WINDOWS\System32\06wu29rd.exe tagged as not-a-virus:AdWare.F1Organizer.g. No Action Taken.

(hint use Notepad's  Edit, Find to  search for: not-a-virus)
then use killbox to clean the adware manually. Double-click Killbox.exe to run it.
Select "Delete on Reboot".
Place the full path  in the "Full Path of File to Delete" box in Killbox:
example:  C:\WINDOWS\System32\06wu29rd.exe
Press the red button, agree you want to delete the file but do not let it reboot yet.  Repeat for every not-a-virus entry then let it reboot after the last one.

The free online scans may also help:
 
 
Ron

MarcWMT

2 Posts

August 11th, 2005 13:00

Thank you very much for your reply.
I am afraid that your tips did not work. The alerts kept coming (Norton always DID delete the trojan files...) For sure it was not Megaspoof what caused the trouble, it is a known program I've had for years.
 
After using Panda ans some other virus/spyware programs the problem seems to be fixed.
 
Thanks again for your reply! Very much appreciated!
 
Marc

Message Edited by MarcWMT on 08-11-2005 09:16 AM

Was this post helpful?

View All

No Events found!

Top