8 viruses found, unable to delete.

Windows XP home.....Intel pentium 4....3.2ghz....512 ram....  

Hello, have picked up 8 viruses, found when using Kapersky online as follows

C:\System Volume Information\_restore{4A29620B-0973-4CDA-BBC9-4088620A8365}\RP152\A0061781.exe Infected: Packed.Win32.Tibs skipped

C:\temp\cs_mary.exe/Realtime.dll Infected: Trojan-Spy.Win32.Delf.fk skipped

C:\temp\cs_mary.exe CreateInstall: infected - 1 skipped

C:\temp\setup_ares.exe/data0037 Infected: not-a-virus:AdWare.Win32.NavExcel.i skipped

C:\temp\setup_ares.exe NSIS: infected - 1 skipped

C:\temp\WarezP2P_DLC.exe/stream/data0035 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\temp\WarezP2P_DLC.exe/stream Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\temp\WarezP2P_DLC.exe NSIS: infected - 2 skipped




I have been getting some online community forum help and the expert says


"Please remove/uninstall thru add/remove program

Ares
Kazza Lite

Reboot


Kaspersky Results:

One is under system restore and we will get that as a last step.

The others are in temp folder so...


*********Run CCleaner useing windows tab only please***********



Run the above tool from safe mode explained below


Safe Mode:

Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter."

I did all that but wasnt sure on the sentance     "Run CCleaner useing windows tab only".

WHAT ON EARTH DO THEY MEAN??
I have downloaded a copy of CCleaner from     http://www.ccleaner.com/.

But after using it, as directed, Running another Kapaskey  the nasties are still there.

I have asked twice to the person what  "Run CCleaner useing windows tab only". means, but have received no reply.

PLEASE reply to that question only,     if you know.
"Run CCleaner useing windows tab only"

I,m stuck with it at the moment, with some viruses to be deleted,

HOPING to go on to getting my WMP 10 working properly.

I've tried uninstalling and installing but whenever a web site has online streaning WMP videos, it crashes the system.  giving the "WMP has encountered an error, and must close"  message.
A more common fault with it nowerdays.....Gates lot hasn't bothered to fix it...maybe even WMP 11 will keep crashing..

Many thanks..

"Run CCleaner useing windows tab only"  is the question!  what do they mean.??

[R.I.P.]

DAVE9999......Ok ....... I hear you frustation .......
I am assumming your machine became infected as the result of using
Ares and or Kazza Lite .....is that about it ?
Well try and do this one step at a time

dl65  

hello dl65, just got this message literally a few mins ago.
I do suspect Ares and kazza lite infected it all.  Have deleated it using add/remove.
Please download the Killbox by Option^Explicit.

Note:In the event you already have Killbox, this is a new version that I need you to download.
Save it to your desktop.

Please double-click Killbox.exe to run it.

Select
"Delete on Reboot
Then click on either the "All Files" button if there is more than 1 item to Delete.
Please copy the file path(s) below to the clipboard by highlighting ALL of them and pressing CTRL + C

C:\temp\cs_mary.exe/Realtime.dll
C:\temp\cs_mary.exe CreateInstall
C:\temp\setup_ares.exe/data0037
C:\temp\setup_ares.exe NSI
C:\temp\WarezP2P_DLC.exe/stream/data0035
C:\temp\WarezP2P_DLC.exe/stream


Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.


Looks like we have dispenced with the CCleaner st up.

Do you think the above is the solution?

[R.I.P.]

 DAVE9999.....  We'll lets just be sure ,    Have you turned off system restore ?

dl65  

[R.I.P.]

DAVE9999   I'm not convinced your system is clean yet .............
It sounds like there are two issues  here ......... a virus or viruses as well as a trojan .

dl65  

Hello dl65 , just checked and System restore is on.  should it be off for the time being.

Matey whos just contacted me reconds I should ctrl + c the mentioned viruses and copy to clipboard



It will not copy to clipboard using ctrl +c highlighting ALL of them and pressing CTRL + C

Nothing comes up in the killbox "full path of file to delete" Is it still there?.

The minute I start contacting you,, matey finally contacts me.

I perhaps wont get another answer off him till tomorrow.
Individually copying them to the "Kill box" program and rebooting would be the only answer. doing it 6 times though.  Cause the clipboard function isn't working. or doesn't seem to be.

Does the clipboard have to be enabled??

Can you beleive this, found

Adds Clipboard Viewer into your Start Menu

If you Clipboard Viewer is not on the Start menu, then you need to install it. Here is how:

 

1. Right-click Start button> Properties > Classic Start Menu > Customize > Add > Browse > C: drive, expand the tree by clicking the plus signs to Windows, System32, select clipbrd (or clipbrd.exe, depending on your folder View settings)

AND IT IS NOT THERE.

at every turn things just don't go right for me just lately.

How do dl65.  I have got the clipboard viewer working,  had to load up into "Killbox" program each virus location one at a time .
  And get for each the message "Pending file rename operations registry data has been removed by external process"


looks like those six viruses are going to be hard to delete.

C:\temp\cs_mary.exe/Realtime.dll
C:\temp\cs_mary.exe CreateInstall
C:\temp\setup_ares.exe/data0037
C:\temp\setup_ares.exe NSI
C:\temp\WarezP2P_DLC.exe/stream/data0035
C:\temp\WarezP2P_DLC.exe/stream

They are the nasties, no doubt hidden away in the regestry, possibly changing names and that.
Unless there is another virus killing program that can find them in the regestry.

[R.I.P.]

 DAVE9999....  Here's what I suggets you do ...... ( out aside the info from your mate for right now ) and please do the following

Turn off system restore immediately ..... as you probably are infected with both viruses as well as trojans ....and they love to hide in the restore files ......

Then open ccleaner and configure it as detailed here .....
http://www.computerhope.com/cgi-bin/yabb/YaBB.cgi?num=1149558249  

once you have it configured ...please run the cleaner portion .....just click on the brush icon ...then in the lower right corner click on run cleaner .

Let me know when you have finished up to there

dl65  

Hello dl65, turned off systems restore and ran CCleaner to settings.....thanks.

[R.I.P.]

Dave ...are we ready to do the next step ?
do you happen to remember about how much cleaner removed ?

dl65  

all ready,

[R.I.P.]

Before we do the next step , do you have Ewido on your machine ?

dl65  

yes, 3.5 malware

[R.I.P.]

ok ...thats great ...now what I would like you to do is reboot into safe mode ...and once there ....run your anti virus program ....is it up to date ?

dl65  

All up to date. downladed new update today.