Software > Computer viruses and spyware

8 viruses found, unable to delete.  

<< < (8/15) > >>

DAVE9999:
Hello dl65, as I put in last post  "Ran Avast Anti Virus in safe mode no infections found."
Ran it in SAFE mode.  
As I said, It Wasn't set up to record log file.  found that out afterwards. when I looked for the log file to post to you. I had to click on the "Record a log file sign" It was not set up to record a log. must be their standard setting. I had no idea about that. wrote the below  down just in case before hand. (Parania)
 I couldn't copy the results off the screen, it wouldn't let me.  

some files corrupted.
ARC Archive at C:\programfiles.\microsoftworks\1003\wizards\...\.
 
And 3 cab archive files in D:\
 
D:\preload\data9.01imp\bckgres.dll
D:\preload\data9.02imp\fxst30.dll
D:\preload\data9.05inp\imkr61chm
WAS all it said.

I did a kapaskey scan to see if after using CCleaner the 8 viruses that I contacted you about.  the "8 viruses found unable to delete" were still there, they were.  well seven of them.

Ran the "Avenger" program to get rid of them.
Clicked on remove those files and it did and backed them up in a zip file.
Must have a back up function to the program.
Which I suppose, if left alone will be ok.
None are in C:temp anymore.

I used the remove/uninstall thru add/remove program
to remove  
Ares
Kazza Lite  as I said on 6th june.
It didnt remove
  C:\temp\WarezP2P_DLC.exe/stream/data0035  Infected: not-a-virus:AdWare.Win32.NewDotNet.
And the other ones.
No idea why.

Neither did CCleaner when I ran it. Exactlty as in your diagram.
They are not there any more.  the Kaperskey scan showed they were now in "Avenger "backup.zip.

The reason CCleaner had not deleated the particular one you mention C:\temp\WarezP2P_DLC.exe/stream/data0035  Infected: not-a-virus:AdWare.Win32.NewDotNet.

Like CCleaner has for instance deleated  
C:\WINDOWS\TEMP\Perflib_Perfdata_530.dat 16.00KB
C:\WINDOWS\TEMP\Perflib_Perfdata_538.dat 16.00KB
C:\WINDOWS\TEMP\Perflib_Perfdata_540.dat 16.00KB
C:\WINDOWS\TEMP\ZLT01eeb.TMP 256 bytes
C:\DOCUME~1\DAVIDM~1\LOCALS~1\Temp\8A56EAB7.TMP 122 bytes
C:\DOCUME~1\DAVIDM~1\LOCALS~1\Temp\jusched.log 1.61KB
C:\DOCUME~1\DAVIDM~1\LOCALS~1\Temp\~DF53A5.tmp 16.00KB
-------------------------------------------------------------

Is because    C:\temp\WarezP2P_DLC.exe/stream/data0035  Infected: not-a-virus:AdWare.Win32.NewDotNet.

Is located at C:\temp.Warez etc.  (Or rather was)   And no function on CCleaner will remove it.
None will.
Maybe it only deletes temp files with a capital T,  ie Temp and not temp as where mine are located.
Perhaps all the temp files downloaded should have gone to C;\Windows\Temp and beceause there is a C:\temp folder possibly put there by myself, I can't remember, the files have downloaded to C:\temp instead.  Maybe an expert would know.

I couldnt see what harm connecting to the internet would do, after doing the Avast scan in safe mode, (exactly like you said), as I would have to connect to it, to contact you, and display the results.
 I suspect the Avast Anti virus, even though up to date, wouldn't detect a barn door, Thats why it is free I suspect.    
The Kapaskey scan did.   Of cause they may have put them there, modifying some known virus, and therefore only they can currently detect it. (Parania, again)

Are Antivirus program companies deliberately infecting peoples computors, ?
Getting them to splash out $50 bucks a year to clean up some of their doing.?
And people in the know, people who spend their time clearing up viruses on a day to day basis,  know about this, but are not telling me/general public about it.
 Maybe they get paid to pass on these viruses to the rest of the Companies in the Multi billion $ Virus infecting/detecting industry.  Especially if its a real nice juicy new one. (another paraniod idea, or am I close on that one.)     Am I right.  does this happen.

Are we to assume that .
C:\temp\cs_mary.exe   .....       a Trojan-Spy.Win32.Delf.fk  

C:\temp\setup_ares.exe  ......     "not-a-virus:AdWare.Win32.NavExcel.i"
 
C:\temp\WarezP2P_DLC.exe   ......        not-a-virus:AdWare.Win32.NewDotNet

which have now gone

Are located in those corrupt files in D;\ that Avarst found. as below.
That I mentioned in my last post,  (Or they have been there!).

D:\preload\data9.01imp\bckgres.dll
D:\preload\data9.02imp\fxst30.dll
D:\preload\data9.05inp\imkr61chm

And as soon as the System restore is turned back on, they will come back.


What concerns me is those Corrupted files at:
ARC Archive at C:\programfiles.\microsoftworks\1003\wizards\...\.
 
And 3 cab archive files in D:\
 
D:\preload\data9.01imp\bckgres.dll
D:\preload\data9.02imp\fxst30.dll
D:\preload\data9.05inp\imkr61chm

Is  a mind meld  to my computor needed to fix them?
I am sure this time I can get it together and carry out the neccesary directions on how to fix it.

Many thanks dl65.

dl65:
DAVE9999 ......
--- Quote ---I couldnt see what harm connecting to the internet would do, after doing the Avast scan in safe mode, (exactly like you said)
--- End quote ---
  There isn't any harm in that at all...... all I wanted to be sure was that you were using your own anti virus as opposed to a on - line scanner .

--- Quote ---And as soon as the System restore is turned back on, they will come back.
--- End quote ---
....   No ,thats the point of turning it off ..... the previous restore points are removed and the threat of reinfection removed as well .  Once system restore is turned back on ...... A new restore point will be created .

--- Quote ---Is  a mind meld  to my computor needed to fix them?

--- End quote ---
 No Spock ....LOL .... it isn't , what we do is both go on msn messenger and then you invite me to remotely connect to you machine ....... once you have ageed , and we directly connect , I am able to see everything on your desktop that you see and I can control your pc from this end ....you just sit back and watch ..... I also have control of your mouse . I can go into any files , make repairs as required and then turn control back to you ........ this procedure is completely safe . once the connection is broken , there is no way that I can reconnect to your machine ,without your approval.

cheers
dl65  ::)

dl65:
Dave9999..... How about posting a brand new hijackthis log ......


dl65  ::)

DAVE9999:
Hello dl65,
 ran CCleaner,All items in  C:\temp\etc,etc still there.

Ran Avast AV in safe mode, AND managed this time to get a record of it.

* avast! Report

* Task 'Simple user interface' used
* Started on 09 June 2006 11:30:15
* VPS: 0623-2, 08/06/2006


C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CDilla.zip\CDILLA10.EXE [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CDilla.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CDilla1.zip\CDILLA05.DLL [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CDilla1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GoldenPalaceCasino.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GoldenPalaceCasino.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NavExcelWebsearch.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NavExcelWebsearch.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip\zlbw.dll [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff.zip\svcp.csv [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff1.zip\svcp.csv [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff2.zip\svcp.csv [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff2.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Tibsvq.zip\parad.raw.exe [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Tibsvq.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Tibsvq1.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Tibsvq1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\david marks\My Documents\My Videos\free-spyware-removal-2007.exe\Master.dat [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow1.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow2.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bck1.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt11.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt12.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt13.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt21.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt22.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt23.bmp [E] Archive is password protected. (42056

Best bits on next post

DAVE9999:
Continued

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt31.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt32.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt33.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt41.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt42.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt43.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt51.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt52.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt53.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt61.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt62.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox1.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox2.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox3.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox4.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn1.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn2.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn3.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph1.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph2.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph3.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph4.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph5.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph6.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph7.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\main.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\preview.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\sprite1.bmp [E] Archive is password protected. (42056)
C:\Program Files\Microsoft Works\1033\Wizards\crdus54w.wwp\Object 2\Contents\ [E] ARC archive is corrupted. (42133)
C:\spywarebegone\Database\Master.enc\Master.dat [E] Archive is password protected. (42056)
C:\temp\winzip90.exe\SETUP.WZ\WINZIP32.EX_ [E] Archive is password protected. (42056)
D:\PRELOAD\data9_01.inp\bckgres.dll [E] CAB archive is corrupted. (42127)
D:\PRELOAD\data9_02.inp\fxst30.dll [E] CAB archive is corrupted. (42127)
D:\PRELOAD\data9_05.inp\imkr61.chm [E] CAB archive is corrupted. (42127)
Infected files: 0
Total files: 230657
Total folders: 4773
Total size: 20.6 GB

Its the ones below (taken from above) that concern me.
C:\Program Files\Microsoft Works\1033\Wizards\crdus54w.wwp\Object 2\Contents\ [E] ARC archive is corrupted. (42133)
D:\PRELOAD\data9_01.inp\bckgres.dll [E] CAB archive is corrupted. (42127)
D:\PRELOAD\data9_02.inp\fxst30.dll [E] CAB archive is corrupted. (42127)
D:\PRELOAD\data9_05.inp\imkr61.chm [E] CAB archive is corrupted. (42127)

HJT log in 2 parts to follow.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version