[solved] Can't Get Rid Of 3 Items

Hi, I recently ran a scan and it came up with four different infections. I tried cleaning, deleting, and quarantining them. I was able to successfully quarantine one of the items but could do nothing about the other three. Could anyone give me some advice on what to do. Log file is posted below.

BitDefender Log File !!!!!

Product : BitDefender GameSafe

Version : BitDefender UIScanner v.11

Log date : 13:44:44 23/10/2009

Log path : C:\ProgramData\BitDefender\Desktop\Profiles\Logs\deep_scan\1256323484_1_02.xml

Scan Paths:Path0000: C:\

Scan Options:Scan for viruses : Yes

Scan for adware : Yes

Scan for spyware : Yes

Scan for applications : Yes

Scan for dialers : Yes

Scan for rootkits : Yes

Target selection options:Scan registry keys : Yes

Scan cookies : Yes

Scan boot sectors : Yes

Scan memory processes : Yes

Scan archives : Yes

Scan runtime packers : Yes

Scan emails : Yes

Scan all files : Yes

Heuristic Scan : Yes

Scanned extensions :

Excluded extensions :

Target ProcessingDefault action for infected objects : Disinfect

Default action for suspicious objects : None

Default action for hidden objects : None

Scan engines summaryNumber of virus signatures : 4445445

Archive plugins : 44

Email plugins : 6

Scan plugins : 13

Archive plugins : 44

System plugins : 5

Unpack plugins : 8

Overall scan summaryScanned items : 120434

Infected items : 4

Suspicious items : 0

Resolved items : 1

Individual viruses found : 2

Scanned directories : 26785

Scanned boot sectors : 2

Scanned archives : 623

Input-output errors : 51

Scan time : 00:00:39:01

Files per second : 50

Scanned processes summaryScanned : 41

Infected : 0

Scanned registry keys summaryScanned : 1060

Infected : 1

Scanned cookies summaryScanned : 1

Infected : 0

Remaining issues:Object Name Threat Name Final Status

[system]=]HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\SEEKSERVICE SERVICE\=]C:\PROGRAM FILES (X86)\SEEKSERVICE\SEEKSERVICE.DLL

Gen:Adware.Heur.Ku4@2aHRAZdi No action was possible

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8MHSXMND\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0001 Gen:Adware.Heur.Ku4@2aHRAZdi Infected (no action was possible, file was in an archive)

C:\Windows\Temp\SEE6E81.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0001 Gen:Adware.Heur.Ku4@2aHRAZdi Infected (no action was possible, file was in an archive)

Resolved issues:Object Name Threat Name Final Status

C:\Program Files (x86)\SeekService\seekservice.dll Gen:Adware.Heur.Ku4@2aHRAZdi Moved to Quarantine

Any help would be greatly appreciated

Find more posts tagged with

Comments

alexcrist

Hello Nick Strub,

[system]=]HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\SEEKSERVICE SERVICE\=]C:\PROGRAM FILES (X86)\SEEKSERVICE\SEEKSERVICE.DLL

Gen:Adware.Heur.Ku4@2aHRAZdi No action was possible

Follow these steps:

go to Start -> Run, type regedit and hit Enter
Registry Editor will open, having an Explorer-like interface. The "folders" on the left are called keys and the "files" on the right are called values

navigate to the key at this location:

HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\SEEKSERVICE SERVICE

select it and hit Delete (or right click on it and select Delete). Confirm by pressing Yes

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8MHSXMND\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0001 Gen:Adware.Heur.Ku4@2aHRAZdi Infected (no action was possible, file was in an archive)

Go to

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8MHSXMND

and delete the file called upgrade[1].cab

C:\Windows\Temp\SEE6E81.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0001 Gen:Adware.Heur.Ku4@2aHRAZdi Infected (no action was possible, file was in an archive)

Go to

C:\Windows\Temp\

and delete the folder SEE6E81.tmp with everything it contains.

Make sure you also delete the files from Recycle Bin.

Afterwards, restart your computer and make a new scan to make sure the infections are gone.

Cris.

everix

Go to

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8MHSXMND

and delete the file called upgrade[1].cab

The file path was not there. I got as far as [C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows] but when I got there that folder was empty. I also have hidden files set to show so that was not the problem either. I was able to successfully delete the other two though.

alexcrist

That is also a System folder. So you have multiple choices here:

- either just copy the whole path, paste it in the Explorer Address Bar and hit Enter (it should take you directly to that folder)

- either set Explorer to show System files and folders

- either use a 3rd party file manager that can show hidden/system files and folders

Cris.

everix

Ok, that solved it. Thanks alot for the help!

alexcrist

You are welcome, Nick Strub. If you have any other questions, please don't hesitate to post.

Since this issue is solved, I will close this topic. If you need it reopened, let me know by PM.

Cris.

== CLOSED ==

== Issue solved ==