Kindly be advised we cannot cancel subscriptions or issue refunds on the forum.
You may cancel your Bitdefender subscription from Bitdefender Central or by contacting Customer Support at: https://www.bitdefender.com/consumer/support/help/

Thank you for your understanding.

Trojan Worm Stuff

Options
Evil Joe
Evil Joe
in Malware talk

I recently got some viruses. One was the Braviax virus, but I found a site online and did something with safe mode and got rid of it (I'm pretty sure).


Unfortunately, I still have a lot of viruses and spyware left. I get a lot of those fake balloons that say

A Critical error could occur


***STOP: 0x000007B (0xF20184, 0x00000, 0xCC0034)**


Inaccessible handler or device.


Click this ballon to fix the problem.


And two icons popped up on my desktop that say Windows Update and Help and Support. If I delete them, they just come right back a few seconds later.


My whole computer is slow and whenever I try to shut down or restart my computer, it kind of freezes and just shows my desktop background so I have to manually shut it down by holding down the power button.


While I had the Braviax virus, I couldn't use Norton Antivirus 2002 very well as well as many other programs. I also can't use the internet unless I uninstal Norton. I also have AVG, Spybot, and Windows Defender.


Here's my current HijackThis report thing:


Logfile of Trend Micro HijackThis v2.0.2


Scan saved at 2:31:34 AM, on 2/16/2008


Platform: Windows XP SP2 (WinNT 5.01.2600)


MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Boot mode: Normal


Running processes:


C:\WINDOWS\System32\smss.exe


C:\WINDOWS\system32\winlogon.exe


C:\WINDOWS\system32\services.exe


C:\WINDOWS\system32\lsass.exe


C:\WINDOWS\System32\Ati2evxx.exe


C:\WINDOWS\system32\svchost.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\system32\svchost.exe


C:\WINDOWS\system32\Ati2evxx.exe


C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe


C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe


C:\PROGRA~1\Grisoft\AVG7\avgemc.exe


C:\Program Files\LogMeIn\x86\RaMaint.exe


C:\PROGRA~1\Grisoft\AVG7\avgcc.exe


C:\Program Files\Messenger\msmsgs.exe


C:\Program Files\Ares\Ares.exe


C:\Program Files\LogMeIn\x86\LogMeIn.exe


C:\Program Files\Mozilla Firefox\firefox.exe


C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.EXE


C:\Documents and Settings\user1\Desktop\utorrent.exe


C:\Program Files\Windows Defender\MsMpEng.exe


C:\WINDOWS\system32\spoolsv.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\system32\ntvdm.exe


C:\WINDOWS\explorer.exe


C:\Program Files\Trend Micro\crusty\HijackThis.exe


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:0/proxy.pac


O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP


O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background


O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h


O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe


O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')


O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')


O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')


O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')


O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe


O4 - Global Startup: MA111 Configuration Utility.lnk = ?


O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE


O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000


O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll


O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll


O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe


O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe


O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe


O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe


O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe


O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe


O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe


O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe


O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe


O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe


--


End of file - 4535 bytes


If I can't get these viruses and spyware off, I think I'll just end up saving some files (music, pictures, flash animations) on backup CD's, reinstall Windows XP, and put the files back on.


Any help would be greatly appreciated.


Thanks.

Comments

  • rbenchea
    rbenchea
    edited February 2008
    Options

    please download the program from the following link http://students.info.uaic.ro/~mihai.benche...BDAspySetup.exe and send me log file. You can make one by going to SysLog Info tab. You can also perform a scan from AntiSpyware tab.

  • Evil Joe
    Evil Joe
    edited February 2008
    Options

    Here's the .xml log file: http://www.wikiupload.com/download_page.php?id=33929


    I also now have a lot of pos###.tmp files on my C drive and the icon for the C drive is a red X.


    I'm doing a BDAspy scan now.

  • pcbugfixer
    pcbugfixer ✭✭✭
    edited February 2008
    Options

    This post may be worth reading


    http://forum.bitdefender.com/index.php?sho...amp;#entry21831


    and could also refer to your problem as I have had numerous cases with relataed issues that although appear to be different are in fact not and got hit by variants if the same type if Trojan and Worm infection.


    pcbugfixer :ph34r:

  • Evil Joe
    Evil Joe
    Options

    Thanks, pcbugfixer. I tried what is in that post, but then after going to safe mode a couple times, it would just show a black screen with the words "Safe Mode" bordering the top and bottom of the screen. I think I'll just reinstall XP tomorrow. I'll have to reinstall all my programs, and that'll be a ######, but I think even if I tried hard to delete the viruses, there'd still be some or traces of some left. I'll make sure I scan everything I download before opening it.


    Thanks.

  • Rgcooke
    Rgcooke
    Options

    I need some help with Trojan removal. I had Norton installed (I know), and it has been completely overwhelmed. BitDefender is doing a better job, but it can't get rid of everything. Here's the log:


    Remaining issues:Object Name Threat Name Final Status


    [system]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ONESTEP SEARCH SERVICE\ImagePath=]C:\PROGRAM FILES\ONESTEPSEARCH\ONESTEP.EXE Adware.NewDotNet.BK No action was possible


    [system] Adware.NewDotNet.BK Disinfect Failed


    [system] Adware.NewDotNet.BK Disinfect Failed


    [system] Adware.NewDotNet.BK Disinfect Failed


    [system] Adware.NewDotNet.BK Disinfect Failed


    [system] Adware.NewDotNet.BK Disinfect Failed


    [system] Adware.NewDotNet.BK Disinfect Failed


    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5X6BKPI7\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)


    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5X6BKPI7\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)


    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5X6BKPI7\upgrade[2].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)


    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5X6BKPI7\upgrade[2].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)


    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PANWHMV\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)


    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PANWHMV\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)


    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)


    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)


    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\upgrade[2].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)


    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\upgrade[2].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)


    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\upgrade[3].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)


    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\upgrade[3].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)


    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)


    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)


    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0340555.exe Adware.NewDotNet.BK Disinfect Failed


    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP337\A0376167.exe Adware.NewDotNet.BK Disinfect Failed


    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP339\A0381385.exe Adware.NewDotNet.BK Disinfect Failed


    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP344\A0390819.exe Adware.NewDotNet.BK Disinfect Failed


    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP347\A0398877.exe Adware.NewDotNet.BK Disinfect Failed


    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0420173.exe Adware.NewDotNet.BK Disinfect Failed


    C:\WINDOWS\Temp\ONE1.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)


    C:\WINDOWS\Temp\ONE1.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)


    C:\WINDOWS\Temp\ONE134.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)


    C:\WINDOWS\Temp\ONE134.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)


    C:\WINDOWS\Temp\ONE18.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)


    C:\WINDOWS\Temp\ONE18.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)


    C:\WINDOWS\Temp\ONE5A.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)


    C:\WINDOWS\Temp\ONE5A.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)


    C:\WINDOWS\Temp\ONEB.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)


    C:\WINDOWS\Temp\ONEB.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)


    C:\WINDOWS\Temp\ONEC.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)


    C:\WINDOWS\Temp\ONEC.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)


    C:\WINDOWS\Temp\ONED.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)


    C:\WINDOWS\Temp\ONED.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)


    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5X6BKPI7\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0003 Adware.OneStep.A Delete Failed (file was in an archive)


    C:\WINDOWS\Temp\ONE5A.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0003 Adware.OneStep.A Disinfect Failed (file was in an archive)


    [system]=]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\DF2JML1S=]C:\WINDOWS\SYSTEM32\DF2JML1S.VBS Generic.ScriptWorm.0244F9DE No action was possible


    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP353\A0419092.vbs Generic.ScriptWorm.0244F9DE Disinfect Failed


    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0419124.vbs Generic.ScriptWorm.0244F9DE Disinfect Failed


    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0419217.vbs Generic.ScriptWorm.0244F9DE Disinfect Failed


    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0420165.vbs Generic.ScriptWorm.0244F9DE Disinfect Failed


    C:\WINDOWS\system32\DF2JML1S.vbs Generic.ScriptWorm.0244F9DE Disinfect Failed


    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5X6BKPI7\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0001 Trojan.Dloader.AMA Delete Failed (file was in an archive)


    C:\WINDOWS\Temp\ONE5A.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0001 Trojan.Dloader.AMA Delete Failed (file was in an archive)


    Resolved issues:Object Name Threat Name Final Status


    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0340556.exe Adware.NewDotNet.BK Deleted


    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP337\A0376168.exe Adware.NewDotNet.BK Deleted


    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP339\A0381386.exe Adware.NewDotNet.BK Deleted


    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP344\A0390820.exe Adware.NewDotNet.BK Deleted


    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP347\A0398878.exe Adware.NewDotNet.BK Deleted


    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0420175.exe Adware.NewDotNet.BK Deleted


    C:\Documents and Settings\Richy\Desktop\Winamp_Toolbar_Deskband.exe Trojan.Generic.79588 Deleted


    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0420176.exe Trojan.Generic.79588 Deleted


    Objects that were not scanned:Object Name Reason Final Status


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]Ad-Aware SE Default.skn Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]arrow1.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]arrow2.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bck1.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt11.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt12.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt13.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt21.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt22.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt23.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt31.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt32.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt33.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt41.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt42.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt43.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt51.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt52.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt53.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt61.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt62.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]checkbox1.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]checkbox2.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]checkbox3.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]checkbox4.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]defbtn1.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]defbtn2.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]defbtn3.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]glyph1.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]glyph2.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]glyph3.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]glyph4.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]glyph5.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]glyph6.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]glyph7.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]main.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]preview.bmp Password-Protected No action was possible


    C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]sprite1.bmp Password-Protected No action was possible


    C:\WINDOWS\Temp\mcu1C.tmp\mskf.cfu=]update.sku Password-Protected No action was possible


    As far as I know, I don't have any password protected files. I've deleted all the temp files I can find - am I looking at a harddrive format?

  • ambeck22
    ambeck22
    Options
    I need some help with Trojan removal. I had Norton installed (I know), and it has been completely overwhelmed. BitDefender is doing a better job, but it can't get rid of everything. Here's the log:


    I had the same Malware (OneStep and NewDotNet). Did you try the topic in Malware Talk/How To's/...Volume System Information thread? It tells how to disable System Restore, and if that doesn't work, there are more instructions. I'm rescanning now to see if it's gone.


    Nasty little bugger!

  • Rgcooke
    Rgcooke
    Options

    Thanks for the tip Amanda - it's ruining my week!


    I had the same Malware (OneStep and NewDotNet). Did you try the topic in Malware Talk/How To's/...Volume System Information thread? It tells how to disable System Restore, and if that doesn't work, there are more instructions. I'm rescanning now to see if it's gone.


    Nasty little bugger!

All Time Leaders

Categories

Defenders of the month