Trojan Worm Stuff

I recently got some viruses. One was the Braviax virus, but I found a site online and did something with safe mode and got rid of it (I'm pretty sure).

Unfortunately, I still have a lot of viruses and spyware left. I get a lot of those fake balloons that say

A Critical error could occur

***STOP: 0x000007B (0xF20184, 0x00000, 0xCC0034)**

Inaccessible handler or device.

Click this ballon to fix the problem.

And two icons popped up on my desktop that say Windows Update and Help and Support. If I delete them, they just come right back a few seconds later.

My whole computer is slow and whenever I try to shut down or restart my computer, it kind of freezes and just shows my desktop background so I have to manually shut it down by holding down the power button.

While I had the Braviax virus, I couldn't use Norton Antivirus 2002 very well as well as many other programs. I also can't use the internet unless I uninstal Norton. I also have AVG, Spybot, and Windows Defender.

Here's my current HijackThis report thing:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:31:34 AM, on 2/16/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Ares\Ares.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.EXE

C:\Documents and Settings\user1\Desktop\utorrent.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\crusty\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:0/proxy.pac

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: MA111 Configuration Utility.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--

End of file - 4535 bytes

If I can't get these viruses and spyware off, I think I'll just end up saving some files (music, pictures, flash animations) on backup CD's, reinstall Windows XP, and put the files back on.

Any help would be greatly appreciated.

Thanks.

Find more posts tagged with

Comments

rbenchea

please download the program from the following link http://students.info.uaic.ro/~mihai.benche...BDAspySetup.exe and send me log file. You can make one by going to SysLog Info tab. You can also perform a scan from AntiSpyware tab.

Evil Joe

Here's the .xml log file: http://www.wikiupload.com/download_page.php?id=33929

I also now have a lot of pos###.tmp files on my C drive and the icon for the C drive is a red X.

I'm doing a BDAspy scan now.

pcbugfixer

This post may be worth reading

http://forum.bitdefender.com/index.php?sho...amp;#entry21831

and could also refer to your problem as I have had numerous cases with relataed issues that although appear to be different are in fact not and got hit by variants if the same type if Trojan and Worm infection.

pcbugfixer

Evil Joe

Thanks, pcbugfixer. I tried what is in that post, but then after going to safe mode a couple times, it would just show a black screen with the words "Safe Mode" bordering the top and bottom of the screen. I think I'll just reinstall XP tomorrow. I'll have to reinstall all my programs, and that'll be a ######, but I think even if I tried hard to delete the viruses, there'd still be some or traces of some left. I'll make sure I scan everything I download before opening it.

Thanks.

Rgcooke

I need some help with Trojan removal. I had Norton installed (I know), and it has been completely overwhelmed. BitDefender is doing a better job, but it can't get rid of everything. Here's the log:

Remaining issues:Object Name Threat Name Final Status

[system]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ONESTEP SEARCH SERVICE\ImagePath=]C:\PROGRAM FILES\ONESTEPSEARCH\ONESTEP.EXE Adware.NewDotNet.BK No action was possible

[system] Adware.NewDotNet.BK Disinfect Failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5X6BKPI7\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5X6BKPI7\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5X6BKPI7\upgrade[2].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5X6BKPI7\upgrade[2].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PANWHMV\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PANWHMV\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\upgrade[2].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\upgrade[2].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\upgrade[3].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\upgrade[3].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0340555.exe Adware.NewDotNet.BK Disinfect Failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP337\A0376167.exe Adware.NewDotNet.BK Disinfect Failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP339\A0381385.exe Adware.NewDotNet.BK Disinfect Failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP344\A0390819.exe Adware.NewDotNet.BK Disinfect Failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP347\A0398877.exe Adware.NewDotNet.BK Disinfect Failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0420173.exe Adware.NewDotNet.BK Disinfect Failed

C:\WINDOWS\Temp\ONE1.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)

C:\WINDOWS\Temp\ONE1.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)

C:\WINDOWS\Temp\ONE134.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)

C:\WINDOWS\Temp\ONE134.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)

C:\WINDOWS\Temp\ONE18.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)

C:\WINDOWS\Temp\ONE18.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)

C:\WINDOWS\Temp\ONE5A.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)

C:\WINDOWS\Temp\ONE5A.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)

C:\WINDOWS\Temp\ONEB.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)

C:\WINDOWS\Temp\ONEB.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)

C:\WINDOWS\Temp\ONEC.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)

C:\WINDOWS\Temp\ONEC.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)

C:\WINDOWS\Temp\ONED.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)

C:\WINDOWS\Temp\ONED.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5X6BKPI7\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0003 Adware.OneStep.A Delete Failed (file was in an archive)

C:\WINDOWS\Temp\ONE5A.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0003 Adware.OneStep.A Disinfect Failed (file was in an archive)

[system]=]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\DF2JML1S=]C:\WINDOWS\SYSTEM32\DF2JML1S.VBS Generic.ScriptWorm.0244F9DE No action was possible

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP353\A0419092.vbs Generic.ScriptWorm.0244F9DE Disinfect Failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0419124.vbs Generic.ScriptWorm.0244F9DE Disinfect Failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0419217.vbs Generic.ScriptWorm.0244F9DE Disinfect Failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0420165.vbs Generic.ScriptWorm.0244F9DE Disinfect Failed

C:\WINDOWS\system32\DF2JML1S.vbs Generic.ScriptWorm.0244F9DE Disinfect Failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5X6BKPI7\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0001 Trojan.Dloader.AMA Delete Failed (file was in an archive)

C:\WINDOWS\Temp\ONE5A.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0001 Trojan.Dloader.AMA Delete Failed (file was in an archive)

Resolved issues:Object Name Threat Name Final Status

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0340556.exe Adware.NewDotNet.BK Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP337\A0376168.exe Adware.NewDotNet.BK Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP339\A0381386.exe Adware.NewDotNet.BK Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP344\A0390820.exe Adware.NewDotNet.BK Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP347\A0398878.exe Adware.NewDotNet.BK Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0420175.exe Adware.NewDotNet.BK Deleted

C:\Documents and Settings\Richy\Desktop\Winamp_Toolbar_Deskband.exe Trojan.Generic.79588 Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0420176.exe Trojan.Generic.79588 Deleted

Objects that were not scanned:Object Name Reason Final Status

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]Ad-Aware SE Default.skn Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]arrow1.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]arrow2.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bck1.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt11.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt12.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt13.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt21.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt22.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt23.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt31.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt32.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt33.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt41.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt42.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt43.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt51.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt52.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt53.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt61.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt62.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]checkbox1.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]checkbox2.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]checkbox3.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]checkbox4.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]defbtn1.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]defbtn2.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]defbtn3.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]glyph1.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]glyph2.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]glyph3.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]glyph4.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]glyph5.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]glyph6.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]glyph7.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]main.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]preview.bmp Password-Protected No action was possible

C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]sprite1.bmp Password-Protected No action was possible

C:\WINDOWS\Temp\mcu1C.tmp\mskf.cfu=]update.sku Password-Protected No action was possible

As far as I know, I don't have any password protected files. I've deleted all the temp files I can find - am I looking at a harddrive format?

ambeck22

I need some help with Trojan removal. I had Norton installed (I know), and it has been completely overwhelmed. BitDefender is doing a better job, but it can't get rid of everything. Here's the log:

I had the same Malware (OneStep and NewDotNet). Did you try the topic in Malware Talk/How To's/...Volume System Information thread? It tells how to disable System Restore, and if that doesn't work, there are more instructions. I'm rescanning now to see if it's gone.

Nasty little bugger!

Rgcooke

Thanks for the tip Amanda - it's ruining my week!

I had the same Malware (OneStep and NewDotNet). Did you try the topic in Malware Talk/How To's/...Volume System Information thread? It tells how to disable System Restore, and if that doesn't work, there are more instructions. I'm rescanning now to see if it's gone.

Nasty little bugger!