Trojan Worm Stuff
I recently got some viruses. One was the Braviax virus, but I found a site online and did something with safe mode and got rid of it (I'm pretty sure).
Unfortunately, I still have a lot of viruses and spyware left. I get a lot of those fake balloons that say
A Critical error could occur
***STOP: 0x000007B (0xF20184, 0x00000, 0xCC0034)**
Inaccessible handler or device.
Click this ballon to fix the problem.
And two icons popped up on my desktop that say Windows Update and Help and Support. If I delete them, they just come right back a few seconds later.
My whole computer is slow and whenever I try to shut down or restart my computer, it kind of freezes and just shows my desktop background so I have to manually shut it down by holding down the power button.
While I had the Braviax virus, I couldn't use Norton Antivirus 2002 very well as well as many other programs. I also can't use the internet unless I uninstal Norton. I also have AVG, Spybot, and Windows Defender.
Here's my current HijackThis report thing:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:31:34 AM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.EXE
C:\Documents and Settings\user1\Desktop\utorrent.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\crusty\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:0/proxy.pac
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MA111 Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 4535 bytes
If I can't get these viruses and spyware off, I think I'll just end up saving some files (music, pictures, flash animations) on backup CD's, reinstall Windows XP, and put the files back on.
Any help would be greatly appreciated.
Thanks.
Comments
-
please download the program from the following link http://students.info.uaic.ro/~mihai.benche...BDAspySetup.exe and send me log file. You can make one by going to SysLog Info tab. You can also perform a scan from AntiSpyware tab.
0 -
Here's the .xml log file: http://www.wikiupload.com/download_page.php?id=33929
I also now have a lot of pos###.tmp files on my C drive and the icon for the C drive is a red X.
I'm doing a BDAspy scan now.0 -
This post may be worth reading
http://forum.bitdefender.com/index.php?sho...amp;#entry21831
and could also refer to your problem as I have had numerous cases with relataed issues that although appear to be different are in fact not and got hit by variants if the same type if Trojan and Worm infection.
pcbugfixer0 -
Thanks, pcbugfixer. I tried what is in that post, but then after going to safe mode a couple times, it would just show a black screen with the words "Safe Mode" bordering the top and bottom of the screen. I think I'll just reinstall XP tomorrow. I'll have to reinstall all my programs, and that'll be a ######, but I think even if I tried hard to delete the viruses, there'd still be some or traces of some left. I'll make sure I scan everything I download before opening it.
Thanks.0 -
I need some help with Trojan removal. I had Norton installed (I know), and it has been completely overwhelmed. BitDefender is doing a better job, but it can't get rid of everything. Here's the log:
Remaining issues:Object Name Threat Name Final Status
[system]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ONESTEP SEARCH SERVICE\ImagePath=]C:\PROGRAM FILES\ONESTEPSEARCH\ONESTEP.EXE Adware.NewDotNet.BK No action was possible
[system] Adware.NewDotNet.BK Disinfect Failed
[system] Adware.NewDotNet.BK Disinfect Failed
[system] Adware.NewDotNet.BK Disinfect Failed
[system] Adware.NewDotNet.BK Disinfect Failed
[system] Adware.NewDotNet.BK Disinfect Failed
[system] Adware.NewDotNet.BK Disinfect Failed
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5X6BKPI7\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5X6BKPI7\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5X6BKPI7\upgrade[2].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5X6BKPI7\upgrade[2].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PANWHMV\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PANWHMV\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\upgrade[2].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\upgrade[2].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\upgrade[3].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\upgrade[3].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0340555.exe Adware.NewDotNet.BK Disinfect Failed
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP337\A0376167.exe Adware.NewDotNet.BK Disinfect Failed
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP339\A0381385.exe Adware.NewDotNet.BK Disinfect Failed
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP344\A0390819.exe Adware.NewDotNet.BK Disinfect Failed
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP347\A0398877.exe Adware.NewDotNet.BK Disinfect Failed
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0420173.exe Adware.NewDotNet.BK Disinfect Failed
C:\WINDOWS\Temp\ONE1.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)
C:\WINDOWS\Temp\ONE1.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)
C:\WINDOWS\Temp\ONE134.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)
C:\WINDOWS\Temp\ONE134.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)
C:\WINDOWS\Temp\ONE18.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)
C:\WINDOWS\Temp\ONE18.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)
C:\WINDOWS\Temp\ONE5A.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)
C:\WINDOWS\Temp\ONE5A.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)
C:\WINDOWS\Temp\ONEB.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)
C:\WINDOWS\Temp\ONEB.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)
C:\WINDOWS\Temp\ONEC.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)
C:\WINDOWS\Temp\ONEC.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)
C:\WINDOWS\Temp\ONED.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0002 Adware.NewDotNet.BK Disinfect Failed (file was in an archive)
C:\WINDOWS\Temp\ONED.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0006 Adware.NewDotNet.BK Delete Failed (file was in an archive)
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5X6BKPI7\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0003 Adware.OneStep.A Delete Failed (file was in an archive)
C:\WINDOWS\Temp\ONE5A.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0003 Adware.OneStep.A Disinfect Failed (file was in an archive)
[system]=]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\DF2JML1S=]C:\WINDOWS\SYSTEM32\DF2JML1S.VBS Generic.ScriptWorm.0244F9DE No action was possible
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP353\A0419092.vbs Generic.ScriptWorm.0244F9DE Disinfect Failed
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0419124.vbs Generic.ScriptWorm.0244F9DE Disinfect Failed
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0419217.vbs Generic.ScriptWorm.0244F9DE Disinfect Failed
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0420165.vbs Generic.ScriptWorm.0244F9DE Disinfect Failed
C:\WINDOWS\system32\DF2JML1S.vbs Generic.ScriptWorm.0244F9DE Disinfect Failed
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5X6BKPI7\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0001 Trojan.Dloader.AMA Delete Failed (file was in an archive)
C:\WINDOWS\Temp\ONE5A.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0001 Trojan.Dloader.AMA Delete Failed (file was in an archive)
Resolved issues:Object Name Threat Name Final Status
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0340556.exe Adware.NewDotNet.BK Deleted
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP337\A0376168.exe Adware.NewDotNet.BK Deleted
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP339\A0381386.exe Adware.NewDotNet.BK Deleted
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP344\A0390820.exe Adware.NewDotNet.BK Deleted
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP347\A0398878.exe Adware.NewDotNet.BK Deleted
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0420175.exe Adware.NewDotNet.BK Deleted
C:\Documents and Settings\Richy\Desktop\Winamp_Toolbar_Deskband.exe Trojan.Generic.79588 Deleted
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0420176.exe Trojan.Generic.79588 Deleted
Objects that were not scanned:Object Name Reason Final Status
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]Ad-Aware SE Default.skn Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]arrow1.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]arrow2.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bck1.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt11.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt12.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt13.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt21.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt22.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt23.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt31.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt32.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt33.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt41.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt42.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt43.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt51.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt52.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt53.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt61.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]bt62.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]checkbox1.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]checkbox2.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]checkbox3.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]checkbox4.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]defbtn1.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]defbtn2.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]defbtn3.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]glyph1.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]glyph2.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]glyph3.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]glyph4.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]glyph5.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]glyph6.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]glyph7.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]main.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]preview.bmp Password-Protected No action was possible
C:\Documents and Settings\Richy\Desktop\Installers\aawsepersonal.exe=]wise0021=]sprite1.bmp Password-Protected No action was possible
C:\WINDOWS\Temp\mcu1C.tmp\mskf.cfu=]update.sku Password-Protected No action was possible
As far as I know, I don't have any password protected files. I've deleted all the temp files I can find - am I looking at a harddrive format?0 -
I need some help with Trojan removal. I had Norton installed (I know), and it has been completely overwhelmed. BitDefender is doing a better job, but it can't get rid of everything. Here's the log:
I had the same Malware (OneStep and NewDotNet). Did you try the topic in Malware Talk/How To's/...Volume System Information thread? It tells how to disable System Restore, and if that doesn't work, there are more instructions. I'm rescanning now to see if it's gone.
Nasty little bugger!0 -
Thanks for the tip Amanda - it's ruining my week!
I had the same Malware (OneStep and NewDotNet). Did you try the topic in Malware Talk/How To's/...Volume System Information thread? It tells how to disable System Restore, and if that doesn't work, there are more instructions. I'm rescanning now to see if it's gone.
Nasty little bugger!0