[solved] Can't Get Rid Of 3 Items

Hi, I recently ran a scan and it came up with four different infections. I tried cleaning, deleting, and quarantining them. I was able to successfully quarantine one of the items but could do nothing about the other three. Could anyone give me some advice on what to do. Log file is posted below.


BitDefender Log File !!!!!


Product : BitDefender GameSafe


Version : BitDefender UIScanner v.11


Log date : 13:44:44 23/10/2009


Log path : C:\ProgramData\BitDefender\Desktop\Profiles\Logs\deep_scan\1256323484_1_02.xml


Scan Paths:Path0000: C:\


Scan Options:Scan for viruses : Yes


Scan for adware : Yes


Scan for spyware : Yes


Scan for applications : Yes


Scan for dialers : Yes


Scan for rootkits : Yes


Target selection options:Scan registry keys : Yes


Scan cookies : Yes


Scan boot sectors : Yes


Scan memory processes : Yes


Scan archives : Yes


Scan runtime packers : Yes


Scan emails : Yes


Scan all files : Yes


Heuristic Scan : Yes


Scanned extensions :


Excluded extensions :


Target ProcessingDefault action for infected objects : Disinfect


Default action for suspicious objects : None


Default action for hidden objects : None


Scan engines summaryNumber of virus signatures : 4445445


Archive plugins : 44


Email plugins : 6


Scan plugins : 13


Archive plugins : 44


System plugins : 5


Unpack plugins : 8


Overall scan summaryScanned items : 120434


Infected items : 4


Suspicious items : 0


Resolved items : 1


Individual viruses found : 2


Scanned directories : 26785


Scanned boot sectors : 2


Scanned archives : 623


Input-output errors : 51


Scan time : 00:00:39:01


Files per second : 50


Scanned processes summaryScanned : 41


Infected : 0


Scanned registry keys summaryScanned : 1060


Infected : 1


Scanned cookies summaryScanned : 1


Infected : 0


Remaining issues:Object Name Threat Name Final Status


[system]=]HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\SEEKSERVICE SERVICE\=]C:\PROGRAM FILES (X86)\SEEKSERVICE\SEEKSERVICE.DLL


Gen:Adware.Heur.Ku4@2aHRAZdi No action was possible


C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8MHSXMND\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0001 Gen:Adware.Heur.Ku4@2aHRAZdi Infected (no action was possible, file was in an archive)


C:\Windows\Temp\SEE6E81.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0001 Gen:Adware.Heur.Ku4@2aHRAZdi Infected (no action was possible, file was in an archive)


Resolved issues:Object Name Threat Name Final Status


C:\Program Files (x86)\SeekService\seekservice.dll Gen:Adware.Heur.Ku4@2aHRAZdi Moved to Quarantine


Any help would be greatly appreciated

Comments

  • Hello Nick Strub,


    [system]=]HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\SEEKSERVICE SERVICE\=]C:\PROGRAM FILES (X86)\SEEKSERVICE\SEEKSERVICE.DLL


    Gen:Adware.Heur.Ku4@2aHRAZdi No action was possible


    Follow these steps:


    • go to Start -> Run, type regedit and hit Enter
    • Registry Editor will open, having an Explorer-like interface. The "folders" on the left are called keys and the "files" on the right are called values
    • navigate to the key at this location:
      HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\SEEKSERVICE SERVICE

    • select it and hit Delete (or right click on it and select Delete). Confirm by pressing Yes


    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8MHSXMND\upgrade[1].cab=]upgrade.exe=](NSIS o)=]lzma_solid_nsis0001 Gen:Adware.Heur.Ku4@2aHRAZdi Infected (no action was possible, file was in an archive)


    Go to

    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8MHSXMND

    and delete the file called upgrade[1].cab


    C:\Windows\Temp\SEE6E81.tmp\upgrade.exe=](NSIS o)=]lzma_solid_nsis0001 Gen:Adware.Heur.Ku4@2aHRAZdi Infected (no action was possible, file was in an archive)


    Go to

    C:\Windows\Temp\

    and delete the folder SEE6E81.tmp with everything it contains.


    Make sure you also delete the files from Recycle Bin.


    Afterwards, restart your computer and make a new scan to make sure the infections are gone.


    Cris.

  • Go to
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8MHSXMND

    and delete the file called upgrade[1].cab


    The file path was not there. I got as far as [C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows] but when I got there that folder was empty. I also have hidden files set to show so that was not the problem either. I was able to successfully delete the other two though.

  • That is also a System folder. So you have multiple choices here:


    - either just copy the whole path, paste it in the Explorer Address Bar and hit Enter (it should take you directly to that folder)


    - either set Explorer to show System files and folders


    - either use a 3rd party file manager that can show hidden/system files and folders


    Cris.

  • Ok, that solved it. Thanks alot for the help!

  • You are welcome, Nick Strub. If you have any other questions, please don't hesitate to post.


    Since this issue is solved, I will close this topic. If you need it reopened, let me know by PM.


    Cris.


    == CLOSED ==


    == Issue solved ==

This discussion has been closed.