 |  |  |  |  |  |  |  |
Re: help needed - %$thb$% drive c
Thread Solved |
•
•
Join Date: May 2005
Posts: 3,204
Reputation: 
Solved Threads: 188
Hello, pg, yes, that is what i wanted.
Please start hijackthis again, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.
O4 - HKLM\..\Run: [bone thunk axis copy] C:\Documents and Settings\All Users\Application Data\pure coal bone thunk\Idol bore.exe
O4 - HKLM\..\Run: [Comp about extra bin] C:\Documents and Settings\All Users\Application Data\Roam Program Comp About\Bend exit.exe
O4 - HKCU\..\Run: [Sect Real] C:\DOCUME~1\PERFEC~1\APPLIC~1\IDLE01~1\Gplantitype.exe
O4 - HKCU\..\Run: [swg] C:\WINDOWS\system32\regsvr32.exe
Good, now find and delete these files:
C:\Documents and Settings\All Users\Application Data\pure coal bone thunk\Idol bore.exe
C:\Documents and Settings\All Users\Application Data\Roam Program Comp About\Bend exit.exe
C:\Documents and Settings\PERFECT_GIRL\Application Data\IDLE01~1\Gplantitype.exe
-IDLE01~1 is an abbreviation of some folder name, I do not know what, but it commences with IDLE01, and is the only one that starts like that.
Please visit the Symantec website and download and run the appropriate removal tool for the version of their antivirus that you once used.
Make and post a fresh hijackthis log, please.
Please start hijackthis again, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.
O4 - HKLM\..\Run: [bone thunk axis copy] C:\Documents and Settings\All Users\Application Data\pure coal bone thunk\Idol bore.exe
O4 - HKLM\..\Run: [Comp about extra bin] C:\Documents and Settings\All Users\Application Data\Roam Program Comp About\Bend exit.exe
O4 - HKCU\..\Run: [Sect Real] C:\DOCUME~1\PERFEC~1\APPLIC~1\IDLE01~1\Gplantitype.exe
O4 - HKCU\..\Run: [swg] C:\WINDOWS\system32\regsvr32.exe
Good, now find and delete these files:
C:\Documents and Settings\All Users\Application Data\pure coal bone thunk\Idol bore.exe
C:\Documents and Settings\All Users\Application Data\Roam Program Comp About\Bend exit.exe
C:\Documents and Settings\PERFECT_GIRL\Application Data\IDLE01~1\Gplantitype.exe
-IDLE01~1 is an abbreviation of some folder name, I do not know what, but it commences with IDLE01, and is the only one that starts like that.
Please visit the Symantec website and download and run the appropriate removal tool for the version of their antivirus that you once used.
Make and post a fresh hijackthis log, please.
Last edited by gerbil; Dec 12th, 2008 at 9:07 pm.
Deep, deep in the woods, but walking about.
C:\Documents and Settings\All Users\Application Data\pure coal bone thunk\Idol bore.exe
C:\Documents and Settings\All Users\Application Data\Roam Program Comp About\Bend exit.exe
C:\Documents and Settings\PERFECT_GIRL\Application Data\IDLE01~1\Gplantitype.exe
ok I have been do what you want
but about this files I told you before I just prees shift and delate and I didn't know how to re sift them
I have arlady the mcafee do I need to doloand another one?
C:\Documents and Settings\All Users\Application Data\Roam Program Comp About\Bend exit.exe
C:\Documents and Settings\PERFECT_GIRL\Application Data\IDLE01~1\Gplantitype.exe
ok I have been do what you want
but about this files I told you before I just prees shift and delate and I didn't know how to re sift them
I have arlady the mcafee do I need to doloand another one?
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
I was just making sure that those files are gone, pg. If you could not find them, that is fine.
Some antivirus software, for example Symantec's [and McAfee's too] cannot be simply removed without special software. Your McAfee is fine, no need to touch it, but there are still parts of Symantec remaining on your machine. If you visit the Symantec website you will be able to find and download the correct removal tool which you then run.
Would you do this for me please:
==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save as showkey.bat to your desktop; dclick it to run, then post the file showkey.txt
Post the notepad that pops onto your desktop, please.
Some antivirus software, for example Symantec's [and McAfee's too] cannot be simply removed without special software. Your McAfee is fine, no need to touch it, but there are still parts of Symantec remaining on your machine. If you visit the Symantec website you will be able to find and download the correct removal tool which you then run.
Would you do this for me please:
==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save as showkey.bat to your desktop; dclick it to run, then post the file showkey.txt
reg query "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce" /s >showkey.txt reg query "HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce" /s >>showkey.txt reg query "HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce" /s >>showkey.txt reg query "HKU.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce" /s >>showkey.txt start showkey.txt pause
Last edited by gerbil; Dec 13th, 2008 at 9:33 am.
Deep, deep in the woods, but walking about.
! REG.EXE VERSION 3.0
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce
<NO NAME> REG_SZ
! REG.EXE VERSION 3.0
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce
<NO NAME> REG_SZ
! REG.EXE VERSION 3.0
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce
<NO NAME> REG_SZ
that is
ok I will download it and I'll tell you what hapenced
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce
<NO NAME> REG_SZ
! REG.EXE VERSION 3.0
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce
<NO NAME> REG_SZ
! REG.EXE VERSION 3.0
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce
<NO NAME> REG_SZ
that is
ok I will download it and I'll tell you what hapenced
 |
Other Threads in the Viruses, Spyware and other Nasties Forum
Views: 1900 | Replies: 24
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
acrobat adobe adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos education email europe exam exploit fake fancheckvirus gaming gtaiv halloween herss.exe hijack hosting internet iphone kaspersky legal malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile parents patch pc pdf phishing police policeprovirusmba-mblockedinternetaccess president pro redirect report research risk rogueantivirus rootkit samhain sans search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen threat translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista volume vulnerability war warning windows worm yahoo zero-day zeroday
