 |  |  |  |  |  |  |  |
Re: help needed - %$thb$% drive c
Thread Solved |
•
•
Join Date: May 2005
Posts: 3,204
Reputation: 
Solved Threads: 188
Hello, pg, yes, that is what i wanted.
Please start hijackthis again, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.
O4 - HKLM\..\Run: [bone thunk axis copy] C:\Documents and Settings\All Users\Application Data\pure coal bone thunk\Idol bore.exe
O4 - HKLM\..\Run: [Comp about extra bin] C:\Documents and Settings\All Users\Application Data\Roam Program Comp About\Bend exit.exe
O4 - HKCU\..\Run: [Sect Real] C:\DOCUME~1\PERFEC~1\APPLIC~1\IDLE01~1\Gplantitype.exe
O4 - HKCU\..\Run: [swg] C:\WINDOWS\system32\regsvr32.exe
Good, now find and delete these files:
C:\Documents and Settings\All Users\Application Data\pure coal bone thunk\Idol bore.exe
C:\Documents and Settings\All Users\Application Data\Roam Program Comp About\Bend exit.exe
C:\Documents and Settings\PERFECT_GIRL\Application Data\IDLE01~1\Gplantitype.exe
-IDLE01~1 is an abbreviation of some folder name, I do not know what, but it commences with IDLE01, and is the only one that starts like that.
Please visit the Symantec website and download and run the appropriate removal tool for the version of their antivirus that you once used.
Make and post a fresh hijackthis log, please.
Please start hijackthis again, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.
O4 - HKLM\..\Run: [bone thunk axis copy] C:\Documents and Settings\All Users\Application Data\pure coal bone thunk\Idol bore.exe
O4 - HKLM\..\Run: [Comp about extra bin] C:\Documents and Settings\All Users\Application Data\Roam Program Comp About\Bend exit.exe
O4 - HKCU\..\Run: [Sect Real] C:\DOCUME~1\PERFEC~1\APPLIC~1\IDLE01~1\Gplantitype.exe
O4 - HKCU\..\Run: [swg] C:\WINDOWS\system32\regsvr32.exe
Good, now find and delete these files:
C:\Documents and Settings\All Users\Application Data\pure coal bone thunk\Idol bore.exe
C:\Documents and Settings\All Users\Application Data\Roam Program Comp About\Bend exit.exe
C:\Documents and Settings\PERFECT_GIRL\Application Data\IDLE01~1\Gplantitype.exe
-IDLE01~1 is an abbreviation of some folder name, I do not know what, but it commences with IDLE01, and is the only one that starts like that.
Please visit the Symantec website and download and run the appropriate removal tool for the version of their antivirus that you once used.
Make and post a fresh hijackthis log, please.
Last edited by gerbil; Dec 12th, 2008 at 9:07 pm.
Deep, deep in the woods, but walking about.
C:\Documents and Settings\All Users\Application Data\pure coal bone thunk\Idol bore.exe
C:\Documents and Settings\All Users\Application Data\Roam Program Comp About\Bend exit.exe
C:\Documents and Settings\PERFECT_GIRL\Application Data\IDLE01~1\Gplantitype.exe
ok I have been do what you want
but about this files I told you before I just prees shift and delate and I didn't know how to re sift them
I have arlady the mcafee do I need to doloand another one?
C:\Documents and Settings\All Users\Application Data\Roam Program Comp About\Bend exit.exe
C:\Documents and Settings\PERFECT_GIRL\Application Data\IDLE01~1\Gplantitype.exe
ok I have been do what you want
but about this files I told you before I just prees shift and delate and I didn't know how to re sift them
I have arlady the mcafee do I need to doloand another one?
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
I was just making sure that those files are gone, pg. If you could not find them, that is fine.
Some antivirus software, for example Symantec's [and McAfee's too] cannot be simply removed without special software. Your McAfee is fine, no need to touch it, but there are still parts of Symantec remaining on your machine. If you visit the Symantec website you will be able to find and download the correct removal tool which you then run.
Would you do this for me please:
==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save as showkey.bat to your desktop; dclick it to run, then post the file showkey.txt
Post the notepad that pops onto your desktop, please.
Some antivirus software, for example Symantec's [and McAfee's too] cannot be simply removed without special software. Your McAfee is fine, no need to touch it, but there are still parts of Symantec remaining on your machine. If you visit the Symantec website you will be able to find and download the correct removal tool which you then run.
Would you do this for me please:
==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save as showkey.bat to your desktop; dclick it to run, then post the file showkey.txt
reg query "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce" /s >showkey.txt reg query "HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce" /s >>showkey.txt reg query "HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce" /s >>showkey.txt reg query "HKU.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce" /s >>showkey.txt start showkey.txt pause
Last edited by gerbil; Dec 13th, 2008 at 9:33 am.
Deep, deep in the woods, but walking about.
! REG.EXE VERSION 3.0
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce
<NO NAME> REG_SZ
! REG.EXE VERSION 3.0
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce
<NO NAME> REG_SZ
! REG.EXE VERSION 3.0
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce
<NO NAME> REG_SZ
that is
ok I will download it and I'll tell you what hapenced
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce
<NO NAME> REG_SZ
! REG.EXE VERSION 3.0
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce
<NO NAME> REG_SZ
! REG.EXE VERSION 3.0
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce
<NO NAME> REG_SZ
that is
ok I will download it and I'll tell you what hapenced
 |
Other Threads in the Viruses, Spyware and other Nasties Forum
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista warning windows worm yahoo
