943,852 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > Re: help needed - %$thb$% drive c
Ad:
You are currently viewing page 3 of this multi-page discussion thread; Jump to the first page
Permalink
Dec 12th, 2008
0

Re: help needed - %$thb$% drive c

Hello, pg, yes, that is what i wanted.
Please start hijackthis again, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

O4 - HKLM\..\Run: [bone thunk axis copy] C:\Documents and Settings\All Users\Application Data\pure coal bone thunk\Idol bore.exe
O4 - HKLM\..\Run: [Comp about extra bin] C:\Documents and Settings\All Users\Application Data\Roam Program Comp About\Bend exit.exe
O4 - HKCU\..\Run: [Sect Real] C:\DOCUME~1\PERFEC~1\APPLIC~1\IDLE01~1\Gplantitype.exe
O4 - HKCU\..\Run: [swg] C:\WINDOWS\system32\regsvr32.exe

Good, now find and delete these files:
C:\Documents and Settings\All Users\Application Data\pure coal bone thunk\Idol bore.exe
C:\Documents and Settings\All Users\Application Data\Roam Program Comp About\Bend exit.exe
C:\Documents and Settings\PERFECT_GIRL\Application Data\IDLE01~1\Gplantitype.exe
-IDLE01~1 is an abbreviation of some folder name, I do not know what, but it commences with IDLE01, and is the only one that starts like that.

Please visit the Symantec website and download and run the appropriate removal tool for the version of their antivirus that you once used.
Make and post a fresh hijackthis log, please.
Last edited by gerbil; Dec 12th, 2008 at 9:07 pm.
Reputation Points: 239
Solved Threads: 296
Industrious Poster
gerbil is offline Offline
4,169 posts
since May 2005
Permalink
Dec 13th, 2008
0

Re: help needed - %$thb$% drive c

C:\Documents and Settings\All Users\Application Data\pure coal bone thunk\Idol bore.exe
C:\Documents and Settings\All Users\Application Data\Roam Program Comp About\Bend exit.exe
C:\Documents and Settings\PERFECT_GIRL\Application Data\IDLE01~1\Gplantitype.exe
ok I have been do what you want

but about this files I told you before I just prees shift and delate and I didn't know how to re sift them


I have arlady the mcafee do I need to doloand another one?
Reputation Points: 10
Solved Threads: 1
Newbie Poster
perfect_girl is offline Offline
15 posts
since Dec 2008
Permalink
Dec 13th, 2008
0

Re: help needed - %$thb$% drive c

I was just making sure that those files are gone, pg. If you could not find them, that is fine.
Some antivirus software, for example Symantec's [and McAfee's too] cannot be simply removed without special software. Your McAfee is fine, no need to touch it, but there are still parts of Symantec remaining on your machine. If you visit the Symantec website you will be able to find and download the correct removal tool which you then run.
Would you do this for me please:
==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save as showkey.bat to your desktop; dclick it to run, then post the file showkey.txt
reg query "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce" /s >showkey.txt
reg query "HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce"  /s >>showkey.txt
reg query "HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce" /s >>showkey.txt
reg query "HKU.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce" /s >>showkey.txt
start showkey.txt
pause
Post the notepad that pops onto your desktop, please.
Last edited by gerbil; Dec 13th, 2008 at 9:33 am.
Reputation Points: 239
Solved Threads: 296
Industrious Poster
gerbil is offline Offline
4,169 posts
since May 2005
Permalink
Dec 13th, 2008
0

Re: help needed - %$thb$% drive c

! REG.EXE VERSION 3.0

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce
<NO NAME> REG_SZ

! REG.EXE VERSION 3.0

HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce
<NO NAME> REG_SZ

! REG.EXE VERSION 3.0

HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce
<NO NAME> REG_SZ
that is
ok I will download it and I'll tell you what hapenced
Reputation Points: 10
Solved Threads: 1
Newbie Poster
perfect_girl is offline Offline
15 posts
since Dec 2008
Permalink
Dec 14th, 2008
0

Re: help needed - %$thb$% drive c

Fine, pg. When you have used that Symantec removal tool could you post a final hijackthis log, please?
Reputation Points: 239
Solved Threads: 296
Industrious Poster
gerbil is offline Offline
4,169 posts
since May 2005

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: My fathers computer is slow , virtual memory always low
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Vitrumonde/W32.Ahlem.A@mm(a.exe) Problem, explorer.exe crashing constantly!!





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC