0

I see I'm not the only one had had this problem. Starting around last Sunday night to Monday morning I'd get these annoying popups when my computer started up (p-07-0100...kmode_exception_not_handled) and it'd get REALLY laggy, not to mention the dozens (I'd say about 500 hundred every time I started up or shutdown) pos.tmp files in my C: directory and My Documents that I could not delete (The instruction at "0x01d62739" referenced memory at "0x02354e50". The file could not be deleted), as well as 2 desktop icons that would come back every time I deleted them.

Now, I don't know if this will work for everyone else but after going through a lot of other spyware removal programs I downloaded a free version of PC Tools Antivirus (http://www.pctools.com/anti-virus/) and after about an hour of scanning this thing found around 20 infections (at least half of them worms/trojans) and deleted them. I restarted and presto I could finally delete the tmp files and no more popups or little red X icon on my toolbar that would make popup messages. Only thing is I still have the red X icon on my C directory, but it seems to have fixed everything else.

Also, I have no idea if it was related, but in my effort to track down the infection I find an icon with a yellow/orange hard-hat that kept showing up in my C:\Documents and Settings\(your windows login name)\Local Settings\temp folder. I'd delete it but it'd come back sometimes with a new name (also found the name in my registry and other folders). After I ran PC Tools Antivirus I deleted it and it was finally gone.

Also, upon running one of Windows Malicious Software Removal programs (which took well over FOUR HOURS) I noticed there were THOUSANDS of hidden zip files in my windows/fonts directory that I hadn't downloaded, but their mod date was after I the tmp files and popups started happening. The files were hidden so I had to go to the fonts folder, hit search, then hit Enter to show everything in the folder and I swear it had to be well over 5,000 of these zip files all with movie/DVD names. Also, there was a "muufcdpn.dll" file that I believe was related that I quarantined and deleted.

Like I said, I don't know if this will help anyone but from now on I'm running both this PC Tools Antivirus program and Spybot on a regular basis, and I'm using Firefox instead of stupid Internet Explorer since I know that's probably how I caught the virus in the first place. Hope this helps someone else out there.

2
Contributors
1
Reply
2
Views
9 Years
Discussion Span
Last Post by MoralTerror
0
Only thing is I still have the red X icon on my C directory, but it seems to have fixed everything else.


Hi cswood


DownloadCombofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

If your not sure how to disable them then double-check against the list found >>>HERE<<< This list is not all inclusive, if your programs are not listed and you are unsure then please ask before continuing.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


--------------------------------------------------------------------

Please download and install HijackThis . It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis.
Make sure you close down EVERY open window and close ALL browser windows. The only thing that should be open is the HijackThis program.
If it gives you an intro screen, just choose 'Do a system scan and save a log file'.
If not, run a scan and save the log file.
Copy the text file (Ctrl+A then Ctrl+C) and paste it (Ctrl+V) in a new thread in the HJT Forum
Do not fix any entries in HijackThis since they may be harmless.
Make sure to include the System information at the top of the log as well.

--------------------------------------------------------------------

Open notepad and copy/paste the text in the codebox below into it:



regedit /a look2.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons" 
start notepad look2.txt



Save this aslook.bat Choose to "Save type as - All Files"
It should look like this:

Double click on look.bat & allow it to run. Notepad will open with the filelook2.txt, please post the contents of look2.txt

Attachments bat.gif 1.82 KB
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.