0

Hello there

I really hope one of you kind people can help me with my problem.

McAfee has found the 'New Win32' virus on my laptop. I have run the virus scan and quarantined the files. There were almost 800 infected files and most were able to be cleaned or quarantined, but there were still about 6 that I could do nothing with.

I have run the HijackThis log, but I am not in the least tech minded and would appreciate any help you can give in removing this from my system.

Also, I had a pop up of the Command Prompt box with a file c:\d.exe and have no idea what this is, although it did seem to be stopping me loading web pages and this resumed fine when I closed the cammand prompt box down.

I really hope that this makes sense to someone!! Hope I have explained my problem ok.


Thanking you in advance for your help.

P.S. My laptop is now not logging on at all, just telling me I have a virus and need to run a scan and then logging me off again. HELP!!!!!!!

HijackThis log reads as follows:

Logfile of HijackThis v1.99.1
Scan saved at 10:03:02, on 15/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\AOL\1140876407\ee\AOLSoftware.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
c:\program files\common files\aol\1140876407\ee\aolsoftware.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
c:\program files\common files\aol\1140876407\ee\anotify.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\nusrmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\pipmon.exe
C:\WINDOWS\system32\pipmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Cally\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://profile.zwinky.com/zwinkyprofile/main.jhtml
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140876407\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [pipmon] pipmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: 1.exe
O4 - Global Startup: 2.exe~
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

4
Contributors
8
Replies
9
Views
10 Years
Discussion Span
Last Post by lost4ever
0

Just a quick question...how long after it requests a scan does it log off? Also try http://www.kaspersky.com/virusscanner let is scan your computer. In addition to viruses, your computer may be infected with spywares, Trojans, worms, adwares, viruses and other malwares. Also, I do recommend that you clean/restore your registry files…if these are corrupted, your PC will slow down and have startup problems.

0

Have a look at this thread thatr I wrote a few days ago:
http://www.daniweb.com/forums/thread88342.html

It provides a step by step guide as to how to get rid of the Vundo trojan - the principles in that case surely apply to yours. The file you identified, c:\d.exe is the likely culprit and must be disposed of (and prevented from being recreated).

My advice is, of course, at your risk.

Good luck.

0

Just a quick question...how long after it requests a scan does it log off? Also try http://www.kaspersky.com/virusscanner let is scan your computer. In addition to viruses, your computer may be infected with spywares, Trojans, worms, adwares, viruses and other malwares. Also, I do recommend that you clean/restore your registry files…if these are corrupted, your PC will slow down and have startup problems.

Hi

Thanks for responding to my plea!!

Ok, well it doesn't automaticly log me off but my laptop did power off at some point and now I cannot log on to it again with any of the three users set up on it. I cannot even log on in safe mode.

Does this mean that there is nothing I can do to fix it? I would have assumed that I should still be able to get on to my desktop via safe mode.

I am pretty certain that there is spyware on my laptop too,

I managed to run this scan and save the info to my other pc last night before the laptop shut down:

I know nothing about computers, but it looks pretty bad to me. Any suggestions?

=========================================================================

This file was created by AntiSpyStorm on 09.15.07 19:25:15

http://antispystorm.com/

=========================================================================


PRODUCT VERSION:

1.1.27

DATABASE VERSION:

1.0.1.6

SCAN MODE:

Full Scan


*******************************

INFECTED:

83


=========================================

- DETAILED REPORT.

=========================================


*******************************

INFECTED PROCCESS:

1

*******************************


c:\windows\system32\nusrmgr.exe - Trojan.ADHammer

*******************************

INFECTED REGISTRY ENTRIES:

23

*******************************


HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - AdBreak
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd} - AdBreak
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13} - Adgoblin
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d} - 7FaSSt Search
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{12F02779-6D88-4958-8AD3-83C12D86ADC7} - ActiveSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4} - ActivShop
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - Adblaster
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8} - AdBars
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - 404Search
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{54645654-2225-4455-44A1-9F4543D34546} - ADCLICKER
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e} - 7FaSSt Search
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - Aconti
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208} - AccoonaSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450} - ACXInstall
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - 7FaSSt Search
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78} - 3721 Spyware
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7} - Adgoblin
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129} - AdBars
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456} - ADCLICKER
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b} - 4Arcade PBar
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089} - AccessPlugin
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f} - Adblaster
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c} - Adgoblin

*******************************

INFECTED FILES:

59

*******************************


c:\program files\3721\assist\asbar.dll - 3721 Spyware
c:\program files\accoona\asearchassist.dll - AccoonaSearch
c:\program files\e-zshopper\barlcher.dll - ActivShop
c:\program files\p2pnetworks\amp2pl.exe - AccessMedia
c:\windows\system32\eshopee.exe - ActivShop
c:\windows\system32\fuamfu32.ini - Trojan.ADHammer
c:\windows\system32\gtv_sd.bin - Trojan.ADHammer
c:\windows\system32\msole32.exe - ADCLICKER
c:\windows\system32\nusrmgr.exe - Trojan.ADHammer
c:\windows\system32\oembios32.dll - Trojan.ADHammer
c:\windows\system32\vxddsk.exe - Abebot
c:\windows\system32\wml.exe - Abebot
c:\windows\764.exe - 764 Dialer
c:\windows\7search.dll - 7FaSSt Search
c:\windows\absolute key logger.lnk - AbsoluteKey
c:\windows\aconti.exe - Aconti
c:\windows\aconti.ini - Aconti
c:\windows\aconti.log - Aconti
c:\windows\aconti.sdb - Aconti
c:\windows\acontidialer.txt - Aconti
c:\windows\adbar.dll - AdBars
c:\windows\cbinst$.exe - AdBreak
c:\windows\daxtime.dll - Adgoblin
c:\windows\default.htm - Trojan.ADHammer
c:\windows\dp0.dll - AccessPlugin
c:\windows\eventlowg.dll - Adgoblin
c:\windows\fhfmm.exe - AdBreak
c:\windows\fhfmm-uninstaller.exe - AdBreak
c:\windows\flt.dll - 7FaSSt Search
c:\windows\hcwprn.exe - AdBreak
c:\windows\hotporn.exe - AccessPlugin
c:\windows\ie_32.exe - Acext
c:\windows\iexplorr23.dll - Adblaster
c:\windows\jd2002.dll - ACXInstall
c:\windows\kkcomp$.exe - AdBreak
c:\windows\kkcomp.dll - AdBreak
c:\windows\kkcomp.exe - AdBreak
c:\windows\kvnab$.exe - AdBreak
c:\windows\kvnab.dll - AdBreak
c:\windows\kvnab.exe - AdBreak
c:\windows\liqad$.exe - AdBreak
c:\windows\liqad.dll - AdBreak
c:\windows\liqad.exe - AdBreak
c:\windows\liqui.dll - AdBreak
c:\windows\liqui.exe - AdBreak
c:\windows\liqui-uninstaller.exe - AdBreak
c:\windows\ngd.dll - AccessPlugin
c:\windows\pbar.dll - 4Arcade PBar
c:\windows\pbsysie.dll - AdBreak
c:\windows\settn.dll - AdBreak
c:\windows\spredirect.dll - ActualNames.AdvSearch
c:\windows\vxddsk.exe - Abebot
c:\windows\wbecheck.exe - AdBreak
c:\windows\wbeinst$.exe - AdBreak
c:\windows\wml.exe - Abebot
c:\windows\xadbrk.dll - AdBreak
c:\windows\xadbrk.exe - AdBreak
c:\windows\xadbrk_.exe - AdBreak
c:\windows\xxxvideo.exe - AccessPlugin

*******************************

INFECTED COOKIES:

0

*******************************


- NOT FOUND -


*******************************

INFECTED FAVORITES:

0

*******************************


- NOT FOUND -


=========================================

- END OF FILE.

0

Have a look at this thread thatr I wrote a few days ago:
http://www.daniweb.com/forums/thread88342.html

It provides a step by step guide as to how to get rid of the Vundo trojan - the principles in that case surely apply to yours. The file you identified, c:\d.exe is the likely culprit and must be disposed of (and prevented from being recreated).

My advice is, of course, at your risk.

Good luck.

Thanks for your reply. I'm afraid I don't really think I'm technicly minded enough to try removing the hard drive - I really have no clue about these things :confused:

0

are you familiar with booting up the computer through the comand prompt at start-up?

It's been a while. Do you mean when you press F2 for setup options? Do I need the boot hard drive option?

0

Thanks for your reply. I'm afraid I don't really think I'm technicly minded enough to try removing the hard drive - I really have no clue about these things :confused:

Pity. Because the step by step stuff they'll tell you to do here is very heavy indeed. If it's a Dell laptop, the instruction book tells you how to remove a drive. Putting it into an external USB enclosure that must buy is covered in that product's instructions.

You'd need a second computer obviously for the external drive to be connected - dunno if that's a problem for you.

Perhaps get a friend in who is more confident to help you out.

BVut, of course, don't go too far outside your confidence zone - although I'm suggesting you ratchet it up a bit.

Good luck.

0

Sorry, I am not a great help, I just have the same problem with my pc. I can not log on anymore :(
I also have the new win32 virus and tried to do some damage control until it froze and I rebooted it and now I can't log on anymore. I am also very frustrated.
If I find a solution I will let you know...

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.