did trojan scan and found malware, what do I do

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by cher_hc_43, Feb 4, 2006.

  1. cher_hc_43

    cher_hc_43 Private First Class

    I recently ran windows security.coms free trojan scanner and it found malware: C:\windows\downloaded program files\popcaploader.dll which it says is mal-ware, well before I ran the scan a message came up telling me I had to download active x before I can perform the scan, well I did that and now I have that malware on there, how do I get rid of it, I have spy sweeper and ad-awre installed on my computer and spy sweeper didnt detect it and I didnt see it in my ad-awre scan, so how do I get rid of it? can I just delete it from the program files where I located it?


    cheryl
     
    cher_hc_43, Feb 4, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    What malware are you talking about? And where is it? How did you detect it?
    Attach the logs that showed you the malware.

    If you are having malware issues, standard cleaning procedure must be followed:

    READ & RUN ME FIRST Before Asking for Support
     
    Last edited: Feb 4, 2006
    chaslang, Feb 4, 2006
    #2
  3. cher_hc_43

    cher_hc_43 Private First Class

    Well the malware is popcaploader.dll and it was found in:

    C:\windows\downloaded program files\

    I also installed the full version of ad-aware spyware se and when I go back to the windows folder that popcaploader is still there. any suggestions?

    chery;l
     
    cher_hc_43, Feb 4, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Windows Explorer will not show files in that folder you need to use either the command prompt or another tool like ExplorerXP

    Here is the command prompt method:

    Step to delete popcaploader.dll :
    - Click Start, Run, and enter cmd in the box and click OK. This opens a command prompt windows.
    - Enter the following command lines each followed by the enter key
    cd C:\WINDOWS\Downloaded Program Files\
    attrib -r -h -s popcaploader.dll
    del popcaploader.dll
    exit
     
    chaslang, Feb 4, 2006
    #4
  5. cher_hc_43

    cher_hc_43 Private First Class

    ok I ran run entered cmd and hit ok and when the black little screen came up at the c prompt it read:
    C:\Documents and settings\ cheryl carney\

    was I suppose to enter cd C:\WINDOWS\Downloaded Program Files\ on the same line as the documents and settings? I did that and when I went back into where I had found the popcaploader it was still there, am I doing something wrong?


    cheryl
     
    cher_hc_43, Feb 5, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You just need to follow the steps I gave you exactly as written. That means when the command prompt window opens enter the four below commands in sequence. Don't miss the spaces.

    cd C:\WINDOWS\Downloaded Program Files\
    attrib -r -h -s popcaploader.dll
    del popcaploader.dll
    exit

    The first command changes the directory from C:\Documents and settings\ cheryl carney\ to C:\WINDOWS\Downloaded Program Files\ which means the prompt will change to show you are in the C:\WINDOWS\Downloaded Program Files\ folder.

    The second command changes file attributes to make sure you can see it and delete it.
    The third command deletes the file.
    The fourth command closes the command prompt window.
     
    chaslang, Feb 5, 2006
    #6
  7. cher_hc_43

    cher_hc_43 Private First Class

    ok I did everything that you said to do and when I go back in the folder that shows the popcaploader it now says damaged, so what do I do with it now, sorry I have to bug you about this but I am totally lost.

    thank you for your continuing help
    cheryl
     
    cher_hc_43, Feb 6, 2006
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Feb 6, 2006
    #8
  9. cher_hc_43

    cher_hc_43 Private First Class

    ok I right clicked on it and it was able to remove it, thanks for the help, much appreciated!

    cheryl
     
    cher_hc_43, Feb 6, 2006
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome! Are you having any other malware issues?
     
    chaslang, Feb 6, 2006
    #10
  11. cher_hc_43

    cher_hc_43 Private First Class

    well not sure if it is a malware issue, but I had installed adware spyware SE, is that a good product? Well anyways I kind of confused it with ad-aware and thought I was downloading a newer version, well I purchased a registration number for it and found that it doesn't catch everything, it has been catching this:

    When U
    C:\DOCUME~1\CHERYL~1\LOCALS~1\Temp\GLF*.exe

    everytime I scan this is there, and when I hit the remove button, it still comes up in a scan, what exactly is this? I notice another one to:

    Date Regon
    C:\WINDOWS\downloaded program files\cab??.inf

    please any information would be helpful.

    thank you
    cheryl
     
    cher_hc_43, Feb 6, 2006
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No they are not good. Their stuff has been on the rogue list for quite some time.
    See: http://www.spywarewarrior.com/rogue_anti-spyware.htm


    You really should run through what I gave you before: READ & RUN ME FIRST Before Asking for Support

    That way we can be sure you are clean. As far as Adware Spyware SE, I would recommend uninstalling it and asking for a refund.
     
    chaslang, Feb 6, 2006
    #12

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds