MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Closed Thread
 
Thread Tools Display Modes
  #1  
Old 10-04-04, 21:43
mbini mbini is offline
Private E-2
 
Join Date: Oct 2004
Posts: 17
Thanks: 0
Thanked 0 Times in 0 Posts
Default multiple malware and viruses need advice

On my win 2000 laptop managed to run multiple scans and found uncleanable viruses and malware

A2 scanner
C:\WINNT\system32\cab\copy\back32.exe not-a-virus:RiskWare.Tool.HideWindows
C:\WINNT\system32\cab\copy\ntcnd.exe not-a virus:RiskWare.Tool.HideWindows
C:\WINNT\system32\cab\ntcnd.exe not-a-virus:RiskWare.Tool.HideWindows
C:\WINNT\system32\LIBPARSE.EXE not-a-virus:RiskWare.Tool.PrcView.3621
C:\WINNT\system32\NBNG.exe not-a-virus:RiskWare.mIRC.6.03 C:\WINNT\system32\libmodll.exe not-a-virus:RiskWare.Tool.PrcView.3621 C:\WINNT\preInsln.exe Spyware.Win32.BiSpy.o

Bitdefender scan
Memory ok
Master Boot Record 80 ok (Windows 95 B20 - Windows 98)
Partition Boot 1 (primary) (active) ok (Windows NT 2000 FAT32)
Partition Boot 2 ok (Windows 98 FAT32)
Boot Sector of Drive A: ok (Read Error)
C:\WINNT\system32\o suspect: Backdoor.BotGet.FtpB.Gen
C:\WINNT\system32\o copied
C:\WINNT\system32\cab\copy\back32.exe infected: Virtool.HiddenRun.B
C:\WINNT\system32\cab\copy\back32.exe unable to disinfect
C:\WINNT\system32\cab\copy\ntcnd.exe infected: Virtool.HiddenRun.B
C:\WINNT\system32\cab\copy\ntcnd.exe unable to disinfect
C:\WINNT\system32\cab\copy\svhost.exe infected: Virtool.Xscan.A
C:\WINNT\system32\cab\copy\svhost.exe unable to disinfect
C:\WINNT\system32\cab\dat\easy_user.dic infected: Trojan.RemoteData.Cfg
C:\WINNT\system32\cab\dat\easy_user.dic unable to disinfect
C:\WINNT\system32\cab\dat\nt_pass.dic infected: Trojan.RemoteData.Cfg
C:\WINNT\system32\cab\dat\nt_pass.dic unable to disinfect
C:\WINNT\system32\cab\plugin\010-port.xpn infected: Virtool.Xscan.Plugin
C:\WINNT\system32\cab\plugin\010-port.xpn unable to disinfect
C:\WINNT\system32\cab\plugin\020-netbios.xpn infected: Virtool.Xscan.Plugin
C:\WINNT\system32\cab\plugin\020-netbios.xpn unable to disinfect
C:\WINNT\system32\cab\plugin\030-rpc.xpn infected: Virtool.Xscan.Plugin
C:\WINNT\system32\cab\plugin\030-rpc.xpn unable to disinfect
C:\WINNT\system32\cab\plugin\090-ntpass.xpn infected: Virtool.Xscan.Plugin
C:\WINNT\system32\cab\plugin\090-ntpass.xpn unable to disinfect
C:\WINNT\system32\cab\ntcnd.exe infected: Virtool.HiddenRun.B
C:\WINNT\system32\cab\ntcnd.exe unable to disinfect
C:\WINNT\system32\cab\svhost.exe infected: Virtool.Xscan.A
C:\WINNT\system32\cab\svhost.exe unable to disinfect
C:\WINNT\system32\LIBPARSE.EXE=>(Upx) infected: Application.PrcView.A
C:\WINNT\system32\LIBPARSE.EXE=>(Upx) unable to disinfect
C:\WINNT\system32\dmsis.exe=>(CAB Sfx o)=>e.BAT infected: BAT.Noshare.N
C:\WINNT\system32\dmsis.exe=>(CAB Sfx o)=>l.EXE=>(Upx) infected: Application.PrcView.A
C:\WINNT\system32\dmsis.exe=>(CAB Sfx o)=>qerq.her infected: IRC-Worm.Randon.T
C:\WINNT\system32\dmsis.exe=>(CAB Sfx o)=>r.BAT infected: BAT.Passer.A
C:\WINNT\system32\dmsis.exe=>(CAB Sfx o)=>t.exe=>(Upx) infected: Trojan.HideWindows.A
C:\WINNT\system32\Microsoft\dmsis.exe=>(CAB Sfx o)=>e.BAT infected: BAT.Noshare.N
C:\WINNT\system32\Microsoft\dmsis.exe=>(CAB Sfx o)=>l.EXE=>(Upx) infected: Application.PrcView.A
C:\WINNT\system32\Microsoft\dmsis.exe=>(CAB Sfx o)=>qerq.her infected: IRC-Worm.Randon.T
C:\WINNT\system32\Microsoft\dmsis.exe=>(CAB Sfx o)=>r.BAT infected: BAT.Passer.A
C:\WINNT\system32\Microsoft\dmsis.exe=>(CAB Sfx o)=>t.exe=>(Upx) infected: Trojan.HideWindows.A
C:\WINNT\system32\libmodll.exe=>(Upx) infected: Application.PrcView.A
C:\WINNT\system32\libmodll.exe=>(Upx) unable to disinfect
C:\WINNT\Installer\41d1a8.msi=>(Embedded CAB)=>F324_SCAN86.EXE.23611738_B786_4229_BA5E_8655EF44B621 infected: One_Half.3570
C:\Program Files\Common Files\Network Associates\VirusScan Engine\4.0.xx\OldEngine\SCAN86.sav infected: One_Half.3570
C:\Program Files\Common Files\Network Associates\VirusScan Engine\4.0.xx\OldEngine\SCAN86.sa

RAV scan
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\WINNT\system32\rundll33.exe->(ZipSfx)->explore.exe->(UPXW) - Trojan:Win32/Glitch -> Infected
C:\WINNT\system32\rundll33.exe->(ZipSfx)->iiscached.dll - Backdoor:IRC/Minion* -> Infected
C:\WINNT\system32\dmsis.exe->(CABSfx)->e.BAT - Trojan:BAT/Noshare.N* -> Infected
C:\WINNT\system32\dmsis.exe->(CABSfx)->qerq.her - IRC/Generic* -> Suspicious
C:\WINNT\system32\dmsis.exe->(CABSfx)->t.exe - Tool:HideWindows -> Infected
C:\WINNT\system32\NWIZ.IN_ - BAT/Cah* -> Infected
C:\WINNT\system32\NWIZ.INI - BAT/Cah* -> Infected
C:\WINNT\system32\cab\ntcnd.exe - Virtool:Win32/HiddenRun.B -> Infected
C:\WINNT\system32\cab\copy\back32.exe - Virtool:Win32/HiddenRun.B -> Infected
C:\WINNT\system32\cab\copy\ntcnd.exe - Virtool:Win32/HiddenRun.B -> Infected
C:\WINNT\system32\Microsoft\dmsis.exe->(CABSfx)->e.BAT - Trojan:BAT/Noshare.N* -> Infected
C:\WINNT\system32\Microsoft\dmsis.exe->(CABSfx)->qerq.her - IRC/Generic* -> Suspicious
C:\WINNT\system32\Microsoft\dmsis.exe->(CABSfx)->t.exe - Tool:HideWindows -> Infected

Scanned
============================
Objects: 32866
Directories: 2517
Archives: 1159
Size(Kb): 626528
Infected files: 11

Found
============================
Viruses found: 6
Suspicious files: 2
Disinfected files: 0
Mail files: 88

I cant figure out how to get rid of them as those scans could not automatically disinfect tham.
A2 scanner would allow to delete the files. Is it okay to delete those files?
Please advice.
Sponsored links
  #2  
Old 10-04-04, 23:54
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,786
Thanks: 63
Thanked 7,843 Times in 4,259 Posts
Default Re: multiple malware and viruses need advice

Yes! Delete those files with A2.

Also you should please follow all the steps in this Sticky thread < READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal >

If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
  #3  
Old 10-05-04, 13:28
mbini mbini is offline
Private E-2
 
Join Date: Oct 2004
Posts: 17
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: multiple malware and viruses need advice

Followed all the steps
Cleaned a2 detected infected files. Still has malware from

RAV scan
C:\WINNT\system32\rundll33.exe->(ZipSfx)->explore.exe->(UPXW) - Trojan:Win32/Glitch -> Infected
C:\WINNT\system32\rundll33.exe->(ZipSfx)->iiscached.dll - Backdoor:IRC/Minion* -> Infected
C:\WINNT\system32\dmsis.exe->(CABSfx)->e.BAT - Trojan:BAT/Noshare.N* -> Infected
C:\WINNT\system32\dmsis.exe->(CABSfx)->qerq.her - IRC/Generic* -> Suspicious
C:\WINNT\system32\dmsis.exe->(CABSfx)->t.exe - Tool:HideWindows -> Infected
C:\WINNT\system32\NWIZ.IN_ - BAT/Cah* -> Infected
C:\WINNT\system32\NWIZ.INI - BAT/Cah* -> Infected
C:\WINNT\system32\Microsoft\dmsis.exe->(CABSfx)->e.BAT - Trojan:BAT/Noshare.N* -> Infected
C:\WINNT\system32\Microsoft\dmsis.exe->(CABSfx)->qerq.her - IRC/Generic* -> Suspicious
C:\WINNT\system32\Microsoft\dmsis.exe->(CABSfx)->t.exe - Tool:HideWindows -> Infected

and by Bitdefender scan
C:\WINNT\system32\spool\drivers\w32x86\3\EB5ST000.DAT=>(CAB Sfx o)=>\LPT_t\Ebplpt.dll: bad crc
C:\WINNT\system32\spool\drivers\w32x86\EB5ST000.DAT=>(CAB Sfx o)=>\LPT_t\Ebplpt.dll: bad crc
C:\WINNT\system32\o: suspect Backdoor.BotGet.FtpB.Gen
C:\WINNT\system32\o: disinfection failed
C:\WINNT\system32\cab\copy\svhost.exe: infected with Virtool.Xscan.A
C:\WINNT\system32\cab\copy\svhost.exe: disinfection failed
C:\WINNT\system32\cab\dat\easy_user.dic: infected with Trojan.RemoteData.Cfg
C:\WINNT\system32\cab\dat\easy_user.dic: disinfection failed
C:\WINNT\system32\cab\dat\nt_pass.dic: infected with Trojan.RemoteData.Cfg
C:\WINNT\system32\cab\dat\nt_pass.dic: disinfection failed
C:\WINNT\system32\cab\plugin\010-port.xpn: infected with Virtool.Xscan.Plugin
C:\WINNT\system32\cab\plugin\010-port.xpn: disinfection failed
C:\WINNT\system32\cab\plugin\020-netbios.xpn: infected with Virtool.Xscan.Plugin
C:\WINNT\system32\cab\plugin\020-netbios.xpn: disinfection failed
C:\WINNT\system32\cab\plugin\030-rpc.xpn: infected with Virtool.Xscan.Plugin
C:\WINNT\system32\cab\plugin\030-rpc.xpn: disinfection failed
C:\WINNT\system32\cab\plugin\090-ntpass.xpn: infected with Virtool.Xscan.Plugin
C:\WINNT\system32\cab\plugin\090-ntpass.xpn: disinfection failed
C:\WINNT\system32\cab\svhost.exe: infected with Virtool.Xscan.A
C:\WINNT\system32\cab\svhost.exe: disinfection failed
C:\WINNT\system32\dmsis.exe=>(CAB Sfx o)=>e.BAT: infected with BAT.Noshare.N
C:\WINNT\system32\dmsis.exe=>(CAB Sfx o)=>e.BAT: disinfection failed
C:\WINNT\system32\dmsis.exe=>(CAB Sfx o)=>l.EXE=>(Upx): infected with Application.PrcView.A
C:\WINNT\system32\dmsis.exe=>(CAB Sfx o)=>l.EXE=>(Upx): disinfection failed
C:\WINNT\system32\dmsis.exe=>(CAB Sfx o)=>qerq.her: infected with IRC-Worm.Randon.T
C:\WINNT\system32\dmsis.exe=>(CAB Sfx o)=>qerq.her: disinfection failed
C:\WINNT\system32\dmsis.exe=>(CAB Sfx o)=>r.BAT: infected with BAT.Passer.A
C:\WINNT\system32\dmsis.exe=>(CAB Sfx o)=>r.BAT: disinfection failed
C:\WINNT\system32\dmsis.exe=>(CAB Sfx o)=>t.exe=>(Upx): infected with Trojan.HideWindows.A
C:\WINNT\system32\dmsis.exe=>(CAB Sfx o)=>t.exe=>(Upx): disinfection failed
C:\WINNT\system32\Microsoft\dmsis.exe=>(CAB Sfx o)=>e.BAT: infected with BAT.Noshare.N
C:\WINNT\system32\Microsoft\dmsis.exe=>(CAB Sfx o)=>e.BAT: disinfection failed
C:\WINNT\system32\Microsoft\dmsis.exe=>(CAB Sfx o)=>l.EXE=>(Upx): infected with Application.PrcView.A
C:\WINNT\system32\Microsoft\dmsis.exe=>(CAB Sfx o)=>l.EXE=>(Upx): disinfection failed
C:\WINNT\system32\Microsoft\dmsis.exe=>(CAB Sfx o)=>qerq.her: infected with IRC-Worm.Randon.T
C:\WINNT\system32\Microsoft\dmsis.exe=>(CAB Sfx o)=>qerq.her: disinfection failed
C:\WINNT\system32\Microsoft\dmsis.exe=>(CAB Sfx o)=>r.BAT: infected with BAT.Passer.A
C:\WINNT\system32\Microsoft\dmsis.exe=>(CAB Sfx o)=>r.BAT: disinfection failed
C:\WINNT\system32\Microsoft\dmsis.exe=>(CAB Sfx o)=>t.exe=>(Upx): infected with Trojan.HideWindows.A
C:\WINNT\system32\Microsoft\dmsis.exe=>(CAB Sfx o)=>t.exe=>(Upx): disinfection failed
C:\WINNT\Installer\41d1a8.msi=>(Embedded CAB)=>F324_SCAN86.EXE.23611738_B786_4229_BA5E_8655EF44B621: infected with One_Half.3570
C:\WINNT\Installer\41d1a8.msi=>(Embedded CAB)=>F324_SCAN86.EXE.23611738_B786_4229_BA5E_8655EF44B621: disinfection failed
C:\WINNT\avxoscan\Suspicious\o: suspect Backdoor.BotGet.FtpB.Gen
C:\WINNT\avxoscan\Suspicious\o: disinfection failed
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DelfinProject3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DelfinProject3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip=>RELATED.HTM: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ShopNav.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ShopNav.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BDEProjector.zip=>mskin/mskin.bmp: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BDEProjector.zip=>mskin/config3.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BDEProjector.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PromulGate.zip=>patchme.exe: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PromulGate.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ShopNav1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ShopNav1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BDEProjector1.zip=>bdeverify.exe: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BDEProjector1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DelfinProject4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DelfinProject4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BDEProjector2.zip=>bdesecureinstall.exe: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BDEProjector2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DelfinProject5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DelfinProject5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SexList.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SexList.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BDEProjector3.zip=>bdesecureinstall.cab: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BDEProjector3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DownloadWare.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DownloadWare.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BDEProjector4.zip=>bdeverify.dll: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BDEProjector4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BDEProjector5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BDEProjector5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GoldenPalaceCasino.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GoldenPalaceCasino.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BDEProjector6.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BDEProjector6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WurldMedia.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WurldMedia.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WurldMedia1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WurldMedia1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BDHelper.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BDHelper.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BDHelper1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BDHelper1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DelfinProject.zip=>remove_tools.html: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DelfinProject.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit6.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DelfinProject1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DelfinProject1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit7.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit7.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DelfinProject2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DelfinProject2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\Manoj\Local Settings\Temporary Internet Files\Content.IE5\KLIN0DI3\dotnetfx_a86fd901dfe693e5d9465b4f89715da[1].exe=>(CAB Sfx r)=>InstMsiW.exe: bad crc
C:\Program Files\Common Files\Network Associates\VirusScan Engine\4.0.xx\OldEngine\SCAN86.sav: infected with One_Half.3570
C:\Program Files\Common Files\Network Associates\VirusScan Engine\4.0.xx\OldEngine\SCAN86.sav: disinfection failed
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>arrow1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>arrow2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bck1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bck2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt11.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt12.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt13.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt21.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt22.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt23.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt31.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt32.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt33.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt41.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt42.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt43.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt51.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt52.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt53.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt61.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt62.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox4.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>default.skn: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph4.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph5.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph6.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph7.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>main.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>preview.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>sprite1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>tab1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>tab2.bmp: password protected
C:\Program Files\Java\j2re1.4.0\lib\ext\localedata.jar=>sun/text/resources/thai_dict: bad crc
C:\Program Files\Java\j2re1.4.0\lib\rt.jar=>javax/swing/tree/DefaultMutableTreeNode$PreorderEnumeration.class: bad crc
C:\Program Files\Java\j2re1.4.0\lib\jaws.jar=>sunw/demo/classfile/UTF8Constant.class: bad crc
C:\Program Files\Java\j2re1.4.0\lib\charsets.jar=>sun/io/CharToByteTIS620.class: bad crc
C:\Program Files\Java\j2re1.4.0_03\lib\ext\localedata.jar=>sun/text/resources/thai_dict: bad crc
C:\Program Files\Java\j2re1.4.0_03\lib\rt.jar=>javax/swing/tree/DefaultMutableTreeNode$PreorderEnumeration.class: bad crc
C:\Program Files\Java\j2re1.4.0_03\lib\jaws.jar=>sunw/demo/classfile/UTF8Constant.class: bad crc
C:\Program Files\Java\j2re1.4.0_03\lib\charsets.jar=>sun/io/CharToByteTIS620.class: bad crc
C:\Program Files\Java Web Start\javaws.jar=>build.id: bad crc
D:\aawsepersonal.exe=>wise0023=>arrow1.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>arrow2.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>bck1.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>bck2.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>bt11.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>bt12.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>bt13.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>bt21.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>bt22.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>bt23.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>bt31.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>bt32.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>bt33.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>bt41.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>bt42.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>bt43.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>bt51.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>bt52.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>bt53.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>bt61.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>bt62.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>checkbox1.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>checkbox2.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>checkbox3.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>checkbox4.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>default.skn: password protected
D:\aawsepersonal.exe=>wise0023=>defbtn1.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>defbtn2.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>defbtn3.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>glyph1.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>glyph2.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>glyph3.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>glyph4.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>glyph5.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>glyph6.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>glyph7.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>main.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>preview.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>sprite1.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>tab1.bmp: password protected
D:\aawsepersonal.exe=>wise0023=>tab2.bmp: password protected

Do I have to manually remove all these files? I guess ad-aware and spybot files are already quarantined. But what about rest of them? Please advice.
  #4  
Old 10-05-04, 18:24
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,786
Thanks: 63
Thanked 7,843 Times in 4,259 Posts
Default Re: multiple malware and viruses need advice

You should only pay attention to the lines with infections and ignore the other stuff. You could dump all the stuff in your SpyBot recovery folder too. Yes some may require manual deletion but you really never indicate following my directions earlier. That could help. Especially if you can run the scans in safe mode.

This is what I said earlier:

"Also you should please follow all the steps in this Sticky thread < READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal > "
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
  #5  
Old 10-05-04, 21:59
mbini mbini is offline
Private E-2
 
Join Date: Oct 2004
Posts: 17
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: multiple malware and viruses need advice

I followed all your steps except my dsl does not work in the safe mode with network. I cant do online scans in safe modes. How do I make it work?
Sponsored links
  #6  
Old 10-05-04, 22:19
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,786
Thanks: 63
Thanked 7,843 Times in 4,259 Posts
Default Re: multiple malware and viruses need advice

Quote:
Originally Posted by mbini
I followed all your steps except my dsl does not work in the safe mode with network. I cant do online scans in safe modes. How do I make it work?
Just run the Symantec and TrendMicro scans in normal boot mode. And run everything else in safe mode as indicated in the tutorial.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
  #7  
Old 10-05-04, 22:26
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,786
Thanks: 63
Thanked 7,843 Times in 4,259 Posts
Default Re: multiple malware and viruses need advice

Later when you get a chance check out the below thread and see if you can then get safe mode with networking support:

A description of the Safe Mode Boot options in Windows XP
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
  #8  
Old 11-15-04, 10:34
ElaineJohnson ElaineJohnson is offline
Private E-2
 
Join Date: Nov 2004
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: multiple malware and viruses need advice

I have a difficult time to find out where to POST the question as a new member. Hopefully, someone will read this and tell me what to do.

I had similar problem with different virus and Backdoor.BotGet.FtpB.Gen. Bitdefender found it, but cannot cleanned it.

Searching for help. Found your answer to another member. Followed your direction below:

"< READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal > "

Created more problems. Now, I cannot turn RPC back on to automatic. There is no active option for me to click on. By the way, there was no active option for STOP, but disabled, which I did.

Cleanned with everything, but I still cannot install AVG7. Now, I cannot even run Bitdefender.

What a mess! Can anybody help?
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 13:38.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger