IOBit Software
|
IOBit Software
|
|
|
||||||
| Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient. |
 |
|
|
Thread Tools | Display Modes |
|
#1
04-23-06, 14:24
|
||||
|
||||
Been trying for 2 days... Please help
I made a stupid mistake and got a zip file with crack which turned to be a virus.
It forms files edlm.exe and edlm2.exe repeatedly in my system32 folder. Also when running in Normal model is packs up my system with thsi edlm2.exe file. I followed ALL the steps of all the "READ & RUN me...." but the problem stays. The only software that was detecting the viruses and trojans was "bitdefender" which was great, buy I could not locate the option of saving the report. I will try to run the whole scan again and see why I missed it, as I dont know how to roll back.... Also in PANDA i could not save the log but it did not find anything. Finally I did the HIJACKthis and I will attach the log here, hopefully you can assist. Thank you all in advance, I must say your website has guided me very well in this horrible weekend... I am running winXP and currently in safe mode Ishay 
|
| Sponsored links |
|
|
|
#2
04-23-06, 20:39
|
||||
|
||||
|
Re: Been trying for 2 days... Please help
Quote:
Was your HJT log from safe mode. It seems like it because I do not see NOD antivirus application running but a service for NOD32 is shown later. Do you still have NOD installed? It looks like it is still installed. It should not be if you are using MS One Care. Uninstall NOD or MS Windows One Care because you must only use one AV program. Do you know what the below are for? O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."  Support Majorgeeks on Facebook: Majorgeeks Newsletter Last edited by chaslang; 04-23-06 at 20:48..
|
|
#3
04-23-06, 21:06
|
||||
|
||||
|
Re: Been trying for 2 days... Please help
Thank you.
I managed to make the log last night again. So I attach it here now. (The clean files is just because I pushed on the "show all scanned files" for a second, and cancelled it. This time it did not detect as many files as most were deleted but seems you can understand the ones it did catch. Am I supposed to make the HJTin normal mode? Untill now everytime I got into normal mode, this virus attacked and filled up my system - edlm2.exe file repeating itself. Will it be safe now? It seems my system is more calm now after all the scans but I think some of my programas are damaged (But not sure of that). Thanks, Ishay
|
|
#4
04-23-06, 21:11
|
||||
|
||||
|
Re: Been trying for 2 days... Please help
Sorry didnt see your question.
I dont know what are O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe The softwares I have is one webcam and Cannon digital camera (Maybe the first one) Ishay
|
|
#5
04-23-06, 23:14
|
||||
|
||||
|
Re: Been trying for 2 days... Please help
Quote:
Repeat the above for tsnpstd3.exe Also scan those two file with this online file scanner and report the results back here: http://virusscan.jotti.org/ I see no evidence in any of the logs you posted thus far of problems (other then questions on the above). That does not mean that you are clean. It just means nothing has shown in any scans thus far. Tell me if you see the below file (make sure viewing of hidden and system files is enabled): C:\windows\system32\ldr64.dll What about my question about NOD32?
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't." Support Majorgeeks on Facebook: Majorgeeks Newsletter
|
| Sponsored links |
|
|
|
#6
04-24-06, 11:01
|
||||
|
||||
|
Re: Been trying for 2 days... Please help
CameraFixer.exe -
The version is 1,0,0,2 Copyright (C) 2005 Company - Its empty Product name - CameraFixer Application (If you think that this one pose a threat, I dont mind deleting it if no harm would happen to my computer. Any damage to programs I can recover later) tsnpstd3.EXE - This seems like my webcam software, I think it is ok. I live in China now and I bought it here, "the copy land", nothing here is legit... File version:1, 1, 3, 1 Company: Empty The http://virusscan.jotti.org/ you asked me to run reported: Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) The ldr64.dll is not in my computer, but it was before and was cleaned For your question regarding NOD32 - yes it is installed and I ran (And still am now) in safe mode. If I have to chose on ANTIvirus I prefer NOD32 so I will uninstall MS one care. Thanks, waiting for your instructions on what to do Ishay
|
|
#7
04-24-06, 13:36
|
||||
|
||||
|
Re: Been trying for 2 days... Please help
Quote:
Quote:
If you are not having any other malware problems, you should work thru the below link: How to Protect yourself from malware!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't." Support Majorgeeks on Facebook: Majorgeeks Newsletter Last edited by chaslang; 04-24-06 at 13:52..
|
|
#8
04-25-06, 22:36
|
||||
|
||||
Re: Been trying for 2 days... Please help
I would like to THANK YOU SO MUCH for the amazing guidance and help you have given.
This kind of trully professional support done so efficient, quick, and at no cost simply leaves me with no words, but with much appreciation. Keep up the good work. Ishay
|
|
#9
04-26-06, 00:10
|
||||
|
||||
|
Re: Been trying for 2 days... Please help
You're quite welcome. Surf safely!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't." Support Majorgeeks on Facebook: Majorgeeks Newsletter
|
|
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
