~aproposo removal help needed please

greenchili · Apr 19, 2006

hello,

i hope someone can help, i have ~aproposo files in my windows temp folder,
and cannot delete them, as i am told they are write protected or in use.
i have followed the read & run procedures, here are my specs and results,

xp sp2
512mb pc2100 ddr memory
athlon xp 1900 cpu 266mhz
60gb 7200rpm,udma-133 eide hdd with 2mb buffer

norton anti virus findings are as follows

auto update uninstall.exe spyware.apropos spyware found at risk
cxtpls.exe spyware.apropos spyware found at risk
proxystub.dll spyware.apropos spyware found at risk
uninstaller.exe spyware.apropos spyware found at risk
atl.dll trojan horse virus found repair failed
atlw.dll trojan horse virus found repair failed

norton's apropos removal tool detected but was unable to remove the files,
ccleaner identified the apropos files, but could not delete them.
adaware and spybot say i am clean,
the microsoft windows malicious software removal tool finds nothing,
as does microsoft windows defender.

i hope someone can help, this site has been a great help previously,
only i'm stuck for ideas on this one.
cheers.

chaslang · Apr 19, 2006

Welcome to Majorgeeks!

You should have emptied your Norton Quarantine in step 0 of the READ ME. It would have made your log smaller and all scans would have run faster.

You mst remember that HijackThis logs must be obtained from normal boot mode. And you must not use MSconfig to control startups. Both of these items are covered in step 7 of the READ ME. So make sure you run MSconfig and select Normal Startup.

One of our other stickies mentioned in the READ & RUN ME, covers Apropos. Please run the below and attach the requested log:

AproposMedia Fix

Now download and install ExplorerXP

It is much better at finding and deleting stuff than Windows Explorer. We will use it later to delete some baddies.

Make sure viewing of hidden files is enabled (per the tutorial).
Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe

After clicking Fix, exit HJT.
Now runExplorerXP and use it to find and delete:
C:\WINDOWS\msbb.exe.temp
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8FKCV5T8\package_adp_MARKETING12[1].exe
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\UCmore - The Search Accelerator\How To Uninstall.lnk
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\UCmore - The Search Accelerator\UCmore our.lnk
C:\WINDOWS\Temp\AutoUpdate0\auto_update_uninstall.exe
C:\WINDOWS\Temp\AutoUpdate0\setup.inf
C:\WINDOWS\Temp\~apropos0\CxtPls.exe
C:\WINDOWS\Temp\~apropos0\ProxyStub.dll
C:\WINDOWS\Temp\~apropos0\uninstaller.exe
C:\WINDOWS\Temp\~apropos0\WinGenerics.dll

If you cannot delete these in normal boot mode, reboot into safe mode and again use ExplorerXp to try and delete the files.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now reboot your PC back into normal mode. And attach the Apropos Fix log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

greenchili · Apr 21, 2006

thanks for helping chaslang,

sorry if i missed some of the read me stuff, it all got a tad confusing eventually. Anyway, i have emptied my norton quarantine, and have attatched the apropos fix log.

i will now follow the rest of your instructions to the letter.

Thanks again.

chaslang · Apr 21, 2006

Okay! The AproposMedia Fix program did not find anything. Let me know the results of the other steps.

greenchili · Apr 22, 2006

okay, the r1 line was not there when i ran hjt.

i ran explorerxp, and deleted all those files, apart from the first one, it was not there.

i deleted the prefetch files and ran ccleaner, the apropos files were gone.

today i ran norton anti virus, two different trojan horse files came up
Dc1.dll
Dc3.dll
trojan horse, virus found, repair failed.

norton said they were in C\recycler but i couldn't find them with explorerxp.

i have just saved a hjt log, which i attatch here.

any ideas, thanks.

greenchili · Apr 22, 2006

well, i just ran adaware, spybot, ccleaner, ewido and finally norton.

norton came up clean this time, perhaps it cleaned up those files first time round, even though it said that the repair failed?

anyway, i'm hoping that my problems are over, but i'll attatch the latest hjt log in case you can see anything i should take care of.

i suppose if all is ok i should disable system restore and reboot then?

thanks again for your help.

chaslang · Apr 22, 2006

greenchili said:

norton came up clean this time, perhaps it cleaned up those files first time round, even though it said that the repair failed?
Click to expand...

Norton did not fix anything. The steps I had you run removed your problems.

Your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

Log in or Sign up

~aproposo removal help needed please

greenchili Private E-2

Attached Files:

Activescan.txt

Scan report_20060419.txt.txt

hijackthislog1942.txt

bdscan.zip

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

greenchili Private E-2

Attached Files:

log.txt

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

greenchili Private E-2

Attached Files:

hijackthis.log

greenchili Private E-2

Attached Files:

hijackthis.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member