My computer got a nasty one...

Discussion in 'Malware Help (A Specialist Will Reply)' started by VerucaSallt, Aug 14, 2007.

  1. VerucaSallt

    VerucaSallt Private E-2

    Yesterday I downloaded some music from easynews and immediately after I got oodles of messages from PCillian about a virus that it could not gain access to. The one that stuck around after my usual cleaning techniques was ADW_zeno.bo

    I found a weird media file (I think it was slipped into the zip file) that cannot be deleted and disappears when I try to get to it in safe mode. I found it by tracing the path of the original alert with the infected file. It is Perflib_Perfdata_604.dat

    I followed all those steps and I'm attaching the logs.

    Thanks in advance! I'm stumped.
     

    Attached Files:

    VerucaSallt, Aug 14, 2007
    #1
  2. VerucaSallt

    VerucaSallt Private E-2

    three more...
     

    Attached Files:

    VerucaSallt, Aug 14, 2007
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    This is a valid Windows system file.[/quote]

    You must rename HijackThis.exe to analyse.exe as requested in step 7 of the READ ME.

    Uninstall the CounterSpy trial since we are finished with it now.


    Uninstall the below old versions of software:
    Java 2 Runtime Environment, SE v1.4.2_03
    Viewpoint Media Player <-- should have been uninstalled in step 0 of the READ ME

    Make sure you reboot after uninstalling the above!

    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment



    Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it
    double click it and allow it to merge with the registry.

    Now delete the below folders if found:
    C:\Documents and Settings\Princess01\Application Data\Sunbelt Software
    C:\Documents and Settings\All Users\Application Data\Sunbelt Software
    C:\Program Files\Sunbelt Software
    C:\WINDOWS\system32\f02WtR

    Also delete the below file:
    C:\WINDOWS\poolsv.exe

    Now attach a new log from ShowNew.

    Make sure you tell me how things are working now!
     
    chaslang, Aug 14, 2007
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds