Non-Cleanable virus

Discussion in 'Malware Help (A Specialist Will Reply)' started by Dee_Dee, Apr 25, 2005.

  1. Dee_Dee

    Dee_Dee Private E-2

    xp home ed
    1.5 G-ram
    1 G Cpu
    ZA pro firewall
    Norton antivirus

    I don't remember installing new programs. Spy Sweeper can up and said new programs were added to start up file..want to keep them. They number 1-75 with the name SFX-Factory-Batfile 1-75. I . Furthur info said no product name and they were in startup or registry.
    I did the safe mode and ran Trend' online scan and they said had
    PE BUBE. A-0 in the sys 32\svhost and PE BUBE. A-0 in windows\Telnet.exe and they were non cleanable.
    I ran also Symantec Security and OK
    Stinger OK
    all the rest it said I needed to run
    NOW, how do I get rid of the PE's and the 1-75 SFX's

    thanks a bunch
    Dee_Dee
     
    Dee_Dee, Apr 25, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you complete all the other steps in the Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

    If so, and you still have a problem, perform the steps below.

    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
    chaslang, Apr 25, 2005
    #2
  3. Dee_Dee

    Dee_Dee Private E-2

    Yes I have done all the steps in the Read Me Before Asking..attached file
     

    Attached Files:

    Dee_Dee, Apr 25, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member


    Please go back and follow my steps exactly. You do not even have the current HijackThis. The version you have is way out of date.

    Also your OS and IE versions are way out of date too.
     
    chaslang, Apr 25, 2005
    #4
  5. Dee_Dee

    Dee_Dee Private E-2

    Sorry, must have deleted the new one instead of the old one
     

    Attached Files:

    Dee_Dee, Apr 25, 2005
    #5
  6. Dee_Dee

    Dee_Dee Private E-2

    I had not installed xp sp2 because some told me it was a lot of trouble..Have just installed it..
    thanks
     

    Attached Files:

    Dee_Dee, Apr 25, 2005
    #6
  7. Rhondo H. Slade

    Rhondo H. Slade Private E-2

    Dee Dee...

    You could go to www.grisoft.com and download the FREE version of AVG...once installed and updated, you can create RESCUE DISKS...it will take 4 floppies and create a BOOTABLE DOS setup, that will disinfect your hard drive before WimpDoze ever gets a chance to start thereby getting rid of the pesky vermin residing on your machine.

    Steve
     
    Rhondo H. Slade, Apr 25, 2005
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Dee_Dee,

    I do not see any apparent problems in you HJT log. Are you still having problems? If so, post the logs from whatever programs are telling you they found something.
     
    chaslang, Apr 26, 2005
    #8
  9. Dee_Dee

    Dee_Dee Private E-2

    Thanks for responding..I still have the uncleanable from the scan from trend which I just ran..picture attached and also the start up programs from spy sweeper attached..
    Also while I was scanning from Trend a box came up saying Active Update. Don't know if that was from Trend or windows..But I do know when I clicked on OE a box came up saying "Outlook Express could not be started because MSOE.DLL could not be loaded". I was able to run OE after updating to SP2 from last nite till just now. I did not have this problem before updating to SP2..Please advise..
    thanks Dee_Dee
     

    Attached Files:

    Dee_Dee, Apr 26, 2005
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you run Ccleaner as specified in the READ ME FIRST?
    It should have removed all of those SFX-Factory-BatFiles from your Temp folder?
    Also did you put check marks on all those items in SpySweeper and have it fix them?
    You could also delete them manually after booting to safe mode.

    Boot into save mode, make sure viewing of hidden and system files is enabled per the READ ME.
    Run Windows Explorer and locate and delete:
    c:\windows\system32\svhost.exe <--- delete only this file! Do not delete svchost.exe!
    c:\windows\telnet.exe

    Note: Valid telnet.exe is in c:\windows\system32 not c:\windows
     
    chaslang, Apr 26, 2005
    #10
  11. Dee_Dee

    Dee_Dee Private E-2

    Thanks for getting back to me. I have cleared the items from Spy Sweeper. I had already ran Ccleaner. The svhost.exe cleared and telnet.exe.

    Took so long getting back to you because I had to call Microsoft..couldn't open OE after trying many solutions found on net..It's up and running now

    Thanks so much for you help.
     
    Dee_Dee, Apr 26, 2005
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Apr 27, 2005
    #12

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds