Some viruses I can't get rid of

After following the tutorial for eliminating spyware etc. and doing everything including secondary on-line scans etc. I then ran “Stinger” which still found 2 files that I could not eliminate either following the tutorial or the optional stuff either. These files always pop up when I ran “Stinger” before and they are called:

“TrojanDropper.Win32.Small.gt” in a file …\Pictures\tcf.exe/wise0017.Bin and a second file in the same folder called “Backdoor.Rule dor.c” When I tried to delete manually I got an error saying file was protected or in use. This occurred when running in safe mode as well.

The other persistent l’il bugger is “windows\systems32\calsp.exe I found this via HiJackThis and an on-line scan which identified 3 issues. The first two were a “SED.exe” and “findfast.exe.” Both I eliminated manually but the “calsp” I couldn’t delete in safe mode or normal mode and I used SpyBot again as directed still the file persists.

I followed the tutorial for eliminating spyware, viruses etc. including working in safe mode etc. and it really worked I managed to eliminate 130+ issues with all of the software recommended. Thanks for the great Web site and I hope you can help me get rid of these last 3 files.

By the way your web site is great and a “techno-phobe” like myself appreciates your tutorials

 

Thanks for the information. I will redo the tutorial agian but I'm sure I ran stinger at first then ran it again at the end to see if anything was left. I try again and if issues still persist I will post the log file. Thanks.

 

OK. I re-ran the tutorial and did everything in the right order including running all secondary scans on-line in both “Safe Mode” and “Normal Mode.” I found 3 issues/viruses(?) via RAV AntiVirus.

 “Trojan Downloader.Win32.1stBar.fy” located in folder: ….Content.IE5\VOYOZ1KC\ysb_regular[1].cab/ysbactivex.dll
 Trojan: \pictures\tcf 1202.exe/WISE0017.BIN. All of the pictures in this folder were downloaded from a HP Digital Camera
 Trojan: \pictures\tcf 1202.exe/WISE0019.BIN. All of the pictures in this folder were downloaded from a HP Digital Camera

Defender Pro has also found these 3 files previously but was unable to delete them and I would get a message “unable to disinfect object contained in non-disinfectable archive”

For the 1202.exe related files I located them file using my explorer and then deleted them. Subsequent rescans showed these 2 files in the Recycle Bin. I restored the file back to where it was so I don’t lose it in case the “tcf1202.exe” is important.

I have ran Hijack This and have attached a log file. I did go and get an on-line analysis, which stated I had 5 “Nasty’s”, 4 of which were the same files. The site was at http://hijackthis.de; The results of the analysis were as follows:

1)C:\Program Files\SED\SED.exe. I searched for this on my computer but could not find it. I had deleted it previously although it showed up again in the analysis.
2) 010-Unknown file in Winsock LSP: c:\windows\system32\calsp.dll. This one shows up four times in the analysis.

I have also attached the RAV Antivirus log file as well.

Bye for now

 

OK I did what you asked. I updated the SP1 files for internet explorer and XP. The IE6 installed but the XP SP1 didn't and stated "expected version of file not found." I had installed XP SP1 before and maybe that is why.

I also followed your further instructions and have posted the new HJT log files. I did try to save it as both a log file and text file and hopefully I did both correctly and you can view them. If I screwed up sorry abou that but thanks for your patience

Everything seems to be running fine but I could not find the C:\Programs\SED directory. Again though, I had deleted this previously. Could it be hidden somewhere else and that is why it keeps showing up in the log files? If not you have seemed to fix a number of probelms and for that I am thankful. You have a great site.