Spybot "cyc.exe"

On my real time scanning on bitdefender it found the following: "GenPacK:Win32.P2P.SpyBot.35BA8653" and claimed the program was "cyc.exe"

it said it blocked the virus and my computer has not been infected, so since bitdefender doesn't remove viruses I tried to do it myself, i tried to delete "cyc.exe" and then it said "cannot read from source file or disk" so then i downloaded this program http://www.jrtwine.com/Products/DelFXPFiles/

in an attempt to remove "cyc.exe", and the program wouldn't delete it either, so how do i get rid of this program?

 

any ideas?

 

i can't use the unlocker program because "cyc.exe" won't let me right click on it, when I try to it doesn't do anything. how do i get unlocker to work?

 

ok heres my hijackthis log

 

my bitdefender won't run in safe mode and also i tried removing smiley with the unlocker program and it won't delete it.

 

Your HijackThis log is from Safe Mode, we need a log from Normal Mode. Move HijackThis to C:\Program Files\HJT before proceeding.

 

ok heres my log in normal mode

 

Download
- Pocket Killbox

<< The installed version of Java on this compter is out-dated. Install version 1.5.0_07 available from http://www.java.com/en/download/manual.jsp. Uninstall all older versions of Java on your computer, before installing the latest version of Java. >>

HijackThis is still not in the location I specified. Right-click on the underlined text and Save Link as to your Desktop. Move_HijackThis.vbs

Windows Messeger is running in the background on this computer, and represents a security risk. Disable Windows Messenger by running Shoot The Messenger. If you are using this as your IM client then replace it with MSN Messenger.

Follow the directions for Running Hoster.

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.

On the page that opens, scroll down to rundll.exe ... right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, run HJT, but instead of scanning, click on the 'None of the above, just start the program' button at the bottom of the choices. At the lower right, click on the 'Config' button, and then the 'Misc tools' button ... select 'Delete an NT Service' ... copy/paste the following into the box that opens, and press 'OK':

rundll.exe

In HJT Choose Open the Misc Tools Section choose Process Manager, Highlight:

Choose Kill Process

Now Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh HijackThis log.

 

"On the page that opens, scroll down to rundll.exe ... right click the entry, select 'Properties' and press 'Stop Service'."

When i try and press "stop service" the "stop service" button is grey and it doesn't let me click on it. What do i do?

 

Just follow the rest of the directions. We'll go from what your HijackThis logs shows after a reboot.

 

first off i can't stop the run dll files or delete anything associated with them because when i started up windows i got a bunch of rundll errors because i stoped rundll.

well i booted up my computer in safe mode and got rid of cyc.exe but now theres a brand new problem that has just occured, my bitdefender has literrally found dozens of trojans in my registry and temporary internet files and "c:/" and i tried to delete them in safe mode but then they just came back when i booted it up in normal mode. these trojans that are in my computer are causing many many unwanted popups (thats consistantly popping up might i add) and a complete slowdown in my machine, bitdefender said i had somethin like 147 viruses that i don't even know where to begin to get rid of them. so im requesting your help cuz i really think my computer has alot of spyware and viruses and trojans and spybots on my machine ill post my bit defender event logs and my hijackthis logs. my virus scan log is to big (i'd have to email it)

 

I'm not sure what you stopped, when you ended rundll.exe; but it stopped whatever was stealthing several infections.

• Download Qoofix to your Desktop or any other convient location
• Unzip the files from Qoofix.zip to a convenient location such as C:\Qoofix.
• Navigate to the folder you unzipped the files to and double click on the file named Qoofix.exe.
• Finally, select Begin Removal and the removal process will commence. A reboot may be necessary if an infection is found.

Credit: Marcin Kleczynski redesigned LonnyRJones' Qoofix.bat program. Credit is all given to Merijn, Sean, Anil, Calvin, and Aaron.

Post a fresh HijackThis log along with logs from Bitdefender Online and Panda Active Scan, Online scanners.

 

i just got my bdscan heres the attachment

 

Post the other logs when you get them; as I will need all 3.

 

allright

 

ok i did the qoofix and it didn't find anything and then i did a panda online scan and i couldn't keep up the webpage because popups would keep replacing the page i was already on. But i did get a bitdefender scan since i have bitdefender, and it found many things. I'm including my bit defender log and hijackthis log.

 

any ideas on what to do?

 

Whenever the trojan remover comes across a trojan it says this: (and won't remove it)

"THIS FILE IS IN-USE - IT CANNOT BE SCANNED.

Trojan remover is unable to scan this file as it is either locked, or being used by another application. Some malicious files deliberately lock themselves in this way to prevent themselvesfrom being scanned.

If you believe that this file is malicious you can select the appropriate option below to prevent the file from loading.

If you are sure that the file is not malicious select the option to exclude the file from future scans.

If you are not sure whether the file is malicious you are reccomended to seek advice before taking any action to this file."

 

So I ran Hijackthis and removed the lines you told me to, and it was removing them and then i got this error:

HijackTHis cannot repair 010 Winsock LSP entries.
You should use LSPFix for that, which is available from http://www.cexx.org/lspfix.htm.

If the 010 item belongs to WenHancer, New.Net or CommonName, Spybot and S&D can remove it
automatically. Spybot S&D is available from
http://www.spybot.info/.

Then it continued removing lines and asked me to to restart my computer so i did and i put it in safe mode and then ran trojan remover and it removed all of one trojan without any errors and it's obvious i have a lot more than one trojan. Trojan remover asked for a restart so i restarted it in normal mode and when i got to the desktop i got this error:

RUNDLL

An exception occured while trying to run ''''C:\WINDOWS\system32\oohlp30e.dll" ,DllGetVersion"

Then trojan remover automatically did a scan and everytime it found a trojan it did this same error again:


"THIS FILE IS IN-USE - IT CANNOT BE SCANNED.

Trojan remover is unable to scan this file as it is either locked, or being used by another application. Some malicious files deliberately lock themselves in this way to prevent themselvesfrom being scanned.

If you believe that this file is malicious you can select the appropriate option below to prevent the file from loading.

If you are sure that the file is not malicious select the option to exclude the file from future scans.

If you are not sure whether the file is malicious you are reccomended to seek advice before taking any action to this file."

 

what should i do?

 

here's my hijackthis log

 

what should i do?

 

I ran lspfix, spybot, and ccleaner. Both ccleaner and spybot found many things that i clicked
to remove.

then i restarted in safe mode with networking and updated trojan remover and did a scan and
trojan remover found one file and gave me the same error:

I put my computer in normal mode and trojan remover did a scan and trojan remover found 2 things
but it also just gave me that same error for each of the 2 things it found.

I've posted my bitdefender and hijackthis logs...bitdefender has found even more viruses so..

 

what should i do?

 

I removed every virus with killbox and just as i was getting to the end of the virus list i accidently pressed restart and then it restarted with no errors, but i remembered what virus i was on and then continued deleting them until i was finished. On the last file i clicked for the computer to restart and then it gave me this error:

PendingFileRenameOperations


PendingFileRenameOperations Registry Data has been removed by External Process!


So instead i manually restarted the computer.

I did a new bitdefender scan and it still found a lot of viruses.

Im attaching my bit defender scan log and hijackthis log.

 

Rename hijackthis.exe to analyse.exe. Do this now before proceeding.

Windows Messeger is running in the background on this computer, and represents a security risk. Disable Windows Messenger by running Shoot The Messenger. If you are using this as your IM client then replace it with MSN Messenger.

Using Add or Remove Programs in the Control Panel; uninstall everything from ViewPoint.

Follow the directions for Look2Me VX2 Removal.

Now Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Follow the directions for Running WinPfind by OldTimer.

Post the log from the Look2Me procedure, WinPFind.txt, and a fresh HijackThis.

 

I already have shoot the messenger and it says that it's not letting windows messenger run so..

By the way, does it matter when bitdefender is running when look2me destroyer is running? Because a couple times bitdefender blocked some virus, this doesn't prevent look2me from scanning does it?

These lines you said to get rid of in hijackthis:

O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\dnlu0139e.dll
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\iwsso.dll (file missing)

were not on the hijackthis system scan.


Ok here are my 3 logs, i'm not having anymore popups aha good.

 

Boot to Safe Mode.

Delete teh following:

Reboot.

How is your coomputer running?

 

just deleted the things you said to.

My computer is running great like before, it's fast with no popups.

 

Lets flush all your restore points and create a new clean one for your system.

Disable And Enable System Restore
How to Protect yourself from malware!

Safe surfing.