Unknown folder.

MediaAccess.exe PROBLEM

I dont know how i got infected but it's really pissing me off.
I have WinTasks but when i open it it closes by itself and i know it's the friggin MediaAccess.exe.
How can i get rid of this?

 

Re: MediaAccess.exe PROBLEM

The MediaAccess.exe is a executable of the Windows XP SP2 Media Control Service - don't think thats the problem ..nevertheless simply stop the service - kill the autostart in msconfig and there you go

 

Re: MediaAccess.exe PROBLEM

MediaAccess is bad and should be uninstalled from Add/Remove Programs. It is part of the Windupdate Media Access Adware.

BeerMonkey

http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

Re: MediaAccess.exe PROBLEM

This sounds complicated...

 

Re: MediaAccess.exe PROBLEM

Its not, I will walk you thru it. If you have any questions feel free to ask.

 

Re: MediaAccess.exe PROBLEM

There i added the attachement.
Now what?

 

Re: MediaAccess.exe PROBLEM

Please look in Add or Remove Programs for the following and Uninstall them if found:

Media Access

winupdate

P2P Networking

ISTsvc

After you uninstall the above programs, disable Ad Watch as it will block parts of my fix. Now, after you have done all of the above, procede with the below online scans.

TrendMicro Online Scan
Bitdefender online scan
RavAntivirus online scan <-- select Auto Clean then click Scan My PC
TrojanScan online scan

After you complete the above online scans, reboot and post a fresh HJT log as an attachment to your post.

 

Re: MediaAccess.exe PROBLEM

Ok, i Uninstalled Media Access and ISTsvc.
Proceeding with scans now,

 

Re: MediaAccess.exe PROBLEM

Okay! Will be awaiting results.

 

Re: MediaAccess.exe PROBLEM

Do i run these online scans all at once?

 

Re: MediaAccess.exe PROBLEM

Its best to run them one at a time.

 

Re: MediaAccess.exe PROBLEM

Scanned.
Here the new Log.

 

Re: MediaAccess.exe PROBLEM

Are you familiar with RAMfreer?

Also, before we do anything, temporarily disable Ad-Watch as it will block some of my fix.


Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled


Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.krepaobmbkrzs.com/w8aL_wmh1sxLA57TCCHsmFx5VG1n2seVtfB9BHce69Xm97PCqt/ HyXxXemVKkx17.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: (no name) - {842CA555-05AB-7F2A-41A9-0FB252F31D0D} - F:\DOCUME~1\VALNUT~1\APPLIC~1\GRIMCA~1\internet bin.exe (file missing)
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O23 - Service: Apache - Unknown owner - F:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: jkstzpvhfpvv (aqricfzj6) - Unknown owner - F:\WINDOWS\system32\qukniaje6.exe (file missing)

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Click Start > Run > type services.msc and Click OK

Locate jkstzpvhfpvv (aqricfzj6) and RightClick on it to bring up the Service Properties Window.
First: Stop the service by clicking the Stop Button.
Next: Disable it by changing the Startup Type to Disabled and click Apply

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.

 

Re: MediaAccess.exe PROBLEM

How do i change into safe mode?
I forgot.

 

Re: MediaAccess.exe PROBLEM

http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam

 

Re: MediaAccess.exe PROBLEM

Where do i do this?
Viewing of Hidden Files & Folders Enabled
Wait, i dont have BOOT.INI in msconfig...

 

Re: MediaAccess.exe PROBLEM

Open My Computer, at the top click on TOOLS > FOLDER OPTIONS > Click on the VIEW tab. Uncheck the options below and click OK.

-Show hidden files and folders
-Hide extensions for known files types


Reboot your computer and TAP the F8 key. Choose "Safe Mode /w Networking"

 

Re: MediaAccess.exe PROBLEM

I did what you said in Safe Mode not Safe Mode with Networking.
Check the Log File.

 

Re: MediaAccess.exe PROBLEM

Are you familiar with RAMfreer?

 

Re: MediaAccess.exe PROBLEM

Yes, why?\
Is my log clean?

 

Re: MediaAccess.exe PROBLEM

There are still a few remaining entries. Is it a legit program?

 

Re: MediaAccess.exe PROBLEM

Yes, it is decent.
I only use it to see how much ram i have left.
You can set it so when you loose a certain amount of RAM you can "Free Ram".
People with low RAM amount's(128, 256) should get this.
At 1gb, i never do a "Free RAM" procedure but it's nice to know how much ram you have left.
Now, about those enteries...
How can i get rid of what's left?

 

Re: MediaAccess.exe PROBLEM

1) Download TrojanHunter

2) Install TrojanHunter, At the end of the install setup will prompt you to update definitions. Please do so!

3) Once installed and updated, select drive C:\ and do a Full Scan. Remove all found infections.

After you complete the scan above, reboot and post a fresh HJT log.

 

When i was doing a TrojanHunter search, i found that it was searching a folder called
F:\Uploads.
It has all this stuff i dont even know who put there...
The folder is also hidden even with the option "View Hidden Foldesr" on.
Here's a screenshot of some stuff is in there.
http://i5.photobucket.com/albums/y188/Heavy-V/unknownfolder.jpg (Bigger SCREENSHOT)
What do i need to do with these files, there are allot of them.
Help?

 

Do not create new threads with the same problem. Stay in one thread from now on. I have merged your newest one so post in here from now on.

Remove that entrire folder and let me know how things are running after the scan.