What is RECYCLER?

Hello again!

I noticed I was starting to run a little slower, so I went through the steps on the "Read this before asking for support" sticky, and came up with a bunch of stuff. After I went through all the steps I started back in again, and part of the stuff Trend Micro came up with had been fixed, but what remains is:

TROJ DELF.MC
C:\documents and settings\me\Mydocuments\backup-20041029-144923-533.dll
C:\WINNT\System 32\mseggo.gif

Worm_DANSHBOT.B
C:RECYCLER\S-1-5-21-839522115-2146673219-842925246-1001\Dcl.exe

Symantec Security Check came up with 12 things the first time through and six the second time:

C:\Buddy.exe infected with Adware.Purity Scan
C:\WINNT\System 32\Br4800zk.exe infected with Adware.IEDriver
C:\WINNT\System 32\datastor.dll infected with Adware.IEDriver
C:\WINNT\System 32\ezPopStub.exe infected with Adware.Ezula
C:\WINNT\System 32\msiaih.dll infected with Adware.iPend
C:\WINNT\System 32\msnimk.gif infected with Adware.iPend

After running those two scans the second time, and trying unsuccessfully to figure out the "solutions" page on the Trend Micro site, I ran an HJT scan and saved the log to post. After that, I couldn't get back on line in safe or normal mode. I tried running CWShredder, and then I got back on.

Another thing, when I run Adaware, I get negligable MRU lists that have the same long string of numbers and dashes as that Recycler thing that Trend Micro found the DANSHBOT.B in. I delete them, but they are always there when I run it again.

What do I need to do next?

Thanks

Tagged

 

Thanks Dr. C!

I ran both of those, but neither one found anything. I had run the avast one before when I went through the sticky steps. When it says it needs admin. privileges to work, what does that mean? I assume that means I need to log on as Administrator, but how do I do that?

By the way, I did empty the recycle bin with Ccleaner after I ran the scans. I guess if I'd done it before them, that would'nt have shown up!

What's next?

 

No, I don't know anything about that flash stuff.

 

OK, I'm back.

I checked those five things and hit fix. Then exited HJT and rebooted in safe. The two files weren't found to delete. I made sure I still had veiwing of hidden files enabled, but I still couldn't find the files. I rebooted in normal and ran HJT again.

O23 - Service: System Updates Manager (WinManager) - Unknown owner - C:\WINNT\system32\winserv32.exe" -service (file missing)

This is still there after checking fix.

Here's my new log.

Thanks again.

 

OK
I tried deleting 'System updates Manager', got message:

Service 'System Updates Manager' was not found in the Registry. Make sure you entered the short name of the service., vbExclamation

Cut and pasted the short name, got message:

The Service 'WinManager' is enabled and/or running. Disable it first, using HiJack This itself (from the Scan results) or the services.msc window.

Followed step 2 in the 'Read Me'. Found System Updates Manager. It was stopped but enabled, so I disabled it and went back to HJT. Went through the same steps as before. Tried deleting 'System Updates Manager', got same message. Used short name and got;

The following service was found:
Short name: WinManager
Full name: System Updates Manager
File: C:\WINNT\system32\winserv32.exe(file missing)
Owner: Unknown owner

Are you absolutely sure you want to delete this service?

I Clicked yes.

Then it said the computer had to be restarted for nes settings to take effect. I clicked yes and let it restart.

Then I typed all this in and tried to submit a reply, and lost my internet connection. I tried to get back on and kept getting page can't be displayed.

I restarted again, and still couldn't get on, so I ran a new HJT log and saw that System Updates Manager thing was still gone, and tried to get on again, and couldn't, and noticed that my dsl box lights were blinking like something was connected, so I checked my Task Manager, Idle processes was about 55% when I first got there, and then it quickly went up to 98%. Then I tried getting back on and got here. Hopefully I can get this sent this time.

What's next?

Thanks again

 

No, I seem to be able to go on and off again. I don't know what the deal was before.

Do you want me to fix that http thing then?

 

Well, it seems like it fixed it.

Should I notice anything different?

 

Will do!

Thanks for helping me out again Chaslang!