Can't delete Exploit-ByteVerify

Computing.Net > Forums > Security and Virus > Can't delete Exploit-ByteVerify

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Can't delete Exploit-ByteVerify

Name: malkovich
Date: January 7, 2004 at 06:34:08 Pacific
OS: XP Pro
CPU/Ram: 512

Comment:

I was just doing a scan with Ad-aware when McAfee detected that virus: Exploit-ByteVerify.
McAfee cannot delete, clean or quarantine this Virus. I have checked their website amd they just say to update the virus definition.
I have also tried to scan and delete in safe mode with system restore turned off, but it is still here.
It is in a folder that cannot be found even when everything is un-hidden.
Someone can help me get rid of that virus?

Sponsored Link

Ads by Google

Response Number 1

Name: Nick R (by Nick Ritchie)
Date: January 7, 2004 at 06:57:26 Pacific

Reply:

I wont tell you untill you catch Osma BinLaden, stop our guys from getting killed in Iraq, and fix the budget ,OK George

Response Number 2

Name: chulo_allen
Date: January 7, 2004 at 07:22:35 Pacific

Reply:

;) hehe. well from what i can figure, this "virus" is just ad-aware doin its search, and for "some reason" most virus checkers label it a virus.. hehe.. its just ad-aware doin its job. im sure u notice it only happens when you have your virus checker on and ad-aware running. ;)

Response Number 3

Name: Shawny
Date: January 7, 2004 at 07:23:49 Pacific

Reply:

That virus gets installed into your Temporary Internet files foler. Just clear that folder.

Response Number 4

Name: malkovich
Date: January 7, 2004 at 09:24:07 Pacific

Reply:

I already stopped Saddam, so stop complaining. :-P
well, the virus seems to be in a hidden folder (can't be found by using the unhide fucntion) infecting several files:
C:\Program Files\Lavasoft\Ad-aware 6\Cache\Go.class
C:\Program Files\Lavasoft\Ad-aware 6\Cache\BB.class
C:\Program Files\Lavasoft\Ad-aware 6\Cache\Dummy.class
C:\Program Files\Lavasoft\Ad-aware 6\Cache\VerifierBug.class
What is strange is that they are in an Ad-Aware folder, and not in a temp one.
allen, that is right, but McAfee is on live scanning, it will detect any virus when I scan or open the folder that contains it, same for Norton.

Response Number 5

Name: iceblue
Date: January 7, 2004 at 11:05:31 Pacific

Reply:

First, patch your security to stop re-infection.
This is a growing family of trojans that exploits the ByteCodeVerifier vulnerability in the Microsoft Virtual Machine to execute unauthorized code on an affected machine.
We strongly recommend you install the patch, available from this MS security bulletin.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-011.asp
[ If you have Windows XP with Service Pack 1a, your system has no MS Java VM. ] Information on removing the MS Java VM completely and replacing it with the newer, safer Sun Java VM can be found here.
http://www.winnetmag.com/Article/ArticleID/38206/38206.html
Reboot,
Then download/update 'Hijack This!' 1.97.0.7 new version http://www.spywareinfo.com/~merijn/files/hijackthis.zip
Unzip/extract all�
Double click on hijackthis.exe..and
Close All browser windows and
Run HijackThis,
Press Scan, and wait,
Save the log, (the �scan� button changes to �save log�)
Edit>select All > copy and paste its contents here.
Most of what it lists will be harmless or even essential, * so don't fix anything yet.*
Post the full log here.
It will be reviewed by someone there.

yahoo.ico windows 7 your folder can't be shared virus exploit	script/exploit Exploit-ByteVerify nprotect delete
See More

Response Number 6

Name: iceblue
Date: January 7, 2004 at 11:09:26 Pacific

Reply:

PS Saddam hadn't patched up his vulnerability, and that's why he got caught.
Update, betcha that Ad-aware stops reporting that exploit and no more "virus"!

Response Number 7

Name: malkovich
Date: January 7, 2004 at 11:17:56 Pacific

Reply:

Ok, will do that straight away and will post back after.

Response Number 8

Name: tomo
Date: January 7, 2004 at 11:41:34 Pacific

Reply:

http://www.brillig.com/debt_clock/
If anyone wants to see what George Bush, and his cronies, are doing to the national debt, go to the addy above.
WARNING****** You had better be sitting down when you see what YOUR individual payment to Uncle Sam is.

Response Number 9

Name: malkovich
Date: January 7, 2004 at 13:38:32 Pacific

Reply:

There you go:

Logfile of HijackThis v1.97.7
Scan saved at 21:31:48, on 07/01/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\system32\notepad.exe
C:\DOCUME~1\Doods-1\LOCALS~1\Temp\Rar$EX03.406\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = [*deleted by me*]
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /IMEName
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1408.g.akamai.net/7/1408/9955/20031016/akamai.info.apple.com/iTunes4/WW/win/061-0848.20031022.TtzS4/iTunesSetup.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37970.8068402778
O16 - DPF: {BF4FC0C7-4387-4D18-AD86-DF33DDDE33C7} - http://hot.activebuddy.com/catalog/recipebuddie/websetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Response Number 10

Name: iceblue
Date: January 10, 2004 at 23:51:42 Pacific

Reply:

Pls put HjT into a permanent folder rather than a temp folder;
Close all browser windows and
then rescan and have HjT fix checked the following:
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {BF4FC0C7-4387-4D18-AD86-DF33DDDE33C7} - http://hot.activebuddy.com/catalog/recipebuddie/websetup.cab
Reboot, rescan and repost.
Advise on any signs of problems.

Response Number 11

Name: dembart
Date: January 21, 2004 at 17:53:18 Pacific

Reply:

I've got the same problem. Ad-aware finds Java/ByteVerify, which it says is in Ad-aware6\Cache\VerifierBug.class. It says I should remove it by running AVG for Windows.
But AVG for Windows finds no such virus, and a search of my hard drive with instructions to find everything hidden turns up no Java/ByteVerify and no Ad-aware6\Cache.
I've downloaded and run HijackThis, and here's the log it produced:
Logfile of HijackThis v1.97.7
Scan saved at 5:29:35 PM, on 1/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\ICO.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
C:\Program Files\stickies\stickies.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\iPod\bin\iPodManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Documents and Settings\Lee\Desktop\FreeRAM XP Pro 1.40.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\OpenOffice.org1.1.0\program\soffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Program Files\WordWeb\wweb32.exe
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.exe
C:\Documents and Settings\Lee\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.sony.com/vaiopeople
N3 - Netscape 7: user_pref("browser.startup.homepage", "about:blank"); (C:\Documents and Settings\Lee\Application Data\Mozilla\Profiles\default\avhne0ew.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5Cmozilla.org%5CMozilla%5Csearchplugins%5CNetscapeSearch.src"); (C:\Documents and Settings\Lee\Application Data\Mozilla\Profiles\default\avhne0ew.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [Stickies] C:\Documents and Settings\Lee\Desktop\Stickies.lnk
O4 - HKLM\..\Run: [iPodManager] C:\Program Files\iPod\bin\iPodManager.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Lee\Desktop\FreeRAM XP Pro 1.40.exe" -win
O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Program Files\OpenOffice.org1.1.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: TCLOCKEX.lnk = C:\Program Files\TClockEx\TCLOCKEX.exe
O9 - Extra button: Research (HKLM)
O9 - Extra button: Free Surfer (HKLM)
O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://download.yahoo.com/dl/installs/yinstc.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://www.directv.direcway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
What next?
Thanks.
Lee

Response Number 12

Name: iceblue
Date: January 22, 2004 at 04:02:05 Pacific

Reply:

First, patch your security to stop re-infection.
This is a growing family of trojans that exploits the ByteCodeVerifier vulnerability in the Microsoft Virtual Machine to execute unauthorized code on an affected machine.
We strongly recommend you install the patch, available from this MS security bulletin.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-011.asp
[ If you have Windows XP with Service Pack 1a, your system has no MS Java VM. ] Information on removing the MS Java VM completely and replacing it with the newer, safer Sun Java VM can be found here.
http://www.winnetmag.com/Article/ArticleID/38206/38206.html

Response Number 13

Name: David 2
Date: February 22, 2004 at 15:14:18 Pacific

Reply:

Hello:
First at all I'd like to congratulate for your help and expertise.
Well, I suffered the virus Exploit Byte Verify and I have performed some task that yo suggested and others (scanned and delete Trojan.ByteVerify quarantine files, cwshreder, hijackthis, installed the new Microsoft VMs patch MS Java VM msjavx86-3810). With this actions I supposed I deleted the virus, but this infecti�n let a problem: at starting Windows 98 SE, nearly ant the end of the loading I got the next mensaje:

Mmtask
This program has performed an illegal operation and will be shut down.
If the problem persists, contact the program vendor.
If I can't select the Close button inmediatelly, the OS loading is stopped and the keyboard doesn't work (neither the Ctrl-Alt-Del key). If I can select it, it appears the same message but tittled OSA, with the same behaviour. The next step is the same, but with the message tittled Findfast. If I close these three messages at time, the OS loading end.
What could I do to delete these messages?
Thanks.
PD: at starting Explorer appears the same error message, but titled Carpserv. Next is the hijackthis's log after deleted some data of the virus:
Logfile of HijackThis v1.97.2
Scan saved at 07:01:17 p.m., on 22-02-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.exe
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\RNAAPP.exe
C:\WINDOWS\SYSTEM\TAPISRV.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\CARPSERV.exe
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.exe
C:\Program Files\OPLIMIT\OCRAWARE.exe
C:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKJOBS.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\OPLIMIT\OCRAWR32.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKSLAPI.exe
C:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKTOPASS.exe
C:\WINDOWS\NOTEPAD.exe
C:\MY DOCUMENTS\REPARACI�N\HIJACKTHIS\HIJACKTHIS.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.exe
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.exe
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.exe
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - Startup: Inicio de Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe
O4 - Startup: B�squeda r�pida de Microsoft.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.exe
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: OCRAWARE.lnk = C:\Program Files\OPLIMIT\OCRAWARE.exe
O4 - Startup: Trabajos de PageKeeper.lnk = C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

Sponsored Link

Ads by Google

Agobot not deleted by AVG...

Norton Shared Component U...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Can't delete Exploit-ByteVerify

Can't delete W32KLEZH@mm infected email

Summary

www.computing.net/answers/security/cant-delete-w32klezhmm-infected-email/985.html

Server hacked, can't delete dirs

Summary

www.computing.net/answers/security/server-hacked-cant-delete-dirs/2124.html

can't delete file

Summary

www.computing.net/answers/security/cant-delete-file/2035.html

From the Geek Dictionary
Processor - Not to be confused with a Word Processor. A processor is the rough eq...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 7 Days.
Discuss in The Lounge
Poll History

Recent Posts
reboots during isntallation

I need a driver for use with PowerMac

Clie Peg - TJ37

Issues installing Vista please help

Unable to open individual folder

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE