Help me remove virus alert sign!

Computing.Net > Forums > Security and Virus > Help me remove virus alert sign!

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Click here to start participating now! Also, check out the New User Guide.

Help me remove virus alert sign!

Name: Tupac
Date: September 22, 2006 at 07:48:50 Pacific
OS: Wnidiws XP SP2
CPU/Ram: 224 MB
Product: Mecer

Comment:

Please help me remove this virus alert sign!!!
email is 2pac@ravemail.co.za

@@TUPAC@@

Google Ads

Response Number 1

Name: XpUser4Real
Date: September 22, 2006 at 10:04:52 Pacific

Reply:

what virus alert sign?
Hopefully my advice will help you...Please post back with your results....thanks

Response Number 2

Name: Johnw
Date: September 22, 2006 at 16:34:04 Pacific

Reply:

Securing Your Computer: Temporarily Disable Real Time Monitoring Programs.
http://wiki.castlecops.com/Securing_Your_Computer:_Temporarily_Disable_Real_Time_Monitoring_Programs
If Your PC is Infested w/ Spyware & Adware...
http://spywarewarrior.com/sww-help.htm
http://www.spywarewarrior.com/rogue_anti-spyware.htm
Trustworthy Anti-Spyware Products ( near the bottom of the page )
http://www.spywarewarrior.com/rogue_anti-spyware.htm
http://www.malwarehelp.org/how-to-curepart-3-using-hijackthis.html
http://spywarewarrior.com/sww-help.htm
http://spywarewarrior.com/viewtopic.php?t=6917
http://spywarewarrior.com/viewtopic.php?t=6914
http://spywarewarrior.com/viewtopic.php?t=10
http://spywarewarrior.com/viewforum.php?f=30
http://www3.telus.net/dandemar/slowcom.htm
http://discussions.virtualdr.com/showthread.php?t=167915
http://www.wilderssecurity.com/showthread.php?t=50662
http://forums.techguy.org/security/208517-general-security-information-how-tighten.html

Important: Create a specific folder on your hard drive called HijackThis to keep its backups.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HijackThis. Download and unzip HijackThis.exe into this folder.
http://www.merijn.org/downloads.html Or, http://tomcoyote.com/hjt/
If possible run HJT in Normal mode ( not Safe ) with all your normal startup's working.
HijackThis Tutorial - How to Analyse your own log
http://spywarewarrior.com/viewtopic.php?t=3624
http://hometown.aol.co.uk/jrmc137/hjttutorial/tutorial.htm
http://www.bleepingcomputer.com/tutorials/tutorial42.html
http://www.malwarehelp.org/understanding-and-interpreting-hjt1.html
HijackThis log file analysis ( online )
http://hijackthis.de/index.php?langselect=english
Or,
http://startup.networktechs.com/page-68.html
http://hjt.iamnotageek.com

Response Number 3

Name: jabuck
Date: September 22, 2006 at 19:42:45 Pacific

Reply:

Per you pm Tupac.
Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified.
Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by "Create a desktop icon" then click "Next" again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click "Finish" and it will launch Hijack This.
Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread.
Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

Response Number 4

Name: Tupac
Date: September 23, 2006 at 04:31:38 Pacific

Reply:

Hey Jabuck, thanks for replying!!
Here is the log:
Logfile of HijackThis v1.99.1
Scan saved at 13:24, on 06-09-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Predixis\MusicMagic Mixer\mDNSResponder.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\khooker.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\BearFlix\BearFlix.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [irassync] C:\WINDOWS\System32\irasyncd.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.p0rt2.com
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/s...
O16 - DPF: {4F1D0C59-5ECC-4028-87F3-482191D2230F} (AxisRTPSrcFilter) - http://212.51.106.202/activex/AMC.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://212.51.106.202/activex/AMC.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/s...
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://165.91.110.101:2010/activex/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B66D886-16EB-4897-BAA8-2A6D528EAA83}: NameServer = 196.43.46.190 196.43.38.190
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - AppInit_DLLs: pushow0.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\WINDOWS\System32\mzoeut.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Predixis\MusicMagic Mixer\mDNSResponder.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

@@TUPAC@@

Response Number 5

Name: jabuck
Date: September 23, 2006 at 05:51:16 Pacific

Reply:

You have msconfig set to selective startup mode, please reset it to normal mode until we have your system clean.
Post a new Hijack This log after making the changes in msconfig please.

remove admob okijet 2010 aol.co.uk/download foutcode 43 apple invalid sibling link sed remove newline sed remove character vi select all sed remove newline awk add pause	sed remove text remove zombie process desktop path cmd exit lib.exe removal virus change doc to exe remove nyb virus vi bottom core file analysis C++ BEEP
See More

Response Number 6

Name: henryjsaunders
Date: September 24, 2006 at 11:12:12 Pacific

Reply:

bearshare.exe is a malicous program acciated with: Bearshre, Limewire, Kazza, Imesh, Edonky and some others
____________________
just helping

Response Number 7

Name: Tupac
Date: September 25, 2006 at 03:34:28 Pacific

Reply:

Hey Jabuck
I set it to Normal! I know,bt wat else i can use to download Music..... I knw, n i appreciate ur help, thaks!!
Here is the log....:

Logfile of HijackThis v1.99.1
Scan saved at 12:26, on 06-09-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\khooker.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\BearFlix\BearFlix.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Predixis\MusicMagic Mixer\mDNSResponder.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [irassync] C:\WINDOWS\System32\irasyncd.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.p0rt2.com
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/s...
O16 - DPF: {4F1D0C59-5ECC-4028-87F3-482191D2230F} (AxisRTPSrcFilter) - http://212.51.106.202/activex/AMC.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://212.51.106.202/activex/AMC.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/s...
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://165.91.110.101:2010/activex/...
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - AppInit_DLLs: pushow0.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\WINDOWS\System32\mzoeut.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Predixis\MusicMagic Mixer\mDNSResponder.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
@@TUPAC@@

Response Number 8

Name: jabuck
Date: September 25, 2006 at 19:56:37 Pacific

Reply:

Until we get you clean go to start>control panel> add/remove programs> scroll down to and uninstall this program:
BearShare
Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode
Download and install Ewido Security Suite We will need this later in safe mode
Be sure to update Ewido
Download Killbox to your desktop from this link Killbox by Option^Explicit. If you already have "Killbox" update to this newer version. We will need it later in safe mode
Please download SmitRemFix from this link http://siri.urz.free.fr/Fix/SmitfraudFix.zip Then extract the contents to your desktop.Do not run it yet.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Run Hijack This from safe mode, close all windows except Hijack This, place a check to the left of the following items and press "fix checked":
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
O4 - HKCU\..\Run: [irassync] C:\WINDOWS\System32\irasyncd.exe
O15 - Trusted Zone: *.p0rt2.com
O16 - DPF: {4F1D0C59-5ECC-4028-87F3-482191D2230F} (AxisRTPSrcFilter) - http://212.51.106.202/activex/AMC.cab

O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://212.51.106.202/activex/AMC.c...
016 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://165.91.110.101:2010/activex/...
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - AppInit_DLLs: pushow0.dll
O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\WINDOWS\System32\mzoeut.dll
Exit Hijack This but remain in safe mode
Please double-click Killbox.exe to run it.
Select:
Delete on Reboot
then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
C:\WINDOWS\System32\irasyncd.exe
C:\Program Files\RXToolBar\sfcont.dll
C:\WINDOWS\System32\pushow0.dll
C:\WINDOWS\System32\mzoeut.dll
Return to Killbox, go to the File menu, and choose Paste from Clipboard.

Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let us know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click Here to download and run missingfilesetup.exe. Then try Killbox again.
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Reboot into safe mode.
Navigate to and delete these folders if found:
C:\Program Files\RXToolBar
C:\Program Files\INSTAFINK
Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
In Safe Mode, run Ewido and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Open the "SmitfraudFix" folder on your desktop and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
Do not run any of the other SmitRemfix options as they will damage an uninfected computers desktop.
Post the Ewido log on your desktop, the smitremfix report and a new Hijack This log please.

Google Ads

Virus corrupting MP3 Play...

VERY annoying virus/malwa...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Google Ads

Results for: Help me remove virus alert sign!

Please help me remove iworm_attck_v

Summary

www.computing.net/answers/security/please-help-me-remove-iwormattckv/17413.html

Delsim Dialer - Help me remove

Summary

www.computing.net/answers/security/delsim-dialer-help-me-remove/20573.html

Pls.help me remove w32.imaut

Summary

www.computing.net/answers/security/plshelp-me-remove-w32imaut/24630.html

Explore Similar Topics

what is amc.cab

amc.cab

{DE625294-70E6-45ED-B895-CFFA13AEB044}

filter hijack text html

filter hijack text/html removal

Ask a Question!

From the Geek Dictionary
80211 - 802.11 is a set of wireless standards that allow for WLAN (wireless local...

Weekly Poll
Would you play for PlayStation Network?

Poll Finishes In 4 Days.
Discuss in The Lounge
Poll History

Recent Posts
Screen White

PC Automatically Boots Up

Log on. Change users

Excel Scatter Chart Problems

parser message

All Awaiting Reply

Tom's News
Our Top 11 Favorite Super Bowl TV Commercials

Artist Uses Floppy Disks to Create Paintings

VIDEO: An HD Tour of the Space Station

Samsung Launching AMOLED Phone Next Week?

Man Fined $1.5M for Leaked Mario Game Upload

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE